summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-10-08udev: support custom Linux Security Module labels for device nodesKay Sievers
2013-10-07Run with a custom SMACK domain (label).Auke Kok
Allows the systemd --system process to change its current SMACK label to a predefined custom label (usually "system") at boot time. This is needed to have a few system-generated folders and sockets automatically be created with the right SMACK label. Without that, processes either cannot communicate with systemd or systemd fails to perform some actions.
2013-10-07Mount /run, /dev/shm usable to tasks when using SMACK.Auke Kok
Once systemd itself is running in a security domain for SMACK, it will fail to start countless tasks due to missing privileges for mounted and created directory structures. For /run and shm specifically, we grant all tasks access. These 2 mounts are allowed to fail, which will happen if the system is not running a SMACK enabled kernel or security=none is passed to the kernel.
2013-10-06shared/util: fix off-by-one error in tag_to_udev_nodeDave Reisner
Triggered false negatives when encoding a string which needed every character to be escaped, e.g. "LABEL=/".
2013-10-05utf8: fix utf8_is_printableZbigniew Jędrzejewski-Szmek
2013-10-05core: do not add "what" to RequiresMountsFor for network mountsZbigniew Jędrzejewski-Szmek
For cifs mount like //server/share, we would get RequiresMountsFor=/server/share, which probably isn't harmful, but quite confusing. Unfortunately a bunch of static functions had to be moved up, but patch is really one line.
2013-10-04mount: check for NULL before reading pm->whatDave Reisner
Since a57f7e2c828b85, a mount unit with garbage in it would cause systemd to crash on loading it. ref: https://bugs.freedesktop.org/show_bug.cgi?id=70148
2013-10-04logind: fix bus introspection data for TakeControl()Lennart Poettering
2013-10-04manager: when verifying whether clients may change environment using selinux ↵Lennart Poettering
check for "reload" rather "reboot" This appears to be a copy/paste error.
2013-10-04update TODOLennart Poettering
2013-10-03systemd: order remote mounts from mountinfo before remote-fs.targetZbigniew Jędrzejewski-Szmek
Usually the network is stopped before filesystems are umounted. Ordering network filesystems before remote-fs.target means that their unmounting will be performed earlier, and can terminate sucessfully. https://bugs.freedesktop.org/show_bug.cgi?id=70002
2013-10-03Introduce _cleanup_endmntent_Zbigniew Jędrzejewski-Szmek
2013-10-03gpt-auto-generator: exit immediately if in containerZbigniew Jędrzejewski-Szmek
Otherwise we get an ugly warning when running systemd in a container.
2013-10-03execute: more debugging messagesZbigniew Jędrzejewski-Szmek
2013-10-03man: Improve the description of parameter X in tmpfiles.d pageVáclav Pavlín
2013-10-02execute.c: always set $SHELLZbigniew Jędrzejewski-Szmek
In e6dca81 $SHELL was added to user@.service. Let's instead provide it to all units which have a user.
2013-10-02tmpfiles.d: include setgid perms for /run/log/journalDave Reisner
4608af4333d0f7f5 set permissions for journal storage on persistent disk but not the volatile storage. ref: https://bugs.archlinux.org/task/37170
2013-10-02nspawn: always copy /etc/resolv.conf rather than bind mountLennart Poettering
We were already creating the file if it was missing, and this way containers can reconfigure the file without running into problems. This also makes resolv.conf handling more alike to handling of /etc/localtime, which is also not a bind mount.
2013-10-02mkdir: pass a proper function pointer to mkdir_safe_internalLennart Poettering
2013-10-02strv: don't access potentially NULL string arraysLennart Poettering
2013-10-02efi: never call qsort on potentially NULL arraysLennart Poettering
2013-10-02modules-load: fix error handlingLennart Poettering
2013-10-02dbus: fix return value of dispatch_rqueue()Lennart Poettering
2013-10-02bus: fix potentially uninitialized memory accessLennart Poettering
2013-10-02journald: add missing error checkLennart Poettering
2013-10-02cryptsetup: fix OOM handling when parsing mount optionsLennart Poettering
2013-10-02systemctl: fix name mangling for sysv unitsVáclav Pavlín
2013-10-02acpi: make sure we never free an uninitialized pointerLennart Poettering
2013-10-02fix lingering references to /var/lib/{backlight,random-seed}Dave Reisner
This should have been part of ef5bfcf668e6029faa78534dfe.
2013-10-02acpi-fptd: fix memory leak in acpi_get_boot_usecLukas Nykryn
2013-10-02cgroup: there's no point in labelling cgroupfs dirs, so let's not do thatsystemd/v208Lennart Poettering
This allows us to get rid of the dep on libsystemd-label for cgroup management. https://bugs.freedesktop.org/show_bug.cgi?id=69966
2013-10-02build-sys: mkdir.[ch] should be in libsystemd-sharedLennart Poettering
Otherwise, why is mkdir-label.[ch] split out?
2013-10-02build-ss: prepare new releaseLennart Poettering
2013-10-01hashmap: randomize hash functions a bitLennart Poettering
2013-10-01Update TODODavid Herrmann
Remove "logind fbdev removal" as it is no longer supported.
2013-10-01logind: remove fbdev session-device supportDavid Herrmann
fbdev does not support access-handover so it is quite useless to route it through logind. If compositors want to use it they ought to open it themselves. It's highly recommended to be ignored entirely, though. fbdev is about to be deprecated in the kernel.
2013-10-01logind: run with CAP_SYS_ADMINDavid Herrmann
DRM Master access requires CAP_SYS_ADMIN, yay! Add it to the capability bounding set for systemd-logind. As CAP_SYS_ADMIN actually allows a huge set of actions, this mostly renders the restriction-set useless. Anyway, patches are already pending to reduce the restriction on the kernel side. But these won't really make it into any stable-release so for now we're stuck with CAP_SYS_ADMIN.
2013-10-01logind: send PropertyChanged during deactivationDavid Herrmann
We only send the PropertyChanged signal for the to-be-activated session but not for the to-be-deactivated one. Fix that so both listeners get notified about the new state.
2013-10-01logind: check whether first drmSetMaster succeededDavid Herrmann
The initial drmSetMaster may fail if there is an active master already. We must not assume that all existing clients comply to logind rules. We check for this during session-activation already but didn't during device setup. Fix this by checking the return code. As drmSetMaster has had horrible return codes in the past (0 for failure? EINVAL for denied access, ..) we need to be quite pedantic. To guarantee an open file-descriptor we need to close the device and reopen it without master if setting master failed first.
2013-10-01logind: fix session-device dbus notifyDavid Herrmann
Had this fix lying around here for some time. Thanks to missing type-checking for va-args we passed in the actual major/minor values instead of pointers to it. Fix it by saving the values on the stack first and passing in the pointers.
2013-10-01kernel-install: add compat with 'installkernel'Tom Gundersen
If 'kernel-install' is called as 'installkernel' it will be compatible with the syntax used by the kernel's build system. This means it can be called by doing 'make install' in a kernel build directory, if the correct symlink has been installed (which we don't do by default yet). [Edit harald@redhat.com: removed basename and use shift]
2013-10-01update TODOLennart Poettering
2013-10-01core: whenever a new PID is passed to us, make sure we watch itLennart Poettering
2013-10-01util.c: ignore pollfd.revent for loop_read/loop_writeChen Jie
Let read()/write() report any error/EOF.
2013-10-01units: Add SHELL environment variableEvan Callicoat
With the advent of systemd --user sessions, it's become very interesting to spawn X as a user unit, as well as accompanying processes that may have previously been in a .xinitrc/.xsession, or even just to replace a collection of XDG/GDM/KDM/etc session files with independent systemd --user units. The simplest case here would be to login on a tty, with the traditional /usr/sbin/login "login manager". However, systemd --user (spawned by user@.service) is at the top level of the slice for the user, and does not inherit any environment variables from the login process. Given the number of common applications which rely on SHELL being set in the environment, it seems like the cleanest way to provide this variable is to set it to %s in the user@.service. Ideally in the long-term, applications which rely on SHELL being set should be fixed to just grab it from getpwnam() or similar, but until that becomes more common, I propose this simple change to make user sessions a little bit nicer out of the box.
2013-10-01build-sys: don't fallback to upstart defaultsLennart Poettering
2013-10-01systemctl: remove legacy upstart compatibilityCristian Rodríguez
2013-10-01smack-setup: fix path to Smack/CIPSO mappingsPatrick McCarty
The correct path to the dir with CIPSO mappings is /etc/smack/cipso.d/; /etc/smack/cipso is a file that can include these mappings as well, though it is no longer supported in upstream libsmack.
2013-10-01Revert "build-sys: link libsystemd-login with libsystemd-label.la"Kay Sievers
Systemd-logind does not pull in cg_create(), if we unconditionally link this, all users of systemd-logind qill need the label stuff and therefore link against selinux. It is probably a build-system issue, or something that need to be sorted out in a differnt way than linking not needed libs. This reverts commit ceadabb102b05b237bfab11e1f742975ee4daeb1.
2013-10-01Update TODOLennart Poettering