Age | Commit message (Collapse) | Author |
|
Usually the network is stopped before filesystems are umounted.
Ordering network filesystems before remote-fs.target means that their
unmounting will be performed earlier, and can terminate sucessfully.
https://bugs.freedesktop.org/show_bug.cgi?id=70002
|
|
|
|
Otherwise we get an ugly warning when running systemd in
a container.
|
|
|
|
|
|
In e6dca81 $SHELL was added to user@.service. Let's
instead provide it to all units which have a user.
|
|
4608af4333d0f7f5 set permissions for journal storage on persistent disk
but not the volatile storage.
ref: https://bugs.archlinux.org/task/37170
|
|
We were already creating the file if it was missing, and this way
containers can reconfigure the file without running into problems.
This also makes resolv.conf handling more alike to handling of
/etc/localtime, which is also not a bind mount.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This should have been part of ef5bfcf668e6029faa78534dfe.
|
|
|
|
This allows us to get rid of the dep on libsystemd-label for cgroup
management.
https://bugs.freedesktop.org/show_bug.cgi?id=69966
|
|
Otherwise, why is mkdir-label.[ch] split out?
|
|
|
|
|
|
Remove "logind fbdev removal" as it is no longer supported.
|
|
fbdev does not support access-handover so it is quite useless to route it
through logind. If compositors want to use it they ought to open it
themselves. It's highly recommended to be ignored entirely, though. fbdev
is about to be deprecated in the kernel.
|
|
DRM Master access requires CAP_SYS_ADMIN, yay! Add it to the capability
bounding set for systemd-logind. As CAP_SYS_ADMIN actually allows a huge
set of actions, this mostly renders the restriction-set useless. Anyway,
patches are already pending to reduce the restriction on the kernel side.
But these won't really make it into any stable-release so for now we're
stuck with CAP_SYS_ADMIN.
|
|
We only send the PropertyChanged signal for the to-be-activated session
but not for the to-be-deactivated one. Fix that so both listeners get
notified about the new state.
|
|
The initial drmSetMaster may fail if there is an active master already. We
must not assume that all existing clients comply to logind rules. We check
for this during session-activation already but didn't during device setup.
Fix this by checking the return code.
As drmSetMaster has had horrible return codes in the past (0 for failure?
EINVAL for denied access, ..) we need to be quite pedantic. To guarantee
an open file-descriptor we need to close the device and reopen it without
master if setting master failed first.
|
|
Had this fix lying around here for some time. Thanks to missing
type-checking for va-args we passed in the actual major/minor values
instead of pointers to it. Fix it by saving the values on the stack first
and passing in the pointers.
|
|
If 'kernel-install' is called as 'installkernel' it will be compatible with the
syntax used by the kernel's build system.
This means it can be called by doing 'make install' in a kernel build
directory, if the correct symlink has been installed (which we don't do by
default yet).
[Edit harald@redhat.com: removed basename and use shift]
|
|
|
|
|
|
Let read()/write() report any error/EOF.
|
|
With the advent of systemd --user sessions, it's become very interesting to spawn X as a user unit, as well as accompanying processes that may have previously been in a .xinitrc/.xsession, or even just to replace a collection of XDG/GDM/KDM/etc session files with independent systemd --user units. The simplest case here would be to login on a tty, with the traditional /usr/sbin/login "login manager".
However, systemd --user (spawned by user@.service) is at the top level of the slice for the user, and does not inherit any environment variables from the login process. Given the number of common applications which rely on SHELL being set in the environment, it seems like the cleanest way to provide this variable is to set it to %s in the user@.service.
Ideally in the long-term, applications which rely on SHELL being set should be fixed to just grab it from getpwnam() or similar, but until that becomes more common, I propose this simple change to make user sessions a little bit nicer out of the box.
|
|
|
|
|
|
The correct path to the dir with CIPSO mappings is /etc/smack/cipso.d/;
/etc/smack/cipso is a file that can include these mappings as well,
though it is no longer supported in upstream libsmack.
|
|
Systemd-logind does not pull in cg_create(), if we unconditionally link
this, all users of systemd-logind qill need the label stuff and therefore
link against selinux.
It is probably a build-system issue, or something that need to be sorted
out in a differnt way than linking not needed libs.
This reverts commit ceadabb102b05b237bfab11e1f742975ee4daeb1.
|
|
|
|
Instead of fixing the hashmap bucket array to 127 entries dynamically
size it, starting with a smaller one of 31. As soon as a fill level of
75% is reached, quadruple the size, and so on.
This should siginficantly optimize the lookup time in large tables
(from O(n) back to O(1)), and save memory on smaller tables (which most
are).
|
|
Also, we need to use proper strv_env_xyz() calls when putting together
the environment array, since otherwise settings won't be properly
overriden.
And let's get rid of strv_appendf(), is overkill and there was only one
user.
|
|
|
|
|
|
libsystemd-login.la uses cg_create() that currently seems to be a part
of libsystemd-label.la. However, it doesn't link against that library
and it seems that none of the (unconditional) libraries it uses do. In
the end, people end up getting «undefined reference to `cg_create'»
when trying to build e.g. dbus.
|
|
|
|
|
|
|
|
When crypttab contains noauto, cryptsetup service does not have any
explicit dependencies. If service is started later manually (directly or via
mount dependency) it will be stopped on isolate.
mount units already have IgnoreOnIsolate set by default. Set it by
default for cryptsetup units as well.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=69887
Based-on-a-patch-by: Hans Petter Jansson <hpj@copyleft.no>
|