summaryrefslogtreecommitdiff
path: root/src/core/socket.c
AgeCommit message (Collapse)Author
2012-11-15Isolation of udev code from remaining systemdAnthony G. Basile
This commit is a first attempt to isolate the udev code from the remaining code base. It intentionally does not modify any files but purely delete files which, on a first examination, appear to not be needed. This is a sweeping commit which may easily have missed needed code. Files can be retrieved by doing a checkout from the previous commit: git checkout 2944f347d0 -- <filename>
2012-11-06Revert "Implement SocketUser= and SocketGroup= for [Socket]"Dave Reisner
This was never intended to be pushed. This reverts commit aea54018a5e66a41318afb6c6be745b6aef48d9e.
2012-11-05Implement SocketUser= and SocketGroup= for [Socket]Dave Reisner
Since we already allow defining the mode of AF_UNIX sockets and FIFO, it makes sense to also allow specific user/group ownership of the socket file for restricting access.
2012-10-30SMACK: Add configuration options. (v3)Auke Kok
This adds SMACK label configuration options to socket units. SMACK labels should be applied to most objects on disk well before execution time, but two items remain that are generated dynamically at run time that require SMACK labels to be set in order to enforce MAC on all objects. Files on disk can be labelled using package management. For device nodes, simple udev rules are sufficient to add SMACK labels at boot/insertion time. Sockets can be created at run time and systemd does just that for several services. In order to protect FIFO's and UNIX domain sockets, we must instruct systemd to apply SMACK labels at runtime. This patch adds the following options: Smack - applicable to FIFO's. SmackIpIn/SmackIpOut - applicable to sockets. No external dependencies are required to support SMACK, as setting the labels is done using fsetxattr(). The labels can be set on a kernel that does not have SMACK enabled either, so there is no need to #ifdef any of this code out. For more information about SMACK, please see Documentation/Smack.txt in the kernel source code. v3 of this patch changes the config options to be CamelCased.
2012-10-16mount: don't try to initialize extra deps for mount units before ↵Lennart Poettering
initializing their basic fields Under some circumstances this could lead to a segfault since we we half-initialized a mount unit, then tried to hook it into the network of things and while doing that recursively ended up looking at our half-initialized mount unit again assuming it was fully initialized.
2012-09-18core: move ManagerRunningAs to sharedZbigniew Jędrzejewski-Szmek
Note: I did s/MANAGER/SYSTEMD/ everywhere, even though it makes the patch quite verbose. Nevertheless, keeping MANAGER prefix in some places, and SYSTEMD prefix in others would just lead to confusion down the road. Better to rip off the band-aid now.
2012-09-18unit-printf: before resolving exec context specifiers check whether the ↵Lennart Poettering
object actually has an exec context
2012-09-18unit: split unit_printf() and friends into its own .c fileLennart Poettering
2012-09-18logind: split up inhibit acquire policyLennart Poettering
2012-09-16socket: prevent signed integer overflowDave Reisner
src/core/socket.c:588:25: error: overflow in implicit constant conversion src/core/socket.c:589:17: error: overflow in implicit constant conversion
2012-08-14service: add options RestartPreventExitStatus and SuccessExitStatusLukas Nykryn
In some cases, like wrong configuration, restarting after error does not help, so administrator can specify statuses by RestartPreventExitStatus which will not cause restart of a service. Sometimes you have non-standart exit status, so this can be specified by SuccessfulExitStatus.
2012-07-20units: apply default resource limits to socket/mount/swap processes tooLennart Poettering
2012-07-20core: drop KillMode parameter from KillUnit() bus callLennart Poettering
It made no sense, and since we are documenting the bus calls now and want to include them in our stability promise we really should get it cleaned up sooner, not later.
2012-07-20unit: split off KillContext from ExecContext containing only kill definitionsLennart Poettering
2012-07-16unit: set default working directory to the user's home directory when ↵Lennart Poettering
running in user mode
2012-07-10unit: get rid of UnitVTable.suffix, which is now unusedLennart Poettering
2012-06-22journal: set the _SYSTEMD_UNIT field for messages from terminated processesEelco Dolstra
As described in https://bugs.freedesktop.org/show_bug.cgi?id=50184 the journal currently doesn't set fields such as _SYSTEMD_UNIT properly for messages coming from processes that have already terminated. This means among other things that "systemctl status" may not show some of the output of services that wrote messages just before they exited. This patch fixes this by having processes that log to the journal write their unit identifier to journald when the connection to /run/systemd/journal/stdout is opened. Journald stores the unit ID and uses it to fill in _SYSTEMD_UNIT when it cannot be obtained normally (i.e. from the cgroup). To prevent impersonating another unit, this information is only used when the caller is root. This doesn't fix the general problem of getting metadata about messages from terminated processes (which requires some kernel support), but it allows "systemctl status" and similar queries to do the Right Thing for units that log via stdout/stderr.
2012-05-31mkdir: append _label to all mkdir() calls that explicitly set the selinux ↵Kay Sievers
context
2012-05-22units: remove service sysv_path variable and replace it by generic unit_pathLennart Poettering
UnitPath= is also writable via native units and may be used by generators to clarify from which file a unit is generated. This patch also hooks up the cryptsetup and fstab generators to set UnitPath= accordingly.
2012-05-14unit: unit type dependent status messagesMichal Schmidt
Instead of generic "Starting..." and "Started" messages for all unit use type-dependent messages. For example, mounts will announce "Mounting..." and "Mounted". Add status messages to units of types that used to be entirely silent (automounts, sockets, targets, devices). For unit types whose jobs are instantaneous, report only the job completion, not the starting event. Socket units with non-instantaneous jobs are rare (Exec*= is not used often in socket units), so I chose not to print the starting messages for them either. This will hopefully give people better understanding of the boot.
2012-05-08util: split-out path-util.[ch]Kay Sievers
2012-05-03service: explicitly remove control/ subcgroup after each control commandLennart Poettering
The kernel will only notify us of cgroups running empty if no subcgroups exist anymore. Hence make sure we don't leave our own control/ subcgroup around longer than necessary. https://bugzilla.redhat.com/show_bug.cgi?id=818381
2012-04-24service: introduce Type=idle and use it for gettysLennart Poettering
Type=idle is much like Type=simple, however between the fork() and the exec() in the child we wait until PID 1 informs us that no jobs are left. This is mostly a cosmetic fix to make gettys appear only after all boot output is finished and complete. Note that this does not impact the normal job logic as we do not delay the completion of any jobs. We just delay the invocation of the actual binary, and only for services that otherwise would be of Type=simple.
2012-04-17selinux: unify systemd and udev codeKay Sievers
2012-04-13service: place control command in subcgroup control/Lennart Poettering
Previously, we were brutally and onconditionally killing all processes in a service's cgroup before starting the service anew, in order to ensure that StartPre lines cannot be misused to spawn long-running processes. On logind-less systems this has the effect that restarting sshd necessarily calls all active ssh sessions, which is usually not desirable. With this patch control processes for a service are placed in a sub-cgroup called "control/". When starting a service anew we simply kill this cgroup, but not the main cgroup, in order to avoid killing any long-running non-control processes from previous runs. https://bugzilla.redhat.com/show_bug.cgi?id=805942
2012-04-12relicense to LGPLv2.1 (with exceptions)Lennart Poettering
We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2012-04-11move libsystemd_core.la sources into core/Kay Sievers