| Age | Commit message (Collapse) | Author |
|---|
|
According to Documentation/security/Smack.txt:
In keeping with the intent of Smack, configuration data is minimal
and not strictly required. The most important configuration step is
mounting the smackfs pseudo filesystem.
This means that checking the mount point should be enough.
|
|
|
|
static hostname and if the static hostname is set, too
https://bugzilla.redhat.com/show_bug.cgi?id=957814
|
|
|
|
Previously we skipped every second entry.
This also cleans up much of the code and removes some dead code.
|
|
This patch escapes a unit name which was derived from udev.
Please imagine following udev rule.
ACTION=="online|offline", TAG+="systemd", ENV{SYSTEMD_WANTS}="muneda@%p.service"
ACTION=="online|offline", TAG+="systemd", ENV{SYSTEMD_WANTS}="muneda@%r.service"
ACTION=="online|offline", TAG+="systemd", ENV{SYSTEMD_WANTS}="muneda@%S.service"
When unit name is derived from udev via
udev_device_get_property_value(), the name may contains '/' if
ENV{SYSTEMD_WANTS} has the udev options $devpath(%p), $root(%r), or
$sys(%S). However, '/' is a invalid char for unit name so processing
of this rule fails as Invalid argument with following message.
Apr 22 13:21:37 localhost systemd[1]: Failed to load device unit: Invalid argument
Apr 22 13:21:37 localhost systemd[1]: Failed to process udev device event: Invalid argument
This patch escapes those invalid chars in a unit name.
Tested with 202, and confirmed to apply cleanly on top of commit 195f8e36.
Thanks,
Takahiro
|
|
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36
http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
|
|
|
|
Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
|
|
|
|
I'm assuming that it's fine if a _const_ or _pure_ function
calls assert. It is assumed that the assert won't trigger,
and even if it does, it can only trigger on the first call
with a given set of parameters, and we don't care if the
compiler moves the order of calls.
|
|
Add missing property and remove duplicate properties already in
src/core/dbus-kill.h
|
|
systemd:/system subtree
|
|
Also, always accept both our simple hexdump syntax and UUID syntax.
|
|
Related to https://bugzilla.redhat.com/show_bug.cgi?id=957135.
|
|
|
|
This was needed with log_struct_unit() but log_notice_unit() adds it
anyway.
|
|
|
|
When a trigger unit wants to know if a stop is queued for it, we should
just check precisely that and do not check whether it is actually
stopped already. This is because we use these checks usually from state
change calls where the state variables are not updated yet.
This change splits unit_pending_inactive() into two calls
unit_inactive_or_pending() and unit_stop_pending(). The former checks
state and pending jobs, the latter only pending jobs.
|
|
The time for systemd initialization and selinux policy loading
is accounted to the initrd or the kernel, which is wrong.
Instead of:
Startup finished in 5.559s (firmware) + 36ms (loader) + 665ms (kernel) +
975ms (initrd) + 1.410s (userspace) = 8.647s
the more correct output is:
Startup finished in 5.559s (firmware) + 36ms (loader) + 665ms (kernel) +
475ms (initrd) + 1.910s (userspace) = 8.647s
|
|
Disallow recursive .include, and make it unavailable in anything but
unit files.
|
|
Let's better be safe than sorry.
|
|
|
|
|
|
Freeing in error path is the common pattern with set_put().
|
|
It's polite to print the name of the link that wasn't created,
and it makes little sense to print the target.
|
|
xattrs on cgroup fs were added back in v3.6-rc3-3-g03b1cde. But we
support kernels >= 2.6.39, and we should also support kernels compiled
w/o xattr support, even if systemd is compiled with xattr support.
Fall back to mounting without xattr support.
Tested-by: Colin Walters <walters@verbum.org>
|
|
of their conditions fails
|
|
Instead of having explicit type-specific callbacks that inform the
triggering unit when a triggered unit changes state, make this generic
so that state changes are forwarded betwee any triggered and triggering
unit.
Also, get rid of UnitRef references from automount, timer, path units,
to the units they trigger and rely exclsuively on UNIT_TRIGGER type
dendencies.
|
|
Session objects will now get the .session suffix, user objects the .user
suffix, nspawn containers the .nspawn suffix.
This also changes the user cgroups to be named after the numeric UID
rather than the username, since this allows us the parse these paths
standalone without requiring access to the cgroup file system.
This also changes the mapping of instanced units to cgroups. Instead of
mapping foo@bar.service to the cgroup path /user/foo@.service/bar we
will now map it to /user/foo@.service/foo@bar.service, in order to
ensure that all our objects are properly suffixed in the tree.
|
|
|
|
All attributes are stored as text, since root_directory is already
text, and it seems easier to have all of them in text format.
Attributes are written in the trusted. namespace, because the kernel
currently does not allow user. attributes on cgroups. This is a PITA,
and CAP_SYS_ADMIN is required to *read* the attributes. Alas.
A second pipe is opened for the child to signal the parent that the
cgroup hierarchy has been set up.
|
|
|
|
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
|
|
|
|
bus_error and bus_error_message_or_strerror dit almost exactly the same,
so use only one of them and place it in dbus-common.
|
|
|
|
ExecContext isn't used in this header file, and everything seems to
build just fine without this typedef. The typedef doesn't really belong
here, and at least my gcc-4.4.6 gives an error on type redefined.
|
|
Because "export key=val" is not supported by systemd, an error is logged
where the invalid assignment is coming from.
Introduce strv_env_clean_log() to log invalid environment assignments,
where logging is possible and allowed.
parse_env_file_internal() is modified to allow WHITESPACE in keys, to
report the issues later on.
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=772073
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=63189
better fail than segfault
systemd[1]: Failed to load device unit: Invalid argument
systemd[1]: Failed to process udev device event: Invalid argument
|
|
They are irrelevant and misleading.
E.g. systemd-analyze:
Startup finished in 6d 4h 15min 32.330s (kernel) + 49ms 914us (userspace) = 6d 4h 15min 32.380s
becomes
Startup finished in 53.735ms (userspace) = 53.735ms
which looks much better :)
|
|
|
|
The information about the unit for which files are being parsed
is passed all the way down. This way messages land in the journal
with proper UNIT=... or USER_UNIT=... attribution.
'systemctl status' and 'journalctl -u' not displaying those messages
has been a source of confusion for users, since the journal entry for
a misspelt setting was often logged quite a bit earlier than the
failure to start a unit.
Based-on-a-patch-by: Oleksii Shevchuk <alxchk@gmail.com>
|
|
|
|
|
|
This also makes sure we always detect an OS tree the same way, by
checking for /etc/os-release.
|
|
containers there
Containers will now carry a label (normally derived from the root
directory name, but configurable by the user), and the container's root
cgroup is /machine/<label>. This label is called "machine name", and can
cover both containers and VMs (as soon as libvirt also makes use of
/machine/).
libsystemd-login can be used to query the machine name from a process.
This patch also includes numerous clean-ups for the cgroup code.
|
|
|
|
This allows clients to put inotify watches on these trees to watch for
state changes, without having to wait until these dirs are created.
This introduces the new top-level /machine cgroup dir as canonical
location where OS containers and VMs shall be located (as discussed with
the libvirt folks).
|
