| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
Explicitly disconnect all clients from a VT when a getty starts/finishes
(requires TIOCVHANGUP, available in 2.6.29).
Explicitly deallocate getty VTs in order to flush scrollback buffer.
Explicitly reset terminals to a defined state before spawning getty.
|
|
mqueues need to be executable
|
|
|
|
|
|
|
|
|
|
|
|
consult the selinux database
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When we kill a process to terminate it make sure to send SIGCONT to
ensure it is unpaused and processes the signal.
|
|
Just some lame spelling corrections with no functionality.
|
|
|
|
Make sure that when a .socket unit is installed without its matching
.service we don't end up activating a legacy SysV/LSB service with the
same name. SysV/LSB style services do not support passing sockets and we
don't want to extend SysV/LSB to ensure we don't break compatibility
with other systems.
|
|
|
|
|
|
|
|
just the reload job
|
|
|
|
|
|
pulled indirectly
|
|
weaker counterpart of Conflicts=, similar to Wants= vs. Requires=
|
|
|
|
This should fix accounting for pam_limits and suchlike.
https://bugzilla.redhat.com/show_bug.cgi?id=636036
|
|
|
|
|
|
This patch introduces socket_ipv6_is_supported() call that checks for
IPv6 availability. Code then check for it before using specific calls.
In order to be less intrusive, this patch avoids IPv6 entries being
parsed at all, this way we don't get such entries in the system and
all other code paths are automatically ignored. However an extra check
is done at socket_address_listen() to make sure of that.
As the number of Netlink messages is not know upfront anymore,
loopback-setup.c was refactored to dynamically calculate the sequence
number and count.
Lennart's suggestions were fixed and squashed with the original patch,
that was sent by Gustavo Sverzut Barbieri (barbieri@profusion.mobi).
|
|
|
|
|
|
if it left our service cgroup
Related to:
http://bugzilla.redhat.com/show_bug.cgi?id=626477
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
remove the one that is "conflicted"
This gives the writer of units control which unit is kept and which is
stopped when two units conflict.
|
|
read them.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/28/2010 05:57 AM, Kay Sievers wrote:
> On Wed, Jul 28, 2010 at 11:43, Lennart Poettering
> <lennart@poettering.net> wrote:
>> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote:
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>>
>>> Lennart, we talked about this earlier. I think this is caused by the
>>> modprobe calls to create /dev/autofs. Since udev is not created at the
>>> point that init loads the kernel modules, the devices get created with
>>> the wrong label. Once udev starts the labels get fixed.
>>>
>>> I can allow init_t to read device_t chr_files.
>>
>> Hmm, I think a cleaner fix would be to make systemd relabel this device
>> properly before accessing it? Given that this is only one device this
>> should not be a problem for us to maintain, I think? How would the
>> fixing of the label work? Would we have to spawn restorecon for this, or
>> can we actually do this in C without too much work?
>
> I guess we can just do what udev is doing, and call setfilecon(), with
> a context of an earlier matchpathcon().
>
> Kay
> _______________________________________________
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Here is the updated patch with a fix for the labeling of /dev/autofs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf
gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk
=pC2e
|
|
Hi,
attached path extends socket configurables with another
knob - TCP Congestion Avoidance selection. Linux implements
handful of those, useful in various situations. For example,
TCP Low Priority may be used by FTP service to gracefully
yield bandwidth for more important TCP/IP streams.
Until recently TCP_CONGESTION was Linux-specific, recently
FreeBSD 8 and OpenSolaris gained compatible support.
|
|
It seems to work on my machine.
/proc/1/fd/20 system_u:system_r:system_dbusd_t:s0
/proc/1/fd/21 system_u:system_r:avahi_t:s0
And the AVC's seem to have dissapeared when a confined app trys to
connect to dbus or avahi.
If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch
You should be able to boot in enforcing mode.
|
|
|
