summaryrefslogtreecommitdiff
path: root/src/socket.c
AgeCommit message (Collapse)Author
2010-08-20selinux: properly query policy for FIFO filesLennart Poettering
2010-08-20dbus: follow standardized fdo PropertiesChanged signal specLennart Poettering
2010-08-14emacs: make sure nobody accidently adds tabs to our sourcesLennart Poettering
2010-08-11selinux: split off selinux calls into seperate file label.cLennart Poettering
2010-08-11clang: fix numerous little issues found with clang-analyzerLennart Poettering
2010-08-11socket: disable GC for pre-allocated per-connection service until it is usedLennart Poettering
2010-08-09manager: when two pending jobs conflict, keep the one that "conflicts", ↵Lennart Poettering
remove the one that is "conflicted" This gives the writer of units control which unit is kept and which is stopped when two units conflict.
2010-08-03Systemd is causing mislabeled devices to be created and then attempting to ↵Daniel J Walsh
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e
2010-08-03socket: Allow selection of TCP Congestion Avoidance algorithm to socketTomasz Torcz
Hi, attached path extends socket configurables with another knob - TCP Congestion Avoidance selection. Linux implements handful of those, useful in various situations. For example, TCP Low Priority may be used by FTP service to gracefully yield bandwidth for more important TCP/IP streams. Until recently TCP_CONGESTION was Linux-specific, recently FreeBSD 8 and OpenSolaris gained compatible support.
2010-07-23socket: SELinux support for socket creation.Daniel J Walsh
It seems to work on my machine. /proc/1/fd/20 system_u:system_r:system_dbusd_t:s0 /proc/1/fd/21 system_u:system_r:avahi_t:s0 And the AVC's seem to have dissapeared when a confined app trys to connect to dbus or avahi. If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch You should be able to boot in enforcing mode.
2010-07-20socket: fix access mode verification of FIFOsLennart Poettering
2010-07-19systemctl: introduce reset-maintenance commandLennart Poettering
2010-07-17execute: bump up log level of executed processes that failedLennart Poettering
2010-07-16socket: prepare for proper selinux labelling of socketsLennart Poettering
2010-07-16socket: don't allow mixing of accepting and non-accepting sockets in the ↵Lennart Poettering
same unit
2010-07-13socket: when going down, flush all queued socketsLennart Poettering
2010-07-13socket: when the socket is supposed to stop, don't accept any connections ↵Lennart Poettering
anymore
2010-07-12execute: optionally ignore return status of invoked commandsLennart Poettering
2010-07-10service: allow immediate stopping while startingLennart Poettering
2010-07-10execute: add ability to configure the kill signalLennart Poettering
2010-07-09socket: fix loading of .service files for .socket filesLennart Poettering
2010-07-08install: various improvementsLennart Poettering
Rename --start to --realize, to make things less confusing when doing "systemctl stop --realize foo.service". Introduce --realize=reload. Don't talk to systemd when run within a chroot, or when systemd isn't running.
2010-07-08execute: if the main process of a service already owns the TTY, don't wait ↵Lennart Poettering
for acquiring it again in the reload/stop step
2010-07-08dbus: make errors reported via D-Bus more usefulLennart Poettering
2010-07-04dbus: complete exec status coverageLennart Poettering
2010-07-03unit: add DefaultDependencies= settingLennart Poettering
In order to simplify writing of unit files introduce default dependencies that are added to all units unless explictly disabled in a unit. This option can be switched off for select units that are involved in early boot-up ot late system shutdown, This should simplify service files for most normal daemons, but breaks existing service files for software involved in early boot (notably udev), which need to be updated for a DefaultDependencies=no setting)
2010-07-03unit: simplify things a little by introducing API to add two dependencies in ↵Lennart Poettering
one step
2010-07-01man: document socket unitsLennart Poettering
2010-07-01socket: on ipv6 try to use IPV6_UNICAST_HOPS sockoptLennart Poettering
2010-07-01unit: shorten active state enums to make systemctl output nicerLennart Poettering
2010-07-01unit: add new abstracted maintenance state for unitsLennart Poettering
2010-07-01socket: make various socket/pipe options configurableLennart Poettering
2010-06-19service: require KillMode=control-group when PAM is enabledLennart Poettering
2010-06-19unit: get rid of various unnecessary castsLennart Poettering
2010-06-19don't use 'long long' unless we have a really good reason toLennart Poettering
2010-06-19socket: enforce limit on number of concurrent connectionsLennart Poettering
2010-06-17service: rework PID parsing logic everywhereLennart Poettering
2010-06-16tcpwrap: execute tcpwrap check in forked client, to avoid blocking name ↵Lennart Poettering
lookups in main systemd process
2010-06-16socket: add optional libwrap supportLennart Poettering
2010-06-16typo: the correct spelling is maintenance not maintainanceLennart Poettering
2010-06-16notify: add minimal readiness/status protocol for spawned daemonsLennart Poettering
2010-06-05socket: verify socket type properly when desrializingLennart Poettering
2010-05-24path: add .path unit type for monitoring filesLennart Poettering
2010-05-24timer: fully implement timer unitsLennart Poettering
2010-05-21socket: fix parsing of bind_ipv6_onlyLennart Poettering
2010-05-20socket: fix error handlingLennart Poettering
2010-05-20socket: format IPv4-in-IPv6 addresses as IPv4 addresses for instance nameLennart Poettering
2010-05-16build-sys: move source files to subdirectoryLennart Poettering
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-03 11:00:31 +0000