Age | Commit message (Collapse) | Author | |
---|---|---|---|
2011-07-28 | label: generalize label_get_socket_label_from_exe() a bit | Lennart Poettering | |
2011-07-13 | unit: use ESRCH as error when we don't find anybody to kill | Lennart Poettering | |
2011-07-12 | service: properly handle who argument on D-Bus kill calls | Lennart Poettering | |
2011-06-21 | english: s/_per_/_by_/ | Lennart Poettering | |
2011-05-20 | socket: always use SO_{RCV,SND}BUFFORCE to allow larger values | Kay Sievers | |
2011-05-19 | socket: expose SO_BROADCAST | Lennart Poettering | |
2011-05-19 | socket: expose IP_TRANSPARENT | Lennart Poettering | |
2011-05-18 | exec: hangup/reset/deallocate VTs in gettys | Lennart Poettering | |
Explicitly disconnect all clients from a VT when a getty starts/finishes (requires TIOCVHANGUP, available in 2.6.29). Explicitly deallocate getty VTs in order to flush scrollback buffer. Explicitly reset terminals to a defined state before spawning getty. | |||
2011-05-17 | socket: use 666 socket mode by default since neither fifos, nor sockets, nor ↵ | Lennart Poettering | |
mqueues need to be executable | |||
2011-05-17 | socket: add POSIX mqueue support | Lennart Poettering | |
2011-04-26 | socket: improve warning message when we get POLLHUP | Lennart Poettering | |
2011-04-20 | socket: support ListeSpecial= sockets | Lennart Poettering | |
2011-04-20 | socket: log more information about invalid poll events | Lennart Poettering | |
2011-04-16 | socket: reuse existing FIFOs | Lennart Poettering | |
2011-04-12 | socket: try creating a socket under our own identity if we have no perms to ↵ | Lennart Poettering | |
consult the selinux database | |||
2011-04-10 | socket: be a bit more verbose when refusing to start a socket unit | Lennart Poettering | |
2011-04-10 | socket: support netlink sockets | Lennart Poettering | |
2011-03-31 | src: our lord is coverity | Lennart Poettering | |
2011-03-29 | exec: drop process group kill mode since it has little use and confuses the user | Lennart Poettering | |
2011-03-17 | def: centralize definition of default timeout in one place | Lennart Poettering | |
2011-03-14 | socket: use 777 as default mode for sockets | Lennart Poettering | |
2011-03-03 | kill: always send SIGCONT after SIGTERM | Lennart Poettering | |
When we kill a process to terminate it make sure to send SIGCONT to ensure it is unpaused and processes the signal. | |||
2011-02-28 | Spelling Corrections | Harald Hoyer | |
Just some lame spelling corrections with no functionality. | |||
2011-02-15 | exec: introduce global defaults for the standard output of services | Lennart Poettering | |
2011-02-15 | socket: refuse socket activation for SysV services | Lennart Poettering | |
Make sure that when a .socket unit is installed without its matching .service we don't end up activating a legacy SysV/LSB service with the same name. SysV/LSB style services do not support passing sockets and we don't want to extend SysV/LSB to ensure we don't break compatibility with other systems. | |||
2011-01-26 | automount: use unit_pending_inactive() where appropriate | Lennart Poettering | |
2011-01-21 | socket: don't crash if the .service unit for a .socket unit is not found | Lennart Poettering | |
2011-01-20 | systemctl: highlight failed processes in systemctl status | Lennart Poettering | |
2011-01-20 | service: when reloading a service fails don't fail the entire service but ↵ | Lennart Poettering | |
just the reload job | |||
2011-01-18 | execute: make sending of SIGKILL on shutdown optional | Lennart Poettering | |
2010-11-17 | cgroup: by default, duplicate service cgroup in the cpu hierarchy | Lennart Poettering | |
2010-10-29 | units: order units by default before appropriate targets in case they are ↵ | Lennart Poettering | |
pulled indirectly | |||
2010-10-29 | unit: get rid of gnoreDependencyFailure= instead treat ConflictedBy= as ↵ | Lennart Poettering | |
weaker counterpart of Conflicts=, similar to Wants= vs. Requires= | |||
2010-10-22 | systemctl: introduce systemctl kill | Lennart Poettering | |
2010-10-08 | service: optionally, create INIT_PROCESS/DEAD_PROCESS entries for a service | Lennart Poettering | |
This should fix accounting for pam_limits and suchlike. https://bugzilla.redhat.com/show_bug.cgi?id=636036 | |||
2010-10-05 | socket: make sockets to pass to a service configurable | Lennart Poettering | |
2010-10-05 | socket: make service to start on incoming traffic configurable | Lennart Poettering | |
2010-09-21 | socket: Support IPv6-less systems with runtime check. | Fabiano Fidencio | |
This patch introduces socket_ipv6_is_supported() call that checks for IPv6 availability. Code then check for it before using specific calls. In order to be less intrusive, this patch avoids IPv6 entries being parsed at all, this way we don't get such entries in the system and all other code paths are automatically ignored. However an extra check is done at socket_address_listen() to make sure of that. As the number of Netlink messages is not know upfront anymore, loopback-setup.c was refactored to dynamically calculate the sequence number and count. Lennart's suggestions were fixed and squashed with the original patch, that was sent by Gustavo Sverzut Barbieri (barbieri@profusion.mobi). | |||
2010-09-14 | socket: fix output of TCP congestion options | Lennart Poettering | |
2010-09-01 | unit: unify some code | Lennart Poettering | |
2010-08-31 | service: rework killing logic so that we always kill the main process, even ↵ | Lennart Poettering | |
if it left our service cgroup Related to: http://bugzilla.redhat.com/show_bug.cgi?id=626477 | |||
2010-08-31 | manager: add missing second part of s/maintenance/failed/ | Matthew Miller | |
2010-08-20 | selinux: properly query policy for FIFO files | Lennart Poettering | |
2010-08-20 | dbus: follow standardized fdo PropertiesChanged signal spec | Lennart Poettering | |
2010-08-14 | emacs: make sure nobody accidently adds tabs to our sources | Lennart Poettering | |
2010-08-11 | selinux: split off selinux calls into seperate file label.c | Lennart Poettering | |
2010-08-11 | clang: fix numerous little issues found with clang-analyzer | Lennart Poettering | |
2010-08-11 | socket: disable GC for pre-allocated per-connection service until it is used | Lennart Poettering | |
2010-08-09 | manager: when two pending jobs conflict, keep the one that "conflicts", ↵ | Lennart Poettering | |
remove the one that is "conflicted" This gives the writer of units control which unit is kept and which is stopped when two units conflict. | |||
2010-08-03 | Systemd is causing mislabeled devices to be created and then attempting to ↵ | Daniel J Walsh | |
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e |