summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2014-02-10nspawn,man: use a common vocabulary when referring to selinux security contextsLennart Poettering
Let's always call the security labels the same way: SMACK: "Smack Label" SELINUX: "SELinux Security Context" And the low-level encapsulation is called "seclabel". Now let's hope we stick to this vocabulary in future, too, and don't mix "label"s and "security contexts" and so on wildly.
2014-02-10exec: Add support for ignoring errors on SELinuxContext by prefixing it with ↵Michael Scherer
-, like for others settings. Also remove call to security_check_context, as this doesn't serve anything, since setexeccon will fail anyway.
2014-02-10exec: Ignore the setting SELinuxContext if selinux is not enabledMichael Scherer
2014-02-10exec: Add SELinuxContext configuration itemMichael Scherer
This permit to let system administrators decide of the domain of a service. This can be used with templated units to have each service in a différent domain ( for example, a per customer database, using MLS or anything ), or can be used to force a non selinux enabled system (jvm, erlang, etc) to start in a different domain for each service.
2014-02-10includes: remove duplicate includesTom Gundersen
Found by the new check-includes make target.
2014-02-10fstab-generator: Create fsck-root symlink with correct pathColin Guthrie
This was noticed in Brussels at the hackfest. The fstab-generator currently creates a broken symlink pointing to itself in /run/systemd/generator/local-fs.target.wants/ for systemd-fsck-root.service
2014-02-10nspawn: require /etc/os-release only for initVincent Batts
/etc/os-release is expected for the case for booting a full system, and need not be required for thin container execution.
2014-02-10networkd: fix setting dns from dhcpTom Gundersen
2014-02-08manager: fix initialization of plymouth socketZbigniew Jędrzejewski-Szmek
I'm not sure why this makes a difference...
2014-02-08cryptsetup-generator: auto add deps for device as passwordDave Reisner
If the password is a device file, we can add Requires/After dependencies on the device rather than requiring the user to do so.
2014-02-08core: use automatic cleanup in two functionsZbigniew Jędrzejewski-Szmek
2014-02-08core: do not print invalid utf-8 in error messagesZbigniew Jędrzejewski-Szmek
2014-02-08pam-module: avoid (null) in debug messageZbigniew Jędrzejewski-Szmek
2014-02-08core: fix crashes if locale.conf contains invalid utf-8 stringGoffredo Baroncelli
In the parse_env_file_push() and load_env_file_push() functions, there are two assert() call to check if the key or value parameters are utf8 valid. If the strings aren't utf8 valid, assert does abort. These function are used early by systemd to parse some files. For example '/etc/locale.conf'. In my case this file contained a not utf8 sequence, which is bad, but systemd crashed during the boot, which is even worse! The enclosed patch removes the assert and return -EINVAL if the sequence is invalid. This is possible because the caller of these function [1] checks the errors. So the check of an invalid utf8 sequence is still performed, but systemd doesn't crash anymore and logs the error. [1] parse_env_file_internal(), invoked by load_env_file() and parse_env_file()
2014-02-07remove unused variablesThomas Hindoe Paaboel Andersen
2014-02-07nspawn: rename --file-label to --apifs-label since it's really just about ↵Lennart Poettering
the API file systems, nothing else
2014-02-07core: when an already abandoned unit gets abandoned again generate a clean errorLennart Poettering
2014-02-07logind: order all scopes after both systemd-logind.service andLennart Poettering
systemd-user-sessions.service This way at shutdown we can be sure that the sessions go away before the network.
2014-02-07networkd: netdev - rename Netdev to NetDevTom Gundersen
Both in the configuration file format and everywhere else in the code.
2014-02-07logind: add function session_jobs_reply() to unify the create replyDjalal Harouni
The session_send_create_reply() function which notifies clients about session creation is used for both session and user units. Unify the shared code in a new function session_jobs_reply(). The session_save() will be called unconditionally on sessions since it does not make sense to only call it if '!session->started', this will also allow to update the session state as soon as possible.
2014-02-07core: one step back again, for nspawn we actually can't wait for cgroups ↵Lennart Poettering
running empty since systemd will get exactly zero notifications about it
2014-02-07machined: since we can now somewhat reliable get notifications for dyingLennart Poettering
scopes we don't need to lower the stop timeout anymore
2014-02-07sd-dhcp-client: split sd_dhcp_lease from sd_dhcp_clientTom Gundersen
This allows us users of the library to keep copies of old leases. This is used by networkd to know what addresses to drop (if any) when the lease expires. In the future this may be used by DNAv4 and sd-dhcp-server.
2014-02-07logind: given that we can now relatively safely shutdown sessions copesLennart Poettering
without working cgroup empty notifications there's no need to set the stop timeout of sessions scopes low
2014-02-07core: allow PIDs to be watched by two units at the same timeLennart Poettering
In some cases it is interesting to map a PID to two units at the same time. For example, when a user logs in via a getty, which is reexeced to /sbin/login that binary will be explicitly referenced as main pid of the getty service, as well as implicitly referenced as part of the session scope.
2014-02-07core: don't send duplicate SIGCONT when killing unitsLennart Poettering
2014-02-07cgroup: make sure to properly send SIGCONT to all processes of a cgroup if ↵Lennart Poettering
that's requested
2014-02-07logind: rework session shutdown logicLennart Poettering
Simplify the shutdown logic a bit: - Keep the session FIFO around in the PAM module, even after the session shutdown hook has been finished. This allows logind to track precisely when the PAM handler goes away. - In the ReleaseSession() call start a timer, that will stop terminate the session when elapsed. - Never fiddle with the KillMode of scopes to configure whether user processes should be killed or not. Instead, simply leave the scope units around when we terminate a session whose processes should not be killed. - When killing is enabled, stop the session scope on FIFO EOF or after the ReleaseSession() timeout. When killing is disabled, simply tell PID 1 to abandon the scope. Because the scopes stay around and hence all processes are always member of a scope, the system shutdown logic should be more robust, as the scopes can be shutdown as part of the usual shutdown logic.
2014-02-07core: watch SIGCHLD more closely to track processes of units with no ↵Lennart Poettering
reliable cgroup empty notifier When a process dies that we can associate with a specific unit, start watching all other processes of that unit, so that we can associate those processes with the unit too. Also, for service units start doing this as soon as we get the first SIGCHLD for either control or main process, so that we can follow the processes of the service from one to the other, as long as process that remain are processes of the ones we watched that died and got reassigned to us as parent. Similar, for scope units start doing this as soon as the scope controller abandons the unit, and thus management entirely reverts to systemd. To abandon a unit introduce a new Abandon() scope unit method call.
2014-02-07core: fix warningThomas Hindoe Paaboel Andersen
introduced in c7040b5d1c2c148f12b6a5eef3dfce1661805131
2014-02-06nspawn: fix HAVE_SELINUX ifdefTom Gundersen
2014-02-06transaction: print more information about conflicting jobsZbigniew Jędrzejewski-Szmek
Also remove some debug statement that should not have been committed.
2014-02-06core: only send SIGHUP when doing first kill, not when doing final sigkillLennart Poettering
2014-02-05Update some message formatsZbigniew Jędrzejewski-Szmek
Use PID_FMT/USEC_FMT/... in more places. Also update logind error messages to print the full path to a file that failed. This should make debugging easier for people who do not know off the top of their head where logind stores it state.
2014-02-06nspawn: add --quiet switch for turning off any output noiseLennart Poettering
2014-02-05nspawn: always use default busLennart Poettering
2014-02-05bus: properly unset default bus pointer when destroying last referenceLennart Poettering
2014-02-05man: introduce new "Desktop" property for sessionsLennart Poettering
This is initialized from XDG_SESSION_DESKTOP and is useful for GNOME to recognize its own sessions. It's supposed to be set to a short string identifying the session, such as "kde" or "gnome".
2014-02-05logind: make session type and class settable via the same waysLennart Poettering
If the session type/class is set via environment variables, use that, and otherwise fallback to something that is set via the PAM module command line.
2014-02-05logind: add new "wayland" session typeLennart Poettering
2014-02-05core: don't wait for non-control/non-main processes when killing processes ↵Lennart Poettering
on the host either Since the current kernel cgroup notification logic is easily confused by existing subgroups, let's do the same thing as in containers before. and just not wait for non-control and non-main processes. This should be corrected as soon as we have sane cgroup notifications from the kernel.
2014-02-05kill: fix error returnLennart Poettering
2014-02-05core: allow User=, Group=, Nice=, Environment=, Type= to be passed when ↵Lennart Poettering
creating a transient service
2014-02-05Added attribute support for sd-rtnlSusant Sahani
Added sd_rtnl_message_append_u8 and few attribute support in sd_rtnl_message_append_u32 IFLA_GROUP, IFLA_TXQLEN, IFLA_NUM_TX_QUEUES, IFLA_NUM_RX_QUEUES
2014-02-04nspawn: various fixes in selinux hookupLennart Poettering
- As suggested, prefix argument variables with "arg_" how we do this usually. - As suggested, don't involve memory allocations when storing command line arguments. - Break --help text at 80 chars - man: explain that this is about SELinux - don't do unnecessary memory allocations when putting together mount option string
2014-02-04Add SELinux support to systemd-nspawnDan Walsh
This patch adds to new options: -Z PROCESS_LABEL This specifies the process label to run on processes run within the container. -L FILE_LABEL The file label to assign to memory file systems created within the container. For example if you wanted to wrap an container with SELinux sandbox labels, you could execute a command line the following chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh
2014-02-04journal: Drop pkgconfig reference to libsystemd-id128.Colin Guthrie
This is now part of libsystemd.
2014-02-03bus: when closing the bus don't end up in a recursive destruction deadlockLennart Poettering
2014-02-03conf-parser: warn when we open configuration files with weird access bitsLennart Poettering
2014-02-01bus: update kdbus.h (ABI break)Kay Sievers