Age | Commit message (Collapse) | Author |
|
|
|
|
|
Support for writing to cgroup.procs was introduced in 3.0
|
|
See edeb68c53f1cdc452016b4c8512586a70b1262e3.
|
|
the user what's going on
Let's try to be helpful to the user and give him a hint what he can do
to make nspawn work with normal OS containers.
https://bugzilla.redhat.com/show_bug.cgi?id=893751
|
|
|
|
SMACK is the Simple Mandatory Access Control Kernel, a minimal
approach to Access Control implemented as a kernel LSM.
The kernel exposes the smackfs filesystem API through which access
rules can be loaded. At boot time, we want to load the access rules
as early as possible to ensure all early boot steps are checked by Smack.
This patch mounts smackfs at the new location at /sys/fs/smackfs for
kernels 3.8 and above. The /smack mountpoint is not supported.
After mounting smackfs, rules are loaded from the usual location.
For more information about Smack see:
http://www.kernel.org/doc/Documentation/security/Smack.txt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
files
Previously all journal files were owned by "adm". In order to allow
specific users to read the journal files without granting it access to
the full "adm" powers, introduce a new specific group for this.
"systemd-journal" has to be created by the packaging scripts manually at
installation time. It's a good idea to assign a static UID/GID to this
group, since /var/log/journal might be shared across machines via NFS.
This commit also grants read access to the journal files by default to
members of the "wheel" and "adm" groups via file system ACLs, since
these "almost-root" groups should be able to see what's going on on the
system. These ACLs are created by "make install". Packagers probably
need to duplicate this logic in their postinst scripts.
This also adds documentation how to grant access to the journal to
additional users or groups via fs ACLs.
|
|
|
|
Build instructions:
make
make DESTIDIR=/tmp/... install
make DESTIDIR=/tmp/... sphinx-html sphinx-man sphinx-epub ...
|
|
|
|
runtime-optional already)
|
|
|
|
Use '>=' everywhere for consistency and point out that new util-linux
provides sulogin.
|
|
|
|
kmod is unecessary if loadable module support is disabled in the kernel,
so make the dependency optional.
|
|
|
|
|
|
This also enables time-based rotation (but not vacuuming) after 1month,
so that not more one month of journal is lost at a time per vacuuming.
|
|
|
|
|
|
This minimal HTTP server can serve journal data via HTTP. Its primary
purpose is synchronization of journal data across the network. It serves
journal data in three formats:
text/plain: the text format known from /var/log/messages
application/json: the journal entries formatted as JSON
application/vnd.fdo.journal: the binary export format of the journal
The HTTP server also serves a small HTML5 app that makes use of the JSON
serialization to present the journal data to the user.
Examples:
This downloads the journal in text format:
# systemctl start systemd-journal-gatewayd.service
# wget http://localhost:19531/entries
Same for JSON:
# curl -H"Accept: application/json" http://localhost:19531/entries
Access via web browser:
$ firefox http://localhost:19531/
|
|
|
|
|
|
|
|
|
|
|
|
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
|
|
They've moved to systemd-ui.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
and document the new build requirement.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|