Age | Commit message (Collapse) | Author |
|
|
|
|
|
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
|
|
|
|
We want to make sure that everything from the host is also visible in
the sandbox.
|
|
|
|
|
|
- don't use pivot_root() anymore, just reuse root hierarchy
- first create all mounts, then mark them read-only so that we get the
right behaviour when people want writable mounts inside of
read-only mounts
- don't pass invalid combinations of MS_ constants to the kernel
|
|
|
|
The kernel does not allow switching roots if things are mounted
MS_SHARED. As a work-around, remount things MS_PRIVATE before switching
roots.
This should be fixed in the kernel for good.
https://bugzilla.redhat.com/show_bug.cgi?id=847418
|
|
|
|
|
|
Avoids compiler warning:
src/shared/utf8.c: In function 'ascii_filter':
src/shared/utf8.c:278:16: warning: assignment discards 'const' qualifier
from pointer target type [enabled by default]
|
|
Because root is now recursively marked as shared on bootup, we need to
recursively mark root as private. This prevents a pivot_root failure on
shutdown:
Cannot finalize remaining file systems and devices, giving up.
pivot failed: Invalid argument
|
|
|
|
lose one
|
|
|
|
|
|
_KERNEL_ as journal fields
|
|
|
|
|
|
|
|
|
|
|
|
Makes possible to specify separate timeout for start and stop of
the service.
[ Improved the manpage. Coding style fix. -- michich ]
|
|
|
|
|
|
|
|
On Wed, Aug 8, 2012 at 11:48 AM, Michael Schroeder <mls@suse.de> wrote:
> if rules are installed in the first 3 seconds after the udev start,
> the stamps will all be zero, so the [first] call to check_rules_timestamp()
> will just copy the current mtime [and not cause a rules re-load].
|
|
|
|
|
|
use the method introduced by the previous commit
|
|
this method combines the folowing dbus calls and there error handling:
dbus_message_new_method_call()
dbus_message_append_args()
dbus_connection_send_with_reply_and_block()
|
|
If a journal file was rotated away because it was corrupted or dirty we
should still show its contents via "journalctl".
|
|
In order to make containers work nicely out of the box it is highly
desirable to have the mount propagation mode for the root fs is set as
"shared" by default so that containers receive system mounts by default.
(See mount --make-shared for more information).
As it is unlikely that the kernel will change the default to "shared"
for this, do this early at boot-up from PID 1. Setups which prefer the
default of "private" should undo this change via invoking "mount
--make-private /" or a similar command after boot.
In the long run /etc/fstab should take the propagation mode as a mount
option like any other, so that this may be used to change the default
mode. However, if fstab is not around or doesn't list / we still should
default to shared as propagation mode, hence this change now.
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=767795
[ Simplified by iterating the config files in the backwards order -
no need for hashmap_update(). Other minor cleanups. -- michich ]
|
|
|
|
Adds messages for formally silent errors: new "Failed on cmdline argument %s: %s".
Removes some specific error messages for -ENOMEM in mount-setup.c. A few specific
ones have been left in other binaries.
|
|
makes shutdown behaviour more compatible
|
|
This is useful e.g. if the keyfile is a raw device, where only parts of it
should be read. It is typically used whenever the keyfile-offset= option is
specified.
Tested-by: Erik Westrup <erik.westrup@gmail.com>
|
|
Ellipsize lines that are one character too long.
|
|
Not everybody has /tmp on tmpfs, and this was breaking 'make check'.
|
|
Was missing a * for the globbing.
|
|
https://launchpad.net/bugs/1011323 reports more AMILO models which need this
quirk; enough to assume that all of them need it, and applying it on working
models does not really hurt.
|
|
|
|
|
|
|
|
There is no apparent justification for using util_strscpyl
on the filename since it's a plain hardcoded path.
Older versions used:
util_strscpyl(filename, sizeof(filename), SOME_DIR, "/queue.bin", NULL);
and when changed nobody bothered to simplify it.
|
|
Old: systemd[1]: Got direct mount request for ffff88003bb10c00, triggered by 14476 (fuser)
New: systemd[1]: Got direct mount request on /dev/mqueue, triggered by 2177 (ls)
|
|
|