summaryrefslogtreecommitdiff
path: root/src/shared
AgeCommit message (Collapse)Author
2014-02-25Use /var/run/dbus/system_bus_socket for the D-Bus socketZbigniew Jędrzejewski-Szmek
2014-02-26core: add new RestrictAddressFamilies= switchLennart Poettering
This new unit settings allows restricting which address families are available to processes. This is an effective way to minimize the attack surface of services, by turning off entire network stacks for them. This is based on seccomp, and does not work on x86-32, since seccomp cannot filter socketcall() syscalls on that platform.
2014-02-25login: fix pos-array allocationDavid Herrmann
GREEDY_REALLOC takes a pointer to the real size, not the array-width as argument. Therefore, our array is currently way to small to keep the seat positions. Introduce GREEDY_REALLOC0_T() as typed version of GREEDY_REALLOC and store the array-width instead of array-size.
2014-02-24Remove dead lines in various placesZbigniew Jędrzejewski-Szmek
As pointed-out by clang -Wunreachable-code. No behaviour changes.
2014-02-24architecture: apparently there is LE ppc nowLennart Poettering
2014-02-24smack: rework security labeling for multiple frameworksŁukasz Stelmach
2014-02-24smack: relabel directories and files created by systemdŁukasz Stelmach
Systemd creates directories in /dev. These directories will get the label of systemd, which is the label of the System domain, which is not accessable to everyone. Relabel the directories, files and symlinks created so that they can be generally used. Based on a patch by Casey Schaufler <casey@schaufler-ca.com>.
2014-02-24virt: make Virtualization an anonymous enumThomas Hindoe Paaboel Andersen
This makes llvm happy when we assign an error code to the variable.
2014-02-23core: clean up some confusing regarding SI decimal and IEC binary suffixes ↵Lennart Poettering
for sizes According to Wikipedia it is customary to specify hardware metrics and transfer speeds to the basis 1000 (SI decimal), while software metrics and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary). So far we specified everything in IEC, let's fix that and be more true to what's otherwise customary. Since we don't want to parse "Mi" instead of "M" we document each time what the context used is.
2014-02-23src/shared/ cannot reference symbols from librariesKay Sievers
../src/shared/unit-name.c:462: error: undefined reference to 'sd_bus_label_escape' ../src/shared/unit-name.c:477: error: undefined reference to 'sd_bus_label_unescape' collect2: error: ld returned 1 exit status
2014-02-21net-util: match on the driver as exposed by ethtool if DRIVER not setTom Gundersen
Also fix a copy-paste error that broke matching on interface name.
2014-02-21man: don't document ".include" in configuration files anymore as first step ↵Lennart Poettering
to deprecate them one day
2014-02-21ptyfwd: reset nonblocking modeLennart Poettering
Apparently bash doesn't turn off non-blocking mode on stdin/stdout when reading from it, so be nice to bash. Ideally bash would do this on its own for robustness reasons, though. https://bugs.freedesktop.org/show_bug.cgi?id=70622
2014-02-21.network/.netdev/.link: allow to match on architectureTom Gundersen
2014-02-21shared/architecture.h: fix preprocessor directivesDaniel Mack
Use 'if defined()', not 'ifdef defined()'. Fixes the following warning. CC src/shared/architecture.lo In file included from src/shared/architecture.c:24:0: src/shared/architecture.h:89:17: warning: extra tokens at end of #ifdef directive [enabled by default] # ifdef defined(WORDS_BIGENDIAN) ^
2014-02-21core: Add AppArmor profile switchingMichael Scherer
This permit to switch to a specific apparmor profile when starting a daemon. This will result in a non operation if apparmor is disabled. It also add a new build requirement on libapparmor for using this feature.
2014-02-21missing: simplificationsLennart Poettering
2014-02-21build-sys: Add setns() functions if not in the C library.Holger Schurig
Debian Stable is still using glibc 2.13, which doesn't provide the setns(). So we detect this and provide a tiny wrapper that issues the setns syscall towards the kernel.
2014-02-21core: add new ConditionArchitecture() that checks the architecture returned ↵Lennart Poettering
by uname()'s machine field.
2014-02-20net-util: match - allow globbingTom Gundersen
For now support globbing for interface name and path.
2014-02-20network/link: Match - filter on kernel cmdline, host and virtTom Gundersen
2014-02-20condition: split out most of condition handling into libsystemd-shardTom Gundersen
The parts that require linknig to libcap, libselinux and friends stays in libsystemd-core.
2014-02-20macro: add nice macro for disabling -Wnonnull temporarilyLennart Poettering
2014-02-20macro: introduce nice macro for disabling -Wmissing-prototypes warnigsLennart Poettering
2014-02-20macro: introduce a nice macro for disabling -Wformat-nonliteral temporarilyLennart Poettering
2014-02-20util: get rid of warnings around assert_cc() macroLennart Poettering
Suggested by Holger Schurig.
2014-02-19util: simplify get_ctty()Lennart Poettering
2014-02-19make gcc shut upLennart Poettering
If -flto is used then gcc will generate a lot more warnings than before, among them a number of use-without-initialization warnings. Most of them without are false positives, but let's make them go away, because it doesn't really matter.
2014-02-19label: minor optimizationsLennart Poettering
2014-02-19missing.h: add some IFLA_* constantsTom Gundersen
These were added to the kernel between 3.5 and 3.9, let's not require such recent kernels (yet).
2014-02-19core: add Personality= option for units to set the personality for spawned ↵Lennart Poettering
processes
2014-02-18nspawn: add new --personality= switch to make it easier to run 32bit ↵Lennart Poettering
containers on a 64bit host
2014-02-18seccomp: add helper call to add all secondary archs to a seccomp filterLennart Poettering
And make use of it where appropriate for executing services and for nspawn.
2014-02-18util: generalize code that checks whether PIDs are alive or unwaited forLennart Poettering
2014-02-17doc: update punctuationJan Engelhardt
Resolve spotted issues related to missing or extraneous commas, dashes.
2014-02-17core: fixate show_status earlier, so that we actually print the welcome messageLennart Poettering
Previously, we'd fixed show_state only after printing the welcome message which had the effect that the welcome message was almost always suppressed.
2014-02-17core: find the closest parent slice that has a specfic cgroup controller ↵Lennart Poettering
enabled when enabling/disabling cgroup controllers for units
2014-02-17Pass log config from systemd to systemd-shutdownZbigniew Jędrzejewski-Szmek
If PID 1 debug logging is enabled, it is nice to keep those settings when switching to systemd-shutdown binary, independently of whether this was done through /proc/cmdline options, or through runtime manipulations.
2014-02-17Extract looping over /proc/cmdline into a shared functionZbigniew Jędrzejewski-Szmek
In cryptsetup-generator automatic cleanup had to be replaced with manual cleanup, and the code gets a bit longer. But existing code had the issue that it returned negative values from main(), which was wrong, so should be reworked anyway.
2014-02-14Fix prototype of get_process_stateZbigniew Jędrzejewski-Szmek
2014-02-15util: fix mismatching function signatureKay Sievers
2014-02-14core: fix detection of dead processesYuxuan Shui
Commit 5ba6985b moves the UNIT_VTABLE(u)->sigchld_event before systemd actually reaps the zombie. Which leads to service_load_pid_file accepting zombie as a valid pid. This fixes timeouts like: [ 2746.602243] systemd[1]: chronyd.service stop-sigterm timed out. Killing. [ 2836.852545] systemd[1]: chronyd.service still around after SIGKILL. Ignoring. [ 2927.102187] systemd[1]: chronyd.service stop-final-sigterm timed out. Killing. [ 3017.352560] systemd[1]: chronyd.service still around after final SIGKILL. Entering failed mode.
2014-02-14shared: include root when canonicalizing conf pathsMichael Marineau
The conf_files_list family accepts an alternate root path to prefix all directories in the list but path_strv_canonicalize_uniq doesn't use it. This results in the suspicious behavior of resolving directory symlinks based on the contents of / instead of the alternate root. This adds a prefix argument to path_strv_canonicalize which will now prepend the prefix, if given, to every path in the list. To avoid answering what a relative path means when called with a root prefix path_strv_canonicalize is now path_strv_canonicalize_absolute and only considers absolute paths. Fortunately all users of already call path_strv_canonicalize with a list of absolute paths.
2014-02-13everywhere: always use O_CLOEXEC where it makes senseLennart Poettering
2014-02-13everywhere: make use of new0() and macro() macros, and stop using perror()Lennart Poettering
2014-02-13core: add SystemCallArchitectures= unit setting to allow disabling of non-nativeLennart Poettering
architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-12syscallfilter: port to libseccompRonny Chevalier
2014-02-12pager: support SYSTEMD_LESS environment variableJason A. Donenfeld
This allows customization of the arguments used by less. The main motivation is that some folks might not like having --no-init on every invocation of less.
2014-02-12nspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use ↵Lennart Poettering
of this
2014-02-11journald: log provenience of signalsZbigniew Jędrzejewski-Szmek