summaryrefslogtreecommitdiff
path: root/src/core/condition.c
AgeCommit message (Collapse)Author
2014-07-07firstboot: get rid of firstboot generator again, introduce ↵Lennart Poettering
ConditionFirstBoot= instead As Zbigniew pointed out a new ConditionFirstBoot= appears like the nicer way to hook in systemd-firstboot.service on first boots (those with /etc unpopulated), so let's do this, and get rid of the generator again.
2014-06-13core: add new ConditionNeedsUpdate= unit conditionLennart Poettering
This new condition allows checking whether /etc or /var are out-of-date relative to /usr. This is the counterpart for the update flag managed by systemd-update-done.service. Services that want to be started once after /usr got updated should use: [Unit] ConditionNeedsUpdate=/etc Before=systemd-update-done.service This makes sure that they are only run if /etc is out-of-date relative to /usr. And that it will be executed after systemd-update-done.service which is responsible for marking /etc up-to-date relative to the current /usr. ConditionNeedsUpdate= will also checks whether /etc is actually writable, and not trigger if it isn't, since no update is possible then.
2014-06-13condition: minor modernizationsLennart Poettering
2014-05-15Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek
No functional change expected :)
2014-02-21core: add new ConditionArchitecture() that checks the architecture returned ↵Lennart Poettering
by uname()'s machine field.
2014-02-20condition: split out most of condition handling into libsystemd-shardTom Gundersen
The parts that require linknig to libcap, libselinux and friends stays in libsystemd-core.
2014-02-20condition: refactor a bitTom Gundersen
No functional change, just move code around a bit to make it simpler to split out some functions.
2013-11-06util: unify reading of /proc/cmdlineLennart Poettering
Instead of individually checking for containers in each user do this once in a new call proc_cmdline() that read the file only if we are not in a container.
2013-10-10security: rework selinux, smack, ima, apparmor detection logicLennart Poettering
Always cache the results, and bypass low-level security calls when the respective subsystem is not enabled.
2013-07-17systemd,systemctl: export condition status and show failing conditionZbigniew Jędrzejewski-Szmek
$ systemctl --user status hoohoo hoohoo.service Loaded: loaded (/home/zbyszek/.config/systemd/user/hoohoo.service; static) Active: inactive (dead) start condition failed at Tue 2013-06-25 18:08:42 EDT; 1s ago ConditionPathExists=/tmp/hoo was not met Full information is exported over D-Bus: [(condition, trigger, negate, param, state),...] where state is one of "failed" (<0), "untested" (0), "OK" (>0). I've decided to use 0 for "untested", because it might be useful to differentiate different types of failure later on, without breaking compatibility. systemctl shows the failing condition, if there was a non-trigger failing condition, or says "none of the trigger conditions were met", because there're often many trigger conditions, and they must all fail for the condition to fail, so printing them all would consume a lot of space, and bring unnecessary attention to something that is quite low-level.
2013-07-17systemd: log failed conditionsZbigniew Jędrzejewski-Szmek
ConditionPathExists=/tmp/nosuchpath failed for nosuchpath.service.
2013-07-05tests: add tests for string lookup tablesZbigniew Jędrzejewski-Szmek
The tests check if the tables have entries for all values in the enum, and that the entries are unique.
2013-05-30core: use the same test as upstart for apparmorNirbheek Chauhan
Lennart: > Hmm, I just noticed this patch: > > https://code.launchpad.net/~mdeslaur/upstart/apparmor-support/+merge/164169 > > It contains a different check for AppArmor. Basically something like this: > > /sys/module/apparmor/parameters/enabled == 'Y' > > I'd prefer if we could change our code to do the same, given that > the Ubuntu guys are guys are upstream for apparmor. https://bugs.freedesktop.org/show_bug.cgi?id=63312
2013-05-11Add support for ConditionSecurity=imaAuke Kok
Just as with SMACK, we don't really know if a policy has been loaded or not, as the policy interface is write-only. Assume therefore that if ima is present in securityfs that it is enabled. Update the man page to reflect that "ima" is a valid option now as well.
2013-05-11Re-indent with spaces.Auke Kok
2013-05-08condition, man: Add support for ConditionSecurity=smackKarol Lewandowski
According to Documentation/security/Smack.txt: In keeping with the intent of Smack, configuration data is minimal and not strictly required. The most important configuration step is mounting the smackfs pseudo filesystem. This means that checking the mount point should be enough.
2013-05-06condition, man: Add support for ConditionSecurity=apparmorNirbheek Chauhan
Checking for the apparmor directory in securityfs means the apparmor module is loaded and enabled, and hence should suffice as a test. https://bugs.freedesktop.org/show_bug.cgi?id=63312
2013-02-14honor SELinux labels, when creating and writing config filesHarald Hoyer
Also split out some fileio functions to fileio.c and provide a SELinux aware pendant in fileio-label.c see https://bugzilla.redhat.com/show_bug.cgi?id=881577
2012-12-31unit: add ConditionACPower=Lennart Poettering
2012-09-11condition: add ConditionFileNotEmpty=Lennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=54448
2012-08-22unit: add new ConditionHost= condition typeLennart Poettering
2012-05-08util: split-out path-util.[ch]Kay Sievers
2012-04-22util: fix tty_is_vc_resolve() in a container where ↵Lennart Poettering
/sys/class/tty/console/active is misleading
2012-04-12unit: introduce ConditionPathIsReadWriteLennart Poettering
2012-04-12relicense to LGPLv2.1 (with exceptions)Lennart Poettering
We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2012-04-11move libsystemd_core.la sources into core/Kay Sievers