Age | Commit message (Collapse) | Author | |
---|---|---|---|
2010-08-11 | audit: initialize audit only if it is enabled | Lennart Poettering | |
2010-08-11 | target: don't synthesize a runlevel property for targets anymore since we ↵ | Lennart Poettering | |
don't need it anymore and it is crutfy | |||
2010-08-11 | audit: smaller fixes to audit hookup | Lennart Poettering | |
2010-08-11 | systemctl: beef up highlighting of service states a little | Lennart Poettering | |
2010-08-11 | utmp: enable systemd-update-utmp by default | Lennart Poettering | |
2010-08-11 | unit: make sure a job for a service of type 'finish' succeeds if the process ↵ | Lennart Poettering | |
terminates cleanly | |||
2010-08-11 | socket: disable GC for pre-allocated per-connection service until it is used | Lennart Poettering | |
2010-08-11 | audit,utmp: implement audit logic and rip utmp stuff out of the main daemon ↵ | Lennart Poettering | |
and into a helper binary | |||
2010-08-11 | util: when replacing env vars replace unset envvars by nothing | Lennart Poettering | |
This makes it easier to support /etc/sysconfig/xxxx with command line env vars in style of $OPTIONS which might or might not be set. | |||
2010-08-11 | conf: add commented default SysVConsole= value | Lennart Poettering | |
2010-08-11 | unit: rename OnlyByDependency= to RefuseManualStart= and introduce ↵ | Lennart Poettering | |
RefuseManualStop= Some unit shall never be start on user request (e.g. shutdown.target) others never be stopped on user request (e.g. auditd.servce), hence offer options for both. | |||
2010-08-09 | main: fix auto restarting of units after a configuration reload | Lennart Poettering | |
2010-08-09 | swap: properly enter maintenance mode on failure | Lennart Poettering | |
2010-08-09 | manager: when two pending jobs conflict, keep the one that "conflicts", ↵ | Lennart Poettering | |
remove the one that is "conflicted" This gives the writer of units control which unit is kept and which is stopped when two units conflict. | |||
2010-08-09 | service: hide output of sysv scripts if quiet is passed on the kernel cmdline | Lennart Poettering | |
2010-08-09 | service: properly remember if a sysv is actually enabled | Lennart Poettering | |
Previously we checked the SysV priority value to figure out if a SysV unit was enabled or not, since th value was mostly read from the S startup links. Since we read this value from the LSB headers as a fallback we hence ended up considering a lot more services enabled than were actually enabled. This patch adds an explicit boolean which encodes whether a sysv service is enabled or not via S links. https://bugzilla.redhat.com/show_bug.cgi?id=615293 | |||
2010-08-09 | service: show restart value in dump | Lennart Poettering | |
2010-08-09 | dbus: don't call bus_path_escape() with NULL unit name | Lennart Poettering | |
Fixes an assertion triggerable via D-Bus. https://bugzilla.redhat.com/show_bug.cgi?id=622008 | |||
2010-08-09 | systemctl: show exit code only if it is actually set | Lennart Poettering | |
2010-08-07 | systemctl: fix parsing of DBus reply in 'dot' | Michal Schmidt | |
"systemctl dot" has been broken since the addition of the "Following=" property. | |||
2010-08-06 | util: when formatting timestamps return '0' for 0 timestamps instead of ↵ | Lennart Poettering | |
empty string | |||
2010-08-06 | sd-daemon: fix compilation on old systems lacking SOCK_CLOEXEC | Lennart Poettering | |
2010-08-06 | device: properly handle devices that are referenced before they show up | Lennart Poettering | |
2010-08-06 | cgroup: if the system bus cannot be found, send cgroup empty msg directly to ↵ | Lennart Poettering | |
init proces | |||
2010-08-06 | manager: downgrade a few log msgs regarding conflicting but fixable jobs | Lennart Poettering | |
2010-08-06 | automount: order automount units after fsck, too | Lennart Poettering | |
2010-08-06 | units: split fsck.target from sysinit.target for suse compat | Lennart Poettering | |
2010-08-06 | main: automatically spawn a getty on the kernel configured serial console | Lennart Poettering | |
2010-08-05 | manager: fix conflicting job check | Lennart Poettering | |
2010-08-05 | manager: when breaking ordering cycle show full cycle loop | Lennart Poettering | |
2010-08-05 | service: read special startup dirs only on the respective distros | Lennart Poettering | |
2010-08-05 | selinux: minor error handling fix | Lennart Poettering | |
2010-08-05 | service: always sort services from suse B runlevel before services from ↵ | Lennart Poettering | |
normal runlevels | |||
2010-08-05 | reboot: handle -p switch properly | Michal Schmidt | |
https://bugzilla.redhat.com/show_bug.cgi?id=618678 | |||
2010-08-05 | selinux: fix labels only when configured for it | Lennart Poettering | |
2010-08-04 | selinux: rework selinux tests a little | Lennart Poettering | |
2010-08-04 | selinux: fix if vs. ifdef mixup | Lennart Poettering | |
2010-08-03 | Systemd is causing mislabeled devices to be created and then attempting to ↵ | Daniel J Walsh | |
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e | |||
2010-08-03 | socket: Allow selection of TCP Congestion Avoidance algorithm to socket | Tomasz Torcz | |
Hi, attached path extends socket configurables with another knob - TCP Congestion Avoidance selection. Linux implements handful of those, useful in various situations. For example, TCP Low Priority may be used by FTP service to gracefully yield bandwidth for more important TCP/IP streams. Until recently TCP_CONGESTION was Linux-specific, recently FreeBSD 8 and OpenSolaris gained compatible support. | |||
2010-07-24 | telinit: forward to upstart, if not booted with systemdsystemd/v4 | Lennart Poettering | |
2010-07-24 | systemctl: don't use the systemd bus to talk to upstart | Lennart Poettering | |
2010-07-24 | systemctl: don't hit an assert when we are run from a non-systemd boot | Lennart Poettering | |
2010-07-24 | main: disable NSS disabling logic for now, since this is incompatible with rpm | Lennart Poettering | |
2010-07-24 | systemctl: fold systemd-install into systemctl | Lennart Poettering | |
2010-07-23 | systemctl: support force-reload and condrestart as aliases for ↵ | Lennart Poettering | |
reload-or-try-restart | |||
2010-07-23 | install: default to minimal realization mode | Lennart Poettering | |
2010-07-23 | systemctl: accept -p more than once | Lennart Poettering | |
2010-07-23 | socket: SELinux support for socket creation. | Daniel J Walsh | |
It seems to work on my machine. /proc/1/fd/20 system_u:system_r:system_dbusd_t:s0 /proc/1/fd/21 system_u:system_r:avahi_t:s0 And the AVC's seem to have dissapeared when a confined app trys to connect to dbus or avahi. If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch You should be able to boot in enforcing mode. | |||
2010-07-23 | sshd, tmux and others are broken when /dev/pts is mounted with "-o nodev" | Robert "arachnist" Gerus | |
2010-07-22 | build-sys: fix compatibility with vala 0.9 | Lennart Poettering | |