Age | Commit message (Collapse) | Author | |
---|---|---|---|
2010-09-27 | sysv: optionally disable of SysV init/rcN.d support at compile time | Fabiano Fidencio | |
This patch adds a cpp definition HAVE_SYSV_COMPAT that is used to isolate code dealing with /etc/init.d and /etc/rcN.d for systems where it does not make sense (one that does not use sysv or one that is fully systemd native). The patch tries to be as little intrusive as possible, however in order to minimize the number of #ifdef'ed regions I've reordered some code in path-lookup.c:lookup_paths_init() where all code dealing with sysv is now isolated under running_as == MANAGER_SYSTEM as well. Moreover, In struct Service, some fields were rearranged to reduce the number of ifdefs. Lennart's suggestions were fixed and squashed with the original patch, that was sent by Gustavo Sverzut Barbieri (barbieri@profusion.mobi). | |||
2010-09-23 | readahead: implement minimal readahead logic based on fanotify(), mincore() ↵ | Lennart Poettering | |
and readahead() | |||
2010-09-17 | ask-password: popup notification when we ask for a password | Lennart Poettering | |
2010-09-17 | ask-password: add minimal framework to allow services query SSL/harddisk ↵ | Lennart Poettering | |
passphrases from the user | |||
2010-09-14 | build-sys: bump versionsystemd/v10 | Lennart Poettering | |
2010-09-06 | systemctl: make --version a little bit more verbose | Lennart Poettering | |
2010-09-03 | build-sys: prepare new releasesystemd/v9 | Lennart Poettering | |
2010-08-26 | build-sys: show audit/selinux in summary | Lennart Poettering | |
2010-08-25 | build-sys: prepare release v8systemd/v8 | Lennart Poettering | |
2010-08-11 | main: disable nscd properly, if possible | Lennart Poettering | |
2010-08-11 | audit,utmp: implement audit logic and rip utmp stuff out of the main daemon ↵ | Lennart Poettering | |
and into a helper binary | |||
2010-08-10 | build-sys: prepare release 7systemd/v7 | Lennart Poettering | |
2010-08-06 | build-sys: prepare new releasesystemd/v6 | Lennart Poettering | |
2010-08-04 | prepare new releasesystemd/v5 | Lennart Poettering | |
2010-08-03 | Systemd is causing mislabeled devices to be created and then attempting to ↵ | Daniel J Walsh | |
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e | |||
2010-07-23 | socket: SELinux support for socket creation. | Daniel J Walsh | |
It seems to work on my machine. /proc/1/fd/20 system_u:system_r:system_dbusd_t:s0 /proc/1/fd/21 system_u:system_r:avahi_t:s0 And the AVC's seem to have dissapeared when a confined app trys to connect to dbus or avahi. If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch You should be able to boot in enforcing mode. | |||
2010-07-22 | build-sys: prepare release 4 | Lennart Poettering | |
2010-07-22 | build-sys: fix compatibility with vala 0.9 | Lennart Poettering | |
2010-07-13 | build-sys: bump releasesystemd/v3 | Lennart Poettering | |
2010-07-12 | cgroup: reimplement the last bit of libcgroup functionality natively | Lennart Poettering | |
2010-07-12 | build-sys: require udev 160 to fix notify socket abstract namespace sockaddr ↵ | Lennart Poettering | |
length | |||
2010-07-10 | build-sys: drop special name hack for dbus.service since a native service ↵ | Lennart Poettering | |
file is now shipped upstream dbus | |||
2010-07-09 | build-sys: bump version | Lennart Poettering | |
2010-07-09 | build-sys: disable inline warnings | Lennart Poettering | |
2010-07-07 | build-sys: prepare release 1systemd/v1 | Lennart Poettering | |
2010-06-21 | pam: implement systemd PAM module and generelize cgroup API for that a bit | Lennart Poettering | |
2010-06-18 | build-sys: speed up build via convenience library | Lennart Poettering | |
2010-06-17 | gcc: disable warn_unused_result attribute warnings | Lennart Poettering | |
2010-06-17 | fix --nonet calls to xsltproc | Pavol Rusnak | |
Also, fix spelling of openSUSE | |||
2010-06-17 | build-sys: pass -fno-strict-aliasing by default | Lennart Poettering | |
2010-06-16 | build-sys: fix configure output without libwrap | Lennart Poettering | |
2010-06-16 | service: optionally call into PAM when dropping priviliges | Lennart Poettering | |
2010-06-16 | socket: add optional libwrap support | Lennart Poettering | |
2010-06-09 | build-sys: enable bz2 tarballs | Lennart Poettering | |
2010-06-07 | build-sys: make make distcheck work again | Lennart Poettering | |
2010-06-07 | dbus: install bus activation file | Lennart Poettering | |
2010-06-02 | build-sys: call AC_OUTPUT without any arguments | Christian Ruppert | |
2010-06-02 | build-sys: default rootdir to prefix | Lennart Poettering | |
2010-06-02 | build-sys: install stuff intended for / into ${rootdir} which is ↵ | Lennart Poettering | |
configurable with --with-rootdir= | |||
2010-05-22 | device: make use of new libudev tags logic | Lennart Poettering | |
2010-05-20 | units: SUSE support | Kay Sievers | |
2010-05-18 | build-sys: remove vala generated sources only when valac is around | Lennart Poettering | |
2010-05-17 | cgroup: don't require debug cgroup controller anymore, use name hierarchy ↵ | Lennart Poettering | |
instead | |||
2010-05-17 | man: replace syslog name in man page by configured name | Lennart Poettering | |
2010-05-17 | build-sys: set M4_DISTRO_FLAG from the configure script | Lennart Poettering | |
2010-05-17 | build-sys: fix --distro= configure explations | Lennart Poettering | |
2010-05-17 | units: add distribution-specific units | Lennart Poettering | |
2010-05-16 | build-sys: provide distro-agnostic defaults for distro-specific settings | Lennart Poettering | |
2010-05-16 | units: automatically generated syslog.target | Lennart Poettering | |
2010-05-16 | build-sys: move source files to subdirectory | Lennart Poettering | |