summaryrefslogtreecommitdiff
path: root/src/socket.c
AgeCommit message (Collapse)Author
2011-05-20socket: always use SO_{RCV,SND}BUFFORCE to allow larger valuesKay Sievers
2011-05-19socket: expose SO_BROADCASTLennart Poettering
2011-05-19socket: expose IP_TRANSPARENTLennart Poettering
2011-05-18exec: hangup/reset/deallocate VTs in gettysLennart Poettering
Explicitly disconnect all clients from a VT when a getty starts/finishes (requires TIOCVHANGUP, available in 2.6.29). Explicitly deallocate getty VTs in order to flush scrollback buffer. Explicitly reset terminals to a defined state before spawning getty.
2011-05-17socket: use 666 socket mode by default since neither fifos, nor sockets, nor ↵Lennart Poettering
mqueues need to be executable
2011-05-17socket: add POSIX mqueue supportLennart Poettering
2011-04-26socket: improve warning message when we get POLLHUPLennart Poettering
2011-04-20socket: support ListeSpecial= socketsLennart Poettering
2011-04-20socket: log more information about invalid poll eventsLennart Poettering
2011-04-16socket: reuse existing FIFOsLennart Poettering
2011-04-12socket: try creating a socket under our own identity if we have no perms to ↵Lennart Poettering
consult the selinux database
2011-04-10socket: be a bit more verbose when refusing to start a socket unitLennart Poettering
2011-04-10socket: support netlink socketsLennart Poettering
2011-03-31src: our lord is coverityLennart Poettering
2011-03-29exec: drop process group kill mode since it has little use and confuses the userLennart Poettering
2011-03-17def: centralize definition of default timeout in one placeLennart Poettering
2011-03-14socket: use 777 as default mode for socketsLennart Poettering
2011-03-03kill: always send SIGCONT after SIGTERMLennart Poettering
When we kill a process to terminate it make sure to send SIGCONT to ensure it is unpaused and processes the signal.
2011-02-28Spelling CorrectionsHarald Hoyer
Just some lame spelling corrections with no functionality.
2011-02-15exec: introduce global defaults for the standard output of servicesLennart Poettering
2011-02-15socket: refuse socket activation for SysV servicesLennart Poettering
Make sure that when a .socket unit is installed without its matching .service we don't end up activating a legacy SysV/LSB service with the same name. SysV/LSB style services do not support passing sockets and we don't want to extend SysV/LSB to ensure we don't break compatibility with other systems.
2011-01-26automount: use unit_pending_inactive() where appropriateLennart Poettering
2011-01-21socket: don't crash if the .service unit for a .socket unit is not foundLennart Poettering
2011-01-20systemctl: highlight failed processes in systemctl statusLennart Poettering
2011-01-20service: when reloading a service fails don't fail the entire service but ↵Lennart Poettering
just the reload job
2011-01-18execute: make sending of SIGKILL on shutdown optionalLennart Poettering
2010-11-17cgroup: by default, duplicate service cgroup in the cpu hierarchyLennart Poettering
2010-10-29units: order units by default before appropriate targets in case they are ↵Lennart Poettering
pulled indirectly
2010-10-29unit: get rid of gnoreDependencyFailure= instead treat ConflictedBy= as ↵Lennart Poettering
weaker counterpart of Conflicts=, similar to Wants= vs. Requires=
2010-10-22systemctl: introduce systemctl killLennart Poettering
2010-10-08service: optionally, create INIT_PROCESS/DEAD_PROCESS entries for a serviceLennart Poettering
This should fix accounting for pam_limits and suchlike. https://bugzilla.redhat.com/show_bug.cgi?id=636036
2010-10-05socket: make sockets to pass to a service configurableLennart Poettering
2010-10-05socket: make service to start on incoming traffic configurableLennart Poettering
2010-09-21socket: Support IPv6-less systems with runtime check.Fabiano Fidencio
This patch introduces socket_ipv6_is_supported() call that checks for IPv6 availability. Code then check for it before using specific calls. In order to be less intrusive, this patch avoids IPv6 entries being parsed at all, this way we don't get such entries in the system and all other code paths are automatically ignored. However an extra check is done at socket_address_listen() to make sure of that. As the number of Netlink messages is not know upfront anymore, loopback-setup.c was refactored to dynamically calculate the sequence number and count. Lennart's suggestions were fixed and squashed with the original patch, that was sent by Gustavo Sverzut Barbieri (barbieri@profusion.mobi).
2010-09-14socket: fix output of TCP congestion optionsLennart Poettering
2010-09-01unit: unify some codeLennart Poettering
2010-08-31service: rework killing logic so that we always kill the main process, even ↵Lennart Poettering
if it left our service cgroup Related to: http://bugzilla.redhat.com/show_bug.cgi?id=626477
2010-08-31manager: add missing second part of s/maintenance/failed/Matthew Miller
2010-08-20selinux: properly query policy for FIFO filesLennart Poettering
2010-08-20dbus: follow standardized fdo PropertiesChanged signal specLennart Poettering
2010-08-14emacs: make sure nobody accidently adds tabs to our sourcesLennart Poettering
2010-08-11selinux: split off selinux calls into seperate file label.cLennart Poettering
2010-08-11clang: fix numerous little issues found with clang-analyzerLennart Poettering
2010-08-11socket: disable GC for pre-allocated per-connection service until it is usedLennart Poettering
2010-08-09manager: when two pending jobs conflict, keep the one that "conflicts", ↵Lennart Poettering
remove the one that is "conflicted" This gives the writer of units control which unit is kept and which is stopped when two units conflict.
2010-08-03Systemd is causing mislabeled devices to be created and then attempting to ↵Daniel J Walsh
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e
2010-08-03socket: Allow selection of TCP Congestion Avoidance algorithm to socketTomasz Torcz
Hi, attached path extends socket configurables with another knob - TCP Congestion Avoidance selection. Linux implements handful of those, useful in various situations. For example, TCP Low Priority may be used by FTP service to gracefully yield bandwidth for more important TCP/IP streams. Until recently TCP_CONGESTION was Linux-specific, recently FreeBSD 8 and OpenSolaris gained compatible support.
2010-07-23socket: SELinux support for socket creation.Daniel J Walsh
It seems to work on my machine. /proc/1/fd/20 system_u:system_r:system_dbusd_t:s0 /proc/1/fd/21 system_u:system_r:avahi_t:s0 And the AVC's seem to have dissapeared when a confined app trys to connect to dbus or avahi. If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch You should be able to boot in enforcing mode.
2010-07-20socket: fix access mode verification of FIFOsLennart Poettering
2010-07-19systemctl: introduce reset-maintenance commandLennart Poettering