| Age | Commit message (Collapse) | Author |
|---|
|
SMACK is the Simple Mandatory Access Control Kernel, a minimal
approach to Access Control implemented as a kernel LSM.
The kernel exposes the smackfs filesystem API through which access
rules can be loaded. At boot time, we want to load the access rules
as early as possible to ensure all early boot steps are checked by Smack.
This patch mounts smackfs at the new location at /sys/fs/smackfs for
kernels 3.8 and above. The /smack mountpoint is not supported.
After mounting smackfs, rules are loaded from the usual location.
For more information about Smack see:
http://www.kernel.org/doc/Documentation/security/Smack.txt
|
|
move mount_setup_early() call to main.c, before security module setup,
so there are no more repeat calls.
|
|
arguments in PID 1
https://bugzilla.redhat.com/show_bug.cgi?id=880025
|
|
Dropping the distribution specific #ifdefs in
88516c0c952b9502e8ef1d6a1481af61b0fb422d broke the .sh suffix stripping
since we now always used the else clause of the rc. check.
We eventually want to drop the rc. prefix stripping, but for now we
assume that no sysv init script uses both an rc. prefix and .sh suffix,
so make the check for the .sh suffix and rc. prefix mutually exclusive.
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=917404
|
|
If XDG_RUNTIME_DIR contains a character like ":" (for instance if it's
formed from an X11 display name), then it isn't valid to substitute
it into a D-Bus address without escaping.
http://bugs.freedesktop.org/show_bug.cgi?id=60499
|
|
Forked processes can keep the old fd alive triggering epoll over and
over again else.
https://bugs.freedesktop.org/show_bug.cgi?id=61697
|
|
This allows switch-root to work correctly if a unit is active both before and
after the switch-root, but its dependencies change. Before the patch, any
dependencies added to active units by switch-root will not be pulled, in
particular filesystems configured in /etc/fstab would not be activated if
local-fs.target was active in the initrd.
It is not clear to me if there is a bug in the REPLACE handling, or if it is
working as expected and that we really want to use ISOLATE instead as this patch
does.
|
|
This reverts commit 39b83cdab37623a546344622db9bbbc784c15df5.
|
|
|
|
Harald encountered division by zero in manager_print_jobs_in_progress.
Clearly we had the watch enabled when we shouldn't - there were no
running jobs in m->jobs, only waiting ones. This is either a deadlock,
or maybe some of them would be detected as runnable in the next dispatch
of the run queue. In any case we mustn't crash.
Fix it by starting and stopping the watch based on n_running_jobs
instead of the number of all jobs.
|
|
When watches are installed from the bottom, it is always possible
to race, and miss a file creation event. The race can be avoided
if a watch is first established for a parent directory, and then for
the file in the directory. If the file is created in the time between,
the watch on the parent directory will fire.
Some messages (mostly at debug level) are added to help diagnose
pidfile issues.
Should fix https://bugzilla.redhat.com/show_bug.cgi?id=917075.
|
|
|
|
Errors because of oom conditions or descriptor exhaustion should not
be ignored. We probably cannot recover from those conditions.
Current behaviour wrt. insufficient permissions is described in the
man page. It might make sense in case of user sessions, so I left
it as is.
|
|
|
|
... and fix bogus return code on malloc failure.
|
|
... and use automatic cleanup.
|
|
The "OK" status messages should not draw attention to themselves.
It's better if they're not printed in bright/bold. Leave that
to errors and warnings.
Use a plain inconspicuous enterprisey green.
|
|
The crash that the check prevented has been fixed by commit 9e9e2b7.
|
|
Installation of a deserialized job may fail (though purely in theory),
so increase the running job counter only when succeeding.
|
|
|
|
All active units will call unit_notify() during coldplug, so we just
make sure we're counting from zero again and get the correct result for
n_on_console.
For n_running_jobs we likewise reset it to zero and then count
the running jobs as we encounter them in deserialization.
|
|
unit_notify is fired in deserelization code (particulary in
service_set_state). Units passed in random order, and there is possibility,
that unit with StopWhenUnneeded=yes passed before it actual dependecies. In
that case unit will be stopped as unneeded, because deps in UNIT_INACTIVE state
yet.
So, reuse similar logic (unit.c:1421) to avoid this race
|
|
|
|
don't misunderstand parse failures as OOM
http://lists.freedesktop.org/archives/systemd-devel/2013-February/009179.html
|
|
Correctly detect rbind mount option as bind mount.
Fixes https://bugzilla.novell.com/show_bug.cgi?id=804575.
|
|
Sometimes the boot gets stuck until a timeout hits. The usual timeouts
are on the order of minutes, so users may lose patience.
Print animated status messages telling the names of units with running
jobs to make it easy to see what systemd is waiting for.
The animation looks cooler with a shorter interval, but 1 s is OK and
should not be too hard on slow serial console users.
|
|
|
|
There is some guesswork, but it should work satisfactorily for the
purpose of knowing when to suppress printing of status messages.
|
|
Similar to already existing is_terminal_input().
Note that the only current user (connect_logger_as) is never called
for EXEC_OUTPUT_TTY, so it won't mind whether we accept it.
|
|
|
|
Ephemeral status lines do not end with a newline and they expect to be
overwritten by the next printed status line.
|
|
Like other status messages, this one too should not be printed
unconditionally, but it should take the manager state into account.
unit_status_printf() does that.
|
|
Take advantage of the fact that almost all callers want to pass unit
description as the last parameter. Those who don't can use the more
flexible manager_status_printf().
|
|
They're not used outside manager.c anymore.
|
|
unit_status_printf() checks the state of the manager, not of the unit
as such. Move it to manager.c and rename it to manager_status_printf().
Temporarily keep unit_status_printf as a wrapper macro.
|
|
|
|
This introduces a new static list of known attributes and their special
semantics. This means that cgroup attribute values can now be
automatically translated from user to kernel notation for command line
set settings, too.
This also adds proper support for multi-line attributes.
|
|
|
|
Add a new job mode: replace-irreversibly. Jobs enqueued using this mode
cannot be implicitly canceled by later enqueued conflicting jobs.
They can however still be canceled with an explicit "systemctl cancel"
call.
|
|
It is not really necessary to have a hard requirement dependency on
systemd-journald.socket in almost every unit. The socket gets pulled
into boot via at least two ways:
sockets.target -> systemd-journald.socket
sysinit.target -> systemd-journald.service -> systemd-journald.socket
So just assume something pulled the socket in and drop the automatic
requirement dependencies on it.
"systemctl stop systemd-journald.socket" will now not take the whole
system down with it.
|
|
journald is supposed to work. Failure to connect to its socket implies
losing messages. It should be a very unusual event. Log the failure with
LOG_CRIT.
Just because this unit's stdout/stderr failed to connect to the journal
does not necessarily mean that we shouldn't try to log the failure using
a structured entry, so let's use log_struct_unit.
|
|
The functions are quite similar. Unify them into one.
The source gets shorter, the binary gets slightly smaller.
|
|
Almost every unit logs to the journal. If journald gets a permanent
failure, units would not be able to start (exit code 209/STDOUT).
Add a fallback to /dev/null to avoid making the system entirely
unusable in such a case.
|
|
Only set source for freshly created .mounts coming from
mountinfo file.
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=883043
|
|
Alias as systemd-user.conf is also provided. This should help
users running systemd in session mode.
https://bugzilla.redhat.com/show_bug.cgi?id=690868
|
|
|
