summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2012-10-30SMACK: Add configuration options. (v3)Auke Kok
This adds SMACK label configuration options to socket units. SMACK labels should be applied to most objects on disk well before execution time, but two items remain that are generated dynamically at run time that require SMACK labels to be set in order to enforce MAC on all objects. Files on disk can be labelled using package management. For device nodes, simple udev rules are sufficient to add SMACK labels at boot/insertion time. Sockets can be created at run time and systemd does just that for several services. In order to protect FIFO's and UNIX domain sockets, we must instruct systemd to apply SMACK labels at runtime. This patch adds the following options: Smack - applicable to FIFO's. SmackIpIn/SmackIpOut - applicable to sockets. No external dependencies are required to support SMACK, as setting the labels is done using fsetxattr(). The labels can be set on a kernel that does not have SMACK enabled either, so there is no need to #ifdef any of this code out. For more information about SMACK, please see Documentation/Smack.txt in the kernel source code. v3 of this patch changes the config options to be CamelCased.
2012-10-30logind: it's OK if a process on an pty requests a session for seat0Lennart Poettering
After all, if a sudo/su inside an X terminal should get added to the same session as the X session itself.
2012-10-30logind: unify all session lock loopLennart Poettering
2012-10-30systemd: mount the EFI variable filesystemLee, Chun-Yi
Add efivarfs to the mount_table in mount-setup.c, so the EFI variable filesystem will be mounted when systemd executed. The EFI variable filesystem will merge in v3.7 or v3.8 linux kernel. Cc: Kay Sievers <kay@vrfy.org> Cc: Lennart Poettering <lennart@poettering.net> Cc: Mantas Mikulėnas <grawity@gmail.com> Cc: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> Cc: Matt Fleming <matt.fleming@intel.com> Cc: Jeremy Kerr <jeremy.kerr@canonical.com> Cc: Matthew Garrett <mjg@redhat.com> Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
2012-10-29util: improve overflow checksMichal Schmidt
commit 49371bb fixed the observed division by zero, but missed another occurrence of the same bug. It was also not the optimal fix. We can simply make the divisor a constant by swapping it with the compared value.
2012-10-29hostnamectl: do not choke on set-hostname with no argumentKay Sievers
https://bugzilla.redhat.com/show_bug.cgi?id=871172
2012-10-29util: avoid divide by zero FPEDave Reisner
In early userspace, if kernel initialization happens extremely quickly, a call to systemd-timestamp can potentially result in division by zero. Ensure that the check in timespec_load, which only makes sense if tv_sec is greater than zero, is guarded by this condition.
2012-10-29swap: fix swap behaviour with symlinksOlivier Brunel
Starting a swap unit pointing to (What) a symlink (e.g. /dev/mapper/swap or /dev/disk/by-uuid/...) would have said unit marked active, following the one using the "actual" device (/dev/{dm-1,sda3}), but that new unit would be seen as inactive. Since all requests to stop swap units would follow/redirect to it, and it is seen inactive, nothing would be done (swapoff never called). This is because this unit would be treated twice in swap_process_new_swap, the second call to swap_add_one causing it to eventually be marked inactive.
2012-10-29swap: modernize styleZbigniew Jędrzejewski-Szmek
2012-10-29swap: use automatic cleanupZbigniew Jędrzejewski-Szmek
2012-10-29swap: introduce helper variableZbigniew Jędrzejewski-Szmek
Just for readability, no funcational change.
2012-10-28login: trivial grammar fixZbigniew Jędrzejewski-Szmek
2012-10-28systemctl: skip JOBS column if no jobsZbigniew Jędrzejewski-Szmek
Output is very constrained. This change saves 4 columns in the common case.
2012-10-28logind: add 'lock' as possible choice for handling hw keysLennart Poettering
2012-10-28libudev: hwdb - cleanup list before getting new propertiesKay Sievers
2012-10-28udev: add "udevadm hwdb --test=<modalias>"Kay Sievers
2012-10-28udev: get rid of SYSCONFDIRKay Sievers
2012-10-28Tweak TODOZbigniew Jędrzejewski-Szmek
2012-10-28util: fix possible integer overflowsMichal Sekletar
2012-10-28localectl: fix memleak, use _cleanup_strv_free_Michal Sekletar
l might contain zero strings, however there is still memory allocated for NULL terminator, use _cleanup_strv_free_ instead to prevent tiny leak in such case.
2012-10-28localectl: fix memleak, jump to finish before returningMichal Sekletar
2012-10-28journal: fix memleak, call set_free before returnMichal Sekletar
2012-10-28logind: support for hybrid sleep (i.e. suspend+hibernate at the same time)Lennart Poettering
2012-10-27libudev: import hwdb and export lookup interfaceKay Sievers
2012-10-27hwclock: do not seal the kernel's time-warp call from inside the initrdKay Sievers
2012-10-27util: return the remaining string in startswith()Lennart Poettering
2012-10-27coredumpctl: add 'gdb' verb to start gdb right-away on a collected coredumpLennart Poettering
2012-10-26coredumpctl: show timestamps in listLennart Poettering
2012-10-26journal: special case the trivial cache chain cache entryLennart Poettering
2012-10-26coredumpctl: optimize journal entry parsing a bit by enumerating only onceLennart Poettering
2012-10-26coredumpctl: initialize global varsLennart Poettering
2012-10-26journal: provide an API that allows client to figure out whether they need ↵Lennart Poettering
to recheck the journal manually for changes in regular intervals Network file systems generally do not offer inotify() that would work across the network. We hence cannot rely on inotify() exclusiely in those case. Provide an API to determine these cases, and suggest doing manual regular rechecks. Note that this is not complete yet, as we need to rescan journal dirs on network file systems explicitly to find new/removed files
2012-10-26journal: fix parsing of monotonic kernel timestampsLennart Poettering
2012-10-26keymap: Add HP EliteBook 8440pMartin Pitt
Thanks to Glen Ditchfield <gjditchfield@acm.org>! https://launchpad.net/bugs/1071579
2012-10-26udev: builtin - do not fail builtin initialization if one of them returns an ↵Kay Sievers
error
2012-10-26journal: introduce entry array chain cacheLennart Poettering
When traversing entry array chains for a bisection or for retrieving an item by index we previously always started at the beginning of the chain. Since we tend to look at the same chains repeatedly, let's cache where we have been the last time, and maybe we can skip ahead with this the next time. This turns most bisections and index lookups from O(log(n)*log(n)) into O(log(n)). More importantly however, we seek around on disk much less, which is good to reduce buffer cache and seek times on rotational disks.
2012-10-26test: extend test-send to send some weirder dataLennart Poettering
2012-10-26journal: properly determine cutoff max dateLennart Poettering
2012-10-26sysctl: parse all keys in a config fileMichal Sekletar
https://bugzilla.redhat.com/show_bug.cgi?id=869779
2012-10-26udev: kmod - fix typoKay Sievers
2012-10-25udev: kmod, hwdb - do not fail if databases are not availableKay Sievers
2012-10-25udev: hwdb - exit if no database is availableKay Sievers
2012-10-25udev: hwdb validate() return when the database is not openedKay Sievers
2012-10-25udev: hwdb - remove run_onceKay Sievers
2012-10-25udev: hwdb - properly initialize search structureKay Sievers
2012-10-25udev: set optind = 0, not the usual 1, to reset getopt_long()s internal stateKay Sievers
2012-10-25job: avoid recursion into transaction code from job cancelationMichal Schmidt
I hit an "assert(j->installed)" failure in transaction_apply(). Looking into the backtrace I saw what happened: 1. The system was booting. var.mount/start was an installed job. 2. I pressed Ctrl+Alt+Del. 3. reboot.target was going to be isolated. 4. transaction_apply() proceeded to install a var.mount/stop job. 5. job_install() canceled the conflicting start job. 6. Depending jobs ended recursively with JOB_DEPENDENCY, among them was local-fs.target/start. 7. Its OnFailure action triggered - emergency.target was now going to be isolated. 8. We recursed back into transaction_apply() where the half-installed var.mount/stop job confused us. Recursing from job installation back into the transaction code cannot be a good idea. Avoid the problem by canceling the conflicting job non-recursively in job_install(). I don't think we'll miss anything by not recursing here. After all, we are called from transaction_apply(). We will not be installing just this one job, but all jobs from a transaction. All requirement dependencies will be included in it and will be installed separately. Every transaction job will get a chance to cancel its own conflicting installed job.
2012-10-25job: add comments to JobResult valuesMichal Schmidt
2012-10-25journal: properly serialize fields with multiple values into JSONLennart Poettering
This now matches the JSON serialization spec from: http://www.freedesktop.org/wiki/Software/systemd/json
2012-10-24remove Fedora hostname, locale, vconsole legacy file supportKay Sievers