summaryrefslogtreecommitdiff
path: root/configure.ac
AgeCommit message (Collapse)Author
2010-09-27sysv: optionally disable of SysV init/rcN.d support at compile timeFabiano Fidencio
This patch adds a cpp definition HAVE_SYSV_COMPAT that is used to isolate code dealing with /etc/init.d and /etc/rcN.d for systems where it does not make sense (one that does not use sysv or one that is fully systemd native). The patch tries to be as little intrusive as possible, however in order to minimize the number of #ifdef'ed regions I've reordered some code in path-lookup.c:lookup_paths_init() where all code dealing with sysv is now isolated under running_as == MANAGER_SYSTEM as well. Moreover, In struct Service, some fields were rearranged to reduce the number of ifdefs. Lennart's suggestions were fixed and squashed with the original patch, that was sent by Gustavo Sverzut Barbieri (barbieri@profusion.mobi).
2010-09-23readahead: implement minimal readahead logic based on fanotify(), mincore() ↵Lennart Poettering
and readahead()
2010-09-17ask-password: popup notification when we ask for a passwordLennart Poettering
2010-09-17ask-password: add minimal framework to allow services query SSL/harddisk ↵Lennart Poettering
passphrases from the user
2010-09-14build-sys: bump versionsystemd/v10Lennart Poettering
2010-09-06systemctl: make --version a little bit more verboseLennart Poettering
2010-09-03build-sys: prepare new releasesystemd/v9Lennart Poettering
2010-08-26build-sys: show audit/selinux in summaryLennart Poettering
2010-08-25build-sys: prepare release v8systemd/v8Lennart Poettering
2010-08-11main: disable nscd properly, if possibleLennart Poettering
2010-08-11audit,utmp: implement audit logic and rip utmp stuff out of the main daemon ↵Lennart Poettering
and into a helper binary
2010-08-10build-sys: prepare release 7systemd/v7Lennart Poettering
2010-08-06build-sys: prepare new releasesystemd/v6Lennart Poettering
2010-08-04prepare new releasesystemd/v5Lennart Poettering
2010-08-03Systemd is causing mislabeled devices to be created and then attempting to ↵Daniel J Walsh
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e
2010-07-23socket: SELinux support for socket creation.Daniel J Walsh
It seems to work on my machine. /proc/1/fd/20 system_u:system_r:system_dbusd_t:s0 /proc/1/fd/21 system_u:system_r:avahi_t:s0 And the AVC's seem to have dissapeared when a confined app trys to connect to dbus or avahi. If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch You should be able to boot in enforcing mode.
2010-07-22build-sys: prepare release 4Lennart Poettering
2010-07-22build-sys: fix compatibility with vala 0.9Lennart Poettering
2010-07-13build-sys: bump releasesystemd/v3Lennart Poettering
2010-07-12cgroup: reimplement the last bit of libcgroup functionality nativelyLennart Poettering
2010-07-12build-sys: require udev 160 to fix notify socket abstract namespace sockaddr ↵Lennart Poettering
length
2010-07-10build-sys: drop special name hack for dbus.service since a native service ↵Lennart Poettering
file is now shipped upstream dbus
2010-07-09build-sys: bump versionLennart Poettering
2010-07-09build-sys: disable inline warningsLennart Poettering
2010-07-07build-sys: prepare release 1systemd/v1Lennart Poettering
2010-06-21pam: implement systemd PAM module and generelize cgroup API for that a bitLennart Poettering
2010-06-18build-sys: speed up build via convenience libraryLennart Poettering
2010-06-17gcc: disable warn_unused_result attribute warningsLennart Poettering
2010-06-17fix --nonet calls to xsltprocPavol Rusnak
Also, fix spelling of openSUSE
2010-06-17build-sys: pass -fno-strict-aliasing by defaultLennart Poettering
2010-06-16build-sys: fix configure output without libwrapLennart Poettering
2010-06-16service: optionally call into PAM when dropping priviligesLennart Poettering
2010-06-16socket: add optional libwrap supportLennart Poettering
2010-06-09build-sys: enable bz2 tarballsLennart Poettering
2010-06-07build-sys: make make distcheck work againLennart Poettering
2010-06-07dbus: install bus activation fileLennart Poettering
2010-06-02build-sys: call AC_OUTPUT without any argumentsChristian Ruppert
2010-06-02build-sys: default rootdir to prefixLennart Poettering
2010-06-02build-sys: install stuff intended for / into ${rootdir} which is ↵Lennart Poettering
configurable with --with-rootdir=
2010-05-22device: make use of new libudev tags logicLennart Poettering
2010-05-20units: SUSE supportKay Sievers
2010-05-18build-sys: remove vala generated sources only when valac is aroundLennart Poettering
2010-05-17cgroup: don't require debug cgroup controller anymore, use name hierarchy ↵Lennart Poettering
instead
2010-05-17man: replace syslog name in man page by configured nameLennart Poettering
2010-05-17build-sys: set M4_DISTRO_FLAG from the configure scriptLennart Poettering
2010-05-17build-sys: fix --distro= configure explationsLennart Poettering
2010-05-17units: add distribution-specific unitsLennart Poettering
2010-05-16build-sys: provide distro-agnostic defaults for distro-specific settingsLennart Poettering
2010-05-16units: automatically generated syslog.targetLennart Poettering
2010-05-16build-sys: move source files to subdirectoryLennart Poettering