Age | Commit message (Collapse) | Author |
|
When you switch-root into a new root that has SELinux policy, you're
supposed to to run selinux_init_load_policy() to set up SELinux and load
policy. Normally this gets handled by selinux_setup().
But if SELinux was already initialized, selinux_setup() skips loading
policy and returns 0. So if you load policy normally, and then you
switch-root to a new root that has new policy, selinux_setup() never
loads the new policy. What gives?
As far as I can tell, this check is an artifact of how selinux_setup()
worked when it was first written (see commit c4dcdb9 / systemd v12):
* when systemd starts, run selinux_setup()
* if selinux_setup() loads policy OK, restart systemd
So the "if policy already loaded, skip load and return 0" check was
there to prevent an infinite re-exec loop.
Modern systemd only calls selinux_setup() on initial load and after
switch-root, and selinux_setup() no longer restarts systemd, so we don't
need that check to guard against the infinite loop anymore.
So: this patch removes the "return 0", thus allowing selinux_setup() to
actually perform SELinux setup after switch-root.
We still want to check to see if SELinux is initialized, because if
selinux_init_load_policy() fails *but* SELinux is initialized that means
we still have (old) policy active. So we don't need to halt if
enforce=1.
|
|
With proprietary graphics drivers, there won't be any 'drm' devices in
sysfs, so logind will never suspend the system upon closing the lid,
even if only one (internal) display is connected. This has been reported
by multiple users so far.
IMHO, it's better to suspend the system in this case for safety reasons,
to avoid having nvidia blob users' laptops overheat, for the same reason
that sleep inhibitors are overridden (LidSwitchIgnoreInhibited=yes).
|
|
We will still use the compiled-in defaults if no DNS entry exists in the config file.
|
|
This way we preserve the order of preference.
|
|
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-April/018971.html
|
|
This brings the man page back into sync with the actual code.
|
|
If XDG_CONFIG_HOME is set, then we should respect that.
|
|
In user_dirs() in path-lookup.c, I want to replace this:
symlink("../../../.config/systemd/user", data_home);
with
symlink(config_home, data_home);
to avoid hardcoding .config when XDG_CONFIG_HOME is set.
The problem is that config_home is an absolute path, and it's better
to make the symlink relative. path_make_relative() is an utility
function that converts an absolute path into a relative one.
|
|
Some unattended systems do not have a console attached and entering
the default rescue mode will not be too helpful. Allow to specify
the "-y" option to attempt to fix all filesystem errors.
Manually verified by downloading an image.gz of e2fsprogs, using
losetup and running systemd-fsck on the loop device and varying
the fsck.repair=preen|yes|no option.
|
|
Similarly to NTP servers, this can be set at compile-time.
|
|
Source code has "files-max" and XML has --max-files.
|
|
|
|
|
|
|
|
This ways the networkd client library should work even if networkd is
not running.
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019242.html
|
|
This reverts commit a555350d47c4b70d716a63424933b34902c98300.
This did not fix the problem, just made it harder to hit.
|
|
|
|
|
|
|
|
|
|
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019054.html
|
|
Previously we wouldn't serialize jobs for units that themselves have
nothing to serialize.
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019051.html
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=78752
|
|
|
|
- Add KMOD_CFLAGS and KMOD_LIBS where appropiate
- networkd now requires kmod. make --disable-kmod --enable-networkd
to raise an error.
|
|
THere's no reason why hibernate should be better protected then
suspendor poweroff, so sync the policies.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Also, make sure we automatically destroy reply callbacks that are
floating.
|
|
Same story as for sd-bus and sd-event: allow passing NULL to store query
in in which case the query is freed automatically.
|
|
These are the counterpart of "floating" bus slots, i.e. event sources
that are bound to the lifetime of the event object itself, and thus
don't require an explicit reference to be kept.
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-April/018928.html
|
|
|
|
|
|
|
|
This is a speculative fix for https://bugzilla.redhat.com/show_bug.cgi?id=1088865.
Even though I cannot find a code path that where this would be
an issue, for consistency, if we assume that cgroup_path might have
been set before we got to unit_deserialize, we should make sure that
the unit is removed from the hashmap before we free the key. This seems
to be the only place where the key could be prematurely freed, leading to
hashmap corruption.
|
|
No functional change expected :)
|
|
Running systemctl enable/disable/set-default/... with the --root
option under strace reveals that it accessed various files and
directories in the main fs, and not underneath the specified root.
This can lead to correct results only when the layout and
configuration in the container are identical, which often is not the
case. Fix this by adding the specified root to all file access
operations.
This patch does not handle some corner cases: symlinks which point
outside of the specified root might be interpreted differently than
they would be by the kernel if the specified root was the real root.
But systemctl does not create such symlinks by itself, and I think
this is enough of a corner case not to be worth the additional
complexity of reimplementing link chasing in systemd.
Also, simplify the code in a few places and remove an hypothetical
memory leak on error.
|
|
Before: /var/tmp/inst1//etc/systemd/system/default.target -> /var/tmp/inst1//usr/lib/systemd/system/graphical.target
After: /var/tmp/inst1/etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target
|
|
|