summaryrefslogtreecommitdiff
path: root/configure.ac
AgeCommit message (Collapse)Author
2010-09-23readahead: implement minimal readahead logic based on fanotify(), mincore() ↵Lennart Poettering
and readahead()
2010-09-17ask-password: popup notification when we ask for a passwordLennart Poettering
2010-09-17ask-password: add minimal framework to allow services query SSL/harddisk ↵Lennart Poettering
passphrases from the user
2010-09-14build-sys: bump versionsystemd/v10Lennart Poettering
2010-09-06systemctl: make --version a little bit more verboseLennart Poettering
2010-09-03build-sys: prepare new releasesystemd/v9Lennart Poettering
2010-08-26build-sys: show audit/selinux in summaryLennart Poettering
2010-08-25build-sys: prepare release v8systemd/v8Lennart Poettering
2010-08-11main: disable nscd properly, if possibleLennart Poettering
2010-08-11audit,utmp: implement audit logic and rip utmp stuff out of the main daemon ↵Lennart Poettering
and into a helper binary
2010-08-10build-sys: prepare release 7systemd/v7Lennart Poettering
2010-08-06build-sys: prepare new releasesystemd/v6Lennart Poettering
2010-08-04prepare new releasesystemd/v5Lennart Poettering
2010-08-03Systemd is causing mislabeled devices to be created and then attempting to ↵Daniel J Walsh
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e
2010-07-23socket: SELinux support for socket creation.Daniel J Walsh
It seems to work on my machine. /proc/1/fd/20 system_u:system_r:system_dbusd_t:s0 /proc/1/fd/21 system_u:system_r:avahi_t:s0 And the AVC's seem to have dissapeared when a confined app trys to connect to dbus or avahi. If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch You should be able to boot in enforcing mode.
2010-07-22build-sys: prepare release 4Lennart Poettering
2010-07-22build-sys: fix compatibility with vala 0.9Lennart Poettering
2010-07-13build-sys: bump releasesystemd/v3Lennart Poettering
2010-07-12cgroup: reimplement the last bit of libcgroup functionality nativelyLennart Poettering
2010-07-12build-sys: require udev 160 to fix notify socket abstract namespace sockaddr ↵Lennart Poettering
length
2010-07-10build-sys: drop special name hack for dbus.service since a native service ↵Lennart Poettering
file is now shipped upstream dbus
2010-07-09build-sys: bump versionLennart Poettering
2010-07-09build-sys: disable inline warningsLennart Poettering
2010-07-07build-sys: prepare release 1systemd/v1Lennart Poettering
2010-06-21pam: implement systemd PAM module and generelize cgroup API for that a bitLennart Poettering
2010-06-18build-sys: speed up build via convenience libraryLennart Poettering
2010-06-17gcc: disable warn_unused_result attribute warningsLennart Poettering
2010-06-17fix --nonet calls to xsltprocPavol Rusnak
Also, fix spelling of openSUSE
2010-06-17build-sys: pass -fno-strict-aliasing by defaultLennart Poettering
2010-06-16build-sys: fix configure output without libwrapLennart Poettering
2010-06-16service: optionally call into PAM when dropping priviligesLennart Poettering
2010-06-16socket: add optional libwrap supportLennart Poettering
2010-06-09build-sys: enable bz2 tarballsLennart Poettering
2010-06-07build-sys: make make distcheck work againLennart Poettering
2010-06-07dbus: install bus activation fileLennart Poettering
2010-06-02build-sys: call AC_OUTPUT without any argumentsChristian Ruppert
2010-06-02build-sys: default rootdir to prefixLennart Poettering
2010-06-02build-sys: install stuff intended for / into ${rootdir} which is ↵Lennart Poettering
configurable with --with-rootdir=
2010-05-22device: make use of new libudev tags logicLennart Poettering
2010-05-20units: SUSE supportKay Sievers
2010-05-18build-sys: remove vala generated sources only when valac is aroundLennart Poettering
2010-05-17cgroup: don't require debug cgroup controller anymore, use name hierarchy ↵Lennart Poettering
instead
2010-05-17man: replace syslog name in man page by configured nameLennart Poettering
2010-05-17build-sys: set M4_DISTRO_FLAG from the configure scriptLennart Poettering
2010-05-17build-sys: fix --distro= configure explationsLennart Poettering
2010-05-17units: add distribution-specific unitsLennart Poettering
2010-05-16build-sys: provide distro-agnostic defaults for distro-specific settingsLennart Poettering
2010-05-16units: automatically generated syslog.targetLennart Poettering
2010-05-16build-sys: move source files to subdirectoryLennart Poettering
2010-05-16build-sys: use autoconf'igured mkdir/ln/sed programsLennart Poettering