Age | Commit message (Collapse) | Author |
|
Only 34 of 74 tools need libselinux linked, and libselinux is a pain
with its unconditional library constructor.
|
|
This is an S/MIME signed message
The mount of the securityfs filesystem is now performed in the main systemd
executable as it is used by IMA to provide the interface for loading custom
policies. The unit file 'units/sys-kernel-security.mount' has been removed
because it is not longer necessary.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
|
|
|
|
/run/initramfs usually contains the initrd so that we can jump back into
it on shutdown. It's usually relatively large and static data, hence we
should avoid relabelling of it. On my netbook this saves 6s. (6.6s
needed for relabelling /dev and /run goes down to 600ms -- still way too
much, but much better).
|
|
cpu+cpuacct to the default
|
|
|
|
|
|
|
|
The kernel now provides the /sys/fs/selinux mountpoint and libselinux
prefers it if it's available.
systemd currently tests only for /selinux and this leads to an infinite
loop of policy reloads in the latest Rawhide.
Fix it by checking both possible mountpoints.
Also add the new path to ignore_paths[].
/selinux appears also in nspawn.c. I don't think it's necessary to
change it there at this point.
https://bugzilla.redhat.com/show_bug.cgi?id=711015
|
|
If we cannot open /etc/cgroup, print an error message, but go on, to
support cgroup-less builds.
https://bugzilla.redhat.com/show_bug.cgi?id=628004
|
|
|
|
Mounting /var/lib/nfs/rpc_pipefs and /proc/fs/nfsd is required by rpcbind
and the NFS server respectively. To depend on them being mounted, systemd
needs to be allowed to create mount units for both in order to avoid having
to implement hacks (mounting in ExecStartPre or using shell scripts).
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=628004
|
|
|
|
|
|
|
|
|
|
they both come pre-filled and unlabelled
|
|
|
|
Instead of the /dev/.run trick we have currently implemented, we decided
to move the early-boot runtime dir to /run.
An existing /var/run directory is bind-mounted to /run. If /var/run is
already a symlink, no action is taken.
An existing /var/lock directory is bind-mounted to /run/lock.
If /var/lock is already a symlink, no action is taken.
To implement the directory vs. symlink logic, we have a:
ConditionPathIsDirectory=
now, which is used in the mount units.
Skipped mount unit in case of symlink:
$ systemctl status var-run.mount
var-run.mount - Runtime Directory
Loaded: loaded (/lib/systemd/system/var-run.mount)
Active: inactive (dead)
start condition failed at Fri, 25 Mar 2011 04:51:41 +0100; 6min ago
Where: /var/run
What: /run
CGroup: name=systemd:/system/var-run.mount
The systemd rpm needs to make sure to add something like:
%pre
mkdir -p -m0755 /run >/dev/null 2>&1 || :
or it needs to be added to filesystem.rpm.
Udev -git already uses /run if that exists, and is writable at bootup.
Otherwise it falls back to the current /dev/.udev.
Dracut and plymouth need to be adopted to switch from /dev/.run to run
too.
Cheers,
Kay
|
|
|
|
|
|
During early boot, mount a tmpfs to /dev/.run and then bind mount it to
/var/run as soon as /var is available.
This makes it possible for programs involved in early boot to put
runtime data in /dev/.run which later on will show up in /var/run like
any other.
This can be used to solve the early-boot D-Bus problem: D-Bus may start
up with its socket bound to /dev/.run/dbus/system_bus_socket and after
/var it will also be available under the traditional name
/var/run/dbus/system_bus_socket.
This also is intended to be used as a better place for systemd, mount,
mdadm, blkid, plymouth, bootchart and dracut runtime data, which is
currently stored in various places in /dev/.xxx.
|
|
Also, there are most likely dead symlinks in there, so let's ignore
ENOENT when we relabel.
https://bugzilla.redhat.com/show_bug.cgi?id=680169
|
|
overridable via configure switch
|
|
We shouldn't break PROT_EXEC which is a valid mmap() flag.
|
|
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=655222
|
|
|
|
|
|
We should not handle the ignore list as API mounts, as
systemd itself never touches them.
On Thu, Nov 11, 2010 at 10:34, Andreas Jaeger <aj@novell.com> wrote:
>
> I noticed for some time that systemd-remount-api-vfs is in the
> failed state and found now the following in the log files
>
> systemd-remount-api-vfs[467]: /bin/mount for /proc/bus/usb exited with exit status 32.
> systemd-remount-api-vfs[467]: mount: /proc/bus/usb not mounted already, or bad option
> systemd[1]: systemd-remount-api-vfs.service: main process exited, code=exited, status=1
> systemd[1]: Unit systemd-remount-api-vfs.service entered failed state.
|
|
|
|
they are around when we run shell scripts before udevd
|
|
rhbz 629268
|
|
This requires the /sys/fs/cgroup to exist. Current git kernels have
this, released kernels need a backport of a single patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
instead
|
|
|