summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2014-02-04Add SELinux support to systemd-nspawnDan Walsh
This patch adds to new options: -Z PROCESS_LABEL This specifies the process label to run on processes run within the container. -L FILE_LABEL The file label to assign to memory file systems created within the container. For example if you wanted to wrap an container with SELinux sandbox labels, you could execute a command line the following chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh
2014-02-04journal: Drop pkgconfig reference to libsystemd-id128.Colin Guthrie
This is now part of libsystemd.
2014-02-03bus: when closing the bus don't end up in a recursive destruction deadlockLennart Poettering
2014-02-03conf-parser: warn when we open configuration files with weird access bitsLennart Poettering
2014-02-01bus: update kdbus.h (ABI break)Kay Sievers
2014-02-01networkd: remove unused variableTom Gundersen
2014-02-01networkd: don't fail on DHCP errorsTom Gundersen
2014-01-31s390/getty-generator: initialize essential system terminals/consolesHendrik Brueckner
Ensure to start getty programs on all essential system consoles on Linux on System z. Add these essential devices to the list of virtualization_consoles to always generate getty configurations. For the sake of completion, the list of essential consoles is: /dev/sclp_line0 - Operating system messages applet (LPAR) /dev/ttysclp0 - Integrated ASCII console applet (z/VM and LPAR) /dev/ttyS0 - Already handled by systemd (3215 console on z/VM) /dev/hvc0 - Already handled by systemd (IUCV HVC terminal on z/VM) Depending on the environment, z/VM or LPAR, only a subset of these terminals are available. See also RH BZ 860158[1] "Cannot login via Operating System Console into RHEL7 instance installed on a LPAR". This bugzilla actually blocks the installation of Linux on System z instances in LPAR mode. [1] https://bugzilla.redhat.com/show_bug.cgi?id=860158
2014-01-31run: drop mistakenly committed test codeLennart Poettering
2014-01-31core: fix oom checkLennart Poettering
2014-01-31core: introduce new stop protocol for unit scopesLennart Poettering
By specifiy a Controller property when creating the scope a client can specify a bus name that will be notified with a RequestStop bus signal when the scope has been asked to shut down, instead of sending SIGTERM to the scope processes themselves. https://bugzilla.redhat.com/show_bug.cgi?id=1032695
2014-01-31util: use alloca0() intead of alloca() + memzero()Lennart Poettering
2014-01-31networkd: dhcp - refactor handlerTom Gundersen
2014-01-31networkd: don't check for ifindex in answer to RTM_NEWLINKTom Gundersen
The kernel will not be changed to support this, so drop the code. Listening for all RTM_NEWLINK messages and filtering on name is reliable, so it is not a problem.
2014-01-31libsystemd-dhcp: Update secs field only when sending DiscoverPatrik Flykt
Compute the 'secs' field as seconds since start of lease acquisition procedure. Start off with a value of zero and increase it only for each resent DHCP discover message. See the discussion before and after http://www.ietf.org/mail-archive/web/dhcwg/current/msg05836.html and Section 3.1 of RFC 2131.
2014-01-31libsystemd-dhcp: Fix stopping of DHCP clientPatrik Flykt
Go back to Init state independent of the current state the client is in.
2014-01-31libsystemd-dhcp: Compute UDP checksum only if setPatrik Flykt
A checksum field with value zero means no UDP checksum has been computed for the packet.
2014-01-31libsystemd-dhcp: Rename function to be clearer that options are parsedPatrik Flykt
2014-01-31libsystemd-dhcp: DNS name option must be a multiple of 4 bytesPatrik Flykt
2014-01-31use memzero(foo, length); for all memset(foo, 0, length); callsGreg KH
In trying to track down a stupid linker bug, I noticed a bunch of memset() calls that should be using memzero() to make it more "obvious" that the options are correct (i.e. 0 is not the length, but the data to set). So fix up all current calls to memset(foo, 0, length) to memzero(foo, length).
2014-01-31analyze: fix plot issues when using gummibootThomas Hindoe Paaboel Andersen
It would crash and the legend in the bottom followed the time 0.0.
2014-01-30tmpfiles: fix memory leak of exclude_prefixesZbigniew Jędrzejewski-Szmek
Missed in 5c795114.
2014-01-30shared: net - use u32ctz to compute prefixlenTom Gundersen
2014-01-30util: add u32ctz() call for determining ctz of uint32_tLennart Poettering
2014-01-30networkd: netdev - reduce chance of race when receiving netdev's ifindexTom Gundersen
When creating a new link, the kernel will not inform us about the new ifindex in its ack. We have to listen for newly created devices and deduce the new ifindex by matching on the ifname. We used to do this by waiting for a new device from libudev, but that is asking for trouble, as udev will happily rename the device before handing it to us. Listen on rtnl instead, the chance of the name being changed before reaching us is much smaller (if not nil). Kernel patch in the works to make this unneccessary.
2014-01-30sd-rtnl: beef up rtnl-util a bitTom Gundersen
2014-01-30sd-dhcp-client/net-util: make netmask_to_prefixlen genericTom Gundersen
This was originally included in the dhcp-client at my request, but it is not really dhcp-specific and useful outside of it, so let's pull it out.
2014-01-30networkd: address - add support for broadcastTom Gundersen
2014-01-30net-util: verify the address familyTom Gundersen
Error out if the address family is already set to something incompatible with the address being parsed.
2014-01-30networkd: dhcpv4 - add notion of 'CriticalConnection'Tom Gundersen
These connections are never torn down, even when the DHCP specifications say that they should be. This is useful/necessary when the rootfs (or another critical fs) is mounted over this network connection, and dataloss would result if the connection is lost. This option defaults to off, but our initrd generator (TBD) will enable it when applicable.
2014-01-30utmp: make sure we don't write the utmp reboot record twice on each bootLennart Poettering
(Also, only send the audit msg once, too)
2014-01-30update-utmp: code modernizationsLennart Poettering
2014-01-29bus: when proxying messages from the bus driver patch the driver's ↵Lennart Poettering
well-known name into the sender
2014-01-29bus: the owner of the bus driver name as reported by the driver'sLennart Poettering
GetNameOwner() bus call is the bus driver name itself, for compatibility with dbus1
2014-01-29nspawn: fix reboot event fd reuseLennart Poettering
2014-01-29core: in containers, don't wait for cgroup empty notifications which will ↵Lennart Poettering
never come
2014-01-29core: use a bit more PID_FMTLennart Poettering
2014-01-29core: make sure to always go through both SIGTERM and SIGKILL states of unitsLennart Poettering
Given that we now have KillMode=mixed where SIGTERM might kill a smaller set than SIGKILL we need to make sure to always go explicitly throught the SIGKILL state to get the right end result.
2014-01-29service: allow KillMode=mixed in conjunction with PAMName=Lennart Poettering
2014-01-29core: introduce new KillMode=mixed which sends SIGTERM only to the main ↵Lennart Poettering
process, but SIGKILL to all daemon processes This should fix some race with terminating systemd --user, where the system systemd instance might race against the user systemd instance when sending SIGTERM.
2014-01-29bus: fake security labels againLennart Poettering
(The kernel module got fixed, so let's reenable this again)
2014-01-28manager: remove "debugging" "feature"Zbigniew Jędrzejewski-Szmek
2014-01-28manager: requeue the cylon eye for 5s later when a job finishesZbigniew Jędrzejewski-Szmek
We'd reqeue the next status update very soon after. Change it so that we wait for full 5s without any job status changes until we print anything.
2014-01-28manager: print ephemeral information about running jobs' timeouts (v2)Zbigniew Jędrzejewski-Szmek
This reverts commit 28c758de94bc8ba97b89d9dab3f517cf466978d0 but makes job_coldplug smarter. In (v1) I changed the job start timestamp to be always set, so the start time can be reported in the cylon eye message. The bug was that when deserializing jobs, they would be ignored if their start timestamp was unset which was synonymous with no timeout. But after the change, jobs would have a start timestamp set despite having no timeout. After deserialization they would be considered immediately expired. Fix this by checking if the timeout is not zero when considering jobs for expiration.
2014-01-28Base mkostemp_safe on mkostempZbigniew Jędrzejewski-Szmek
It is nice to wrap umask handling and return convention, but glibc's mkostemp is async-signal-safe already.
2014-01-28Get rid of write_safeZbigniew Jędrzejewski-Szmek
Current glibc implementation is safe. Kernel does this atomically, and write is actually implemented through writev. So if write is async-signal-safe, than writev pretty much must be too.
2014-01-28always use the same code for creating temporary filesLennart Poettering
Let's unify our code here, and also always specifiy O_CLOEXEC.
2014-01-28util: pick slightly safer open() flags when creating temporary filesLennart Poettering
2014-01-28util: define O_TMPFILE on x86/x86-64, where the generic value is usedLennart Poettering
On other archs we'll not define it so that open_tmpfile() falls back to unguessable name + unlink.
2014-01-28util: pass original flags value to mkostemp(), in open_tmpfile()Lennart Poettering