| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
PID of systemd
|
|
If a device unit has aliases defined in udev rules, and there are
other units that depend on that alias, as in
BindTo=sys-subsystem-net-devices-eth0.device
then systemd will fail the start the alias, and any dependent units
will time out. See
https://bugs.freedesktop.org/show_bug.cgi?id=52580
This is because unit_add_name() in device_add_escaped_name() will
return EEXIST.
The solution taken here is to call device_update_unit() on the alias
name. Thus if a unit with the alias name already exists, we reuse it;
otherwise a new unit is created. Creating multiple units for a single
device is perhaps suboptimal, but it's consistent with the treatment
of udev symlinks in device_process_new_device().
|
|
initializing their basic fields
Under some circumstances this could lead to a segfault since we we
half-initialized a mount unit, then tried to hook it into the network of
things and while doing that recursively ended up looking at our
half-initialized mount unit again assuming it was fully initialized.
|
|
This commit checks for a usage line which contains [{|]reload[|}"] (to
not errnously match force-reload).
Heuristics like this suck, but it solves a real problem and there
appears to be no better way...
|
|
The fstab generator adds Before=swap.target by default, and when creating
a custom .swap unit, you can also add Before=swap.target to the unit.
However, it is impossible to not have this ordering dependency right now.
Virtually all existing setups likely use the fstab generator, so this
change is unlikely to break anything.
|
|
systemd.
Running as a user instance won't work at all if systemd isn't running as system
manager, so refuse to start in that case.
|
|
context.
This patch does the dbus calls correctly.
|
|
Use cases:
* iptables.service – atomically reload rules without having to flush
them beforehand (which may leave the system insecure if reload fails)
* rpc-nfsd.service – reexport filesystems after /etc/exports update
without completely stopping and restarting nfsd
(In both cases, the actual service is provided by a kernel module and
does not have any associated user-space processes, thus Type=oneshot.)
|
|
The MESSAGE_ID=... stanza will appear in countless number of places.
It is just too long to write it out in full each time.
Incidentally, this also fixes a typo of MESSSAGE is three places.
|
|
|
|
Reply of dbus_message_new_method_return was check twice and
path from unit_dbus_path was not.
|
|
This allows unprivileged clients to check for the used virtualization
even when lacking the privileges that some of the virtualization tests
require.
https://bugzilla.gnome.org/show_bug.cgi?id=684801
|
|
to IPv4/IPv6
|
|
|
|
can reuse it in logind
|
|
As audit is pretty much just a special kind of logging we should treat
it similar, and manage the audit fd in a static variable.
This simplifies the audit fd sharing with the SELinux access checking
code quite a bit.
|
|
a) Instead of parsing the bus messages inside of selinux-access.c
simply pass everything pre-parsed in the functions
b) implement the access checking with a macro that resolves to nothing
on non-selinux builds
c) split out the selinux checks into their own sources
selinux-util.[ch]
d) this unifies the job creation code behind the D-Bus calls
Manager.StartUnit() and Unit.Start().
|
|
|
|
|
|
|
|
|
|
Turns out cpuset needs explicit initialization before we could make use
of it. Thus mounting cpuset with cpu/cpuacct would make it impossible to
just create a group in "cpu" and start it.
|
|
understand it
Instead of doing hand optimized fd bisect arrays just use plain old
hashmaps. Now I can understand my own code again. Yay!
As a side effect this should fix some bad memory accesses caused by
accesses after mmap(), introduced in 189.
|
|
|
|
|
|
|
|
|
|
Note: I did s/MANAGER/SYSTEMD/ everywhere, even though it makes the
patch quite verbose. Nevertheless, keeping MANAGER prefix in some
places, and SYSTEMD prefix in others would just lead to confusion down
the road. Better to rip off the band-aid now.
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=858266
|
|
|
|
|
|
object actually has an exec context
|
|
|
|
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=54176
|
|
|
|
|
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch adds the ability to look at the calling process that is trying to
do dbus calls into systemd, then it checks with the SELinux policy to see if
the calling process is allowed to do the activity.
The basic idea is we want to allow NetworkManager_t to be able to start and
stop ntpd.service, but not necessarly mysqld.service.
Similarly we want to allow a root admin webadm_t that can only manage the
apache environment. systemctl enable httpd.service, systemctl disable
iptables.service bad.
To make this code cleaner, we really need to refactor the dbus-manager.c code.
This has just become a huge if-then-else blob, which makes doing the correct
check difficult.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBJBi8ACgkQrlYvE4MpobOzTwCdEUikbvRWUCwOb83KlVF0Nuy5
lRAAnjZZNuc19Z+aNxm3k3nwD4p/JYco
=yops
-----END PGP SIGNATURE-----
|
|
|
|
In many cases this might have a negative effect since we drop escaping
from strings where we better shouldn't have dropped it.
If unescaping makes sense for some settings we can readd it later again,
on a per-case basis.
https://bugs.freedesktop.org/show_bug.cgi?id=54522
|
|
lacking perms, deal with it
|
|
When the new PID is invoked the journal socket from the initrd might
still be around. Due to the default log target being journal we'd log to
that initially when the new main systemd initializes even if the kernel
command line included a directive to redirect systemd's logging
elsewhere.
With this fix we initially always log to kmsg now, if we are PID1, and
only after parsing the kernel cmdline try to open the journal if that's
desired.
(The effective benefit of this is that SELinux performance data is now
logged again to kmsg like it used to be.)
|
|
Properly tell the kernel at bootup, and any later time zone changes,
the actual system time zone.
Things like the kernel's FAT filesystem driver needs the actual time
zone to calculate the proper local time to use for the on-disk time
stamps.
https://bugzilla.redhat.com/show_bug.cgi?id=802198
|
|
For setups with many listening sockets the default kernel resource limit
of 1024 fds is not enough. Bump this up to 64K to avoid any limitations
in this regard. We are careful to pass on the kernel default to daemons
however, since normally resource limits are a good to enforce,
especially since select() can't handle fds > 1023.
|
|
spurious event from before
|
