]> err.no Git - systemd/log
systemd
14 years agoman: document that we now accept more than one main process for Type=oneshot services
Lennart Poettering [Fri, 13 Aug 2010 16:46:04 +0000 (18:46 +0200)]
man: document that we now accept more than one main process for Type=oneshot services

14 years agoservice: rename Type=finish to Type=oneshot and allow multiple ExecStart= lines for...
Lennart Poettering [Fri, 13 Aug 2010 16:23:01 +0000 (18:23 +0200)]
service: rename Type=finish to Type=oneshot and allow multiple ExecStart= lines for oneshot services

In contrast to the other service types oneshot services are usually not
long lasting and there's not necessarily a single clean main process for
them. This change allows multiple ExecStart= lines for this type of
services so that the admin/developer doesn't have to arbitrarily pick on
of various sequential commands as the "main one".

14 years agoupdate fixme
Lennart Poettering [Fri, 13 Aug 2010 02:57:19 +0000 (04:57 +0200)]
update fixme

14 years agosystemctl: properly detect whether taling to systemd via D-Bus worked before falling...
Lennart Poettering [Fri, 13 Aug 2010 02:53:00 +0000 (04:53 +0200)]
systemctl: properly detect whether taling to systemd via D-Bus worked before falling back to upstart/initctl

14 years agounit: create three seperate plymouth service for halt/poweroff/reboot
Lennart Poettering [Fri, 13 Aug 2010 00:19:24 +0000 (02:19 +0200)]
unit: create three seperate plymouth service for halt/poweroff/reboot

14 years agoman: document new 'systemctl status PID' syntax
Lennart Poettering [Fri, 13 Aug 2010 00:15:10 +0000 (02:15 +0200)]
man: document new 'systemctl status PID' syntax

14 years agocgroup: try harder to find a unit a PID belongs to by traversing through parent cgroups
Lennart Poettering [Fri, 13 Aug 2010 00:08:34 +0000 (02:08 +0200)]
cgroup: try harder to find a unit a PID belongs to by traversing through parent cgroups

14 years agosystemctl: when calling 'status' accept a PID
Lennart Poettering [Fri, 13 Aug 2010 00:07:22 +0000 (02:07 +0200)]
systemctl: when calling 'status' accept a PID

14 years agoupdate fixme
Lennart Poettering [Thu, 12 Aug 2010 23:38:09 +0000 (01:38 +0200)]
update fixme

14 years agosystemctl: show sysv path if it is set if the fragment path isn't in systemctl status
Lennart Poettering [Thu, 12 Aug 2010 23:28:05 +0000 (01:28 +0200)]
systemctl: show sysv path if it is set if the fragment path isn't in systemctl status

14 years agounit: move prefdm after livesys
Lennart Poettering [Thu, 12 Aug 2010 15:14:20 +0000 (17:14 +0200)]
unit: move prefdm after livesys

https://bugzilla.redhat.com/show_bug.cgi?id=623561

14 years agoplymouth: call plymouth quit before running the getty, not after
Lennart Poettering [Thu, 12 Aug 2010 02:23:54 +0000 (04:23 +0200)]
plymouth: call plymouth quit before running the getty, not after

https://bugzilla.redhat.com/show_bug.cgi?id=623430

14 years agosystemctl: at full stop after last message before shutting down
Lennart Poettering [Thu, 12 Aug 2010 02:23:47 +0000 (04:23 +0200)]
systemctl: at full stop after last message before shutting down

14 years agoaudit: suppress repeated audit events when deserializing
Lennart Poettering [Thu, 12 Aug 2010 01:51:58 +0000 (03:51 +0200)]
audit: suppress repeated audit events when deserializing

14 years agounit: don't show ENOENT configuration file warnings for units that are not essential
Lennart Poettering [Wed, 11 Aug 2010 23:05:35 +0000 (01:05 +0200)]
unit: don't show ENOENT configuration file warnings for units that are not essential

14 years agomain: log build time features on startup
Lennart Poettering [Wed, 11 Aug 2010 23:03:24 +0000 (01:03 +0200)]
main: log build time features on startup

14 years agodbus: downgrade a few log messages
Lennart Poettering [Wed, 11 Aug 2010 23:02:19 +0000 (01:02 +0200)]
dbus: downgrade a few log messages

14 years agodbus: fix capability serialization
Lennart Poettering [Wed, 11 Aug 2010 23:01:55 +0000 (01:01 +0200)]
dbus: fix capability serialization

14 years agoconf-parser: don't crash if an assignment is read before a section header
Lennart Poettering [Wed, 11 Aug 2010 23:01:30 +0000 (01:01 +0200)]
conf-parser: don't crash if an assignment is read before a section header

14 years agomain: disable nscd properly, if possible
Lennart Poettering [Wed, 11 Aug 2010 21:31:07 +0000 (23:31 +0200)]
main: disable nscd properly, if possible

14 years agodbus: properly pass capabilities
Lennart Poettering [Wed, 11 Aug 2010 21:19:28 +0000 (23:19 +0200)]
dbus: properly pass capabilities

14 years agogc: remove a lot of unused code
Lennart Poettering [Wed, 11 Aug 2010 21:19:04 +0000 (23:19 +0200)]
gc: remove a lot of unused code

14 years agoselinux: split off selinux calls into seperate file label.c
Lennart Poettering [Wed, 11 Aug 2010 20:58:34 +0000 (22:58 +0200)]
selinux: split off selinux calls into seperate file label.c

14 years agopahole: rearrange structs to make them smaller
Lennart Poettering [Wed, 11 Aug 2010 20:37:10 +0000 (22:37 +0200)]
pahole: rearrange structs to make them smaller

14 years agoclang: fix numerous little issues found with clang-analyzer
Lennart Poettering [Wed, 11 Aug 2010 20:04:22 +0000 (22:04 +0200)]
clang: fix numerous little issues found with clang-analyzer

14 years agomanager: serialize/deserialize startup time, too
Lennart Poettering [Wed, 11 Aug 2010 18:19:27 +0000 (20:19 +0200)]
manager: serialize/deserialize startup time, too

14 years agoaudit: remove double header inclusion
Lennart Poettering [Wed, 11 Aug 2010 15:55:54 +0000 (17:55 +0200)]
audit: remove double header inclusion

14 years agoaudit: initialize audit only if it is enabled
Lennart Poettering [Wed, 11 Aug 2010 15:52:01 +0000 (17:52 +0200)]
audit: initialize audit only if it is enabled

14 years agotarget: don't synthesize a runlevel property for targets anymore since we don't need...
Lennart Poettering [Wed, 11 Aug 2010 15:46:27 +0000 (17:46 +0200)]
target: don't synthesize a runlevel property for targets anymore since we don't need it anymore and it is crutfy

14 years agoaudit: smaller fixes to audit hookup
Lennart Poettering [Wed, 11 Aug 2010 13:19:50 +0000 (15:19 +0200)]
audit: smaller fixes to audit hookup

14 years agosystemctl: beef up highlighting of service states a little
Lennart Poettering [Wed, 11 Aug 2010 13:19:31 +0000 (15:19 +0200)]
systemctl: beef up highlighting of service states a little

14 years agoutmp: enable systemd-update-utmp by default
Lennart Poettering [Wed, 11 Aug 2010 02:38:55 +0000 (04:38 +0200)]
utmp: enable systemd-update-utmp by default

14 years agounit: make sure a job for a service of type 'finish' succeeds if the process terminat...
Lennart Poettering [Wed, 11 Aug 2010 02:02:58 +0000 (04:02 +0200)]
unit: make sure a job for a service of type 'finish' succeeds if the process terminates cleanly

14 years agosocket: disable GC for pre-allocated per-connection service until it is used
Lennart Poettering [Wed, 11 Aug 2010 00:07:59 +0000 (02:07 +0200)]
socket: disable GC for pre-allocated per-connection service until it is used

14 years agoaudit,utmp: implement audit logic and rip utmp stuff out of the main daemon and into...
Lennart Poettering [Tue, 10 Aug 2010 23:43:23 +0000 (01:43 +0200)]
audit,utmp: implement audit logic and rip utmp stuff out of the main daemon and into a helper binary

14 years agoutil: when replacing env vars replace unset envvars by nothing
Lennart Poettering [Tue, 10 Aug 2010 19:05:19 +0000 (21:05 +0200)]
util: when replacing env vars replace unset envvars by nothing

This makes it easier to support /etc/sysconfig/xxxx with command line
env vars in style of $OPTIONS which might or might not be set.

14 years agoconf: add commented default SysVConsole= value
Lennart Poettering [Tue, 10 Aug 2010 18:59:01 +0000 (20:59 +0200)]
conf: add commented default SysVConsole= value

14 years agounit: rename OnlyByDependency= to RefuseManualStart= and introduce RefuseManualStop=
Lennart Poettering [Tue, 10 Aug 2010 18:57:21 +0000 (20:57 +0200)]
unit: rename OnlyByDependency= to RefuseManualStart= and introduce RefuseManualStop=

Some unit shall never be start on user request (e.g. shutdown.target)
others never be stopped on user request (e.g. auditd.servce), hence
offer options for both.

14 years agoupdate fixme
Kay Sievers [Tue, 10 Aug 2010 05:14:46 +0000 (07:14 +0200)]
update fixme

14 years agobuild-sys: prepare release 7 v7
Lennart Poettering [Tue, 10 Aug 2010 01:47:00 +0000 (03:47 +0200)]
build-sys: prepare release 7

14 years agounit: hook plymouth into the boot
Lennart Poettering [Tue, 10 Aug 2010 01:44:02 +0000 (03:44 +0200)]
unit: hook plymouth into the boot

https://bugzilla.redhat.com/show_bug.cgi?id=619922

14 years agounits: ignore exit codes of killall scripts
Lennart Poettering [Mon, 9 Aug 2010 22:13:33 +0000 (00:13 +0200)]
units: ignore exit codes of killall scripts

14 years agoupdate fixme
Lennart Poettering [Mon, 9 Aug 2010 22:27:57 +0000 (00:27 +0200)]
update fixme

14 years agogetty: properly synchronize of tty devices being plugged in
Lennart Poettering [Mon, 9 Aug 2010 22:21:25 +0000 (00:21 +0200)]
getty: properly synchronize of tty devices being plugged in

14 years agounits: make sure that killall does not wait for the tty
Lennart Poettering [Mon, 9 Aug 2010 22:08:13 +0000 (00:08 +0200)]
units: make sure that killall does not wait for the tty

14 years agomain: fix auto restarting of units after a configuration reload
Lennart Poettering [Mon, 9 Aug 2010 21:33:48 +0000 (23:33 +0200)]
main: fix auto restarting of units after a configuration reload

14 years agoswap: properly enter maintenance mode on failure
Lennart Poettering [Mon, 9 Aug 2010 20:44:52 +0000 (22:44 +0200)]
swap: properly enter maintenance mode on failure

14 years agomanager: when two pending jobs conflict, keep the one that "conflicts", remove the...
Lennart Poettering [Mon, 9 Aug 2010 20:32:30 +0000 (22:32 +0200)]
manager: when two pending jobs conflict, keep the one that "conflicts", remove the one that is "conflicted"

This gives the writer of units control which unit is kept and which is
stopped when two units conflict.

14 years agoservice: hide output of sysv scripts if quiet is passed on the kernel cmdline
Lennart Poettering [Mon, 9 Aug 2010 16:00:24 +0000 (18:00 +0200)]
service: hide output of sysv scripts if quiet is passed on the kernel cmdline

14 years agoservice: properly remember if a sysv is actually enabled
Lennart Poettering [Mon, 9 Aug 2010 15:12:25 +0000 (17:12 +0200)]
service: properly remember if a sysv is actually enabled

Previously we checked the SysV priority value to figure out if a SysV
unit was enabled or not, since th value was mostly read from the S
startup links. Since we read this value from the LSB headers as a
fallback we hence ended up considering a lot more services enabled than
were actually enabled.

This patch adds an explicit boolean which encodes whether a sysv service
is enabled or not via S links.

https://bugzilla.redhat.com/show_bug.cgi?id=615293

14 years agoservice: show restart value in dump
Lennart Poettering [Mon, 9 Aug 2010 15:03:46 +0000 (17:03 +0200)]
service: show restart value in dump

14 years agodbus: don't call bus_path_escape() with NULL unit name
Lennart Poettering [Mon, 9 Aug 2010 15:02:09 +0000 (17:02 +0200)]
dbus: don't call bus_path_escape() with NULL unit name

Fixes an assertion triggerable via D-Bus.

https://bugzilla.redhat.com/show_bug.cgi?id=622008

14 years agosystemctl: show exit code only if it is actually set
Lennart Poettering [Mon, 9 Aug 2010 14:50:18 +0000 (16:50 +0200)]
systemctl: show exit code only if it is actually set

14 years agoupdate fixme
Kay Sievers [Mon, 9 Aug 2010 14:19:04 +0000 (16:19 +0200)]
update fixme

14 years agoman: minor man page fix
Lennart Poettering [Sat, 7 Aug 2010 16:09:39 +0000 (18:09 +0200)]
man: minor man page fix

14 years agosystemctl: fix parsing of DBus reply in 'dot'
Michal Schmidt [Sat, 7 Aug 2010 09:01:08 +0000 (11:01 +0200)]
systemctl: fix parsing of DBus reply in 'dot'

"systemctl dot" has been broken since the addition of the "Following="
property.

14 years agoman: minor man page fix
Lennart Poettering [Fri, 6 Aug 2010 19:36:58 +0000 (21:36 +0200)]
man: minor man page fix

14 years agoutil: when formatting timestamps return '0' for 0 timestamps instead of empty string
Lennart Poettering [Fri, 6 Aug 2010 19:33:53 +0000 (21:33 +0200)]
util: when formatting timestamps return '0' for 0 timestamps instead of empty string

14 years agosd-daemon: fix compilation on old systems lacking SOCK_CLOEXEC
Lennart Poettering [Fri, 6 Aug 2010 19:33:20 +0000 (21:33 +0200)]
sd-daemon: fix compilation on old systems lacking SOCK_CLOEXEC

14 years agoupdate fixme
Kay Sievers [Fri, 6 Aug 2010 11:23:50 +0000 (13:23 +0200)]
update fixme

14 years agobuild-sys: prepare new release v6
Lennart Poettering [Fri, 6 Aug 2010 10:15:54 +0000 (12:15 +0200)]
build-sys: prepare new release

14 years agoman: document %triggerin usage
Lennart Poettering [Fri, 6 Aug 2010 09:59:37 +0000 (11:59 +0200)]
man: document %triggerin usage

14 years agodevice: properly handle devices that are referenced before they show up
Lennart Poettering [Fri, 6 Aug 2010 02:17:51 +0000 (04:17 +0200)]
device: properly handle devices that are referenced before they show up

14 years agocgroup: if the system bus cannot be found, send cgroup empty msg directly to init...
Lennart Poettering [Fri, 6 Aug 2010 01:21:50 +0000 (03:21 +0200)]
cgroup: if the system bus cannot be found, send cgroup empty msg directly to init proces

14 years agomanager: downgrade a few log msgs regarding conflicting but fixable jobs
Lennart Poettering [Fri, 6 Aug 2010 00:58:46 +0000 (02:58 +0200)]
manager: downgrade a few log msgs regarding conflicting but fixable jobs

14 years agoautomount: order automount units after fsck, too
Lennart Poettering [Fri, 6 Aug 2010 00:23:45 +0000 (02:23 +0200)]
automount: order automount units after fsck, too

14 years agounits: add missing fsck.target file
Lennart Poettering [Thu, 5 Aug 2010 23:32:16 +0000 (01:32 +0200)]
units: add missing fsck.target file

14 years agounits: split fsck.target from sysinit.target for suse compat
Lennart Poettering [Thu, 5 Aug 2010 23:30:20 +0000 (01:30 +0200)]
units: split fsck.target from sysinit.target for suse compat

14 years agomain: automatically spawn a getty on the kernel configured serial console
Lennart Poettering [Thu, 5 Aug 2010 22:42:24 +0000 (00:42 +0200)]
main: automatically spawn a getty on the kernel configured serial console

14 years agomanager: fix conflicting job check
Lennart Poettering [Thu, 5 Aug 2010 18:49:35 +0000 (20:49 +0200)]
manager: fix conflicting job check

14 years agomanager: when breaking ordering cycle show full cycle loop
Lennart Poettering [Thu, 5 Aug 2010 18:39:45 +0000 (20:39 +0200)]
manager: when breaking ordering cycle show full cycle loop

14 years agounits: always send HUP when dealing with shells/gettys/logins
Lennart Poettering [Thu, 5 Aug 2010 18:29:11 +0000 (20:29 +0200)]
units: always send HUP when dealing with shells/gettys/logins

14 years agoservice: read special startup dirs only on the respective distros
Lennart Poettering [Thu, 5 Aug 2010 18:28:51 +0000 (20:28 +0200)]
service: read special startup dirs only on the respective distros

14 years agoselinux: minor error handling fix
Lennart Poettering [Thu, 5 Aug 2010 17:47:41 +0000 (19:47 +0200)]
selinux: minor error handling fix

14 years agoservice: always sort services from suse B runlevel before services from normal runlevels
Lennart Poettering [Thu, 5 Aug 2010 17:46:31 +0000 (19:46 +0200)]
service: always sort services from suse B runlevel before services from normal runlevels

14 years agoreboot: handle -p switch properly
Michal Schmidt [Thu, 5 Aug 2010 12:00:00 +0000 (14:00 +0200)]
reboot: handle -p switch properly

https://bugzilla.redhat.com/show_bug.cgi?id=618678

14 years agoselinux: fix labels only when configured for it
Lennart Poettering [Thu, 5 Aug 2010 11:40:16 +0000 (13:40 +0200)]
selinux: fix labels only when configured for it

14 years agounits: getty - suse: login wants SIGHUP
Kay Sievers [Wed, 4 Aug 2010 16:56:35 +0000 (18:56 +0200)]
units: getty - suse: login wants SIGHUP

14 years agounits: suse - reboot: do not wait for tty
Kay Sievers [Wed, 4 Aug 2010 12:21:01 +0000 (14:21 +0200)]
units: suse - reboot: do not wait for tty

14 years agoreboot: don't wait for input tty
Lennart Poettering [Wed, 4 Aug 2010 12:17:18 +0000 (14:17 +0200)]
reboot: don't wait for input tty

14 years agoprepare new release v5
Lennart Poettering [Tue, 3 Aug 2010 23:30:40 +0000 (01:30 +0200)]
prepare new release

14 years agounits: remove redundant ordering dependency
Lennart Poettering [Tue, 3 Aug 2010 23:27:26 +0000 (01:27 +0200)]
units: remove redundant ordering dependency

14 years agoselinux: rework selinux tests a little
Lennart Poettering [Tue, 3 Aug 2010 23:07:38 +0000 (01:07 +0200)]
selinux: rework selinux tests a little

14 years agoselinux: fix if vs. ifdef mixup
Lennart Poettering [Tue, 3 Aug 2010 22:40:19 +0000 (00:40 +0200)]
selinux: fix if vs. ifdef mixup

14 years agounits: make sure that prefdm wins over the getty if both are pulled in
Lennart Poettering [Tue, 3 Aug 2010 21:58:23 +0000 (23:58 +0200)]
units: make sure that prefdm wins over the getty if both are pulled in

14 years agounits: add conflicts between prefdm and getty@tty1 to avoid race for tty1
Lennart Poettering [Tue, 3 Aug 2010 21:53:17 +0000 (23:53 +0200)]
units: add conflicts between prefdm and getty@tty1 to avoid race for tty1

14 years agoSystemd is causing mislabeled devices to be created and then attempting to read them.
Daniel J Walsh [Wed, 28 Jul 2010 13:39:54 +0000 (09:39 -0400)]
Systemd is causing mislabeled devices to be created and then attempting to read them.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/28/2010 05:57 AM, Kay Sievers wrote:
> On Wed, Jul 28, 2010 at 11:43, Lennart Poettering
> <lennart@poettering.net> wrote:
>> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote:
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:7): avc:  denied  { read } for  pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>> type=1400 audit(1280174589.476:8): avc:  denied  { read } for  pid=1
>>> comm="systemd" name="autofs" dev=devtmpfs ino=9482
>>> scontext=system_u:system_r:init_t:s0
>>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>>
>>> Lennart, we talked about this earlier.  I think this is caused by the
>>> modprobe calls to create /dev/autofs.  Since udev is not created at the
>>> point that init loads the kernel modules, the devices get created with
>>> the wrong label.  Once udev starts the labels get fixed.
>>>
>>> I can allow init_t to read device_t chr_files.
>>
>> Hmm, I think a cleaner fix would be to make systemd relabel this device
>> properly before accessing it? Given that this is only one device this
>> should not be a problem for us to maintain, I think? How would the
>> fixing of the label work? Would we have to spawn restorecon for this, or
>> can we actually do this in C without too much work?
>
> I guess we can just do what udev is doing, and call setfilecon(), with
> a context of an earlier matchpathcon().
>
> Kay
> _______________________________________________
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Here is the updated patch with a fix for the labeling of /dev/autofs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf
gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk
=pC2e

14 years agoupdate fixme
Lennart Poettering [Tue, 3 Aug 2010 21:29:18 +0000 (23:29 +0200)]
update fixme

14 years agosocket: Allow selection of TCP Congestion Avoidance algorithm to socket
Tomasz Torcz [Tue, 3 Aug 2010 11:33:40 +0000 (13:33 +0200)]
socket: Allow selection of TCP Congestion Avoidance algorithm to socket

Hi,

attached path extends socket configurables with another
knob - TCP Congestion Avoidance selection. Linux implements
handful of those, useful in various situations. For example,
TCP Low Priority may be used by FTP service to gracefully
yield bandwidth for more important TCP/IP streams.

Until recently TCP_CONGESTION was Linux-specific, recently
FreeBSD 8 and OpenSolaris gained compatible support.

14 years agoupdate fixme
Lennart Poettering [Tue, 3 Aug 2010 14:42:41 +0000 (16:42 +0200)]
update fixme

14 years agofixme update
Kay Sievers [Tue, 3 Aug 2010 21:18:04 +0000 (23:18 +0200)]
fixme update

14 years agotelinit: forward to upstart, if not booted with systemd v4
Lennart Poettering [Sat, 24 Jul 2010 00:33:38 +0000 (02:33 +0200)]
telinit: forward to upstart, if not booted with systemd

14 years agosystemctl: don't use the systemd bus to talk to upstart
Lennart Poettering [Sat, 24 Jul 2010 00:23:40 +0000 (02:23 +0200)]
systemctl: don't use the systemd bus to talk to upstart

14 years agosystemctl: don't hit an assert when we are run from a non-systemd boot
Lennart Poettering [Fri, 23 Jul 2010 23:56:13 +0000 (01:56 +0200)]
systemctl: don't hit an assert when we are run from a non-systemd boot

14 years agomain: disable NSS disabling logic for now, since this is incompatible with rpm
Lennart Poettering [Fri, 23 Jul 2010 23:29:21 +0000 (01:29 +0200)]
main: disable NSS disabling logic for now, since this is incompatible with rpm

14 years agosystemctl: fold systemd-install into systemctl
Lennart Poettering [Fri, 23 Jul 2010 22:53:33 +0000 (00:53 +0200)]
systemctl: fold systemd-install into systemctl

14 years agosystemctl: support force-reload and condrestart as aliases for reload-or-try-restart
Lennart Poettering [Fri, 23 Jul 2010 03:24:45 +0000 (05:24 +0200)]
systemctl: support force-reload and condrestart as aliases for reload-or-try-restart

14 years agoinstall: default to minimal realization mode
Lennart Poettering [Fri, 23 Jul 2010 03:24:24 +0000 (05:24 +0200)]
install: default to minimal realization mode

14 years agosystemctl: accept -p more than once
Lennart Poettering [Fri, 23 Jul 2010 03:24:05 +0000 (05:24 +0200)]
systemctl: accept -p more than once

14 years agosocket: SELinux support for socket creation.
Daniel J Walsh [Thu, 22 Jul 2010 21:01:25 +0000 (17:01 -0400)]
socket: SELinux support for socket creation.

It seems to work on my machine.

/proc/1/fd/20 system_u:system_r:system_dbusd_t:s0

/proc/1/fd/21 system_u:system_r:avahi_t:s0

And the AVC's seem to have dissapeared when a confined app trys to
connect to dbus or avahi.

If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch
You should be able to boot in enforcing mode.