Age | Commit message (Collapse) | Author |
|
|
|
|
|
Arguments were wrong order, no?
This fixes commits:
e918a1b5a94f270186dca59156354acd2a596494
3d06f4183470d42361303086ed9dedd29c0ffc1b
|
|
Lets allow LC_ALL=C without corrupted output
|
|
|
|
For names like /var/lib/container/something, the message
becomes quite long. Better to split it.
Also reword the message not to suggest that ^]^]^] only works
in the beginning.
|
|
|
|
Parsing sysv files was moved to the sysv-generator in the previous commit.
This patch removes the sysv parsing from serivce.c.
Note that this patch drops the following now unused sysv-specific info
from service dump:
"SysV Init Script has LSB Header: (yes/no)"
"SysVEnabled: (yes/no)"
"SysVRunLevels: (levels)"
|
|
Reuses logic from service.c and the rc-local generator.
Note that this drops reading of chkconfig entirely. It also drops reading
runlevels from the LSB headers. The runlevels were only used to check for
runlevels outside of the normal 1-5 range and then add special dependencies
and settings. Special runlevels were dropped in the past so it seemed to be
unused code.
The generator does not know about non-generated units with a value set with
SysVStartPriority=. These are therefor not taken into account when converting
start priority to before/after.
|
|
For now only What=, Options=, Type= are supported, and Where= is deduced
from the unit name.
|
|
Prevent use of uninitialized variable and removed a now unused
cleanup function for freeaddrinfo
|
|
|
|
Enforcement is still missing, but at least we can parse it now.
|
|
It seems unnecessary to support this, and we rather should avoid
allowing this at all, so that people don't program against this
sloppily and we end up remarshalling all the time...
|
|
Now that we properly exclude autofs mounts from ProtectSystem= we can
include it in the effect of ProtectSystem= again.
|
|
Instead of blindly creating another bind mount for read-only mounts,
check if there's already one we can use, and if so, use it. Also,
recursively mark all submounts read-only too. Also, ignore autofs mounts
when remounting read-only unless they are already triggered.
|
|
/root can't really be autofs, and is also a home, directory, so cover it
with ProtectHome=.
|
|
everything below
This has the benefit of not triggering any autofs mount points
unnecessarily.
|
|
|
|
|
|
Restart=on-abnormal is similar to Restart=on-failure, but avoids
restarts on unclean exit codes (but still doing restarts on all
obviously unclean exits, such as timeouts, signals, coredumps, watchdog
timeouts).
Also see:
https://fedorahosted.org/fpc/ticket/191
|
|
sd_pid_notify() operates like sd_notify(), however operates on a
different PID (for example the parent PID of a process).
Make use of this in systemd-notify, so that message are sent from the
PID specified with --pid= rather than the usually shortlived PID of
systemd-notify itself.
This should increase the likelyhood that PID 1 can identify the cgroup
that the notification message was sent from properly.
|
|
|
|
|
|
|
|
It's not safe invoking NSS from PID 1, hence fork off worker processes
that upload the policy into the kernel for busnames.
|
|
This would otherwise unconditionally trigger any /boot autofs mount,
which we probably should avoid.
ProtectSystem= will now only cover /usr and (optionally) /etc, both of
which cannot be autofs anyway.
ProtectHome will continue to cover /run/user and /home. The former
cannot be autofs either. /home could be, however is frequently enough
used (unlikey /boot) so that it isn't too problematic to simply trigger
it unconditionally via ProtectHome=.
|
|
system
This is relatively complex, as we cannot invoke NSS from PID 1, and thus
need to fork a helper process temporarily.
|
|
|
|
Otherwise .netwrok matching on MAC address will not work.
Based on patch by Dave Reisner, and bug originally reported by Max Pray.
|
|
also mounting /etc read-only
Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit.
With this in place we now have two neat options ProtectSystem= and
ProtectHome= for protecting the OS itself (and optionally its
configuration), and for protecting the user's data.
|
|
|
|
Now that we moved the actual syslog socket to
/run/systemd/journal/dev-log we can actually make /dev/log a symlink to
it, when PrivateDevices= is used, thus making syslog available to
services using PrivateDevices=.
|
|
This way we can make the socket also available for sandboxed apps that
have their own private /dev. They can now simply symlink the socket from
/dev.
|
|
|
|
With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO
nodes in the file system, with the same lifecycle as the socket itself.
This has two benefits: first, this allows us to remove /dev/log and
/dev/initctl from /dev, thus leaving only symlinks, device nodes and
directories in the /dev tree. More importantly however, this allows us
to move /dev/log out of /dev, while still making it accessible there, so
that PrivateDevices= can provide /dev/log too.
|
|
The kernel will return 0 for REREADPT when no partition table
is found, we have to send out "change" ourselves.
|
|
|
|
mounted partitions:
# dd if=/dev/zero of=/dev/sda bs=1 count=1
UDEV [4157.369250] change .../0:0:0:0/block/sda (block)
UDEV [4157.375059] change .../0:0:0:0/block/sda/sda1 (block)
UDEV [4157.397088] change .../0:0:0:0/block/sda/sda2 (block)
UDEV [4157.404842] change .../0:0:0:0/block/sda/sda4 (block)
unmounted partitions:
# dd if=/dev/zero of=/dev/sdb bs=1 count=1
UDEV [4163.450217] remove .../target6:0:0/6:0:0:0/block/sdb/sdb1 (block)
UDEV [4163.593167] change .../target6:0:0/6:0:0:0/block/sdb (block)
UDEV [4163.713982] add .../target6:0:0/6:0:0:0/block/sdb/sdb1 (block)
|
|
|
|
Reported by Kay.
|
|
This should make sure that fdisk-like programs will automatically
cause an update of all partitions, just like mkfs-like programs cause
an update of the partition.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5
|
|
|
|
Either become uid/gid of the client we have been forked for, or become
the "systemd-bus-proxy" user if the client was root. We retain
CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
|
|
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for
a service.
ProtectedHome= uses fs namespaces to mount /home and /run/user
inaccessible or read-only for a service.
This patch also enables these settings for all our long-running services.
Together they should be good building block for a minimal service
sandbox, removing the ability for services to modify the operating
system or access the user's private data.
|
|
Configuration will be in
root:root /run/systemd/network
and state will be in
systemd-network:systemd-network /run/systemd/netif
This matches what we do for logind's seat/session state.
|
|
|
|
|
|
|