summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-08-17journal: be fine with opening rotated/corrupted journal filesLennart Poettering
2012-08-17journal: set secure deletion flags for FSS fileLennart Poettering
2012-08-17journal: after verification output validated time rangeLennart Poettering
2012-08-17journal: reword verification messages a bitLennart Poettering
2012-08-17journal: ensure that entries and tags are properly orderedLennart Poettering
2012-08-17journal: show new header fields in header dumpLennart Poettering
2012-08-17journal: don't write tag objects if nothing has been written since the last timeLennart Poettering
2012-08-17man: add man pages for new FSS stuffLennart Poettering
2012-08-17journal: rework terminologyLennart Poettering
Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-16journal: add FSPRG journal authenticationLennart Poettering
2012-08-16journal: fix tag sequence number verificationLennart Poettering
2012-08-16journalctl: immeidately terminate on invalid seedLennart Poettering
2012-08-16journal: parse fsprg seedLennart Poettering
2012-08-16journal: count number of entry arrays in headerLennart Poettering
2012-08-16keymap: fix map name referenceKay Sievers
2012-08-16journal: rename 'mmap' to 'mmap_cache' to appease gccZbigniew Jędrzejewski-Szmek
warning: declaration of 'mmap' shadows a global declaration [-Wshadow]
2012-08-16journal: fix variable initializationLennart Poettering
2012-08-16journal: fix unitialized varLennart Poettering
2012-08-16journal: journal-send.h doesn't actually existLennart Poettering
2012-08-16journal: verify structural consistencyLennart Poettering
2012-08-16journal: add color to verification progress barLennart Poettering
2012-08-16journal: verify compressed objectsLennart Poettering
2012-08-16journalctl: add --verify-seed= switch to specify seed valueLennart Poettering
2012-08-16journal: verify hashes only during actual verification, not all the timeLennart Poettering
2012-08-16journal: split up journal-file.cLennart Poettering
2012-08-16journal: add superficial structure verifierLennart Poettering
2012-08-16journal: implement basic journal file verification logicLennart Poettering
2012-08-16conf-parser: make parsing exit status lists non-fatalLennart Poettering
2012-08-16journal: implement generic sharable mmap caching logicLennart Poettering
instead of having one simple per-file cache implement an more comprehensive one that works for multiple files and can actually maintain multiple maps per file and per object type.
2012-08-15keymap: Add Sony VGNMartin Pitt
https://launchpad.net/bugs/939868
2012-08-14conf-parser: simplify a few things by using set_ensure_allocated() rather ↵Lennart Poettering
than set_new()
2012-08-14man: extend documentation for RestartPreventExitStatus= and ↵Lennart Poettering
SuccessExitStatus= a bit
2012-08-14service: add options RestartPreventExitStatus and SuccessExitStatusLukas Nykryn
In some cases, like wrong configuration, restarting after error does not help, so administrator can specify statuses by RestartPreventExitStatus which will not cause restart of a service. Sometimes you have non-standart exit status, so this can be specified by SuccessfulExitStatus.
2012-08-13journal: include tag object header in hmacLennart Poettering
2012-08-13journal: add all objects we add to HMACLennart Poettering
2012-08-13journald: initial version of FSPRG hookupLennart Poettering
This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13umount: MS_MGC_VAL is so 90sLennart Poettering
2012-08-13update TODOLennart Poettering
2012-08-13nspawn,namespaces: make sure we recursively bind mount things inLennart Poettering
We want to make sure that everything from the host is also visible in the sandbox.
2012-08-13machine-id: properly mount transient machine ID read-onlyLennart Poettering
2012-08-13nspawn: unset a few unnecessary params to mount()Lennart Poettering
2012-08-13update TODOLennart Poettering
2012-08-13namespace: rework namespace supportLennart Poettering
- don't use pivot_root() anymore, just reuse root hierarchy - first create all mounts, then mark them read-only so that we get the right behaviour when people want writable mounts inside of read-only mounts - don't pass invalid combinations of MS_ constants to the kernel
2012-08-13nspawn: inherit mounts from real root, don't propagate mounts to real rootLennart Poettering
2012-08-12switch-root: remount to MS_PRIVATELennart Poettering
The kernel does not allow switching roots if things are mounted MS_SHARED. As a work-around, remount things MS_PRIVATE before switching roots. This should be fixed in the kernel for good. https://bugzilla.redhat.com/show_bug.cgi?id=847418
2012-08-10udev: export udev_device_new_from_device_id()Kay Sievers
2012-08-10systemctl: fix issue with systemctl daemon-reexecSimon Peeters
2012-08-10shared/utf8: mark char* as constDave Reisner
Avoids compiler warning: src/shared/utf8.c: In function 'ascii_filter': src/shared/utf8.c:278:16: warning: assignment discards 'const' qualifier from pointer target type [enabled by default]
2012-08-10shutdown: recursively mark root as private before pivotDave Reisner
Because root is now recursively marked as shared on bootup, we need to recursively mark root as private. This prevents a pivot_root failure on shutdown: Cannot finalize remaining file systems and devices, giving up. pivot failed: Invalid argument
2012-08-10id128: don't use C99 bool in public headersLennart Poettering