Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-02-26 | exec: imply NoNewPriviliges= only when seccomp filters are used in user mode | Lennart Poettering | |
2014-02-26 | update TODO | Lennart Poettering | |
2014-02-26 | build-sys: add missing makefile symlinks | Lennart Poettering | |
2014-02-26 | core: add new RestrictAddressFamilies= switch | Lennart Poettering | |
This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform. | |||
2014-02-26 | nspawn: no need for duplicate checks against EEXIST | Lennart Poettering | |
2014-02-26 | seccomp: we should control NO_NEW_PRIVS on our own, not let seccomp do this ↵ | Lennart Poettering | |
for us | |||
2014-02-25 | networkd: add basic support for MACVLANs | Tom Gundersen | |
2014-02-25 | man: refer to systemd.net{work,dev}(5) from systemd-networkd(8) | Tom Gundersen | |
2014-02-25 | man: split out systemd.net{work,dev}(5) from systemd-networkd(8) | Tom Gundersen | |
2014-02-25 | man: split out systemd.link(5) from udev(7) | Tom Gundersen | |
2014-02-25 | man: networkd - clarify that multiple addresses/routes are supported | Tom Gundersen | |
2014-02-25 | fix typo in iDRAC network interface name: irdac->idrac | Tomasz Torcz | |
2014-02-25 | login: Allow calling org.freedesktop.login1.Seat.SwitchTo | Jasper St. Pierre | |
2014-02-25 | login: set pos-slot to fallback on pos-eviction | David Herrmann | |
If we evict a session position, we open the position slot for future sessions. However, there might already be another session on the same position if both were started on the same VT. This is currently done if gdm spawns the session on its own Xserver. Hence, look for such a session on pos-eviction and claim the new slot immediately. | |||
2014-02-25 | NEWS: fix typo | Ansgar Burchardt | |
2014-02-25 | login: fix pos-array allocation | David Herrmann | |
GREEDY_REALLOC takes a pointer to the real size, not the array-width as argument. Therefore, our array is currently way to small to keep the seat positions. Introduce GREEDY_REALLOC0_T() as typed version of GREEDY_REALLOC and store the array-width instead of array-size. | |||
2014-02-25 | update TODO | Lennart Poettering | |
2014-02-25 | NEWS: fix typo | Lennart Poettering | |
2014-02-25 | nspawn: add new switch --network-macvlan= to add a macvlan device to the ↵ | Lennart Poettering | |
container | |||
2014-02-24 | Remove dead lines in various places | Zbigniew Jędrzejewski-Szmek | |
As pointed-out by clang -Wunreachable-code. No behaviour changes. | |||
2014-02-25 | hostnamectl: read virtualization/architecture from remote side | Lennart Poettering | |
This way we make this more network/container transparent and also do not require any client side privileges. | |||
2014-02-25 | core: expose architecture as a bus property, so that we can easily query it ↵ | Lennart Poettering | |
remotely | |||
2014-02-24 | core: add global settings for enabling CPUAccounting=, MemoryAccounting=, ↵ | Lennart Poettering | |
BlockIOAccounting= for all units at once | |||
2014-02-24 | update TODOsystemd/v210 | Lennart Poettering | |
2014-02-24 | NEWS: fix typos | Kay Sievers | |
2014-02-24 | build-sys: bump revisions and version | Lennart Poettering | |
2014-02-24 | architecture: apparently there is LE ppc now | Lennart Poettering | |
2014-02-24 | NEWS: add note about ifunc | Lennart Poettering | |
2014-02-24 | NEWS: prepare for release of 210 | Lennart Poettering | |
2014-02-24 | smack: rework security labeling for multiple frameworks | Łukasz Stelmach | |
2014-02-24 | smack: set loaded_policy in smack_setup() | Łukasz Stelmach | |
With loaded_policy set to true mount_setup() relabels /dev properly. | |||
2014-02-24 | smack: relabel directories and files created by systemd | Łukasz Stelmach | |
Systemd creates directories in /dev. These directories will get the label of systemd, which is the label of the System domain, which is not accessable to everyone. Relabel the directories, files and symlinks created so that they can be generally used. Based on a patch by Casey Schaufler <casey@schaufler-ca.com>. | |||
2014-02-24 | update TODO | Lennart Poettering | |
2014-02-24 | hostnamed: correct error message | Michal Sekletar | |
We are not parsing timezone data. | |||
2014-02-24 | logind: detect whether the system is docked, and if it is inhibit lid switch ↵ | Lennart Poettering | |
processing This should make operation nicer with docking stations, but will not cover anything that does not implement SW_DOCK. | |||
2014-02-24 | update TODO | Lennart Poettering | |
2014-02-24 | units/serial-getty@.service: add [Install] section | Zbigniew Jędrzejewski-Szmek | |
This makes it easier to manually enable and disable specific gettys, and also mirrors getty@.service. http://lists.freedesktop.org/archives/systemd-devel/2014-February/017329.html | |||
2014-02-24 | virt: make Virtualization an anonymous enum | Thomas Hindoe Paaboel Andersen | |
This makes llvm happy when we assign an error code to the variable. | |||
2014-02-24 | update TODO | Lennart Poettering | |
2014-02-24 | configure: Do not require xsltproc for installation of man pages | Mike Gilbert | |
The release tarballs ship with pre-generated man pages, so we do not need xsltproc for a typical end-user build. Developers will probably have xsltproc anyway, but if not they will now encounter a build-time failure instead of an error in configure. | |||
2014-02-23 | systemctl: move next elapse calculation to its own function | Djalal Harouni | |
2014-02-23 | dbus-timer: fix bus_timer_vtable to have the correct times | Djalal Harouni | |
next_elapse_monotonic() should map to the "NextElapseUSecMonotonic" property and next_elapse_realtime() to "NextElapseUSecRealtime" one. This makes "systemctl list-timers" compute and show the correct times. https://bugs.freedesktop.org/show_bug.cgi?id=75272 | |||
2014-02-24 | update TODO | Lennart Poettering | |
2014-02-24 | getty-generator: verify ttys before we make use of them | Lennart Poettering | |
The ttyS[0-3] devices are weird. They may be enumerated, but when one actually tries to open and use them they return EIO, because they don't actually exist. Because they may be enumerated they may be specified on the kernel command line as console=. And some people do that as default. As response to that we'll spawn a getty on the tty that will quickly fail, and we retry a couple of time before giving up. That is quite noisy. With this new change we will validate all serial terminals configured with console= on the kernel cmdline before adding gettys on them, and remove the invalid ones. THis should remove the noise later on. This should make Eric Paris happy! | |||
2014-02-24 | cgroup: certain cgroup attributes are not available in the root cgroup, ↵ | Lennart Poettering | |
hence don't bother | |||
2014-02-24 | core: gc half-created stub units | Lennart Poettering | |
2014-02-24 | core: expose root control group on the bus | Lennart Poettering | |
We expose the control group of the units on the bus, so let's also expose the root control group. | |||
2014-02-24 | update TODO | Lennart Poettering | |
2014-02-24 | nspawn: make use of the devices cgroup controller by default | Lennart Poettering | |
2014-02-24 | cgroup: parse array cgroup properties correctly when they aren't at the end ↵ | Lennart Poettering | |
of the message |