summaryrefslogtreecommitdiff
path: root/src/core
AgeCommit message (Collapse)Author
2012-11-15Isolation of udev code from remaining systemdAnthony G. Basile
This commit is a first attempt to isolate the udev code from the remaining code base. It intentionally does not modify any files but purely delete files which, on a first examination, appear to not be needed. This is a sweeping commit which may easily have missed needed code. Files can be retrieved by doing a checkout from the previous commit: git checkout 2944f347d0 -- <filename>
2012-11-06Revert "Implement SocketUser= and SocketGroup= for [Socket]"Dave Reisner
This was never intended to be pushed. This reverts commit aea54018a5e66a41318afb6c6be745b6aef48d9e.
2012-11-05Implement SocketUser= and SocketGroup= for [Socket]Dave Reisner
Since we already allow defining the mode of AF_UNIX sockets and FIFO, it makes sense to also allow specific user/group ownership of the socket file for restricting access.
2012-11-04mount-setup: try mounting 'efivarfs' only if the system bootet with EFIKay Sievers
2012-11-04kmod-setup: mounting efivarfs, *after* we tried to mount it, is pointlessKay Sievers
The mount() system call, which we issue before loading modules, will trigger a modprobe by the kernel and block until it returns. Trying to load it again later, will have exactly the same result as the first time.
2012-11-04kmod-setup: add conditional module loading callbackKay Sievers
2012-11-03drop Arch Linux support for reading /etc/rc.confDave Reisner
2012-11-03drop Arch Linux support for reading /etc/rc.confDave Reisner
2012-10-31service: drop special HTTP server target, as it is a bad idea anf Fedora ↵Lennart Poettering
specific This was premarily intended to support the LSB facility $httpd which is only known by Fedora, and a bad idea since it lacks any real-life usecase. Similar, drop support for some other old Fedora-specific facilities. Also, document the rules for introduction of new facilities, to clarify the situation for the future.
2012-10-30shared, core: do not always accept numbers in string lookupsMichal Schmidt
The behaviour of the common name##_from_string conversion is surprising. It accepts not only the strings from name##_table but also any number that falls within the range of the table. The order of items in most of our tables is an internal affair. It should not be visible to the user. I know of a case where the surprising numeric conversion leads to a crash. We will allow the direct numeric conversion only for the tables where the mapping of strings to numeric values has an external meaning. This holds for the following lookup tables: - netlink_family, ioprio_class, ip_tos, sched_policy - their numeric values are stable as they are defined by the Linux kernel interface. - log_level, log_facility_unshifted - the well-known syslog interface. We allow the user to use numeric values whose string names systemd does not know. For instance, the user may want to test a new kernel featuring a scheduling policy that did not exist when his systemd version was released. A slightly unpleasant effect of this is that the name##_to_string conversion cannot return pointers to constant strings anymore. The strings have to be allocated on demand and freed by the caller.
2012-10-30SMACK: Add configuration options. (v3)Auke Kok
This adds SMACK label configuration options to socket units. SMACK labels should be applied to most objects on disk well before execution time, but two items remain that are generated dynamically at run time that require SMACK labels to be set in order to enforce MAC on all objects. Files on disk can be labelled using package management. For device nodes, simple udev rules are sufficient to add SMACK labels at boot/insertion time. Sockets can be created at run time and systemd does just that for several services. In order to protect FIFO's and UNIX domain sockets, we must instruct systemd to apply SMACK labels at runtime. This patch adds the following options: Smack - applicable to FIFO's. SmackIpIn/SmackIpOut - applicable to sockets. No external dependencies are required to support SMACK, as setting the labels is done using fsetxattr(). The labels can be set on a kernel that does not have SMACK enabled either, so there is no need to #ifdef any of this code out. For more information about SMACK, please see Documentation/Smack.txt in the kernel source code. v3 of this patch changes the config options to be CamelCased.
2012-10-30systemd: mount the EFI variable filesystemLee, Chun-Yi
Add efivarfs to the mount_table in mount-setup.c, so the EFI variable filesystem will be mounted when systemd executed. The EFI variable filesystem will merge in v3.7 or v3.8 linux kernel. Cc: Kay Sievers <kay@vrfy.org> Cc: Lennart Poettering <lennart@poettering.net> Cc: Mantas Mikulėnas <grawity@gmail.com> Cc: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> Cc: Matt Fleming <matt.fleming@intel.com> Cc: Jeremy Kerr <jeremy.kerr@canonical.com> Cc: Matthew Garrett <mjg@redhat.com> Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
2012-10-29swap: fix swap behaviour with symlinksOlivier Brunel
Starting a swap unit pointing to (What) a symlink (e.g. /dev/mapper/swap or /dev/disk/by-uuid/...) would have said unit marked active, following the one using the "actual" device (/dev/{dm-1,sda3}), but that new unit would be seen as inactive. Since all requests to stop swap units would follow/redirect to it, and it is seen inactive, nothing would be done (swapoff never called). This is because this unit would be treated twice in swap_process_new_swap, the second call to swap_add_one causing it to eventually be marked inactive.
2012-10-29swap: modernize styleZbigniew Jędrzejewski-Szmek
2012-10-29swap: use automatic cleanupZbigniew Jędrzejewski-Szmek
2012-10-29swap: introduce helper variableZbigniew Jędrzejewski-Szmek
Just for readability, no funcational change.
2012-10-28logind: support for hybrid sleep (i.e. suspend+hibernate at the same time)Lennart Poettering
2012-10-27hwclock: do not seal the kernel's time-warp call from inside the initrdKay Sievers
2012-10-25job: avoid recursion into transaction code from job cancelationMichal Schmidt
I hit an "assert(j->installed)" failure in transaction_apply(). Looking into the backtrace I saw what happened: 1. The system was booting. var.mount/start was an installed job. 2. I pressed Ctrl+Alt+Del. 3. reboot.target was going to be isolated. 4. transaction_apply() proceeded to install a var.mount/stop job. 5. job_install() canceled the conflicting start job. 6. Depending jobs ended recursively with JOB_DEPENDENCY, among them was local-fs.target/start. 7. Its OnFailure action triggered - emergency.target was now going to be isolated. 8. We recursed back into transaction_apply() where the half-installed var.mount/stop job confused us. Recursing from job installation back into the transaction code cannot be a good idea. Avoid the problem by canceling the conflicting job non-recursively in job_install(). I don't think we'll miss anything by not recursing here. After all, we are called from transaction_apply(). We will not be installing just this one job, but all jobs from a transaction. All requirement dependencies will be included in it and will be installed separately. Every transaction job will get a chance to cancel its own conflicting installed job.
2012-10-25job: add comments to JobResult valuesMichal Schmidt
2012-10-24remove Fedora hostname, locale, vconsole legacy file supportKay Sievers
2012-10-23mount: make sure m->where is set before unit_add_exec_dependencies()Will Woods
If you enter unit_add_exec_dependencies with m->where = NULL, you'll very likely end up aborting somewhere under socket_needs_mount. (When systemd goes to check to see if the journald socket requires your mount, it'll do path_startswith(path, m->where)... *kaboom*) This patch should ensure that: a) both branches in mount_add_one() set m->where, and b) mount_add_extras() calls unit_add_exec_dependencies() *after* setting m->where.
2012-10-18systemd: use structured logging for unit changesZbigniew Jędrzejewski-Szmek
Information which unit a log entry pertains to enables systemctl status to display more log messages.
2012-10-18core/execute: use cleanup_strv_freeZbigniew Jędrzejewski-Szmek
2012-10-18manager: connect SIGRTMIN+24 to terminating --user instancesLennart Poettering
2012-10-18service: when invoking service processes in --user mode set MANAGERPID to ↵Lennart Poettering
PID of systemd
2012-10-17Properly handle device aliases used as dependenciesEelco Dolstra
If a device unit has aliases defined in udev rules, and there are other units that depend on that alias, as in BindTo=sys-subsystem-net-devices-eth0.device then systemd will fail the start the alias, and any dependent units will time out. See https://bugs.freedesktop.org/show_bug.cgi?id=52580 This is because unit_add_name() in device_add_escaped_name() will return EEXIST. The solution taken here is to call device_update_unit() on the alias name. Thus if a unit with the alias name already exists, we reuse it; otherwise a new unit is created. Creating multiple units for a single device is perhaps suboptimal, but it's consistent with the treatment of udev symlinks in device_process_new_device().
2012-10-16mount: don't try to initialize extra deps for mount units before ↵Lennart Poettering
initializing their basic fields Under some circumstances this could lead to a segfault since we we half-initialized a mount unit, then tried to hook it into the network of things and while doing that recursively ended up looking at our half-initialized mount unit again assuming it was fully initialized.
2012-10-16service: Heuristically determine whether SysV scripts support reloadMichael Stapelberg
This commit checks for a usage line which contains [{|]reload[|}"] (to not errnously match force-reload). Heuristics like this suck, but it solves a real problem and there appears to be no better way...
2012-10-16core/swap.c: Do not add Before=swap.target to swap units.Thomas Bächler
The fstab generator adds Before=swap.target by default, and when creating a custom .swap unit, you can also add Before=swap.target to the unit. However, it is impossible to not have this ordering dependency right now. Virtually all existing setups likely use the fstab generator, so this change is unlikely to break anything.
2012-10-16core: Refuse to run a user instance when the system hasn't been booted with ↵Thomas Bächler
systemd. Running as a user instance won't work at all if systemd isn't running as system manager, so refuse to start in that case.
2012-10-16SELinux patch still broken, in that we are not checking the correct source ↵Daniel J Walsh
context. This patch does the dbus calls correctly.
2012-10-16core: allow Type=oneshot services to have ExecReloadMantas Mikulėnas
Use cases: * iptables.service – atomically reload rules without having to flush them beforehand (which may leave the system insecure if reload fails) * rpc-nfsd.service – reexport filesystems after /etc/exports update without completely stopping and restarting nfsd (In both cases, the actual service is provided by a kernel module and does not have any associated user-space processes, thus Type=oneshot.)
2012-10-13log: introduce a macro to format message idZbigniew Jędrzejewski-Szmek
The MESSAGE_ID=... stanza will appear in countless number of places. It is just too long to write it out in full each time. Incidentally, this also fixes a typo of MESSSAGE is three places.
2012-10-09udev: support multiple entries for ENV{SYSTEMD_ALIAS} and ENV{SYSTEM_WANTS}Kay Sievers
2012-10-08dbus-manager: check return of unit_dbus_pathLukas Nykryn
Reply of dbus_message_new_method_return was check twice and path from unit_dbus_path was not.
2012-10-04dbus: expose Virtualization ID on PID1's bus interfaceLennart Poettering
This allows unprivileged clients to check for the used virtualization even when lacking the privileges that some of the virtualization tests require. https://bugzilla.gnome.org/show_bug.cgi?id=684801
2012-10-03man: document behaviour of ListenStream= with only a port number in regards ↵Lennart Poettering
to IPv4/IPv6
2012-10-03selinux: properly free dbus errorLennart Poettering
2012-10-02selinux: remove anything PID1-specific from selinux-access.[ch] so that we ↵Lennart Poettering
can reuse it in logind
2012-10-02audit: turn the audit fd into a static variableLennart Poettering
As audit is pretty much just a special kind of logging we should treat it similar, and manage the audit fd in a static variable. This simplifies the audit fd sharing with the SELinux access checking code quite a bit.
2012-10-02selinux: rework selinux access check logicLennart Poettering
a) Instead of parsing the bus messages inside of selinux-access.c simply pass everything pre-parsed in the functions b) implement the access checking with a macro that resolves to nothing on non-selinux builds c) split out the selinux checks into their own sources selinux-util.[ch] d) this unifies the job creation code behind the D-Bus calls Manager.StartUnit() and Unit.Start().
2012-09-28selinux: fix various problemsDaniel J Walsh
2012-09-24selinux: use standard D-Bus error id for access deniedLennart Poettering
2012-09-24mount: simplify device node conditions a bitLennart Poettering
2012-09-24mount: only run fsck for actual device nodesLennart Poettering
2012-09-24main: don't try to mout cpuset with cpu+cpuacct anymoreLennart Poettering
Turns out cpuset needs explicit initialization before we could make use of it. Thus mounting cpuset with cpu/cpuacct would make it impossible to just create a group in "cpu" and start it.
2012-09-21journal: completely rework the mmap cache as I too dumb to actually ↵Lennart Poettering
understand it Instead of doing hand optimized fd bisect arrays just use plain old hashmaps. Now I can understand my own code again. Yay! As a side effect this should fix some bad memory accesses caused by accesses after mmap(), introduced in 189.
2012-09-21core: call va_end in all casesLukas Nykryn
2012-09-20fix typosLennart Poettering