Daniel J Walsh
7a58bfa4ae
socket: SELinux support for socket creation.
...
It seems to work on my machine.
/proc/1/fd/20 system_u:system_r:system_dbusd_t:s0
/proc/1/fd/21 system_u:system_r:avahi_t:s0
And the AVC's seem to have dissapeared when a confined app trys to
connect to dbus or avahi.
If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch
You should be able to boot in enforcing mode.
2010-07-23 05:12:13 +02:00
Robert "arachnist" Gerus
28322e1eb6
sshd, tmux and others are broken when /dev/pts is mounted with "-o nodev"
2010-07-23 05:12:13 +02:00
Lennart Poettering
25da667e1a
build-sys: prepare release 4
2010-07-22 02:52:26 +02:00
Lennart Poettering
218362d22c
units: add [Install] section to getty.target and remote-fs.target
2010-07-22 02:39:21 +02:00
Lennart Poettering
5e5c6cd737
update fixme
2010-07-22 02:26:27 +02:00
Lennart Poettering
d3d91d10c9
build-sys: fix compatibility with vala 0.9
2010-07-22 02:21:42 +02:00
Lennart Poettering
50f2a90dae
update fixme
2010-07-21 20:26:44 +02:00
Lennart Poettering
3a2776bc86
service: save/restore status text string
2010-07-21 05:16:45 +02:00
Lennart Poettering
cc42e0817f
job: make sure restart jobs are readded to the run queue after conversion to start jobs
2010-07-21 05:16:31 +02:00
Lennart Poettering
a7f241db3f
unit: deduce following unit value dynamically instead of statically, to avoid dangling pointers
2010-07-21 05:00:29 +02:00
Lennart Poettering
672c48cc06
pam: remove only sessions we ourselves created in the first place
2010-07-21 04:32:44 +02:00
Lennart Poettering
294d81f124
load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable
2010-07-21 03:28:10 +02:00
Lennart Poettering
8f05424d50
unit: allow symlinking unit files to /dev/null
2010-07-21 03:13:15 +02:00
Lennart Poettering
c24eb49e6a
exec: extend variable substitution to support splitting variable values into seperate arguments
2010-07-21 02:57:35 +02:00
Lennart Poettering
9d25f5ed7b
sysv: do not add sysv services that are not enabled in /etc/rcN.d/ to network.target or other LSB-style Provides: targets
2010-07-20 22:30:45 +02:00
Lennart Poettering
84b00965b7
hostname: properly deal with unset hostname in fedora configuration
2010-07-20 21:34:25 +02:00
Lennart Poettering
2cc59dbfe0
systemctl: always disable color when output goes into a file
2010-07-20 21:04:32 +02:00
Lennart Poettering
d8d5ab981a
manager: write serialization to /dev/.systemd/ instead of /dev/shm
2010-07-20 20:54:33 +02:00
Lennart Poettering
36adffeab0
fedora: make sure the gettys are run before X starts up
2010-07-20 20:42:46 +02:00
Lennart Poettering
de0200fca5
socket: fix access mode verification of FIFOs
2010-07-20 20:40:49 +02:00
Lennart Poettering
8fe914ec81
device: do not merge devices
...
Don't try to merge devices that have been created via dependencies when
they appear in the system and can be recognized as the same. Instead,
simply continue to maintain them independently of each other, however
with the same state cycle. Why? Because otherwise we'd have a hard time
to seperate the dependencies after the devices are unplugged again and
we hence cannot be sure anymore that next time the device is plugged in
it will carry the same names.
Example: if one depndency refers to dev-sda.device and another one to
dev-by-id-xxxyyy.device we only learn at time of plug in of the device
that it is actually the same device that was ment. In the moment the
device is unplugged again we won't know anymore their relation to each
other and the next time the harddisk is plugged it might even appear as
dev-by-id-xxxyyy.device and dev-sdb.service. To ensure the dependencies
continue to have the meaning they were intended to have let's hence keep
the .device objects seperate all the time, even when they are plugged
in.
This patch also introduces a new Following= property which points from
the various .device units of a specific device to the main .device unit
for it. This can be used by the client side to figure out the relation
of the .device units to each other and even filter units from display.
2010-07-20 20:33:24 +02:00
Lennart Poettering
5632e3743d
systemctl: introduce reset-maintenance command
2010-07-19 04:08:07 +02:00
Lennart Poettering
b9975629f0
man: extend man pages a little
2010-07-18 02:11:38 +02:00
Lennart Poettering
246756ca92
install: optionally remove all symlinks from configuration tree recursively
2010-07-18 01:33:05 +02:00
Lennart Poettering
92abbefbef
execute: bump up log level of executed processes that failed
2010-07-17 04:17:30 +02:00
Lennart Poettering
faf919f1eb
job: timeout every job independently of the unit
2010-07-17 04:09:28 +02:00
Lennart Poettering
064f51fa29
unit: consider only_by_dependency setting when clients ask whether a unit is startable
2010-07-17 04:07:49 +02:00
Lennart Poettering
d06428248a
systemctl: extend list-units output a little
2010-07-17 00:59:03 +02:00
Lennart Poettering
5de9682cd6
unit: introduce OnFailure dependencies to activate units on failure of other units, as a way to implement an automatic rescue shell
2010-07-17 00:58:47 +02:00
Lennart Poettering
45fb0699c4
systemctl: warn when operating on service files that changed on disk but haven't been reloaded
2010-07-17 00:57:51 +02:00
Lennart Poettering
ceda54d93c
units: wire smartcard.target into Makefile
2010-07-16 21:38:56 +02:00
Lennart Poettering
73608ed994
device: rename 'available' state to 'plugged'
2010-07-16 21:32:34 +02:00
Lennart Poettering
2d3b2c0032
units: introduce smartcard.target
2010-07-16 21:32:11 +02:00
Lennart Poettering
0ff3dea700
systemctl: always show units with active jobs in list-units output
2010-07-16 21:31:34 +02:00
Lennart Poettering
b15bdda870
socket: prepare for proper selinux labelling of sockets
2010-07-16 19:42:27 +02:00
Lennart Poettering
0009d2a633
socket: don't allow mixing of accepting and non-accepting sockets in the same unit
2010-07-16 19:41:50 +02:00
Lennart Poettering
cac6f7c872
service: refuse to start services that are configured for per-connection instantiation to start without a socket
2010-07-16 19:41:11 +02:00
Lennart Poettering
276c3e78ce
unit: allow units to have more than one instance id
2010-07-16 19:40:24 +02:00
Lennart Poettering
bb4f237c65
units: fix default mode of /var/run and /var/lock
2010-07-16 18:58:52 +02:00
Lennart Poettering
6c155fe3d0
path,timer: order units after sysinit by default
2010-07-16 18:57:21 +02:00
Lennart Poettering
772a599e4f
target: if the user configured a manual ordering between target units and the unit they require don't contradict that automatically
2010-07-16 03:17:34 +02:00
Lennart Poettering
ad780f1991
main: disable nscd if we can to avoid deadlock, just in case
2010-07-16 03:07:53 +02:00
Lennart Poettering
949c651032
mount-setup: consider a few file systems API mounts and ignore them
2010-07-16 02:56:57 +02:00
Lennart Poettering
992f87e192
install: refuse installation of symlinked units
2010-07-16 02:56:40 +02:00
Lennart Poettering
7461d1b76f
man: various man page updates
2010-07-16 02:56:19 +02:00
Lennart Poettering
4445a87557
systemctl: add to command for virtualizing the dependency tree with graphviz
2010-07-16 02:56:00 +02:00
Lennart Poettering
14bd37fe0b
fixme: refer to rhbz bugs that need fixing
2010-07-14 15:13:34 +02:00
Lennart Poettering
d04247cf25
cgls: rename source file to cgls.c, since we have no prefix for any of the other files either
2010-07-14 15:09:27 +02:00
Lennart Poettering
73883adc1e
socket: don't close sockets when activating per-connection units
2010-07-14 04:47:57 +02:00
Lennart Poettering
db12315a18
build-sys: bump release
2010-07-13 23:18:40 +02:00