Age | Commit message (Collapse) | Author |
|
|
|
|
|
This allows us to guarantee that the first payload_vec we pass to the
kernel for each message is guaranteed to include the full header and all
its field.
|
|
|
|
|
|
|
|
|
|
than a single one
|
|
|
|
|
|
|
|
|
|
KDBUS_MAKE_ACCESS_WORLD is no longer needed, the kernel creates the
kdbus device node with the uid/gid of the caller now.
|
|
Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.
Update the man page to reflect that "ima" is a valid option
now as well.
|
|
|
|
|
|
|
|
|
|
|
|
The audit subsystem isn't relevant when nspawn is only being used as a
chroot.
|
|
|
|
|
|
|
|
|
|
This is a better fix than e13e1fad8b231e187bd5de3ce668411bdcd3ac1a for
failing to compile without audit that
77b6e19458f37cfde127ec6aa9494c0ac45ad890 introduced.
|
|
|
|
flush() is potentially costly.
|
|
|
|
the user what's going on
Let's try to be helpful to the user and give him a hint what he can do
to make nspawn work with normal OS containers.
https://bugzilla.redhat.com/show_bug.cgi?id=893751
|
|
This makes ctrl-alt-del reboots more robust, just like "systemctl
reboot".
|
|
|
|
|
|
According to Documentation/security/Smack.txt:
In keeping with the intent of Smack, configuration data is minimal
and not strictly required. The most important configuration step is
mounting the smackfs pseudo filesystem.
This means that checking the mount point should be enough.
|
|
sd_get_uids, sd_get_seats, sd_get_sessions, and sd_get_machine_names.
|
|
|
|
|
|
|
|
static hostname and if the static hostname is set, too
https://bugzilla.redhat.com/show_bug.cgi?id=957814
|
|
Otherwise we might end up with executable files if some default ACL is
set for the journal directory.
|
|
|
|
|
|
Previously we skipped every second entry.
This also cleans up much of the code and removes some dead code.
|
|
|
|
|
|
and the disk is close to being full
Bump the minimal size of the journal so that we can be sure creating the
journal file will always succeed. Previously the minimum size was
smaller than a empty jounral file...
|
|
This patch escapes a unit name which was derived from udev.
Please imagine following udev rule.
ACTION=="online|offline", TAG+="systemd", ENV{SYSTEMD_WANTS}="muneda@%p.service"
ACTION=="online|offline", TAG+="systemd", ENV{SYSTEMD_WANTS}="muneda@%r.service"
ACTION=="online|offline", TAG+="systemd", ENV{SYSTEMD_WANTS}="muneda@%S.service"
When unit name is derived from udev via
udev_device_get_property_value(), the name may contains '/' if
ENV{SYSTEMD_WANTS} has the udev options $devpath(%p), $root(%r), or
$sys(%S). However, '/' is a invalid char for unit name so processing
of this rule fails as Invalid argument with following message.
Apr 22 13:21:37 localhost systemd[1]: Failed to load device unit: Invalid argument
Apr 22 13:21:37 localhost systemd[1]: Failed to process udev device event: Invalid argument
This patch escapes those invalid chars in a unit name.
Tested with 202, and confirmed to apply cleanly on top of commit 195f8e36.
Thanks,
Takahiro
|
|
A new config file /etc/systemd/sleep.conf is added.
It is parsed by systemd-sleep and logind. The strings written
to /sys/power/disk and /sys/power/state can be configured.
This allows people to use different modes of suspend on
systems with broken or special hardware.
Configuration is shared between systemd-sleep and logind
to enable logind to answer the question "can the system be
put to sleep" as correctly as possible without actually
invoking the action. If the user configured systemd-sleep
to only use 'freeze', but current kernel does not support it,
logind will properly report that the system cannot be put
to sleep.
https://bugs.freedesktop.org/show_bug.cgi?id=57793
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=7e73c5ae6e7991a6c01f6d096ff8afaef4458c36
http://lists.freedesktop.org/archives/systemd-devel/2013-February/009238.html
SYSTEM_CONFIG_FILE and USER_CONFIG_FILE defines were removed
since they were used in only a few places and with the
addition of /etc/systemd/sleep.conf it becomes easier to just
append the name of each file to the dir name.
|
|
The new function allows one to write to an already
open file.
|
|
|
|
Checking for the apparmor directory in securityfs means the apparmor module is
loaded and enabled, and hence should suffice as a test.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
|