Age | Commit message (Collapse) | Author |
|
files
Previously all journal files were owned by "adm". In order to allow
specific users to read the journal files without granting it access to
the full "adm" powers, introduce a new specific group for this.
"systemd-journal" has to be created by the packaging scripts manually at
installation time. It's a good idea to assign a static UID/GID to this
group, since /var/log/journal might be shared across machines via NFS.
This commit also grants read access to the journal files by default to
members of the "wheel" and "adm" groups via file system ACLs, since
these "almost-root" groups should be able to see what's going on on the
system. These ACLs are created by "make install". Packagers probably
need to duplicate this logic in their postinst scripts.
This also adds documentation how to grant access to the journal to
additional users or groups via fs ACLs.
|
|
|
|
Thinking about it we should probably not hide bugs by falling back to
audit when we have our own session information anyway.
|
|
|
|
journal files
We should always go by our own cgroup hierarchy before using foreign
schemes such as audit, so let's do that for the split out logic too.
|
|
This reverts commit 8330847e949fc0c26b16910e5240eef1fe2c330a.
Conflicts:
src/fstab-generator/fstab-generator.c
|
|
cgroup path rather than audit
Previously for cases like "su" or "sudo" where a session is attempted to
be created from within an existing one we used the audit session ID to
detect this and in such a case we simple returned the session data of
the original session a second time.
With this change we will now use the cgroup path of the calling path to
determine the old session, i.e. we only rely on our own session
identification scheme, instead of audits.
We will continue to keep the audit session ID and ours in sync however,
to avoid unnecessary confusion.
|
|
parameter
skip s.th. like root=nfs:... root=iscsi:... root=nbd:...
|
|
also do not overwrite /sysroot*.mount units already generated from fstab
|
|
|
|
|
|
Harald encountered division by zero in manager_print_jobs_in_progress.
Clearly we had the watch enabled when we shouldn't - there were no
running jobs in m->jobs, only waiting ones. This is either a deadlock,
or maybe some of them would be detected as runnable in the next dispatch
of the run queue. In any case we mustn't crash.
Fix it by starting and stopping the watch based on n_running_jobs
instead of the number of all jobs.
|
|
|
|
Unary not has higher precedence than comparisons,
so the condition was bogus.
|
|
When watches are installed from the bottom, it is always possible
to race, and miss a file creation event. The race can be avoided
if a watch is first established for a parent directory, and then for
the file in the directory. If the file is created in the time between,
the watch on the parent directory will fire.
Some messages (mostly at debug level) are added to help diagnose
pidfile issues.
Should fix https://bugzilla.redhat.com/show_bug.cgi?id=917075.
|
|
The android gadget driver for network tethering over rndis somehow has a
parent device with a null subsystem. Probably this is bug in android driver,
but it is easy enough to make systemd/udev behave gracefully and not
segfault. And this will help for making linux distros with systemd
(like fedora) work on android devices.
|
|
|
|
The userspace firmware loader is deprecated now, and will be entirely
removed when we depend on a kernel version with the built-in firmware
loader available.
|
|
Assertion 'interval > 0 || burst == 0' failed at src/journal/journald-rate-limit.c:78, function journal_rate_limit_new(). Aborting.
|
|
|
|
Errors because of oom conditions or descriptor exhaustion should not
be ignored. We probably cannot recover from those conditions.
Current behaviour wrt. insufficient permissions is described in the
man page. It might make sense in case of user sessions, so I left
it as is.
|
|
|
|
... and fix bogus return code on malloc failure.
|
|
... and use automatic cleanup.
|
|
The "OK" status messages should not draw attention to themselves.
It's better if they're not printed in bright/bold. Leave that
to errors and warnings.
Use a plain inconspicuous enterprisey green.
|
|
The crash that the check prevented has been fixed by commit 9e9e2b7.
|
|
Installation of a deserialized job may fail (though purely in theory),
so increase the running job counter only when succeeding.
|
|
We only mount "/usr" and entries marked with "x-initrd.mount".
This (together with the right unit files) is needed in the initramfs in order to
natively support mounting /usr (and friends) from the initramfs.
The way it is meant to work is:
* wait for sysroot.mount to be mounted
* do a daemon-reload to generate sysroot-usr.mount (++) from /sysroot/etc/fstab
* wait for sysroot-usr.mount to be mounted
* switch-root
Cc: Harald Hoyer <harald.hoyer@gmail.com>
Cc: Dave Reisner <d@falconindy.com>
|
|
|
|
|
|
|
|
|
|
I originally added this to stay as compatible as possible with the kernel, but
as Lennart argued it is not really useful in the initramfs, so let's drop it (we
already don't support 'rootdealy').
|
|
The columnar output can become pretty horrible. When GNOME inhibits
power/suspend/hibernate keys, the "WHAT" column's text extends to "WHO"
and even "WHY". At the same time, all texts in "WHY" are of the form
GNOME handlin...sses
Receiving sle...ions
GNOME needs t...reen
This patch splits each inhibit entry into four lines, allowing the full
text to fit in a normal-width terminal.
|
|
In the long run we really should make this runtime configurable.
|
|
All active units will call unit_notify() during coldplug, so we just
make sure we're counting from zero again and get the correct result for
n_on_console.
For n_running_jobs we likewise reset it to zero and then count
the running jobs as we encounter them in deserialization.
|
|
|
|
|
|
unit_notify is fired in deserelization code (particulary in
service_set_state). Units passed in random order, and there is possibility,
that unit with StopWhenUnneeded=yes passed before it actual dependecies. In
that case unit will be stopped as unneeded, because deps in UNIT_INACTIVE state
yet.
So, reuse similar logic (unit.c:1421) to avoid this race
|
|
Don't use "defaults" as default option string.
"defaults,<anyotheroption>" does not
even work for the mount unit mount options.
|
|
|
|
If rd.luks.uuid or luks.uuid is specified on the kernel command, only
generate units for these UUIDs. Additionally use the information in
/etc/crypttab unless rd.luks.crypttab=0 or luks.crypttab=0 is specified.
|
|
don't misunderstand parse failures as OOM
http://lists.freedesktop.org/archives/systemd-devel/2013-February/009179.html
|
|
Correctly detect rbind mount option as bind mount.
Fixes https://bugzilla.novell.com/show_bug.cgi?id=804575.
|
|
Add --user-unit= to make it possible to query for user logs by the name
of the service.
|
|
This partially reverts 7ad94c716d6403233d04c4d37cb14df958c9b65d.
After that commit commands such as "systemctl enable" and friends
printed the search path information multiple times in its output, which
is ugly.
If we want the search paths to be printed at a higher log level, then we
should do this in PID 1 only, i.e. split the printing out of the normal
path lookup logic and invoke that explicitly from PID 1 but not in the
auxiliary tools.
|
|
running in a chroot"
This reverts commit 5522a1fa876f1ab94a2accaadca824799fdf2cab.
I am an idiot, the chroot case was already filtered out, so no point in
checking this again.
|
|
in a chroot
http://lists.freedesktop.org/archives/systemd-devel/2013-February/009208.html
|
|
Using less as a pager sometimes breaks terminal when output
is interrupted by ctrl-c.
Reproducer: run 'sudo journalctl' ctrl-c.
Thanks mbriza@redhat.com for the solution.
|
|
|