| Age | Commit message (Collapse) | Author |
|---|
|
status set membership
|
|
|
|
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
|
|
|
|
|
|
|
|
We should follow the naming scheme waitid() uses, not come up with our
own reversed one...
|
|
This does the inverse of RestartPreventExitStatus=: it forces a restart
of a service when a certain exit status is returned by a service
process.
|
|
It's not safe invoking NSS from PID 1, hence fork off worker processes
that upload the policy into the kernel for busnames.
|
|
system
This is relatively complex, as we cannot invoke NSS from PID 1, and thus
need to fork a helper process temporarily.
|
|
tcpwrap is legacy code, that is barely maintained upstream. It's APIs
are awful, and the feature set it exposes (such as DNS and IDENT
access control) questionnable. We should not support this natively in
systemd.
Hence, let's remove the code. If people want to continue making use of
this, they can do so by plugging in "tcpd" for the processes they start.
With that scheme things are as well or badly supported as they were from
traditional inetd, hence no functionality is really lost.
|
|
Let's make the scope of the show-status stuff a bit smaller, and make it
private to the core, rather than shared API in shared/.
|
|
As discussed on the ML these are useful to manage runtime directories
below /run for services.
|
|
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.
This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.
|
|
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
|
|
processes
|
|
This permit to let system administrators decide of the domain of a service.
This can be used with templated units to have each service in a différent
domain ( for example, a per customer database, using MLS or anything ),
or can be used to force a non selinux enabled system (jvm, erlang, etc)
to start in a different domain for each service.
|
|
When set to auto, status will shown when the first ephemeral message
is shown (a job has been running for five seconds). Then until the
boot or shutdown ends, status messages will be shown.
No indication about the switch is done: I think it should be clear
for the user that first the cylon eye and the ephemeral messages appear,
and afterwards messages are displayed.
The initial arming of the event source was still wrong, but now should
really be fixed.
|
|
In some cases, like wrong configuration, restarting after error
does not help, so administrator can specify statuses by RestartPreventExitStatus
which will not cause restart of a service.
Sometimes you have non-standart exit status, so this can be specified
by SuccessfulExitStatus.
|
|
|
|
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
|
|
internal libraries
Before:
$ ldd /lib/systemd/systemd-timestamp
linux-vdso.so.1 => (0x00007fffb05ff000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f90aac57000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f90aaa53000)
librt.so.1 => /lib64/librt.so.1 (0x00007f90aa84a000)
libc.so.6 => /lib64/libc.so.6 (0x00007f90aa494000)
/lib64/ld-linux-x86-64.so.2 (0x00007f90aae90000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f90aa290000)
libattr.so.1 => /lib64/libattr.so.1 (0x00007f90aa08a000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f90a9e6e000)
After:
$ ldd systemd-timestamp
linux-vdso.so.1 => (0x00007fff3cbff000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5eaa1c3000)
librt.so.1 => /lib64/librt.so.1 (0x00007f5ea9fbb000)
libc.so.6 => /lib64/libc.so.6 (0x00007f5ea9c04000)
/lib64/ld-linux-x86-64.so.2 (0x00007f5eaa3fc000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f5ea9a00000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5ea97e4000)
|
