summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-02-26mount: minor modernizationLennart Poettering
2014-02-25Use /var/run/dbus/system_bus_socket for the D-Bus socketZbigniew Jędrzejewski-Szmek
2014-02-26README: document that /var/run must be a symlink → /runLennart Poettering
2014-02-26Revert back to /var/run at a couple of problemsLennart Poettering
This partially reverts 41a55c46ab8fb4ef6727434227071321fc762cce Some specifications we want to stay compatibility actually document /var/run, not /run, and we should stay compatible with that. In order to make sure our D-Bus implementation works on any system, regardless if running systemd or not, we should always use /var/run which is the only path mandated by the D-Bus spec. Similar, glibc hardcodes the utmp location to /var/run, and this is exposed in _UTMP_PATH in limits.h, hence let's stay in sync with this public API, too. We simply do not support systems where /var/run is not a symlink → /run. Hence both are equivalent. Staying compatible with upstream specifications hence weighs more than cleaning up superficial appearance.
2014-02-25Replace /var/run with /run in remaining placesZbigniew Jędrzejewski-Szmek
/run was already used almost everywhere, fix the remaining places for consistency.
2014-02-26exec: imply NoNewPriviliges= only when seccomp filters are used in user modeLennart Poettering
2014-02-26update TODOLennart Poettering
2014-02-26build-sys: add missing makefile symlinksLennart Poettering
2014-02-26core: add new RestrictAddressFamilies= switchLennart Poettering
This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-26nspawn: no need for duplicate checks against EEXISTLennart Poettering
2014-02-26seccomp: we should control NO_NEW_PRIVS on our own, not let seccomp do this ↵Lennart Poettering
for us
2014-02-25networkd: add basic support for MACVLANsTom Gundersen
2014-02-25man: refer to systemd.net{work,dev}(5) from systemd-networkd(8)Tom Gundersen
2014-02-25man: split out systemd.net{work,dev}(5) from systemd-networkd(8)Tom Gundersen
2014-02-25man: split out systemd.link(5) from udev(7)Tom Gundersen
2014-02-25man: networkd - clarify that multiple addresses/routes are supportedTom Gundersen
2014-02-25fix typo in iDRAC network interface name: irdac->idracTomasz Torcz
2014-02-25login: Allow calling org.freedesktop.login1.Seat.SwitchToJasper St. Pierre
2014-02-25login: set pos-slot to fallback on pos-evictionDavid Herrmann
If we evict a session position, we open the position slot for future sessions. However, there might already be another session on the same position if both were started on the same VT. This is currently done if gdm spawns the session on its own Xserver. Hence, look for such a session on pos-eviction and claim the new slot immediately.
2014-02-25NEWS: fix typoAnsgar Burchardt
2014-02-25login: fix pos-array allocationDavid Herrmann
GREEDY_REALLOC takes a pointer to the real size, not the array-width as argument. Therefore, our array is currently way to small to keep the seat positions. Introduce GREEDY_REALLOC0_T() as typed version of GREEDY_REALLOC and store the array-width instead of array-size.
2014-02-25update TODOLennart Poettering
2014-02-25NEWS: fix typoLennart Poettering
2014-02-25nspawn: add new switch --network-macvlan= to add a macvlan device to the ↵Lennart Poettering
container
2014-02-24Remove dead lines in various placesZbigniew Jędrzejewski-Szmek
As pointed-out by clang -Wunreachable-code. No behaviour changes.
2014-02-25hostnamectl: read virtualization/architecture from remote sideLennart Poettering
This way we make this more network/container transparent and also do not require any client side privileges.
2014-02-25core: expose architecture as a bus property, so that we can easily query it ↵Lennart Poettering
remotely
2014-02-24core: add global settings for enabling CPUAccounting=, MemoryAccounting=, ↵Lennart Poettering
BlockIOAccounting= for all units at once
2014-02-24update TODOsystemd/v210Lennart Poettering
2014-02-24NEWS: fix typosKay Sievers
2014-02-24build-sys: bump revisions and versionLennart Poettering
2014-02-24architecture: apparently there is LE ppc nowLennart Poettering
2014-02-24NEWS: add note about ifuncLennart Poettering
2014-02-24NEWS: prepare for release of 210Lennart Poettering
2014-02-24smack: rework security labeling for multiple frameworksŁukasz Stelmach
2014-02-24smack: set loaded_policy in smack_setup()Łukasz Stelmach
With loaded_policy set to true mount_setup() relabels /dev properly.
2014-02-24smack: relabel directories and files created by systemdŁukasz Stelmach
Systemd creates directories in /dev. These directories will get the label of systemd, which is the label of the System domain, which is not accessable to everyone. Relabel the directories, files and symlinks created so that they can be generally used. Based on a patch by Casey Schaufler <casey@schaufler-ca.com>.
2014-02-24update TODOLennart Poettering
2014-02-24hostnamed: correct error messageMichal Sekletar
We are not parsing timezone data.
2014-02-24logind: detect whether the system is docked, and if it is inhibit lid switch ↵Lennart Poettering
processing This should make operation nicer with docking stations, but will not cover anything that does not implement SW_DOCK.
2014-02-24update TODOLennart Poettering
2014-02-24units/serial-getty@.service: add [Install] sectionZbigniew Jędrzejewski-Szmek
This makes it easier to manually enable and disable specific gettys, and also mirrors getty@.service. http://lists.freedesktop.org/archives/systemd-devel/2014-February/017329.html
2014-02-24virt: make Virtualization an anonymous enumThomas Hindoe Paaboel Andersen
This makes llvm happy when we assign an error code to the variable.
2014-02-24update TODOLennart Poettering
2014-02-24configure: Do not require xsltproc for installation of man pagesMike Gilbert
The release tarballs ship with pre-generated man pages, so we do not need xsltproc for a typical end-user build. Developers will probably have xsltproc anyway, but if not they will now encounter a build-time failure instead of an error in configure.
2014-02-23systemctl: move next elapse calculation to its own functionDjalal Harouni
2014-02-23dbus-timer: fix bus_timer_vtable to have the correct timesDjalal Harouni
next_elapse_monotonic() should map to the "NextElapseUSecMonotonic" property and next_elapse_realtime() to "NextElapseUSecRealtime" one. This makes "systemctl list-timers" compute and show the correct times. https://bugs.freedesktop.org/show_bug.cgi?id=75272
2014-02-24update TODOLennart Poettering
2014-02-24getty-generator: verify ttys before we make use of themLennart Poettering
The ttyS[0-3] devices are weird. They may be enumerated, but when one actually tries to open and use them they return EIO, because they don't actually exist. Because they may be enumerated they may be specified on the kernel command line as console=. And some people do that as default. As response to that we'll spawn a getty on the tty that will quickly fail, and we retry a couple of time before giving up. That is quite noisy. With this new change we will validate all serial terminals configured with console= on the kernel cmdline before adding gettys on them, and remove the invalid ones. THis should remove the noise later on. This should make Eric Paris happy!
2014-02-24cgroup: certain cgroup attributes are not available in the root cgroup, ↵Lennart Poettering
hence don't bother