summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2014-02-13core: add a system-wide SystemCallArchitectures= settingLennart Poettering
This is useful to prohibit execution of non-native processes on systems, for example 32bit binaries on 64bit systems, this lowering the attack service on incorrect syscall and ioctl 32→64bit mappings.
2014-02-13networkd: correctly handle manager_free(NULL)Tom Gundersen
2014-02-13core: add SystemCallArchitectures= unit setting to allow disabling of non-nativeLennart Poettering
architecture support for system calls Also, turn system call filter bus properties into complex types instead of concatenated strings.
2014-02-12core: fix build without libseccompLennart Poettering
2014-02-12core: rework syscall filterLennart Poettering
- Allow configuration of an errno error to return from blacklisted syscalls, instead of immediately terminating a process. - Fix parsing logic when libseccomp support is turned off - Only keep the actual syscall set in the ExecContext, and generate the string version only on demand.
2014-02-12syscallfilter: port to libseccompRonny Chevalier
2014-02-12sd-dhcp: make sure client->secs > 0Tom Gundersen
Some DHCP servers will not work correctly if secs == 0, so round up to at least 1.
2014-02-12networkd: work inside containersTom Gundersen
Udev does not run in containers, so instead of relying on it to tell us when a network device is ready to be used by networkd, we simply assume that any device was fully initialized before being added to the container.
2014-02-12pager: support SYSTEMD_LESS environment variableJason A. Donenfeld
This allows customization of the arguments used by less. The main motivation is that some folks might not like having --no-init on every invocation of less.
2014-02-12nspawn: newer kernels (>= 3.14) allow resetting the audit loginuid, make use ↵Lennart Poettering
of this
2014-02-12test: fix "make check"Lennart Poettering
Let's remove the tests for cg_path_get_machine_name(), since they no longer operate solely on the cgroup path, but actually look up data in /run. Since we have a test for cg_pid_get_machine_name() this shouldn't be too much of a loss.
2014-02-12machinectl: add new "machinectl reboot" callLennart Poettering
2014-02-11logind: ignore PropertiesChanged signals for jobsZbigniew Jędrzejewski-Szmek
Otherwise we get a (harmless) message like: systemd-logind[30845]: Failed to process message [type=signal sender=:1.36 path=/org/freedesktop/systemd1/job/4674 interface=org.freedesktop.DBus.Properties member=PropertiesChanged signature=sa{sv}as]: Invalid argument
2014-02-11logind: always kill session when termination is requestedZbigniew Jędrzejewski-Szmek
KillUserProcesses=yes/no should be ignored when termination is explicitly requested.
2014-02-11journald: log provenience of signalsZbigniew Jędrzejewski-Szmek
2014-02-11machined: fix enumeration of existing machines on restartLennart Poettering
2014-02-11logind: use session_get_state() to get sessions state of the userDjalal Harouni
In function user_get_state() remove the session_is_active() check, just count on the session_get_state() function to get the correct session state. session_is_active() may return true before starting the session scope and user service, this means it will return true even before the creation of the session fifo_fd which will produce incorrect states. So be consistent and just use session_get_state().
2014-02-11efi: fix Undefined reference efi_loader_get_boot_usec when EFI support is ↵Cristian Rodríguez
disabled
2014-02-11machined: optionally, allow registration of pre-existing units (scopesLennart Poettering
or services) as machine with machined
2014-02-11util: modernize readlink_malloc() a bitLennart Poettering
2014-02-11util: drop parse_user_at_host() since its unused nowLennart Poettering
2014-02-11nspawn: add --register=yes|no switch to optionally disable registration of ↵Lennart Poettering
the container with machined
2014-02-11sd-dhcp: split out packet handling from clientTom Gundersen
2014-02-10sd-bus: export sd_bus_call{,_async,_async_cancel}David Herrmann
The .sym file somehow lacks these declarations, so add these. You have to run "make clean" to make sure the sym-test runs fine afterwards.
2014-02-10networkd: link - correctly skip state ENSLAVING when no vlans configuredTom Gundersen
This fixes a regression introduced in 672682a6b
2014-02-10networkd: VLAN - allow multiple vlans to be created on a linkTom Gundersen
Also limit the range of vlan ids. Other implementations and documentation use the ranges {0,1}-{4094,4095}, but we use the one accepted by the kernel: 0-4094. Reported-by: Oleksii Shevchuk <alxchk@gmail.com>
2014-02-10pam: use correct log levelMichal Sekletar
2014-02-10sd-rtnl: added support for a few more attributesSusant Sahani
2014-02-10sd-rtnl: test - improve test of MTU a bitTom Gundersen
We are more likely to catch errors if we don't use '0' as test value.
2014-02-10sd-rtnl: add test cases for linkSusant Sahani
2014-02-10nspawn: add new --share-system switch to run a container without PID/UTS/IPC ↵Lennart Poettering
namespacing
2014-02-10nspawn,man: use a common vocabulary when referring to selinux security contextsLennart Poettering
Let's always call the security labels the same way: SMACK: "Smack Label" SELINUX: "SELinux Security Context" And the low-level encapsulation is called "seclabel". Now let's hope we stick to this vocabulary in future, too, and don't mix "label"s and "security contexts" and so on wildly.
2014-02-10exec: Add support for ignoring errors on SELinuxContext by prefixing it with ↵Michael Scherer
-, like for others settings. Also remove call to security_check_context, as this doesn't serve anything, since setexeccon will fail anyway.
2014-02-10exec: Ignore the setting SELinuxContext if selinux is not enabledMichael Scherer
2014-02-10exec: Add SELinuxContext configuration itemMichael Scherer
This permit to let system administrators decide of the domain of a service. This can be used with templated units to have each service in a différent domain ( for example, a per customer database, using MLS or anything ), or can be used to force a non selinux enabled system (jvm, erlang, etc) to start in a different domain for each service.
2014-02-10includes: remove duplicate includesTom Gundersen
Found by the new check-includes make target.
2014-02-10fstab-generator: Create fsck-root symlink with correct pathColin Guthrie
This was noticed in Brussels at the hackfest. The fstab-generator currently creates a broken symlink pointing to itself in /run/systemd/generator/local-fs.target.wants/ for systemd-fsck-root.service
2014-02-10nspawn: require /etc/os-release only for initVincent Batts
/etc/os-release is expected for the case for booting a full system, and need not be required for thin container execution.
2014-02-10networkd: fix setting dns from dhcpTom Gundersen
2014-02-08manager: fix initialization of plymouth socketZbigniew Jędrzejewski-Szmek
I'm not sure why this makes a difference...
2014-02-08cryptsetup-generator: auto add deps for device as passwordDave Reisner
If the password is a device file, we can add Requires/After dependencies on the device rather than requiring the user to do so.
2014-02-08core: use automatic cleanup in two functionsZbigniew Jędrzejewski-Szmek
2014-02-08core: do not print invalid utf-8 in error messagesZbigniew Jędrzejewski-Szmek
2014-02-08pam-module: avoid (null) in debug messageZbigniew Jędrzejewski-Szmek
2014-02-08core: fix crashes if locale.conf contains invalid utf-8 stringGoffredo Baroncelli
In the parse_env_file_push() and load_env_file_push() functions, there are two assert() call to check if the key or value parameters are utf8 valid. If the strings aren't utf8 valid, assert does abort. These function are used early by systemd to parse some files. For example '/etc/locale.conf'. In my case this file contained a not utf8 sequence, which is bad, but systemd crashed during the boot, which is even worse! The enclosed patch removes the assert and return -EINVAL if the sequence is invalid. This is possible because the caller of these function [1] checks the errors. So the check of an invalid utf8 sequence is still performed, but systemd doesn't crash anymore and logs the error. [1] parse_env_file_internal(), invoked by load_env_file() and parse_env_file()
2014-02-07remove unused variablesThomas Hindoe Paaboel Andersen
2014-02-07nspawn: rename --file-label to --apifs-label since it's really just about ↵Lennart Poettering
the API file systems, nothing else
2014-02-07core: when an already abandoned unit gets abandoned again generate a clean errorLennart Poettering
2014-02-07logind: order all scopes after both systemd-logind.service andLennart Poettering
systemd-user-sessions.service This way at shutdown we can be sure that the sessions go away before the network.
2014-02-07networkd: netdev - rename Netdev to NetDevTom Gundersen
Both in the configuration file format and everywhere else in the code.