summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2010-08-11audit: initialize audit only if it is enabledLennart Poettering
2010-08-11target: don't synthesize a runlevel property for targets anymore since we ↵Lennart Poettering
don't need it anymore and it is crutfy
2010-08-11audit: smaller fixes to audit hookupLennart Poettering
2010-08-11systemctl: beef up highlighting of service states a littleLennart Poettering
2010-08-11utmp: enable systemd-update-utmp by defaultLennart Poettering
2010-08-11unit: make sure a job for a service of type 'finish' succeeds if the process ↵Lennart Poettering
terminates cleanly
2010-08-11socket: disable GC for pre-allocated per-connection service until it is usedLennart Poettering
2010-08-11audit,utmp: implement audit logic and rip utmp stuff out of the main daemon ↵Lennart Poettering
and into a helper binary
2010-08-11util: when replacing env vars replace unset envvars by nothingLennart Poettering
This makes it easier to support /etc/sysconfig/xxxx with command line env vars in style of $OPTIONS which might or might not be set.
2010-08-11conf: add commented default SysVConsole= valueLennart Poettering
2010-08-11unit: rename OnlyByDependency= to RefuseManualStart= and introduce ↵Lennart Poettering
RefuseManualStop= Some unit shall never be start on user request (e.g. shutdown.target) others never be stopped on user request (e.g. auditd.servce), hence offer options for both.
2010-08-09main: fix auto restarting of units after a configuration reloadLennart Poettering
2010-08-09swap: properly enter maintenance mode on failureLennart Poettering
2010-08-09manager: when two pending jobs conflict, keep the one that "conflicts", ↵Lennart Poettering
remove the one that is "conflicted" This gives the writer of units control which unit is kept and which is stopped when two units conflict.
2010-08-09service: hide output of sysv scripts if quiet is passed on the kernel cmdlineLennart Poettering
2010-08-09service: properly remember if a sysv is actually enabledLennart Poettering
Previously we checked the SysV priority value to figure out if a SysV unit was enabled or not, since th value was mostly read from the S startup links. Since we read this value from the LSB headers as a fallback we hence ended up considering a lot more services enabled than were actually enabled. This patch adds an explicit boolean which encodes whether a sysv service is enabled or not via S links. https://bugzilla.redhat.com/show_bug.cgi?id=615293
2010-08-09service: show restart value in dumpLennart Poettering
2010-08-09dbus: don't call bus_path_escape() with NULL unit nameLennart Poettering
Fixes an assertion triggerable via D-Bus. https://bugzilla.redhat.com/show_bug.cgi?id=622008
2010-08-09systemctl: show exit code only if it is actually setLennart Poettering
2010-08-07systemctl: fix parsing of DBus reply in 'dot'Michal Schmidt
"systemctl dot" has been broken since the addition of the "Following=" property.
2010-08-06util: when formatting timestamps return '0' for 0 timestamps instead of ↵Lennart Poettering
empty string
2010-08-06sd-daemon: fix compilation on old systems lacking SOCK_CLOEXECLennart Poettering
2010-08-06device: properly handle devices that are referenced before they show upLennart Poettering
2010-08-06cgroup: if the system bus cannot be found, send cgroup empty msg directly to ↵Lennart Poettering
init proces
2010-08-06manager: downgrade a few log msgs regarding conflicting but fixable jobsLennart Poettering
2010-08-06automount: order automount units after fsck, tooLennart Poettering
2010-08-06units: split fsck.target from sysinit.target for suse compatLennart Poettering
2010-08-06main: automatically spawn a getty on the kernel configured serial consoleLennart Poettering
2010-08-05manager: fix conflicting job checkLennart Poettering
2010-08-05manager: when breaking ordering cycle show full cycle loopLennart Poettering
2010-08-05service: read special startup dirs only on the respective distrosLennart Poettering
2010-08-05selinux: minor error handling fixLennart Poettering
2010-08-05service: always sort services from suse B runlevel before services from ↵Lennart Poettering
normal runlevels
2010-08-05reboot: handle -p switch properlyMichal Schmidt
https://bugzilla.redhat.com/show_bug.cgi?id=618678
2010-08-05selinux: fix labels only when configured for itLennart Poettering
2010-08-04selinux: rework selinux tests a littleLennart Poettering
2010-08-04selinux: fix if vs. ifdef mixupLennart Poettering
2010-08-03Systemd is causing mislabeled devices to be created and then attempting to ↵Daniel J Walsh
read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e
2010-08-03socket: Allow selection of TCP Congestion Avoidance algorithm to socketTomasz Torcz
Hi, attached path extends socket configurables with another knob - TCP Congestion Avoidance selection. Linux implements handful of those, useful in various situations. For example, TCP Low Priority may be used by FTP service to gracefully yield bandwidth for more important TCP/IP streams. Until recently TCP_CONGESTION was Linux-specific, recently FreeBSD 8 and OpenSolaris gained compatible support.
2010-07-24telinit: forward to upstart, if not booted with systemdsystemd/v4Lennart Poettering
2010-07-24systemctl: don't use the systemd bus to talk to upstartLennart Poettering
2010-07-24systemctl: don't hit an assert when we are run from a non-systemd bootLennart Poettering
2010-07-24main: disable NSS disabling logic for now, since this is incompatible with rpmLennart Poettering
2010-07-24systemctl: fold systemd-install into systemctlLennart Poettering
2010-07-23systemctl: support force-reload and condrestart as aliases for ↵Lennart Poettering
reload-or-try-restart
2010-07-23install: default to minimal realization modeLennart Poettering
2010-07-23systemctl: accept -p more than onceLennart Poettering
2010-07-23socket: SELinux support for socket creation.Daniel J Walsh
It seems to work on my machine. /proc/1/fd/20 system_u:system_r:system_dbusd_t:s0 /proc/1/fd/21 system_u:system_r:avahi_t:s0 And the AVC's seem to have dissapeared when a confined app trys to connect to dbus or avahi. If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch You should be able to boot in enforcing mode.
2010-07-23sshd, tmux and others are broken when /dev/pts is mounted with "-o nodev"Robert "arachnist" Gerus
2010-07-22build-sys: fix compatibility with vala 0.9Lennart Poettering