Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-02-13 | nspawn: make socket(AF_NETLINK, *, NETLINK_AUDIT) fail with EAFNOTSUPPORT in ↵ | Lennart Poettering | |
containers The kernel still doesn't support audit in containers, so let's make use of seccomp and simply turn it off entirely. We can get rid of this big as soon as the kernel is fixed again. | |||
2014-02-13 | nspawn: add new --network-veth switch to add a virtual ethernet link to the host | Lennart Poettering | |
2014-02-13 | rtnl: support adding VETH_INFO_PEER containers into rtnl messages | Lennart Poettering | |
2014-02-13 | systemctl: fix exit statuses from is-active/is-failed | Dave Reisner | |
This was inadvertantly disturbed in e3e0314b when glob support was added. | |||
2014-02-13 | everywhere: always use O_CLOEXEC where it makes sense | Lennart Poettering | |
2014-02-13 | everywhere: make use of new0() and macro() macros, and stop using perror() | Lennart Poettering | |
2014-02-13 | nspawn: check with udev before we take possession of an interface | Lennart Poettering | |
2014-02-13 | nspawn: no need to subscribe to netlink messages if we just want to execute ↵ | Lennart Poettering | |
one operation | |||
2014-02-13 | nspawn: --private-network should imply CAP_NET_ADMIN | Lennart Poettering | |
2014-02-13 | rtnl: rename constructors from the form sd_rtnl_xxx_yyy_new() to ↵ | Lennart Poettering | |
sd_rtnl_xxx_new_yyy() So far we followed the rule to always indicate the "flavour" of constructors after the "_new_" or "_open_" in the function name, so let's keep things in sync here for rtnl and do the same. | |||
2014-02-13 | rtnl: drop "sd_" prefix from cleanup macros | Lennart Poettering | |
The "sd_" prefix is supposed to be used on exported symbols only, and not in the middle of names. Let's drop it from the cleanup macros hence, to make things simpler. The bus cleanup macros don't carry the "sd_" either, so this brings the APIs a bit nearer. | |||
2014-02-13 | nspawn: add new --network-interface= switch to move an existing interface ↵ | Lennart Poettering | |
into the container | |||
2014-02-13 | nspawn: introduce --capability=all for retaining all capabilities | Lennart Poettering | |
2014-02-13 | seccomp: fix build again if libseccomp is missing | Lennart Poettering | |
2014-02-13 | update TODO | Lennart Poettering | |
2014-02-13 | core: make StopWhenUnneeded work in conjunction with units that fail | Lennart Poettering | |
during their start job https://bugzilla.redhat.com/show_bug.cgi?id=997031 | |||
2014-02-13 | update TODO | Lennart Poettering | |
2014-02-13 | core: add a system-wide SystemCallArchitectures= setting | Lennart Poettering | |
This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings. | |||
2014-02-13 | networkd: correctly handle manager_free(NULL) | Tom Gundersen | |
2014-02-13 | core: add SystemCallArchitectures= unit setting to allow disabling of non-native | Lennart Poettering | |
architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings. | |||
2014-02-12 | core: fix build without libseccomp | Lennart Poettering | |
2014-02-12 | core: rework syscall filter | Lennart Poettering | |
- Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand. | |||
2014-02-12 | syscallfilter: port to libseccomp | Ronny Chevalier | |
2014-02-12 | sd-dhcp: make sure client->secs > 0 | Tom Gundersen | |
Some DHCP servers will not work correctly if secs == 0, so round up to at least 1. | |||
2014-02-12 | networkd: work inside containers | Tom Gundersen | |
Udev does not run in containers, so instead of relying on it to tell us when a network device is ready to be used by networkd, we simply assume that any device was fully initialized before being added to the container. | |||
2014-02-12 | update TODO (add section for things to fix before 209) | Lennart Poettering | |
2014-02-12 | build-sys: make lxml required when generating indices | Zbigniew Jędrzejewski-Szmek | |
Since the manpage indices generated without lxml would be missing some parts, it doesn't make sense to keep lxml optional anymore. | |||
2014-02-12 | build-sys: add less-variables.xml to EXTRA_DIST | Zbigniew Jędrzejewski-Szmek | |
2014-02-12 | man: use xinclude to de-deduplicate common text | Zbigniew Jędrzejewski-Szmek | |
I only tested with python-lxml. I'm not sure if xml.etree should be deprecated. | |||
2014-02-12 | pager: support SYSTEMD_LESS environment variable | Jason A. Donenfeld | |
This allows customization of the arguments used by less. The main motivation is that some folks might not like having --no-init on every invocation of less. | |||
2014-02-12 | nspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use ↵ | Lennart Poettering | |
of this | |||
2014-02-12 | test: fix "make check" | Lennart Poettering | |
Let's remove the tests for cg_path_get_machine_name(), since they no longer operate solely on the cgroup path, but actually look up data in /run. Since we have a test for cg_pid_get_machine_name() this shouldn't be too much of a loss. | |||
2014-02-12 | machinectl: add new "machinectl reboot" call | Lennart Poettering | |
2014-02-11 | logind: ignore PropertiesChanged signals for jobs | Zbigniew Jędrzejewski-Szmek | |
Otherwise we get a (harmless) message like: systemd-logind[30845]: Failed to process message [type=signal sender=:1.36 path=/org/freedesktop/systemd1/job/4674 interface=org.freedesktop.DBus.Properties member=PropertiesChanged signature=sa{sv}as]: Invalid argument | |||
2014-02-11 | logind: always kill session when termination is requested | Zbigniew Jędrzejewski-Szmek | |
KillUserProcesses=yes/no should be ignored when termination is explicitly requested. | |||
2014-02-11 | journald: log provenience of signals | Zbigniew Jędrzejewski-Szmek | |
2014-02-11 | units: make use of nspawn's --keep-unit switch in systemd-nspawn@.service | Lennart Poettering | |
2014-02-11 | machined: fix enumeration of existing machines on restart | Lennart Poettering | |
2014-02-11 | update TODO | Lennart Poettering | |
2014-02-11 | logind: use session_get_state() to get sessions state of the user | Djalal Harouni | |
In function user_get_state() remove the session_is_active() check, just count on the session_get_state() function to get the correct session state. session_is_active() may return true before starting the session scope and user service, this means it will return true even before the creation of the session fifo_fd which will produce incorrect states. So be consistent and just use session_get_state(). | |||
2014-02-11 | efi: fix Undefined reference efi_loader_get_boot_usec when EFI support is ↵ | Cristian Rodríguez | |
disabled | |||
2014-02-11 | machined: optionally, allow registration of pre-existing units (scopes | Lennart Poettering | |
or services) as machine with machined | |||
2014-02-11 | util: modernize readlink_malloc() a bit | Lennart Poettering | |
2014-02-11 | util: drop parse_user_at_host() since its unused now | Lennart Poettering | |
2014-02-11 | nspawn: add --register=yes|no switch to optionally disable registration of ↵ | Lennart Poettering | |
the container with machined | |||
2014-02-11 | sd-dhcp: split out packet handling from client | Tom Gundersen | |
2014-02-10 | sd-bus: export sd_bus_call{,_async,_async_cancel} | David Herrmann | |
The .sym file somehow lacks these declarations, so add these. You have to run "make clean" to make sure the sym-test runs fine afterwards. | |||
2014-02-10 | networkd: link - correctly skip state ENSLAVING when no vlans configured | Tom Gundersen | |
This fixes a regression introduced in 672682a6b | |||
2014-02-10 | networkd: VLAN - allow multiple vlans to be created on a link | Tom Gundersen | |
Also limit the range of vlan ids. Other implementations and documentation use the ranges {0,1}-{4094,4095}, but we use the one accepted by the kernel: 0-4094. Reported-by: Oleksii Shevchuk <alxchk@gmail.com> | |||
2014-02-10 | pam: use correct log level | Michal Sekletar | |