| Age | Commit message (Collapse) | Author |
|---|
|
When you switch-root into a new root that has SELinux policy, you're
supposed to to run selinux_init_load_policy() to set up SELinux and load
policy. Normally this gets handled by selinux_setup().
But if SELinux was already initialized, selinux_setup() skips loading
policy and returns 0. So if you load policy normally, and then you
switch-root to a new root that has new policy, selinux_setup() never
loads the new policy. What gives?
As far as I can tell, this check is an artifact of how selinux_setup()
worked when it was first written (see commit c4dcdb9 / systemd v12):
* when systemd starts, run selinux_setup()
* if selinux_setup() loads policy OK, restart systemd
So the "if policy already loaded, skip load and return 0" check was
there to prevent an infinite re-exec loop.
Modern systemd only calls selinux_setup() on initial load and after
switch-root, and selinux_setup() no longer restarts systemd, so we don't
need that check to guard against the infinite loop anymore.
So: this patch removes the "return 0", thus allowing selinux_setup() to
actually perform SELinux setup after switch-root.
We still want to check to see if SELinux is initialized, because if
selinux_init_load_policy() fails *but* SELinux is initialized that means
we still have (old) policy active. So we don't need to halt if
enforce=1.
|
|
With proprietary graphics drivers, there won't be any 'drm' devices in
sysfs, so logind will never suspend the system upon closing the lid,
even if only one (internal) display is connected. This has been reported
by multiple users so far.
IMHO, it's better to suspend the system in this case for safety reasons,
to avoid having nvidia blob users' laptops overheat, for the same reason
that sleep inhibitors are overridden (LidSwitchIgnoreInhibited=yes).
|
|
We will still use the compiled-in defaults if no DNS entry exists in the config file.
|
|
This way we preserve the order of preference.
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-April/018971.html
|
|
If XDG_CONFIG_HOME is set, then we should respect that.
|
|
In user_dirs() in path-lookup.c, I want to replace this:
symlink("../../../.config/systemd/user", data_home);
with
symlink(config_home, data_home);
to avoid hardcoding .config when XDG_CONFIG_HOME is set.
The problem is that config_home is an absolute path, and it's better
to make the symlink relative. path_make_relative() is an utility
function that converts an absolute path into a relative one.
|
|
Some unattended systems do not have a console attached and entering
the default rescue mode will not be too helpful. Allow to specify
the "-y" option to attempt to fix all filesystem errors.
Manually verified by downloading an image.gz of e2fsprogs, using
losetup and running systemd-fsck on the loop device and varying
the fsck.repair=preen|yes|no option.
|
|
Similarly to NTP servers, this can be set at compile-time.
|
|
Source code has "files-max" and XML has --max-files.
|
|
|
|
|
|
|
|
|
|
|
|
Previously we wouldn't serialize jobs for units that themselves have
nothing to serialize.
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019051.html
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=78752
|
|
THere's no reason why hibernate should be better protected then
suspendor poweroff, so sync the policies.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Also, make sure we automatically destroy reply callbacks that are
floating.
|
|
Same story as for sd-bus and sd-event: allow passing NULL to store query
in in which case the query is freed automatically.
|
|
These are the counterpart of "floating" bus slots, i.e. event sources
that are bound to the lifetime of the event object itself, and thus
don't require an explicit reference to be kept.
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-April/018928.html
|
|
|
|
|
|
|
|
This is a speculative fix for https://bugzilla.redhat.com/show_bug.cgi?id=1088865.
Even though I cannot find a code path that where this would be
an issue, for consistency, if we assume that cgroup_path might have
been set before we got to unit_deserialize, we should make sure that
the unit is removed from the hashmap before we free the key. This seems
to be the only place where the key could be prematurely freed, leading to
hashmap corruption.
|
|
No functional change expected :)
|
|
Running systemctl enable/disable/set-default/... with the --root
option under strace reveals that it accessed various files and
directories in the main fs, and not underneath the specified root.
This can lead to correct results only when the layout and
configuration in the container are identical, which often is not the
case. Fix this by adding the specified root to all file access
operations.
This patch does not handle some corner cases: symlinks which point
outside of the specified root might be interpreted differently than
they would be by the kernel if the specified root was the real root.
But systemctl does not create such symlinks by itself, and I think
this is enough of a corner case not to be worth the additional
complexity of reimplementing link chasing in systemd.
Also, simplify the code in a few places and remove an hypothetical
memory leak on error.
|
|
Before: /var/tmp/inst1//etc/systemd/system/default.target -> /var/tmp/inst1//usr/lib/systemd/system/graphical.target
After: /var/tmp/inst1/etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target
|
|
|
|
attached to a bus connection
This makes callback behaviour more like sd-event or sd-resolve, and
creates proper object for unregistering callbacks.
Taking the refernce to the slot is optional. If not taken life time of
the slot will be bound to the underlying bus object (or in the case of
an async call until the reply has been recieved).
|
|
|
|
value and key
|
|
|
|
|
|
|
|
than network target
Most likely the facility needed is actual connectivity, rather than whether or not the
network managment daemon is running.
We also need to explicitly pull in the network-online.target, as it is not active by
default.
This means {systemd-networkd,NetworkManager}-wait-online.service, can be enabled by default
as part of network-online.target, and only delay boot when some service actively pulls it in.
See: <https://bugzilla.gnome.org/show_bug.cgi?id=728965>
Cc: Pavel Šimerda <psimerda@redhat.com>
Cc: Michal Sekletar <msekleta@redhat.com>
|
|
New "struct ring" object that implements a basic ring buffer for arbitrary
byte-streams. A new basic runtime test is also added.
This will be needed for our pty helpers for systemd-console and friends.
|
|
Sounds easy, turns out to be horrible to implement: ALIGN_POWER2 returns
the next higher power of 2. clz(0) is undefined, same is true for
left-shift-overflows, yey, C rocks!
|
|
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-May/019034.html
|
|
Before:
30,997,4553484,-;systemd-udevd[439]: renamed network interface wwan0 to wwp0s20u4i6systemd-udevd[439]: renamed network interface wlan0 to wlp3s0
30,998,1175077801,c;systemd-udevd[2345]: renamed network interface wwan0 to wwp0s20u4i6
After:
30,834,4553484,-;systemd-udevd[439]: renamed network interface wwan0 to wwp0s20u4i6
30,835,4732949,-;systemd-udevd[439]: renamed network interface wlan0 to wlp3s0
30,988,1175077801,-;systemd-udevd[2345]: renamed network interface wwan0 to wwp0s20u4i6
|
