Commit Graph

1035 Commits

Author SHA1 Message Date
Daniel J Walsh
7a58bfa4ae socket: SELinux support for socket creation.
It seems to work on my machine.

/proc/1/fd/20	system_u:system_r:system_dbusd_t:s0

/proc/1/fd/21	system_u:system_r:avahi_t:s0

And the AVC's seem to have dissapeared when a confined app trys to
connect to dbus or avahi.

If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch
You should be able to boot in enforcing mode.
2010-07-23 05:12:13 +02:00
Robert "arachnist" Gerus
28322e1eb6 sshd, tmux and others are broken when /dev/pts is mounted with "-o nodev" 2010-07-23 05:12:13 +02:00
Lennart Poettering
25da667e1a build-sys: prepare release 4 2010-07-22 02:52:26 +02:00
Lennart Poettering
218362d22c units: add [Install] section to getty.target and remote-fs.target 2010-07-22 02:39:21 +02:00
Lennart Poettering
5e5c6cd737 update fixme 2010-07-22 02:26:27 +02:00
Lennart Poettering
d3d91d10c9 build-sys: fix compatibility with vala 0.9 2010-07-22 02:21:42 +02:00
Lennart Poettering
50f2a90dae update fixme 2010-07-21 20:26:44 +02:00
Lennart Poettering
3a2776bc86 service: save/restore status text string 2010-07-21 05:16:45 +02:00
Lennart Poettering
cc42e0817f job: make sure restart jobs are readded to the run queue after conversion to start jobs 2010-07-21 05:16:31 +02:00
Lennart Poettering
a7f241db3f unit: deduce following unit value dynamically instead of statically, to avoid dangling pointers 2010-07-21 05:00:29 +02:00
Lennart Poettering
672c48cc06 pam: remove only sessions we ourselves created in the first place 2010-07-21 04:32:44 +02:00
Lennart Poettering
294d81f124 load: make sure that unit files in /etc/ always take precedence, even over link targets, to make them easily overrdiable 2010-07-21 03:28:10 +02:00
Lennart Poettering
8f05424d50 unit: allow symlinking unit files to /dev/null 2010-07-21 03:13:15 +02:00
Lennart Poettering
c24eb49e6a exec: extend variable substitution to support splitting variable values into seperate arguments 2010-07-21 02:57:35 +02:00
Lennart Poettering
9d25f5ed7b sysv: do not add sysv services that are not enabled in /etc/rcN.d/ to network.target or other LSB-style Provides: targets 2010-07-20 22:30:45 +02:00
Lennart Poettering
84b00965b7 hostname: properly deal with unset hostname in fedora configuration 2010-07-20 21:34:25 +02:00
Lennart Poettering
2cc59dbfe0 systemctl: always disable color when output goes into a file 2010-07-20 21:04:32 +02:00
Lennart Poettering
d8d5ab981a manager: write serialization to /dev/.systemd/ instead of /dev/shm 2010-07-20 20:54:33 +02:00
Lennart Poettering
36adffeab0 fedora: make sure the gettys are run before X starts up 2010-07-20 20:42:46 +02:00
Lennart Poettering
de0200fca5 socket: fix access mode verification of FIFOs 2010-07-20 20:40:49 +02:00
Lennart Poettering
8fe914ec81 device: do not merge devices
Don't try to merge devices that have been created via dependencies when
they appear in the system and can be recognized as the same.  Instead,
simply continue to maintain them independently of each other, however
with the same state cycle. Why? Because otherwise we'd have a hard time
to seperate the dependencies after the devices are unplugged again and
we hence cannot be sure anymore that next time the device is plugged in
it will carry the same names.

Example: if one depndency refers to dev-sda.device and another one to
dev-by-id-xxxyyy.device we only learn at time of plug in of the device
that it is actually the same device that was ment. In the moment the
device is unplugged again we won't know anymore their relation to each
other and the next time the harddisk is plugged it might even appear as
dev-by-id-xxxyyy.device and dev-sdb.service. To ensure the dependencies
continue to have the meaning they were intended to have let's hence keep
the .device objects seperate all the time, even when they are plugged
in.

This patch also introduces a new Following= property which points from
the various .device units of a specific device to the main .device unit
for it. This can be used by the client side to figure out the relation
of the .device units to each other and even filter units from display.
2010-07-20 20:33:24 +02:00
Lennart Poettering
5632e3743d systemctl: introduce reset-maintenance command 2010-07-19 04:08:07 +02:00
Lennart Poettering
b9975629f0 man: extend man pages a little 2010-07-18 02:11:38 +02:00
Lennart Poettering
246756ca92 install: optionally remove all symlinks from configuration tree recursively 2010-07-18 01:33:05 +02:00
Lennart Poettering
92abbefbef execute: bump up log level of executed processes that failed 2010-07-17 04:17:30 +02:00
Lennart Poettering
faf919f1eb job: timeout every job independently of the unit 2010-07-17 04:09:28 +02:00
Lennart Poettering
064f51fa29 unit: consider only_by_dependency setting when clients ask whether a unit is startable 2010-07-17 04:07:49 +02:00
Lennart Poettering
d06428248a systemctl: extend list-units output a little 2010-07-17 00:59:03 +02:00
Lennart Poettering
5de9682cd6 unit: introduce OnFailure dependencies to activate units on failure of other units, as a way to implement an automatic rescue shell 2010-07-17 00:58:47 +02:00
Lennart Poettering
45fb0699c4 systemctl: warn when operating on service files that changed on disk but haven't been reloaded 2010-07-17 00:57:51 +02:00
Lennart Poettering
ceda54d93c units: wire smartcard.target into Makefile 2010-07-16 21:38:56 +02:00
Lennart Poettering
73608ed994 device: rename 'available' state to 'plugged' 2010-07-16 21:32:34 +02:00
Lennart Poettering
2d3b2c0032 units: introduce smartcard.target 2010-07-16 21:32:11 +02:00
Lennart Poettering
0ff3dea700 systemctl: always show units with active jobs in list-units output 2010-07-16 21:31:34 +02:00
Lennart Poettering
b15bdda870 socket: prepare for proper selinux labelling of sockets 2010-07-16 19:42:27 +02:00
Lennart Poettering
0009d2a633 socket: don't allow mixing of accepting and non-accepting sockets in the same unit 2010-07-16 19:41:50 +02:00
Lennart Poettering
cac6f7c872 service: refuse to start services that are configured for per-connection instantiation to start without a socket 2010-07-16 19:41:11 +02:00
Lennart Poettering
276c3e78ce unit: allow units to have more than one instance id 2010-07-16 19:40:24 +02:00
Lennart Poettering
bb4f237c65 units: fix default mode of /var/run and /var/lock 2010-07-16 18:58:52 +02:00
Lennart Poettering
6c155fe3d0 path,timer: order units after sysinit by default 2010-07-16 18:57:21 +02:00
Lennart Poettering
772a599e4f target: if the user configured a manual ordering between target units and the unit they require don't contradict that automatically 2010-07-16 03:17:34 +02:00
Lennart Poettering
ad780f1991 main: disable nscd if we can to avoid deadlock, just in case 2010-07-16 03:07:53 +02:00
Lennart Poettering
949c651032 mount-setup: consider a few file systems API mounts and ignore them 2010-07-16 02:56:57 +02:00
Lennart Poettering
992f87e192 install: refuse installation of symlinked units 2010-07-16 02:56:40 +02:00
Lennart Poettering
7461d1b76f man: various man page updates 2010-07-16 02:56:19 +02:00
Lennart Poettering
4445a87557 systemctl: add to command for virtualizing the dependency tree with graphviz 2010-07-16 02:56:00 +02:00
Lennart Poettering
14bd37fe0b fixme: refer to rhbz bugs that need fixing 2010-07-14 15:13:34 +02:00
Lennart Poettering
d04247cf25 cgls: rename source file to cgls.c, since we have no prefix for any of the other files either 2010-07-14 15:09:27 +02:00
Lennart Poettering
73883adc1e socket: don't close sockets when activating per-connection units 2010-07-14 04:47:57 +02:00
Lennart Poettering
db12315a18 build-sys: bump release 2010-07-13 23:18:40 +02:00