summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-08-19memfd: escape the comm field we get from PR_GET_NAME, but assume everything ↵Lennart Poettering
else is proper UTF8
2014-08-19NEWS: fix minor nitsDaniel Mack
2014-08-19memfd: skip utf-8 escaping if we use a name that was passed inDaniel Mack
If a name was passed in as function argument, trust it, and don't do utf-8 encoding for them. Callers are obliged to check the names themselves, and escape them in case they use anything they got from the outside world.
2014-08-19socket: suffix newly added TCP sockopt time properties with "Sec"Lennart Poettering
This is what we have done so far for all other time values, and hence we should do this here. This indicates the default unit of time values specified here, if they don't contain a unit.
2014-08-19README: document what to do with the NSS modulesLennart Poettering
2014-08-19prepare NEWS for next releaseLennart Poettering
2014-08-19memfd: reduce name escaping logic to utf-8 checksDaniel Mack
As memfds are now created by proper kernel API, and not by our functions, we can't rely on names being escaped/unescaped according to our current logic. Thus, the only safe way is to remove the escaping and when reading names, just escape names that are not properly encoded in UTF-8. Also, remove assert(name) lines from the memfd creation functions, as we explictly allow name to be NULL.
2014-08-19memfd: simplify APILennart Poettering
Now, that the memfd stuff is not exported anymore, we can simplify a few things: Use assert() instead of assert_return(), since this is used internally only, and we should be less permissive then. No need to pass an allocated fd back by call-by-reference, we can just directly return it.
2014-08-19update TODOLennart Poettering
2014-08-19Revert "socket: introduce SELinuxLabelViaNet option"Lennart Poettering
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec. Needs more discussion on the mailing list.
2014-08-19tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate ↵Lennart Poettering
UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19networkd: don't consider deprecated or tentative addresses when determining ↵Tom Gundersen
operstate https://bugs.freedesktop.org/show_bug.cgi?id=81287
2014-08-19socket: introduce SELinuxLabelViaNet optionMichal Sekletar
This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
2014-08-19networkd: netdev - add missing callback when adding stacked devicesTom Gundersen
As the comment says, the passed in callback must always be invoked, or the underlying link will hang. This was missed when reworking the code, so add it back in.
2014-08-19networkd: link - don't enforce ENSLAVING stateTom Gundersen
We are only guaranteed to stay in ENSLAVING state whilst enslaving by bridges/bonds, not when adding stacked devices (as then the underlying device can be IFF_UP'ed and configured in parallel), so drop these asserts.
2014-08-19update TODOLennart Poettering
2014-08-19util: remove unused FOREACH_WORD_SEPARATOR_QUOTEDLennart Poettering
2014-08-19sysusers: realign sysusers snippetsLennart Poettering
2014-08-19sysusers: set home directory for root to /rootLennart Poettering
2014-08-19sysusers: add another column to sysusers files for the home directoryLennart Poettering
2014-08-19networkd: fix use-after-freeTom Gundersen
Elements must be removed from the hashtable before they are freed.
2014-08-19update TODOLennart Poettering
2014-08-19sysusers: add a new RPM macro for creating users directly from data passed ↵Lennart Poettering
in via stdin This allows encoding users to create directly in %pre, which is necessary so that files owned by the RPM can be assigned to the right users/groups. This new macro does create a redundancy, as user definitions for all users that shall own files need to to be listed twice, once with this new macro, and then secondly, in the sysusers file shipped with the package. But there's little way around that, as the users of this type need to exist before we install the first file, but we actually want to ship the user information in a file.
2014-08-19sysusers: optionally, read sysuers configuration from standard inputLennart Poettering
2014-08-19update TODOLennart Poettering
2014-08-19sysusers: also update /etc/shadow and /etc/gshadow when creating new system ↵Lennart Poettering
users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19hashmap: try to use the existing 64bit hash functions for dev_t if it is 64bitLennart Poettering
2014-08-18bus: map sealed memfds as MAP_PRIVATEDavid Herrmann
Mapping files as MAP_SHARED is handled by the kernel as 'writable' mapping. Always! Even with PROT_READ. Reason for that is, mprotect(PROT_WRITE) could change the mapping underneath and currently there is no kernel infrastructure to add protection there. This might change in the future, but until then, map sealed files as MAP_PRIVATE so we don't get EPERM.
2014-08-18Update TODOLennart Poettering
2014-08-18util: try to be a bit more NFS compatible when checking whether an FS is ↵Lennart Poettering
writable https://bugs.freedesktop.org/show_bug.cgi?id=81169
2014-08-18core: minor modernizationsLennart Poettering
2014-08-18units: fix BindsTo= logic when applied relative to services with Type=oneshotLennart Poettering
Start jobs for Type=oneshot units are successful when the unit state transition activating → inactive took place. In such a case all units that BindsTo= on it previously would continue to run, even though the unit they dependet on was actually already gone.
2014-08-18man: fix typoRonny Chevalier
2014-08-18bootchart: use NSEC_PER_SECRonny Chevalier
2014-08-18bus-control: Fix cgroup handlingDenis Kenzior
On systems without properly setup systemd, cg_get_root_path returns -ENOENT. This means that busctl doesn't display much information. busctl monitor also fails whenever it intercepts messages. This fix fakes creates a fake "/" root cgroup which lets busctl work on such systems.
2014-08-18man: mention that "units" are commonly system servicesLennart Poettering
Also, provide an example for -u.
2014-08-18networkd: fix how we generate lists in link_save()Lennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=82721
2014-08-18tests: add missing entry to test-tablesRonny Chevalier
2014-08-18tests: add tests for time-util.cRonny Chevalier
add tests for: - timezone_is_valid - get_timezones
2014-08-18tests: add test-condition-utilRonny Chevalier
2014-08-18tests: add tests for util.cRonny Chevalier
add tests for: - is_symlink - pid_is_unwaited - pid_is_alive - search_and_fopen - search_and_fopen_nulstr - glob_exists - execute_directory
2014-08-18tests: add test for fdset_iterateRonny Chevalier
2014-08-18tests: add tests for fileio.cRonny Chevalier
add tests for: - write_string_stream - write_string_file - sendfile_full
2014-08-18tests: add missing unlinkRonny Chevalier
2014-08-18tests: add tests for socket-util.cRonny Chevalier
add tests for: - socket_address_is - socket_address_is_netlink - sockaddr_equal
2014-08-18man: fix typoRonny Chevalier
2014-08-18tmpfiles: only execute chmod()/chown() when neededMichael Olbrich
This avoids errors like this, when the paths are already there with the correct permissions and owner: chmod(/var/spool) failed: Read-only file system
2014-08-18Merge remote-tracking branch 'origin/master'Lennart Poettering
2014-08-18networkd: warn when ignoring unsupported tuntap optionsTom Gundersen
The interface for creating tuntap devices should be ported to rtnl so it would support the same settings as other kinds. In the meantime, the best one can do is to drop in a .link file to set the desired options.
2014-08-18core: Verify systemd1 DBus method callers via polkitStef Walter
DBus methods that retrieve information can be called by anyone. DBus methods that modify state of units are verified via polkit action: org.freedesktop.systemd1.manage-units DBus methods that modify state of unit files are verified via polkit action: org.freedesktop.systemd1.manage-unit-files DBus methods that reload the entire daemon state are verified via polkit action: org.freedesktop.systemd1.reload-daemon DBus methods that modify job state are callable from the clients that started the job. root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property access etc. There are several DBus methods that can only be called by root. Open up the dbus1 policy for the above methods. (Heavily modified by Lennart, making use of the new bus_verify_polkit_async() version that doesn't force us to always pass the original callback around. Also, interactive auhentication must be opt-in, not unconditional, hence I turned this off.)