summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-06-06man: fix references to sd_journal_cutoff_realtime_usecMantas Mikulėnas
2014-06-06update TODOLennart Poettering
2014-06-06namespace: cover /boot with ProtectSystem= againLennart Poettering
Now that we properly exclude autofs mounts from ProtectSystem= we can include it in the effect of ProtectSystem= again.
2014-06-06units: fix minor typoLennart Poettering
2014-06-06namespace: beef up read-only bind mount logicLennart Poettering
Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.
2014-06-05namespace: also include /root in ProtectHome=Lennart Poettering
/root can't really be autofs, and is also a home, directory, so cover it with ProtectHome=.
2014-06-05namespace: when setting up an inaccessible mount point, unmounting ↵Lennart Poettering
everything below This has the benefit of not triggering any autofs mount points unnecessarily.
2014-06-05umount: modernizationsLennart Poettering
2014-06-05util: fix fd_cloexec(), fd_nonblock()Lennart Poettering
2014-06-05core: introduce new Restart=on-abnormal settingLennart Poettering
Restart=on-abnormal is similar to Restart=on-failure, but avoids restarts on unclean exit codes (but still doing restarts on all obviously unclean exits, such as timeouts, signals, coredumps, watchdog timeouts). Also see: https://fedorahosted.org/fpc/ticket/191
2014-06-05update TODOLennart Poettering
2014-06-05sd-daemon: introduce sd_pid_notify() and sd_pid_notifyf()Lennart Poettering
sd_pid_notify() operates like sd_notify(), however operates on a different PID (for example the parent PID of a process). Make use of this in systemd-notify, so that message are sent from the PID specified with --pid= rather than the usually shortlived PID of systemd-notify itself. This should increase the likelyhood that PID 1 can identify the cgroup that the notification message was sent from properly.
2014-06-05update TODOLennart Poettering
2014-06-05socket-proxyd: port to asynchronous name resolution using sd-resolveLennart Poettering
2014-06-05update TODOLennart Poettering
2014-06-05bus: make use of sd_bus_try_close() in exit-on-idle servicesLennart Poettering
2014-06-05sd-event: restore correct timeout behaviourLennart Poettering
2014-06-05update TODOLennart Poettering
2014-06-05kdbus: when uploading bus name policy, resolve users/groups out-of-processLennart Poettering
It's not safe invoking NSS from PID 1, hence fork off worker processes that upload the policy into the kernel for busnames.
2014-06-05core: don't include /boot in effect of ProtectSystem=Lennart Poettering
This would otherwise unconditionally trigger any /boot autofs mount, which we probably should avoid. ProtectSystem= will now only cover /usr and (optionally) /etc, both of which cannot be autofs anyway. ProtectHome will continue to cover /run/user and /home. The former cannot be autofs either. /home could be, however is frequently enough used (unlikey /boot) so that it isn't too problematic to simply trigger it unconditionally via ProtectHome=.
2014-06-05socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file ↵Lennart Poettering
system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.
2014-06-04core: make sure we properly parse ProtectHome= and ProtectSystem=Lennart Poettering
2014-06-04ycm: update flag blacklistDave Reisner
-Wdate-time isn't known to clang, and it seems to cause errors in syntastic.
2014-06-04networkd: link - intialize mac addressTom Gundersen
Otherwise .netwrok matching on MAC address will not work. Based on patch by Dave Reisner, and bug originally reported by Max Pray.
2014-06-04update TODOLennart Poettering
2014-06-04core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering
also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-04hwdb: fix case-sensitive matchKay Sievers
2014-06-04build-sys: accommodate gcc-4.9.0 link-time optimization (LTO) changesJohn
systemd fails to build (symbols not found/resolved during cgls link step) under gcc-4.9.0 due to link-time optimization (lto) changes, in particular from gcc-4.9.0/NEWS: + When using a linker plugin, compiling with the -flto option now generates slim objects files (.o) which only contain intermediate language representation for LTO. Use -ffat-lto-objects to create files which contain additionally the object code. To generate static libraries suitable for LTO processing, use gcc-ar and gcc-ranlib; to list symbols from a slim object file use gcc-nm. (Requires that ar, ranlib and nm have been compiled with plugin support.) Both -flto and -ffat-lto-objects are now needed when building and linking against static libs w/LTO.
2014-06-04update TODOLennart Poettering
2014-06-04core: provide /dev/ptmx as symlink in PrivateDevices= execution environmentsLennart Poettering
2014-06-04core: make sure PrivateDevices= makes /dev/log availableLennart Poettering
Now that we moved the actual syslog socket to /run/systemd/journal/dev-log we can actually make /dev/log a symlink to it, when PrivateDevices= is used, thus making syslog available to services using PrivateDevices=.
2014-06-04initctl: move /dev/initctl fifo into /run, replace it by symlinkLennart Poettering
With this change we have no fifos/sockets remaining in /dev.
2014-06-04journald: move /dev/log socket to /runLennart Poettering
This way we can make the socket also available for sandboxed apps that have their own private /dev. They can now simply symlink the socket from /dev.
2014-06-04udev: guard REREADPT by exclusive lock instead of O_EXCLKay Sievers
2014-06-04socket: add new Symlinks= option for socket unitsLennart Poettering
With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-04udev: make sure we always get "change" for the diskKay Sievers
The kernel will return 0 for REREADPT when no partition table is found, we have to send out "change" ourselves.
2014-06-04udev: guard REREADP logic with open(O_ECXL)Kay Sievers
2014-06-04udev: try first re-reading the partition tableKay Sievers
mounted partitions: # dd if=/dev/zero of=/dev/sda bs=1 count=1 UDEV [4157.369250] change .../0:0:0:0/block/sda (block) UDEV [4157.375059] change .../0:0:0:0/block/sda/sda1 (block) UDEV [4157.397088] change .../0:0:0:0/block/sda/sda2 (block) UDEV [4157.404842] change .../0:0:0:0/block/sda/sda4 (block) unmounted partitions: # dd if=/dev/zero of=/dev/sdb bs=1 count=1 UDEV [4163.450217] remove .../target6:0:0/6:0:0:0/block/sdb/sdb1 (block) UDEV [4163.593167] change .../target6:0:0/6:0:0:0/block/sdb (block) UDEV [4163.713982] add .../target6:0:0/6:0:0:0/block/sdb/sdb1 (block)
2014-06-04socket: optionally remove sockets/FIFOs in the file system after useLennart Poettering
2014-06-04udev: link-config - fix mem leakTom Gundersen
Reported by Kay.
2014-06-04udev: synthesize "change' events for partitions when tools change the diskKay Sievers
This should make sure that fdisk-like programs will automatically cause an update of all partitions, just like mkfs-like programs cause an update of the partition.
2014-06-04README: mention new required user systemd-bus-proxyLennart Poettering
2014-06-04fsck: disable "-l" option for nowKay Sievers
https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5
2014-06-04udevd: inotify - modernizationsKay Sievers
2014-06-04bus-proxy: drop priviliges if we canLennart Poettering
Either become uid/gid of the client we have been forked for, or become the "systemd-bus-proxy" user if the client was root. We retain CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
2014-06-04remove ReadOnlySystem and ProtectedHome from udevd and logindKay Sievers
logind needs access to /run/user/, udevd fails during early boot with these settings
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-06-03networkd: split runtime config dir from state dirTom Gundersen
Configuration will be in root:root /run/systemd/network and state will be in systemd-network:systemd-network /run/systemd/netif This matches what we do for logind's seat/session state.
2014-06-03udev: exclude device-mapper from block device ownership event lockingKay Sievers
2014-06-03shared: capability - don't loop over the cap bits if they are all unsetTom Gundersen