]>
err.no Git - systemd/log
Lennart Poettering [Thu, 5 Aug 2010 23:32:16 +0000 (01:32 +0200)]
units: add missing fsck.target file
Lennart Poettering [Thu, 5 Aug 2010 23:30:20 +0000 (01:30 +0200)]
units: split fsck.target from sysinit.target for suse compat
Lennart Poettering [Thu, 5 Aug 2010 22:42:24 +0000 (00:42 +0200)]
main: automatically spawn a getty on the kernel configured serial console
Lennart Poettering [Thu, 5 Aug 2010 18:49:35 +0000 (20:49 +0200)]
manager: fix conflicting job check
Lennart Poettering [Thu, 5 Aug 2010 18:39:45 +0000 (20:39 +0200)]
manager: when breaking ordering cycle show full cycle loop
Lennart Poettering [Thu, 5 Aug 2010 18:29:11 +0000 (20:29 +0200)]
units: always send HUP when dealing with shells/gettys/logins
Lennart Poettering [Thu, 5 Aug 2010 18:28:51 +0000 (20:28 +0200)]
service: read special startup dirs only on the respective distros
Lennart Poettering [Thu, 5 Aug 2010 17:47:41 +0000 (19:47 +0200)]
selinux: minor error handling fix
Lennart Poettering [Thu, 5 Aug 2010 17:46:31 +0000 (19:46 +0200)]
service: always sort services from suse B runlevel before services from normal runlevels
Michal Schmidt [Thu, 5 Aug 2010 12:00:00 +0000 (14:00 +0200)]
reboot: handle -p switch properly
https://bugzilla.redhat.com/show_bug.cgi?id=618678
Lennart Poettering [Thu, 5 Aug 2010 11:40:16 +0000 (13:40 +0200)]
selinux: fix labels only when configured for it
Kay Sievers [Wed, 4 Aug 2010 16:56:35 +0000 (18:56 +0200)]
units: getty - suse: login wants SIGHUP
Kay Sievers [Wed, 4 Aug 2010 12:21:01 +0000 (14:21 +0200)]
units: suse - reboot: do not wait for tty
Lennart Poettering [Wed, 4 Aug 2010 12:17:18 +0000 (14:17 +0200)]
reboot: don't wait for input tty
Lennart Poettering [Tue, 3 Aug 2010 23:30:40 +0000 (01:30 +0200)]
prepare new release
Lennart Poettering [Tue, 3 Aug 2010 23:27:26 +0000 (01:27 +0200)]
units: remove redundant ordering dependency
Lennart Poettering [Tue, 3 Aug 2010 23:07:38 +0000 (01:07 +0200)]
selinux: rework selinux tests a little
Lennart Poettering [Tue, 3 Aug 2010 22:40:19 +0000 (00:40 +0200)]
selinux: fix if vs. ifdef mixup
Lennart Poettering [Tue, 3 Aug 2010 21:58:23 +0000 (23:58 +0200)]
units: make sure that prefdm wins over the getty if both are pulled in
Lennart Poettering [Tue, 3 Aug 2010 21:53:17 +0000 (23:53 +0200)]
units: add conflicts between prefdm and getty@tty1 to avoid race for tty1
Daniel J Walsh [Wed, 28 Jul 2010 13:39:54 +0000 (09:39 -0400)]
Systemd is causing mislabeled devices to be created and then attempting to read them.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/28/2010 05:57 AM, Kay Sievers wrote:
> On Wed, Jul 28, 2010 at 11:43, Lennart Poettering
> <lennart@poettering.net> wrote:
>> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote:
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(
1280174589 .476:7): avc: denied { read } for pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(
1280174589 .476:8): avc: denied { read } for pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>>
>>> Lennart, we talked about this earlier. I think this is caused by the
>>> modprobe calls to create /dev/autofs. Since udev is not created at the
>>> point that init loads the kernel modules, the devices get created with
>>> the wrong label. Once udev starts the labels get fixed.
>>>
>>> I can allow init_t to read device_t chr_files.
>>
>> Hmm, I think a cleaner fix would be to make systemd relabel this device
>> properly before accessing it? Given that this is only one device this
>> should not be a problem for us to maintain, I think? How would the
>> fixing of the label work? Would we have to spawn restorecon for this, or
>> can we actually do this in C without too much work?
>
> I guess we can just do what udev is doing, and call setfilecon(), with
> a context of an earlier matchpathcon().
>
> Kay
> _______________________________________________
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Here is the updated patch with a fix for the labeling of /dev/autofs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf
gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk
=pC2e
Lennart Poettering [Tue, 3 Aug 2010 21:29:18 +0000 (23:29 +0200)]
update fixme
Tomasz Torcz [Tue, 3 Aug 2010 11:33:40 +0000 (13:33 +0200)]
socket: Allow selection of TCP Congestion Avoidance algorithm to socket
Hi,
attached path extends socket configurables with another
knob - TCP Congestion Avoidance selection. Linux implements
handful of those, useful in various situations. For example,
TCP Low Priority may be used by FTP service to gracefully
yield bandwidth for more important TCP/IP streams.
Until recently TCP_CONGESTION was Linux-specific, recently
FreeBSD 8 and OpenSolaris gained compatible support.
Lennart Poettering [Tue, 3 Aug 2010 14:42:41 +0000 (16:42 +0200)]
update fixme
Kay Sievers [Tue, 3 Aug 2010 21:18:04 +0000 (23:18 +0200)]
fixme update
Lennart Poettering [Sat, 24 Jul 2010 00:33:38 +0000 (02:33 +0200)]
telinit: forward to upstart, if not booted with systemd
Lennart Poettering [Sat, 24 Jul 2010 00:23:40 +0000 (02:23 +0200)]
systemctl: don't use the systemd bus to talk to upstart
Lennart Poettering [Fri, 23 Jul 2010 23:56:13 +0000 (01:56 +0200)]
systemctl: don't hit an assert when we are run from a non-systemd boot
Lennart Poettering [Fri, 23 Jul 2010 23:29:21 +0000 (01:29 +0200)]
main: disable NSS disabling logic for now, since this is incompatible with rpm
Lennart Poettering [Fri, 23 Jul 2010 22:53:33 +0000 (00:53 +0200)]
systemctl: fold systemd-install into systemctl
Lennart Poettering [Fri, 23 Jul 2010 03:24:45 +0000 (05:24 +0200)]
systemctl: support force-reload and condrestart as aliases for reload-or-try-restart
Lennart Poettering [Fri, 23 Jul 2010 03:24:24 +0000 (05:24 +0200)]
install: default to minimal realization mode
Lennart Poettering [Fri, 23 Jul 2010 03:24:05 +0000 (05:24 +0200)]
systemctl: accept -p more than once
Daniel J Walsh [Thu, 22 Jul 2010 21:01:25 +0000 (17:01 -0400)]
socket: SELinux support for socket creation.
It seems to work on my machine.
/proc/1/fd/20 system_u:system_r:system_dbusd_t:s0
/proc/1/fd/21 system_u:system_r:avahi_t:s0
And the AVC's seem to have dissapeared when a confined app trys to
connect to dbus or avahi.
If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch
You should be able to boot in enforcing mode.
Robert "arachnist" Gerus [Thu, 22 Jul 2010 13:20:53 +0000 (15:20 +0200)]
sshd, tmux and others are broken when /dev/pts is mounted with "-o nodev"
Lennart Poettering [Thu, 22 Jul 2010 00:52:26 +0000 (02:52 +0200)]
build-sys: prepare release 4
Lennart Poettering [Thu, 22 Jul 2010 00:39:21 +0000 (02:39 +0200)]
units: add [Install] section to getty.target and remote-fs.target
Lennart Poettering [Thu, 22 Jul 2010 00:26:27 +0000 (02:26 +0200)]
update fixme
Lennart Poettering [Thu, 22 Jul 2010 00:21:42 +0000 (02:21 +0200)]
build-sys: fix compatibility with vala 0.9
Lennart Poettering [Wed, 21 Jul 2010 18:26:44 +0000 (20:26 +0200)]
update fixme
Lennart Poettering [Wed, 21 Jul 2010 03:16:45 +0000 (05:16 +0200)]
service: save/restore status text string
Lennart Poettering [Wed, 21 Jul 2010 03:16:31 +0000 (05:16 +0200)]
job: make sure restart jobs are readded to the run queue after conversion to start jobs
Lennart Poettering [Wed, 21 Jul 2010 03:00:29 +0000 (05:00 +0200)]
unit: deduce following unit value dynamically instead of statically, to avoid dangling pointers
Lennart Poettering [Wed, 21 Jul 2010 02:32:44 +0000 (04:32 +0200)]
pam: remove only sessions we ourselves created in the first place
Lennart Poettering [Wed, 21 Jul 2010 01:28:10 +0000 (03:28 +0200)]
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
Lennart Poettering [Wed, 21 Jul 2010 01:13:15 +0000 (03:13 +0200)]
unit: allow symlinking unit files to /dev/null
Lennart Poettering [Wed, 21 Jul 2010 00:57:35 +0000 (02:57 +0200)]
exec: extend variable substitution to support splitting variable values into seperate arguments
Lennart Poettering [Tue, 20 Jul 2010 20:30:45 +0000 (22:30 +0200)]
sysv: do not add sysv services that are not enabled in /etc/rcN.d/ to network.target or other LSB-style Provides: targets
Lennart Poettering [Tue, 20 Jul 2010 19:34:25 +0000 (21:34 +0200)]
hostname: properly deal with unset hostname in fedora configuration
Lennart Poettering [Tue, 20 Jul 2010 19:04:32 +0000 (21:04 +0200)]
systemctl: always disable color when output goes into a file
Lennart Poettering [Tue, 20 Jul 2010 18:54:33 +0000 (20:54 +0200)]
manager: write serialization to /dev/.systemd/ instead of /dev/shm
Lennart Poettering [Tue, 20 Jul 2010 18:42:46 +0000 (20:42 +0200)]
fedora: make sure the gettys are run before X starts up
Lennart Poettering [Tue, 20 Jul 2010 18:40:49 +0000 (20:40 +0200)]
socket: fix access mode verification of FIFOs
Lennart Poettering [Tue, 20 Jul 2010 18:33:19 +0000 (20:33 +0200)]
device: do not merge devices
Don't try to merge devices that have been created via dependencies when
they appear in the system and can be recognized as the same. Instead,
simply continue to maintain them independently of each other, however
with the same state cycle. Why? Because otherwise we'd have a hard time
to seperate the dependencies after the devices are unplugged again and
we hence cannot be sure anymore that next time the device is plugged in
it will carry the same names.
Example: if one depndency refers to dev-sda.device and another one to
dev-by-id-xxxyyy.device we only learn at time of plug in of the device
that it is actually the same device that was ment. In the moment the
device is unplugged again we won't know anymore their relation to each
other and the next time the harddisk is plugged it might even appear as
dev-by-id-xxxyyy.device and dev-sdb.service. To ensure the dependencies
continue to have the meaning they were intended to have let's hence keep
the .device objects seperate all the time, even when they are plugged
in.
This patch also introduces a new Following= property which points from
the various .device units of a specific device to the main .device unit
for it. This can be used by the client side to figure out the relation
of the .device units to each other and even filter units from display.
Lennart Poettering [Sun, 18 Jul 2010 02:58:01 +0000 (04:58 +0200)]
systemctl: introduce reset-maintenance command
Lennart Poettering [Sun, 18 Jul 2010 00:11:38 +0000 (02:11 +0200)]
man: extend man pages a little
Lennart Poettering [Sat, 17 Jul 2010 23:33:05 +0000 (01:33 +0200)]
install: optionally remove all symlinks from configuration tree recursively
Lennart Poettering [Sat, 17 Jul 2010 02:17:30 +0000 (04:17 +0200)]
execute: bump up log level of executed processes that failed
Lennart Poettering [Sat, 17 Jul 2010 02:09:28 +0000 (04:09 +0200)]
job: timeout every job independently of the unit
Lennart Poettering [Sat, 17 Jul 2010 02:07:49 +0000 (04:07 +0200)]
unit: consider only_by_dependency setting when clients ask whether a unit is startable
Lennart Poettering [Fri, 16 Jul 2010 22:59:03 +0000 (00:59 +0200)]
systemctl: extend list-units output a little
Lennart Poettering [Fri, 16 Jul 2010 22:58:47 +0000 (00:58 +0200)]
unit: introduce OnFailure dependencies to activate units on failure of other units, as a way to implement an automatic rescue shell
Lennart Poettering [Fri, 16 Jul 2010 22:57:51 +0000 (00:57 +0200)]
systemctl: warn when operating on service files that changed on disk but haven't been reloaded
Lennart Poettering [Fri, 16 Jul 2010 19:38:56 +0000 (21:38 +0200)]
units: wire smartcard.target into Makefile
Lennart Poettering [Fri, 16 Jul 2010 19:32:34 +0000 (21:32 +0200)]
device: rename 'available' state to 'plugged'
Lennart Poettering [Fri, 16 Jul 2010 19:32:11 +0000 (21:32 +0200)]
units: introduce smartcard.target
Lennart Poettering [Fri, 16 Jul 2010 19:31:34 +0000 (21:31 +0200)]
systemctl: always show units with active jobs in list-units output
Lennart Poettering [Fri, 16 Jul 2010 17:42:27 +0000 (19:42 +0200)]
socket: prepare for proper selinux labelling of sockets
Lennart Poettering [Fri, 16 Jul 2010 17:41:50 +0000 (19:41 +0200)]
socket: don't allow mixing of accepting and non-accepting sockets in the same unit
Lennart Poettering [Fri, 16 Jul 2010 17:41:11 +0000 (19:41 +0200)]
service: refuse to start services that are configured for per-connection instantiation to start without a socket
Lennart Poettering [Fri, 16 Jul 2010 17:40:24 +0000 (19:40 +0200)]
unit: allow units to have more than one instance id
Lennart Poettering [Fri, 16 Jul 2010 16:58:52 +0000 (18:58 +0200)]
units: fix default mode of /var/run and /var/lock
Lennart Poettering [Fri, 16 Jul 2010 16:57:21 +0000 (18:57 +0200)]
path,timer: order units after sysinit by default
Lennart Poettering [Fri, 16 Jul 2010 01:17:34 +0000 (03:17 +0200)]
target: if the user configured a manual ordering between target units and the unit they require don't contradict that automatically
Lennart Poettering [Fri, 16 Jul 2010 01:07:53 +0000 (03:07 +0200)]
main: disable nscd if we can to avoid deadlock, just in case
Lennart Poettering [Fri, 16 Jul 2010 00:56:57 +0000 (02:56 +0200)]
mount-setup: consider a few file systems API mounts and ignore them
Lennart Poettering [Fri, 16 Jul 2010 00:56:40 +0000 (02:56 +0200)]
install: refuse installation of symlinked units
Lennart Poettering [Fri, 16 Jul 2010 00:56:19 +0000 (02:56 +0200)]
man: various man page updates
Lennart Poettering [Fri, 16 Jul 2010 00:56:00 +0000 (02:56 +0200)]
systemctl: add to command for virtualizing the dependency tree with graphviz
Lennart Poettering [Wed, 14 Jul 2010 13:13:34 +0000 (15:13 +0200)]
fixme: refer to rhbz bugs that need fixing
Lennart Poettering [Wed, 14 Jul 2010 13:09:27 +0000 (15:09 +0200)]
cgls: rename source file to cgls.c, since we have no prefix for any of the other files either
Lennart Poettering [Wed, 14 Jul 2010 02:47:57 +0000 (04:47 +0200)]
socket: don't close sockets when activating per-connection units
Lennart Poettering [Tue, 13 Jul 2010 20:40:54 +0000 (22:40 +0200)]
build-sys: bump release
Lennart Poettering [Tue, 13 Jul 2010 19:30:38 +0000 (21:30 +0200)]
units: update other distro units to recent fedora changes
Lennart Poettering [Tue, 13 Jul 2010 18:20:36 +0000 (20:20 +0200)]
systemctl: introduce try-restart and reload-or-restart commands
Lennart Poettering [Tue, 13 Jul 2010 18:07:00 +0000 (20:07 +0200)]
manager: always allow stopping of units that failed to load
Lennart Poettering [Tue, 13 Jul 2010 18:06:29 +0000 (20:06 +0200)]
main: introduce -D as quick acess to debugging
Lennart Poettering [Tue, 13 Jul 2010 18:05:47 +0000 (20:05 +0200)]
install: implement systemd-install realize
Lennart Poettering [Tue, 13 Jul 2010 17:01:20 +0000 (19:01 +0200)]
unit: disable retroactive starting/stopping of units when deserializing
Lennart Poettering [Tue, 13 Jul 2010 17:00:01 +0000 (19:00 +0200)]
cgroup: treat non-existing cgroups like empty ones, to deal with races
Lennart Poettering [Tue, 13 Jul 2010 16:57:58 +0000 (18:57 +0200)]
main: replace --running-as= by --session and --system do mimic related tools and D-Bus
Lennart Poettering [Tue, 13 Jul 2010 02:05:31 +0000 (04:05 +0200)]
units: add missing target files
Lennart Poettering [Tue, 13 Jul 2010 00:40:24 +0000 (02:40 +0200)]
udev: use prettier subsystem paths for bluetooth devices, too
Lennart Poettering [Tue, 13 Jul 2010 00:40:08 +0000 (02:40 +0200)]
udev: ignore dynamic ram/loop block devices
Lennart Poettering [Tue, 13 Jul 2010 00:28:12 +0000 (02:28 +0200)]
update fixme
Lennart Poettering [Tue, 13 Jul 2010 00:26:09 +0000 (02:26 +0200)]
units: fix minor typo
Lennart Poettering [Tue, 13 Jul 2010 00:18:13 +0000 (02:18 +0200)]
units: make maximum unit name longer, since DM names manager to hit the limit
Lennart Poettering [Tue, 13 Jul 2010 00:17:53 +0000 (02:17 +0200)]
unit: retroactively start dependencies for job-less units too
Lennart Poettering [Tue, 13 Jul 2010 00:17:26 +0000 (02:17 +0200)]
device: properly create dependencies
Lennart Poettering [Tue, 13 Jul 2010 00:17:06 +0000 (02:17 +0200)]
units: dm is an awful piece of work