summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-12-09bus-proxy: cloning smack labelPrzemyslaw Kedzierski
When dbus client connects to systemd-bus-proxyd through Unix domain socket proxy takes client's smack label and sets for itself. It is done before and independent of dropping privileges. The reason of such soluton is fact that tests of access rights performed by lsm may take place inside kernel, not only in userspace of recipient of message. The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label. In case of systemd running in system mode, CAP_MAC_ADMIN should be added to CapabilityBoundingSet in service file of bus-proxyd. In case of systemd running in user mode ('systemd --user') it can be achieved by addition Capabilities=cap_mac_admin=i and SecureBits=keep-caps to user@.service file and setting cap_mac_admin+ei on bus-proxyd binary.
2014-12-09run: introduce timer support optionWaLyong Cho
Support timer options --on-active=, --on-boot=, --on-startup=, --on-unit-active=, --on-unit-inactive=, --on-calendar=. Each options corresponding with OnActiveSec=, OnBootSec=, OnStartupSec=, OnUnitActiveSec=, OnUnitInactiveSec=, OnCalendar= of timer respectively. And OnCalendar= and WakeSystem= supported by --timer-property= option like --property= of systemd-run. And if --unit= option and timer options are specified the command can be omitted. In this case, systemd-run assumes the target service is already loaded. And just try to generate transient timer unit only.
2014-12-09update TODOLennart Poettering
2014-12-09sd-bus: get rid of PID starttime conceptLennart Poettering
As kdbus no longer exports this, remove all traces from sd-bus too
2014-12-09sd-bus: properly support passing memfds around with offset/size parametersLennart Poettering
2014-12-09bus: sync with kdbus-git (ABI break)David Herrmann
kdbus-git gained two new features: * memfd offsets: This allows to specify a 'start' offset in kdbus_memfd so you can send partial memfd hunks instead of always the full memfd * KDBUS_HELLO_UNPRIVILEGED: If passed during HELLO, the client will be treated as unprivileged.
2014-12-09libsystemd-network: fix writing of routes in dhcp lease fileDan Winship
inet_ntoa() uses a static buffer, so you can't call it twice in the same fprintf() call.
2014-12-09sleep: drop redundant MESSAGE= prefixLennart Poettering
2014-12-09update TODOLennart Poettering
2014-12-09journalctl: respect --after-cursor semantics with --follow in all casesWesley Dawson
In the case where no entries have been added to the journal after the specified cursor, set need_seek before the main loop to prevent display of the entry at said cursor.
2014-12-09core: rename unit_destroy_cgroup() to unit_destroy_cgroup_if_empty() since ↵Lennart Poettering
it's not quite as destructive as it sounds nowadays
2014-12-09cgroup: Handle error when destroying cgroupRoss Lagerwall
If a cgroup fails to be destroyed (most likely because there are still processes running as part of a service after the main pid exits), don't free and remove the cgroup unit from the manager. This fixes a regression introduced by the cgroup rework in v205 where systemd would forget about processes still running after the unit becomes inactive. (This can happen when the main pid exits and KillMode=process or none).
2014-12-09fstab-generator: Allow mount.usr without mount.usrflags, honor rw/roMichael Marineau
There is no need to require mount.usrflags. The original implementation assumed that a btrfs subvolume would always be needed but that is not applicable to systems that do not use btrfs for /usr. Similar to using rootflags= for the default of mount.usrflags=, append the classic 'ro' and 'rw' flags to the mount options.
2014-12-09fstab-generator: free all allocated stringsLennart Poettering
2014-12-09units: make sure container-getty@.service stops restarting when the pts ↵Lennart Poettering
device it is bound to is gone We only want to restart the getty as long as the pts device is still around. As soon as it is gone, the service should be removed to. http://lists.freedesktop.org/archives/systemd-devel/2014-December/026048.html
2014-12-09update TODOLennart Poettering
2014-12-09nspawn: make sure macvlan MAC addresses are stableLennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=85527
2014-12-09sd-rtnl: fix size check in sd_rtnl_message_append_string()Lennart Poettering
2014-12-09update TODOLennart Poettering
2014-12-09sd-bus: catch up with current kdbus, don't do matches on kdbus monitor ↵Lennart Poettering
connections
2014-12-08update TODOLennart Poettering
2014-12-08bus-proxy: fix compat with autostarted servicesLennart Poettering
2014-12-08load-fragment: remove wrong ifdef guardZbigniew Jędrzejewski-Szmek
config_parse_warn_compat is now always used for removed options. https://bugs.freedesktop.org/show_bug.cgi?id=87125
2014-12-08networkd: manager - enumerate addresses globally, rather than per-linkTom Gundersen
The kernel always returns all addresses, rather than only for the given link, so let's only enumerate once.
2014-12-08journal: Fix navigating backwards missing entriesOlivier Brunel
With DIRECTION_UP (i.e. navigating backwards) in generic_array_bisect() when the needle was found as the last item in the array, it wasn't actually processed as match, resulting in entries being missed. https://bugs.freedesktop.org/show_bug.cgi?id=86855
2014-12-08networkd: link - typoTom Gundersen
2014-12-08sd-rtnl: fix bogus warning about dropping 20 bytes from multi-part messagesTom Gundersen
Nothing was being dropped, we just failed to account for the NLMSG_DONE.
2014-12-08networkd: route - ignore unknown address familyTom Gundersen
2014-12-08udev: link-config - simplify net-matchTom Gundersen
2014-12-08Check return value from reading name_assign_type attrDave Reisner
This file won't exist on kernels earlier than 3.17.
2014-12-08networkd: update manpage for optional Gateway=Mantas Mikulėnas
Following commit 59580681f5f.
2014-12-08timer: timer can be a transient unitWaLyong Cho
2014-12-08bus: StartTransientUnit can have aux unitWaLyong Cho
2014-12-08update TODOLennart Poettering
2014-12-08sd-bus: rework ELF error mapping table magicLennart Poettering
The ELF magic cannot work for consumers of our shard library, since they are in a different module. Hence make all the ELF magic private, and instead introduce a public function to register additional static mapping table.
2014-12-06remove duplicated includesThomas Hindoe Paaboel Andersen
2014-12-05net_setup/networkd: warn if matching is done on possibly unstable ifnameTom Gundersen
2014-12-05update TODOLennart Poettering
2014-12-05man: fix reference to obsolete command "systemctl dump"Felipe Sateler
https://bugs.freedesktop.org/show_bug.cgi?id=87020
2014-12-05sd-bus: follow kdbus changes (ABI break)Daniel Mack
Implement a recent change in the kdbus pool logic: PAYLOAD_VEC_OFF items are now referencing offsets relative to the connection's pool, not to the item itself. Follow this change in sd-bus.
2014-12-05cryptsetup-generator: Add support for naming luks devices on kernel cmdlineJan Janssen
2014-12-05cryptsetup-generator: Add support for UUID-specific key files on kernel ↵Jan Janssen
command line
2014-12-05cryptsetup-generator: Split main() into more functions and use hasmapsJan Janssen
2014-12-05man: there's actually no "fail" fstab option, but only "nofail"Lennart Poettering
2014-12-05networkd: add basic [Link] settings to .network filesTom Gundersen
This allows the default link settings (set in .link files) to be overridden per Network. Only MTU and MACAddress is supported for now.
2014-12-04gitignore: ignore generated systemd-bootchart.serviceWaLyong Cho
2014-12-04sd-bus: add extra assert checkLennart Poettering
2014-12-04tmpfiles, man: Add xattr support to tmpfilesMaciej Wereski
This patch makes it possible to set extended attributes on files created by tmpfiles. This can be especially used to set SMACK security labels on volatile files and directories. It is done by adding new line of type "t". Such line should contain attributes in Argument field, using following format: name=value All other fields are ignored. If value contains spaces, then it must be surrounded by quotation marks. User can also put quotation mark in value by escaping it with backslash. Example: D /var/run/cups - - - - t /var/run/cups - - - - security.SMACK64=printing
2014-12-04missing: define NET_NAME_UNKNOWNColin Walters
It's only exposed to userspace since commit 685343fc3ba61a1f6eef361b786601123db16c28 Author: Tom Gundersen <teg@jklm.no> AuthorDate: Mon Jul 14 16:37:22 2014 +0200 Commit: David S. Miller <davem@davemloft.net> CommitDate: Tue Jul 15 16:12:01 2014 -0700 to the kernel.
2014-12-04udev: net_setup - allow matching on OriginalName=Tom Gundersen
This has been requested repeatedly, so let's give it a go. We explicitly do not allow matching on names that have already been changed (from a previous udev run, or otherwise), and matching on unpredictable names (ethX) is discouraged (but not currently disallowed). We also currently allow: [Match] Name=veth0 [Link] Name=my-name0 SomeOtherSetting=true Which means that the link file will be applied the first time it is invoked, but not on subsequent invocations, which may be surprising.