Commit Graph

37 Commits

Author SHA1 Message Date
Dave Reisner
aea54018a5 Implement SocketUser= and SocketGroup= for [Socket]
Since we already allow defining the mode of AF_UNIX sockets and FIFO, it
makes sense to also allow specific user/group ownership of the socket
file for restricting access.
2012-11-05 21:17:55 -05:00
Dave Reisner
7277f5a9d9 systemd.socket.xml: fix typo 2012-11-05 08:32:44 -05:00
Thomas Hindoe Paaboel Andersen
f848f8d87e man: typo fixes
Fixes a few more typos. Also changes a "Accept=no" to
"Accept=false" to be consistent with the previous examples
in the same man page.
2012-11-01 23:35:34 +01:00
Auke Kok
0eb59ccfe6 SMACK: Add configuration options. (v3)
This adds SMACK label configuration options to socket units.

SMACK labels should be applied to most objects on disk well before
execution time, but two items remain that are generated dynamically
at run time that require SMACK labels to be set in order to enforce
MAC on all objects.

Files on disk can be labelled using package management.

For device nodes, simple udev rules are sufficient to add SMACK labels
at boot/insertion time.

Sockets can be created at run time and systemd does just that for
several services. In order to protect FIFO's and UNIX domain sockets,
we must instruct systemd to apply SMACK labels at runtime.

This patch adds the following options:

Smack - applicable to FIFO's.
SmackIpIn/SmackIpOut - applicable to sockets.

No external dependencies are required to support SMACK, as setting
the labels is done using fsetxattr(). The labels can be set on a
kernel that does not have SMACK enabled either, so there is no need
to #ifdef any of this code out.

For more information about SMACK, please see Documentation/Smack.txt
in the kernel source code.

v3 of this patch changes the config options to be CamelCased.
2012-10-30 03:40:42 +01:00
Andrew Eikum
16dad32e43 Reword sentences that contain psuedo-English "resp."
As you likely know, Arch Linux is in the process of moving to systemd.
So I was reading through the various systemd docs and quickly became
baffled by this new abbreviation "resp.", which I've never seen before
in my English-mother-tongue life.

Some quick Googling turned up a reference:
<http://www.transblawg.eu/index.php?/archives/870-Resp.-and-other-non-existent-English-wordsNicht-existente-englische-Woerter.html>

I guess it's a literal translation of the German "Beziehungsweise", but
English doesn't work the same way. The word "respectively" is used
exclusively to provide an ordering connection between two lists. E.g.
"the prefixes k, M, and G refer to kilo-, mega-, and giga-,
respectively." It is also never abbreviated to "resp." So the sentence
"Sets the default output resp. error output for all services and
sockets" makes no sense to a natural English speaker.

This patch removes all instances of "resp." in the man pages and
replaces them with sentences which are much more clear and, hopefully,
grammatically valid. In almost all instances, it was simply replacing
"resp." with "or," which the original author (Lennart?) could probably
just do in the future.

The only other instances of "resp." are in the src/ subtree, which I
don't feel privileged to correct.

Signed-off-by: Andrew Eikum <aeikum@codeweavers.com>
2012-10-16 01:03:01 +02:00
Lennart Poettering
5198dabcce man: document behaviour of ListenStream= with only a port number in regards to IPv4/IPv6 2012-10-03 14:18:55 -04:00
Thomas Hindoe Paaboel Andersen
c53158818d man: fix a bunch of typos in docs
https://bugs.freedesktop.org/show_bug.cgi?id=54501
2012-09-13 19:34:24 +02:00
Lennart Poettering
4819ff0358 unit: split off KillContext from ExecContext containing only kill definitions 2012-07-20 00:10:31 +02:00
Lennart Poettering
34511ca7b1 man: reword man page titles
Make sure the man page titles are similar in style and capitalization so
that our man page index looks pretty.
2012-07-16 18:08:25 +02:00
Lennart Poettering
5430f7f2bc relicense to LGPLv2.1 (with exceptions)
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.

Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.

The bits that used to be MIT continue to be MIT.

The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
2012-04-12 00:24:39 +02:00
Lennart Poettering
54ecda32c6 socket: add option for SO_PASSEC
https://bugzilla.redhat.com/show_bug.cgi?id=798760

(Note that this work is not complete yet, as the kernel seems to send us
useless data with SCM_SECURITY enabled)
2012-03-13 00:00:27 +01:00
Lennart Poettering
271b032a05 socket: rename the PassCred= option to PassCredentials=, since we don't want to needlessly abbreviate options unless they are very well established 2011-12-31 01:07:49 +01:00
Tim Waugh
7e115808a9 '@' is an 'ampersat' not an 'ampersand'; let's call it 'at symbol' 2011-12-08 17:32:09 +01:00
Michal Schmidt
42e87475cf man: document the PassCred option 2011-11-30 11:06:35 +01:00
Ville Skyttä
9f7dad774e man: Documentation spelling fixes 2011-06-20 17:57:22 +02:00
Lennart Poettering
ec6370a22d socket: expose SO_BROADCAST 2011-05-19 18:10:19 +02:00
Lennart Poettering
6b6d2deecc socket: expose IP_TRANSPARENT 2011-05-19 13:22:31 +02:00
Lennart Poettering
916abb21d0 socket: add POSIX mqueue support 2011-05-17 19:37:03 +02:00
Lennart Poettering
ecb963cc40 def: lower default timeout to 90s
Almost everybody found 3min too long, so lower it again
2011-04-27 22:30:50 +02:00
Lennart Poettering
b0a3f2bc09 socket: support ListeSpecial= sockets 2011-04-20 05:02:23 +02:00
Lennart Poettering
05677bb780 man: fix specification of default timeouts 2011-04-20 00:51:23 +02:00
Lennart Poettering
7a22745ac3 socket: support netlink sockets 2011-04-10 03:27:00 +02:00
Lennart Poettering
cd25cce98f exec: drop process group kill mode since it has little use and confuses the user 2011-03-29 23:31:38 +02:00
Lennart Poettering
be0396695b man: clarify a few things 2011-02-09 11:00:17 +01:00
Lennart Poettering
ba035df230 execute: make sending of SIGKILL on shutdown optional 2011-01-18 22:55:54 +01:00
Lennart Poettering
2292707df5 man: document missing KillSignal= and swap options 2011-01-18 00:40:10 +01:00
Lennart Poettering
d9ff321ad9 socket: make service to start on incoming traffic configurable 2010-10-05 19:50:00 +02:00
Tomasz Torcz
cebf8b2092 socket: Allow selection of TCP Congestion Avoidance algorithm to socket
Hi,

attached path extends socket configurables with another
knob - TCP Congestion Avoidance selection. Linux implements
handful of those, useful in various situations. For example,
TCP Low Priority may be used by FTP service to gracefully
yield bandwidth for more important TCP/IP streams.

Until recently TCP_CONGESTION was Linux-specific, recently
FreeBSD 8 and OpenSolaris gained compatible support.
2010-08-03 23:23:47 +02:00
Lennart Poettering
b3eaa62881 man: update man pages for recent syntax changes 2010-07-07 21:22:56 +02:00
Lennart Poettering
f3e219a238 update man pages for recent changes 2010-07-07 01:38:56 +02:00
Lennart Poettering
62adf224d1 man: various man page updates 2010-07-03 19:54:00 +02:00
Lennart Poettering
dd1eb43ba7 man: document execution context related settings 2010-07-02 23:24:38 +02:00
Lennart Poettering
ba60f9054e man: extend references to exec man page 2010-07-02 19:51:28 +02:00
Kay Sievers
b439c6ee04 man: trivial spelling fixes 2010-07-02 16:05:16 +02:00
Lennart Poettering
65232ea79d man: document automount units 2010-07-02 01:17:55 +02:00
Lennart Poettering
cdb788e4cd man: document mount units 2010-07-02 00:29:15 +02:00
Lennart Poettering
1f812feafb man: document socket units 2010-07-01 23:49:50 +02:00