summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2012-03-22main: added support for loading IMA custom policiesRoberto Sassu
This is an S/MIME signed message The new function ima_setup() loads an IMA custom policy from a file in the default location '/etc/ima/ima-policy', if present, and writes it to the path 'ima/policy' in the security filesystem. This function is executed at early stage in order to avoid that some file operations are not measured by IMA and it is placed after the initialization of SELinux because IMA needs the latter (or other security modules) to understand LSM-specific rules. This feature is enabled by default and can be disabled by providing the option '--disable-ima' to the configure script. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it>
2012-03-22systemd: mount the securityfs filesystem at early stageRoberto Sassu
This is an S/MIME signed message The mount of the securityfs filesystem is now performed in the main systemd executable as it is used by IMA to provide the interface for loading custom policies. The unit file 'units/sys-kernel-security.mount' has been removed because it is not longer necessary. Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Acked-by: Gianluca Ramunno <ramunno@polito.it>
2012-03-21journal: PAGE_SIZE is not known on ppc and other archsLennart Poettering
Let's use NAME_MAX, as suggested by Dan Walsh
2012-03-21journal: react with immediate rotation to a couple of more errorsLennart Poettering
2012-03-20sysctl: accept multiple passed configuration filesLennart Poettering
2012-03-20modules-load: drop /lib from search path if we don't have it split offLennart Poettering
2012-03-20bmfmt: allow passing more than one config file nameLennart Poettering
2012-03-20remove GTK piecesMichal Schmidt
They've moved to systemd-ui.
2012-03-16util: never follow symlinks in rm_rf_children()Michal Schmidt
The function checks if the entry is a directory before recursing, but there is a window between the check and the open, during which the directory could be replaced with a symlink. CVE-2012-1174 https://bugzilla.redhat.com/show_bug.cgi?id=803358
2012-03-16man: document systemd-journalctl(1)Lennart Poettering
2012-03-15man: document systemd-journald.conf(5)Lennart Poettering
2012-03-15man: document systemd-cat(1)Lennart Poettering
2012-03-15journal: only use uint8_t for stateFrederic Crozat
2012-03-15a couple of fixes to make llvm-analyze quietLennart Poettering
2012-03-15journalctl: add a missing 'break'Tero Roponen
There is a 'break' missing in the -q handling so, for example, 'systemd-journalctl --new-id128 -q' does nothing. This patch fixes the problem.
2012-03-15journald: don't try to roatet corrupted files when we open read-only anywayLennart Poettering
2012-03-15journald: adjust permissions for rotated filesLennart Poettering
2012-03-15journald: take corrupted files into account when calculating disk spaceLennart Poettering
2012-03-15journald: be a bit more verboseLennart Poettering
2012-03-15journald: fix calculation of disk spaceLennart Poettering
2012-03-15journald: copy metrics/compression state from template when rotatingLennart Poettering
2012-03-15journald: increase max file size to 128MBLennart Poettering
2012-03-15journal: vacuum corrupted files, tooLennart Poettering
2012-03-15journal: if we encounter a corrupted file, rotate and go onLennart Poettering
2012-03-15nspawn: mount /etc/timezone into nspawn environment tooLennart Poettering
2012-03-15journald: fix typoLennart Poettering
2012-03-15journalctl: suppress messages about adm group if ACL support is not enabledLennart Poettering
2012-03-15virt: the pidns controller does not exist anymoreLennart Poettering
2012-03-14journald: set SO_PASSEC only if selinux is enabledLennart Poettering
2012-03-14journalctl: warn if the user is not in the adm groupLennart Poettering
2012-03-14journal: fix memory leakLennart Poettering
2012-03-14journal: Don't hold pointers to journal while remappingMarti Raudsepp
Hi! I was trying out the journal and the journalctl utility sometimes crashed on me. After some debugging, I tracked it down to the fact that next_with_matches() holds the "c" object pointer through the journal_file_next_entry_for_data() call -- which apparently may re-map the journal file, invalidating the pointer. The attached patch fixes this crash for me, but being unfamiliar with the code, I don't know if I'm doing the right thing. This patch is also available from my github repository: git://github.com/intgr/systemd.git https://github.com/intgr/systemd Regards, Marti For the record, here's the original stack trace at the time of remapping: ret=0x7fff1d5cdec0) at src/journal/journal-file.c:330 ret=0x7fff1d5cdf28) at src/journal/journal-file.c:414 ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at src/journal/journal-file.c:1101 i=5705, ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at src/journal/journal-file.c:1147 p=6413608, data_offset=66600, direction=DIRECTION_DOWN, ret=0x7fff1d5ce0a0, offset=0x7fff1d5ce098) at src/journal/journal-file.c:1626 direction=DIRECTION_DOWN, ret=0x7fff1d5ce120, offset=0x7fff1d5ce128) at src/journal/sd-journal.c:533 direction=DIRECTION_DOWN, ret=0x7fff1d5ce170, offset=0x7fff1d5ce178) at src/journal/sd-journal.c:595 src/journal/sd-journal.c:651 From 9266fc6a58065a7c5dab67430fd78925e519dce9 Mon Sep 17 00:00:00 2001 From: Marti Raudsepp <marti@juffo.org> Date: Fri, 9 Mar 2012 16:23:00 +0200 Subject: [PATCH] journal: Don't hold pointers to journal while remapping This would cause a segfault otherwise.
2012-03-14log: introduce log_metavLennart Poettering
2012-03-14pkg-config: bring unit search path order in sync with the codeLennart Poettering
2012-03-14path-lookup: rearrange things so that the system path order follows the user ↵Lennart Poettering
path order
2012-03-14conf: when looking for configurations look in /etc first, in /run secondLennart Poettering
After long consideration we came to the conclusion that user configuration in /etc should always override the (generally computer generated) configuration in /run. User configuration should always be what matters over anything else. Hence rearrange the search orders accordingly. In general this should change very little as overriding like this is seldomn done so far, and the order between /etc and /usr stays the same.
2012-03-14machine-id: initialize from $container_uuid if not set otherwiseLennart Poettering
This is a result of the discussions on https://bugs.freedesktop.org/show_bug.cgi?id=46894
2012-03-14journald: allocate PAGE_SIZE bytes for selinux label lengthLennart Poettering
As suggested in https://bugzilla.redhat.com/show_bug.cgi?id=798760
2012-03-14socket: make sure that the name for per-connection services are uniqueLennart Poettering
If a client connects to us repeatedly always using the same source port and we instantiate a service for the incoming connection this might clash with an old instance. Hence, include the connection number, the same way we do it for AF_UNIX to make connections unique. https://bugs.freedesktop.org/show_bug.cgi?id=45297
2012-03-14socket: if we fail to create an instantiated service for a socket, don't put ↵Lennart Poettering
the socket in failure mode An incoming connection that is immediately terminated might result in getpeername() or a similar call failing. Hence it is quite possible that while we are setting up an instantiated service for a socket we might get an error and we shouldn't take this as hint to take the listening socket down. https://bugs.freedesktop.org/show_bug.cgi?id=45297 https://bugzilla.novell.com/show_bug.cgi?id=741590
2012-03-13mount: fix assertionLennart Poettering
https://bugzilla.redhat.com/show_bug.cgi?id=768523
2012-03-13conf-parser: warn if an assignment is place outside of a sectionLennart Poettering
https://bugzilla.redhat.com/show_bug.cgi?id=783134
2012-03-13util: add brute-force fallback for close_all_fds()Lennart Poettering
If /proc is not available (i.e. in chroot envs) let's fall back to brute forcing our way through the fd table. https://bugzilla.redhat.com/show_bug.cgi?id=784921
2012-03-13journald: use SCM_SECURITY to race-freely determine peer SELinux labelLennart Poettering
https://bugzilla.redhat.com/show_bug.cgi?id=798760
2012-03-13socket: add option for SO_PASSECLennart Poettering
https://bugzilla.redhat.com/show_bug.cgi?id=798760 (Note that this work is not complete yet, as the kernel seems to send us useless data with SCM_SECURITY enabled)
2012-03-12login: tag the Mimo 720 ID_AUTOSEATShawn Landden
This device is a combination USB hub, displaylink graphics, and e2i touchscreen Bus 001 Device 005: ID 058f:6254 Alcor Micro Corp. USB Hub Bus 001 Device 006: ID 17e9:401a Newnham Research Bus 001 Device 007: ID 1ac7:0001 |__ Port 1: Dev 5, If 0, Class=hub, Driver=hub/4p, 480M |__ Port 2: Dev 6, If 0, Class=vend., Driver=udlfb, 480M |__ Port 2: Dev 6, If 1, Class=HID, Driver=usbhid, 480M |__ Port 3: Dev 7, If 0, Class=vend., Driver=usbtouchscreen, 12M
2012-03-12conf: enforce UTF8 validty everywhereLennart Poettering
we need to make sure that configuration data we expose via the bus ends up in using getting an assert(). Even though configuration data is only parsed from trusted sources we should be more careful with what we read.
2012-03-06journal: make sure to refresh window position and pointer after we linked up ↵Lennart Poettering
a data object
2012-03-06mount: properly check return for mount_add_*Dave Reisner
Previously, mount_load_etc_fstab() could never fail for reasons other than a setmntent() or allocation failure.
2012-03-06bash-completion: get rid of awk, sed and grepHarald Hoyer
Get rid of "awk", "sed" and "grep" calls. This can be done entirely in bash! With help from Dave Reisner