Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-08-17 | journal: be fine with opening rotated/corrupted journal files | Lennart Poettering | |
2012-08-17 | journal: set secure deletion flags for FSS file | Lennart Poettering | |
2012-08-17 | journal: after verification output validated time range | Lennart Poettering | |
2012-08-17 | journal: reword verification messages a bit | Lennart Poettering | |
2012-08-17 | journal: ensure that entries and tags are properly ordered | Lennart Poettering | |
2012-08-17 | journal: show new header fields in header dump | Lennart Poettering | |
2012-08-17 | journal: don't write tag objects if nothing has been written since the last time | Lennart Poettering | |
2012-08-17 | man: add man pages for new FSS stuff | Lennart Poettering | |
2012-08-17 | journal: rework terminology | Lennart Poettering | |
Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time. | |||
2012-08-16 | journal: add FSPRG journal authentication | Lennart Poettering | |
2012-08-16 | journal: fix tag sequence number verification | Lennart Poettering | |
2012-08-16 | journalctl: immeidately terminate on invalid seed | Lennart Poettering | |
2012-08-16 | journal: parse fsprg seed | Lennart Poettering | |
2012-08-16 | journal: count number of entry arrays in header | Lennart Poettering | |
2012-08-16 | keymap: fix map name reference | Kay Sievers | |
2012-08-16 | journal: rename 'mmap' to 'mmap_cache' to appease gcc | Zbigniew Jędrzejewski-Szmek | |
warning: declaration of 'mmap' shadows a global declaration [-Wshadow] | |||
2012-08-16 | journal: fix variable initialization | Lennart Poettering | |
2012-08-16 | journal: fix unitialized var | Lennart Poettering | |
2012-08-16 | journal: journal-send.h doesn't actually exist | Lennart Poettering | |
2012-08-16 | journal: verify structural consistency | Lennart Poettering | |
2012-08-16 | journal: add color to verification progress bar | Lennart Poettering | |
2012-08-16 | journal: verify compressed objects | Lennart Poettering | |
2012-08-16 | journalctl: add --verify-seed= switch to specify seed value | Lennart Poettering | |
2012-08-16 | journal: verify hashes only during actual verification, not all the time | Lennart Poettering | |
2012-08-16 | journal: split up journal-file.c | Lennart Poettering | |
2012-08-16 | journal: add superficial structure verifier | Lennart Poettering | |
2012-08-16 | journal: implement basic journal file verification logic | Lennart Poettering | |
2012-08-16 | conf-parser: make parsing exit status lists non-fatal | Lennart Poettering | |
2012-08-16 | journal: implement generic sharable mmap caching logic | Lennart Poettering | |
instead of having one simple per-file cache implement an more comprehensive one that works for multiple files and can actually maintain multiple maps per file and per object type. | |||
2012-08-15 | keymap: Add Sony VGN | Martin Pitt | |
https://launchpad.net/bugs/939868 | |||
2012-08-14 | conf-parser: simplify a few things by using set_ensure_allocated() rather ↵ | Lennart Poettering | |
than set_new() | |||
2012-08-14 | man: extend documentation for RestartPreventExitStatus= and ↵ | Lennart Poettering | |
SuccessExitStatus= a bit | |||
2012-08-14 | service: add options RestartPreventExitStatus and SuccessExitStatus | Lukas Nykryn | |
In some cases, like wrong configuration, restarting after error does not help, so administrator can specify statuses by RestartPreventExitStatus which will not cause restart of a service. Sometimes you have non-standart exit status, so this can be specified by SuccessfulExitStatus. | |||
2012-08-13 | journal: include tag object header in hmac | Lennart Poettering | |
2012-08-13 | journal: add all objects we add to HMAC | Lennart Poettering | |
2012-08-13 | journald: initial version of FSPRG hookup | Lennart Poettering | |
This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch. | |||
2012-08-13 | umount: MS_MGC_VAL is so 90s | Lennart Poettering | |
2012-08-13 | update TODO | Lennart Poettering | |
2012-08-13 | nspawn,namespaces: make sure we recursively bind mount things in | Lennart Poettering | |
We want to make sure that everything from the host is also visible in the sandbox. | |||
2012-08-13 | machine-id: properly mount transient machine ID read-only | Lennart Poettering | |
2012-08-13 | nspawn: unset a few unnecessary params to mount() | Lennart Poettering | |
2012-08-13 | update TODO | Lennart Poettering | |
2012-08-13 | namespace: rework namespace support | Lennart Poettering | |
- don't use pivot_root() anymore, just reuse root hierarchy - first create all mounts, then mark them read-only so that we get the right behaviour when people want writable mounts inside of read-only mounts - don't pass invalid combinations of MS_ constants to the kernel | |||
2012-08-13 | nspawn: inherit mounts from real root, don't propagate mounts to real root | Lennart Poettering | |
2012-08-12 | switch-root: remount to MS_PRIVATE | Lennart Poettering | |
The kernel does not allow switching roots if things are mounted MS_SHARED. As a work-around, remount things MS_PRIVATE before switching roots. This should be fixed in the kernel for good. https://bugzilla.redhat.com/show_bug.cgi?id=847418 | |||
2012-08-10 | udev: export udev_device_new_from_device_id() | Kay Sievers | |
2012-08-10 | systemctl: fix issue with systemctl daemon-reexec | Simon Peeters | |
2012-08-10 | shared/utf8: mark char* as const | Dave Reisner | |
Avoids compiler warning: src/shared/utf8.c: In function 'ascii_filter': src/shared/utf8.c:278:16: warning: assignment discards 'const' qualifier from pointer target type [enabled by default] | |||
2012-08-10 | shutdown: recursively mark root as private before pivot | Dave Reisner | |
Because root is now recursively marked as shared on bootup, we need to recursively mark root as private. This prevents a pivot_root failure on shutdown: Cannot finalize remaining file systems and devices, giving up. pivot failed: Invalid argument | |||
2012-08-10 | id128: don't use C99 bool in public headers | Lennart Poettering | |