Age | Commit message (Collapse) | Author |
|
When the user specifies --with-tty-gid= then we should honour that and
write it to the snippet, too.
|
|
static files
systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group
from static definition files that take a lot of inspiration from
tmpfiles snippets. These snippets should carry information about system
users only. To make sure it is not misused for normal users these
snippets only allow configuring UID and gecos field for each user, but
do not allow configuration of the home directory or shell, which is
necessary for real login users.
The purpose of this tool is to enable state-less systems that can
populate /etc with the minimal files necessary, solely from static data
in /usr. systemd-sysuser is additive only, and will never override
existing users.
This tool will create these files directly, and not via some user
database abtsraction layer. This is appropriate as this tool is supposed
to run really early at boot, and is only useful for creating system
users, and system users cannot be stored in remote databases anyway.
The tool is also useful to be invoked from RPM scriptlets, instead of
useradd. This allows moving from imperative user descriptions in RPM to
declarative descriptions.
The UID/GID for a user/group to be created can either be chosen dynamic,
or fixed, or be read from the owner of a file in the file system, in
order to support reconstructing the correct IDs for files that shall be
owned by them.
This also adds a minimal user definition file, that should be
sufficient for most basic systems. Distributions are expected to patch
these files and augment the contents, for example with fixed UIDs for
the users where that's necessary.
|
|
|
|
|
|
systemd fails to build (symbols not found/resolved during cgls link step)
under gcc-4.9.0 due to link-time optimization (lto) changes, in particular
from gcc-4.9.0/NEWS:
+ When using a linker plugin, compiling with the -flto option
now generates slim objects files (.o) which only contain
intermediate language representation for LTO. Use
-ffat-lto-objects to create files which contain additionally
the object code. To generate static libraries suitable for LTO
processing, use gcc-ar and gcc-ranlib; to list symbols from a
slim object file use gcc-nm. (Requires that ar, ranlib and nm
have been compiled with plugin support.)
Both -flto and -ffat-lto-objects are now needed when building and linking
against static libs w/LTO.
|
|
Reported by Samuli Suominen.
|
|
Instead of accessing /proc/1/environ directly, trying to read the
$container variable from it, let's make PID 1 save the contents of that
variable to /run/systemd/container. This allows us to detect containers
without the need for CAP_SYS_PTRACE, which allows us to drop it from a
number of daemons and from the file capabilities of systemd-detect-virt.
Also, don't consider chroot a container technology anymore. After all,
we don't consider file system namespaces container technology anymore,
and hence chroot() should be considered a container even less.
|
|
|
|
|
|
|
|
We shouldn't destroy IPC objects of system users on logout.
http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html
This introduces SYSTEM_UID_MAX defined to the maximum UID of system
users. This value is determined compile-time, either as configure switch
or from /etc/login.defs. (We don't read that file at runtime, since this
is really a choice for a system builder, not the end user.)
While we are at it we then also update journald to use SYSTEM_UID_MAX
when we decide whether to split out log data for a specific client.
|
|
Also remove the equivalent functionality from networkd.
|
|
|
|
|
|
Similarly to NTP servers, this can be set at compile-time.
|
|
|
|
- Add KMOD_CFLAGS and KMOD_LIBS where appropiate
- networkd now requires kmod. make --disable-kmod --enable-networkd
to raise an error.
|
|
|
|
No functional change expected :)
|
|
release time
|
|
Also, allow compiling in a default server list via a configure command
line item.
|
|
|
|
|
|
|
|
--enable-undefined-sanitizer mirrors --enable-memory-sanitizer.
|
|
|
|
|
|
tcpwrap is legacy code, that is barely maintained upstream. It's APIs
are awful, and the feature set it exposes (such as DNS and IDENT
access control) questionnable. We should not support this natively in
systemd.
Hence, let's remove the code. If people want to continue making use of
this, they can do so by plugging in "tcpd" for the processes they start.
With that scheme things are as well or badly supported as they were from
traditional inetd, hence no functionality is really lost.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=76335
|
|
MHD_USE_EPOLL_LINUX_ONLY, MHD_USE_DUAL_STACK are only available in
next-but-last release.
|
|
If --trust=ca.crt is used, only clients presenting certificates signed
by the ca will be allowed to proceed. No hostname matching is
performed, so any client wielding a signed certificate will be
authorized.
Error functions are moved from journal-gateway to microhttp-util and
made non-static, since now they are used in two source files.
|
|
|
|
|
|
some systems still make the distiction between bin and sbin.
|
|
This way each user allocates from his own pool, with its own size limit.
This puts the size limit by default to 10% of the physical RAM size but
makes it configurable in logind.conf.
|
|
|
|
The release tarballs ship with pre-generated man pages, so we do not
need xsltproc for a typical end-user build.
Developers will probably have xsltproc anyway, but if not they will now
encounter a build-time failure instead of an error in configure.
|
|
|
|
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
|
|
We do a lot of these casts, and they are all OK, so let's get rid of the
warning, to make things quieter.
http://lists.freedesktop.org/archives/systemd-devel/2014-February/017174.html
|
|
Debian Stable is still using glibc 2.13, which doesn't provide the setns().
So we detect this and provide a tiny wrapper that issues the setns syscall
towards the kernel.
|
|
|
|
|
|
- Allow configuration of an errno error to return from blacklisted
syscalls, instead of immediately terminating a process.
- Fix parsing logic when libseccomp support is turned off
- Only keep the actual syscall set in the ExecContext, and generate the
string version only on demand.
|
|
|
|
Since the manpage indices generated without lxml would be missing some
parts, it doesn't make sense to keep lxml optional anymore.
|
|
Compat stuff is moved to src/compat-libs/.
Warnings are issued when programs are linked with the deprecated library.
|
|
gold doesn't exhibit the problems with linking of compatibility
libraries.
It is also slightly faster:
make clean && make -j5 bfd gold
real 34.885s 33.707s
user 34.486s 32.189s
sys 9.929s 10.845s
real 35.128s 33.508s
user 34.660s 31.858s
sys 10.798s 10.341s
real 35.405s 33.748s
user 34.765s 32.384s
sys 11.635s 10.998s
real 35.250s 33.795s
user 34.704s 32.253s
sys 11.220s 11.469s
touch src/libsystemd/sd-bus.c && make -j5
bfd gold
real 10.224s 9.030s
user 11.664s 9.877s
sys 3.431s 2.878s
real 10.021s 9.165s
user 11.526s 9.990s
sys 3.061s 3.015s
real 10.233s 8.961s
user 11.657s 9.973s
sys 3.467s 2.202s
real 10.160s 9.086s
user 11.637s 9.950s
sys 3.188s 2.859s
|
|
The incorrect shell code of AS_IF always get false value, so it always
build without dbus though build with "--enable-dbus" explicitely.
|
|
In shells like bash, == and = are equivalent in test contexts. In POSIX
compliant shells, == isn't a valid operator.
|