summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2014-06-12sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from ↵Lennart Poettering
static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-11build-sys: update library versionsLennart Poettering
2014-06-11journald: create /run/log/journal with the correct access modesLennart Poettering
2014-06-11tmpfiles: add ability to mask access mode by pre-existing access mode on ↵Lennart Poettering
files/directories This way it makes a lot more sense to specify an access mode for "Z" lines.
2014-06-11tmpfiles: remove unnecessary functionLennart Poettering
2014-06-11tmpfiles: when processing lines, always process prefixes before suffixesLennart Poettering
If two lines refer to paths that are suffix and prefix of each other, then always process the prefix first, the suffix second. In all other cases strictly process rules in the order they appear in the files. This makes creating /var/run as symlink to /run a lot more fun, since it is automatically created first.
2014-06-11tmpfiles: static variables populated immediately from the command line ↵Lennart Poettering
should be prefixed with arg_
2014-06-11nspawn: add new --tmpfs= option to mount a tmpfs on specific directories, ↵Lennart Poettering
such as /var
2014-06-11tmpfiles: always recreate the most basic directory structure in /varLennart Poettering
Let's allow booting up with /var empty. Only create the most basic directories to get to a working directory structure and symlink set in /var.
2014-06-10tmpfiles: get rid of "m" lines, make them redundant by "z"Lennart Poettering
"m" so far has been a non-globbing version of "z". Since this makes it quite redundant, let's get rid of it. Remove "m" from the man pages, beef up "z" docs instead, and make "m" nothing more than a compatibility alias for "z".
2014-06-10tmpfiles: add new "C" line for copying files or directoriesLennart Poettering
2014-06-10tmpfiles: various modernizationsLennart Poettering
2014-06-10label: when clearing selinux context, don't mangle errnoLennart Poettering
2014-06-10machine-id-setup: fix array size of parametersLennart Poettering
Not that it really would have any effect on the generated code, but let's not confuse people...
2014-06-10log: honour the kernel's quiet cmdline argumentRonny Chevalier
It was forgotten in b1e90ec515408aec2702522f6f68c4920b56375b See https://bugs.freedesktop.org/show_bug.cgi?id=79582
2014-06-10udev: check the return value from udev_enumerate_scan_devicesThomas Hindoe Paaboel Andersen
The return value from udev_enumerate_scan_devices was stored but never used. I assume this was meant to be checked.
2014-06-10backlight: Do not clamp brightness for LEDsDenis Tikhomirov
https://bugs.freedesktop.org/show_bug.cgi?id=77092 On Thu, Jun 05, 2014 at 08:37:20AM +0200, Lennart Poettering wrote: > The patch is line-broken, please send an uncorrupted patch! I am very sorry, I forgot that my client limits line width. I will use mutt now on. > clamp_brightness() clamps the brightness value to the range of the > actual device. This is a recent addition that was added to deal with > driver updates where the resolution is changed. I don't think this part > should be dropped for LED devices. The clamp_brightness() call hence > should be called unconditionally, however, internally it should use a > different min_brightness value if something is an !backlight devices... Thank you for explanation, this sounds very reasonable to me. Please, see updated patch:
2014-06-10systemd-detect-virt: only discover Xen domUThomas Blume
The current vm detection lacks the distinction between Xen dom0 and Xen domU. Both, dom0 and domU are running inside the hypervisor. Therefore systemd-detect-virt and the ConditionVirtualization directive detect dom0 as a virtual machine. dom0 is not using virtual devices but is accessing the real hardware. Therefore dom0 should be considered the virtualisation host and not a virtual machine. https://bugs.freedesktop.org/show_bug.cgi?id=77271
2014-06-10bus-proxy: properly index policy by uid/gid when parsingLennart Poettering
2014-06-10bus-proxy: read the right policy when running in user modeLennart Poettering
2014-06-10udev: really exclude device-mapper from block device ownership event lockingChristian Hesse
Arguments were wrong order, no? This fixes commits: e918a1b5a94f270186dca59156354acd2a596494 3d06f4183470d42361303086ed9dedd29c0ffc1b
2014-06-08bus-policy.c: use draw_special_char(DRAW_ARROW)Daniel Buch
Lets allow LC_ALL=C without corrupted output
2014-06-07Fix spelling mistake, proces -> processColin Ian King
2014-06-07nspawn: split long message into two linesZbigniew Jędrzejewski-Szmek
For names like /var/lib/container/something, the message becomes quite long. Better to split it. Also reword the message not to suggest that ^]^]^] only works in the beginning.
2014-06-07bus-proxyd: do not free NULL itemsKay Sievers
2014-06-07Remove sysv parser from service.cThomas Hindoe Paaboel Andersen
Parsing sysv files was moved to the sysv-generator in the previous commit. This patch removes the sysv parsing from serivce.c. Note that this patch drops the following now unused sysv-specific info from service dump: "SysV Init Script has LSB Header: (yes/no)" "SysVEnabled: (yes/no)" "SysVRunLevels: (levels)"
2014-06-07Move handling of sysv initscripts to a generatorThomas Hindoe Paaboel Andersen
Reuses logic from service.c and the rc-local generator. Note that this drops reading of chkconfig entirely. It also drops reading runlevels from the LSB headers. The runlevels were only used to check for runlevels outside of the normal 1-5 range and then add special dependencies and settings. Special runlevels were dropped in the past so it seemed to be unused code. The generator does not know about non-generated units with a value set with SysVStartPriority=. These are therefor not taken into account when converting start priority to before/after.
2014-06-07core: allow transient mount unitsTom Gundersen
For now only What=, Options=, Type= are supported, and Where= is deduced from the unit name.
2014-06-06fix warningsThomas Hindoe Paaboel Andersen
Prevent use of uninitialized variable and removed a now unused cleanup function for freeaddrinfo
2014-06-06bus-proxy: properly read user/group policy itemsLennart Poettering
2014-06-06bus: add basic dbus1 policy parserLennart Poettering
Enforcement is still missing, but at least we can parse it now.
2014-06-06sd-bus: don't allow creating message objects that are not attached to a busLennart Poettering
It seems unnecessary to support this, and we rather should avoid allowing this at all, so that people don't program against this sloppily and we end up remarshalling all the time...
2014-06-06namespace: cover /boot with ProtectSystem= againLennart Poettering
Now that we properly exclude autofs mounts from ProtectSystem= we can include it in the effect of ProtectSystem= again.
2014-06-06namespace: beef up read-only bind mount logicLennart Poettering
Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.
2014-06-05namespace: also include /root in ProtectHome=Lennart Poettering
/root can't really be autofs, and is also a home, directory, so cover it with ProtectHome=.
2014-06-05namespace: when setting up an inaccessible mount point, unmounting ↵Lennart Poettering
everything below This has the benefit of not triggering any autofs mount points unnecessarily.
2014-06-05umount: modernizationsLennart Poettering
2014-06-05util: fix fd_cloexec(), fd_nonblock()Lennart Poettering
2014-06-05core: introduce new Restart=on-abnormal settingLennart Poettering
Restart=on-abnormal is similar to Restart=on-failure, but avoids restarts on unclean exit codes (but still doing restarts on all obviously unclean exits, such as timeouts, signals, coredumps, watchdog timeouts). Also see: https://fedorahosted.org/fpc/ticket/191
2014-06-05sd-daemon: introduce sd_pid_notify() and sd_pid_notifyf()Lennart Poettering
sd_pid_notify() operates like sd_notify(), however operates on a different PID (for example the parent PID of a process). Make use of this in systemd-notify, so that message are sent from the PID specified with --pid= rather than the usually shortlived PID of systemd-notify itself. This should increase the likelyhood that PID 1 can identify the cgroup that the notification message was sent from properly.
2014-06-05socket-proxyd: port to asynchronous name resolution using sd-resolveLennart Poettering
2014-06-05bus: make use of sd_bus_try_close() in exit-on-idle servicesLennart Poettering
2014-06-05sd-event: restore correct timeout behaviourLennart Poettering
2014-06-05kdbus: when uploading bus name policy, resolve users/groups out-of-processLennart Poettering
It's not safe invoking NSS from PID 1, hence fork off worker processes that upload the policy into the kernel for busnames.
2014-06-05core: don't include /boot in effect of ProtectSystem=Lennart Poettering
This would otherwise unconditionally trigger any /boot autofs mount, which we probably should avoid. ProtectSystem= will now only cover /usr and (optionally) /etc, both of which cannot be autofs anyway. ProtectHome will continue to cover /run/user and /home. The former cannot be autofs either. /home could be, however is frequently enough used (unlikey /boot) so that it isn't too problematic to simply trigger it unconditionally via ProtectHome=.
2014-06-05socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file ↵Lennart Poettering
system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.
2014-06-04core: make sure we properly parse ProtectHome= and ProtectSystem=Lennart Poettering
2014-06-04networkd: link - intialize mac addressTom Gundersen
Otherwise .netwrok matching on MAC address will not work. Based on patch by Dave Reisner, and bug originally reported by Max Pray.
2014-06-04core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering
also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-04core: provide /dev/ptmx as symlink in PrivateDevices= execution environmentsLennart Poettering