Commit Graph

9673 Commits

Author SHA1 Message Date
Dave Reisner
e4f44e734c Revert "Implement SocketUser= and SocketGroup= for [Socket]"
This was never intended to be pushed.

This reverts commit aea54018a5.
2012-11-06 09:54:17 -05:00
Dave Reisner
65343c7494 cryptsetup: hash=plain means don't use a hash
"plain" is a semantic value that cryptsetup(8) uses to describe a plain
dm-crypt volume that does not use a hash. Catch this value earlier and
ensure that a NULL params.hash is passed to crypt_format to avoid
passing an invalid hash type to the libcryptsetup backend.

FDO bug #56593.
2012-11-06 09:53:00 -05:00
Dave Reisner
aea54018a5 Implement SocketUser= and SocketGroup= for [Socket]
Since we already allow defining the mode of AF_UNIX sockets and FIFO, it
makes sense to also allow specific user/group ownership of the socket
file for restricting access.
2012-11-05 21:17:55 -05:00
Thomas Hindoe Paaboel Andersen
edca2e2348 README,TODO: typo fixes 2012-11-05 21:13:28 +01:00
Dave Reisner
7277f5a9d9 systemd.socket.xml: fix typo 2012-11-05 08:32:44 -05:00
Daniel Wallace
553b932366 add zsh completion for all the commands
Most of the completion for systemctl and loginctl provided by Foudil Brétel
2012-11-05 10:56:28 +01:00
Kay Sievers
7a43e910ce TODO: fix typo 2012-11-05 02:17:23 +01:00
Kay Sievers
6aa220e019 mount-setup: try mounting 'efivarfs' only if the system bootet with EFI 2012-11-04 17:03:48 +01:00
Kay Sievers
3dfb265083 kmod-setup: mounting efivarfs, *after* we tried to mount it, is pointless
The mount() system call, which we issue before loading modules, will trigger
a modprobe by the kernel and block until it returns. Trying to load it again
later, will have exactly the same result as the first time.
2012-11-04 17:00:57 +01:00
Kay Sievers
1022373284 kmod-setup: add conditional module loading callback 2012-11-04 16:54:19 +01:00
Kay Sievers
c1e5704657 shared: add is_efiboot() 2012-11-04 16:06:27 +01:00
Kay Sievers
d2e83c23f5 TODO: update RTC, DST stuff 2012-11-04 15:47:08 +01:00
Kay Sievers
39cff5961a TODO: add efi check 2012-11-04 12:17:28 +01:00
Dave Reisner
075ff6863d drop Arch Linux support for reading /etc/rc.conf 2012-11-03 20:11:52 -04:00
Dave Reisner
53d05b44f1 drop Arch Linux support for reading /etc/rc.conf 2012-11-03 19:59:42 -04:00
Kay Sievers
bd49c40537 bash-completion > shell-completion 2012-11-03 22:10:32 +01:00
Kay Sievers
924ee2cb0c docs: gtk-doc warnings are annoying 2012-11-03 22:04:06 +01:00
Miklos Vajna
da974c2ff2 vconsole: remove Frugalware legacy file support 2012-11-03 21:23:37 +01:00
Michal Schmidt
c339d9775d util : fallback to plain ASCII drawing if locale is not UTF-8
When printing cgroup and sysfs hierarchies, avoid using UTF-8 box drawing
characters if the locale is not UTF-8.

https://bugzilla.redhat.com/show_bug.cgi?id=871153
2012-11-02 17:39:52 +01:00
Michal Schmidt
0901758558 util: add is_locale_utf8()
journalctl and vconsole-setup both implement utf8 locale detection.
Let's have a common function for it.
The next patch will add another use.
2012-11-02 17:27:15 +01:00
Cosimo Cecchi
4940c64240 analyze: use GDBus instead of dbus-python 2012-11-02 16:54:28 +01:00
Kay Sievers
e2fd5e5ba2 timedatectl: show "DST active: n/a" if no DST data is available 2012-11-02 05:45:02 -10:00
Kay Sievers
62ffb3327a TODO: update 2012-11-02 15:18:29 +01:00
Kay Sievers
f18ca9dcde timedatectl: explain everything nobody wants to know about DST 2012-11-02 03:45:07 +01:00
Kay Sievers
b7f1542c8b shared: add timer_get_dst() 2012-11-02 00:44:23 +01:00
Kay Sievers
465b1686ec TODO: update 2012-11-02 00:34:07 +01:00
Kay Sievers
3a4431ef72 udev: break over-long lines 2012-11-02 00:32:10 +01:00
Thomas Hindoe Paaboel Andersen
f848f8d87e man: typo fixes
Fixes a few more typos. Also changes a "Accept=no" to
"Accept=false" to be consistent with the previous examples
in the same man page.
2012-11-01 23:35:34 +01:00
Lennart Poettering
173fa08331 update TODO 2012-10-31 02:57:26 +01:00
Lennart Poettering
669b04a492 service: drop special HTTP server target, as it is a bad idea anf Fedora specific
This was premarily intended to support the LSB facility $httpd which is
only known by Fedora, and a bad idea since it lacks any real-life
usecase.

Similar, drop support for some other old Fedora-specific facilities.

Also, document the rules for introduction of new facilities, to clarify
the situation for the future.
2012-10-31 02:55:04 +01:00
Lennart Poettering
630d4e1408 man: explain a bit more detailed what happens on suspend 2012-10-31 00:48:20 +01:00
Lennart Poettering
f8a2ebbc50 man: document that Documentation= follows an order 2012-10-31 00:13:55 +01:00
Lennart Poettering
c55b1b59b8 update TODO 2012-10-31 00:13:55 +01:00
Lennart Poettering
e65d8c3760 update TODO: insserv belongs on the chopping block 2012-10-30 23:58:10 +01:00
Lennart Poettering
1fd8d04e38 strv: cleanup error path loops
https://bugzilla.redhat.com/show_bug.cgi?id=858799
2012-10-30 18:30:45 +01:00
Lennart Poettering
822e5dd1d6 update TODO 2012-10-30 18:30:44 +01:00
Michal Schmidt
8511dd1871 shared: "max" in the string->number conversion is meant to be inclusive 2012-10-30 15:46:49 +01:00
Michal Schmidt
f8b69d1dfc shared, core: do not always accept numbers in string lookups
The behaviour of the common name##_from_string conversion is surprising.
It accepts not only the strings from name##_table but also any number
that falls within the range of the table. The order of items in most of
our tables is an internal affair. It should not be visible to the user.

I know of a case where the surprising numeric conversion leads to a crash.

We will allow the direct numeric conversion only for the tables where the
mapping of strings to numeric values has an external meaning. This holds
for the following lookup tables:
 - netlink_family, ioprio_class, ip_tos, sched_policy - their numeric
   values are stable as they are defined by the Linux kernel interface.
 - log_level, log_facility_unshifted - the well-known syslog interface.

We allow the user to use numeric values whose string names systemd does
not know. For instance, the user may want to test a new kernel featuring
a scheduling policy that did not exist when his systemd version was
released. A slightly unpleasant effect of this is that the
name##_to_string conversion cannot return pointers to constant strings
anymore. The strings have to be allocated on demand and freed by the
caller.
2012-10-30 15:41:15 +01:00
Zbigniew Jędrzejewski-Szmek
26acfdae44 bash-completion: add completion for coredumpctl 2012-10-30 11:28:48 +01:00
Zbigniew Jędrzejewski-Szmek
4f76ae1b4b coredumpctl: add --field/-F option
Useful for completion generation.
2012-10-30 11:26:49 +01:00
Zbigniew Jędrzejewski-Szmek
9a34088094 coredumpctl: add --no-legend option
Useful for completion generation.
2012-10-30 11:26:49 +01:00
Zbigniew Jędrzejewski-Szmek
2fb7a5ce67 coredumpctl: fix program return code 2012-10-30 11:24:00 +01:00
Zbigniew Jędrzejewski-Szmek
57ce4bd4ea coredumpctl: add guard to options table
It is not nice to segfault on unknown options :(
2012-10-30 11:23:59 +01:00
Michal Schmidt
50425d1614 libsystemd-daemon: fix style 2012-10-30 10:30:44 +01:00
Michal Schmidt
f3910003bc shared, libsystemd-daemon: check for empty strings in strto*l conversions
strtol() and friends may set EINVAL if no conversion was performed, but
they are not required to do so. In practice they don't. We need to check
for it.

https://bugzilla.redhat.com/show_bug.cgi?id=870577
2012-10-30 10:30:04 +01:00
Auke Kok
0eb59ccfe6 SMACK: Add configuration options. (v3)
This adds SMACK label configuration options to socket units.

SMACK labels should be applied to most objects on disk well before
execution time, but two items remain that are generated dynamically
at run time that require SMACK labels to be set in order to enforce
MAC on all objects.

Files on disk can be labelled using package management.

For device nodes, simple udev rules are sufficient to add SMACK labels
at boot/insertion time.

Sockets can be created at run time and systemd does just that for
several services. In order to protect FIFO's and UNIX domain sockets,
we must instruct systemd to apply SMACK labels at runtime.

This patch adds the following options:

Smack - applicable to FIFO's.
SmackIpIn/SmackIpOut - applicable to sockets.

No external dependencies are required to support SMACK, as setting
the labels is done using fsetxattr(). The labels can be set on a
kernel that does not have SMACK enabled either, so there is no need
to #ifdef any of this code out.

For more information about SMACK, please see Documentation/Smack.txt
in the kernel source code.

v3 of this patch changes the config options to be CamelCased.
2012-10-30 03:40:42 +01:00
Lennart Poettering
978cf3c75f logind: it's OK if a process on an pty requests a session for seat0
After all, if a sudo/su inside an X terminal should get added to the
same session as the X session itself.
2012-10-30 03:40:42 +01:00
Lennart Poettering
7ba6438631 logind: unify all session lock loop 2012-10-30 03:40:42 +01:00
Lennart Poettering
faf22b6559 update TODO 2012-10-30 03:40:42 +01:00
Lee, Chun-Yi
f271dd9762 systemd: mount the EFI variable filesystem
Add efivarfs to the mount_table in mount-setup.c, so the EFI variable
filesystem will be mounted when systemd executed.

The EFI variable filesystem will merge in v3.7 or v3.8 linux kernel.

Cc: Kay Sievers <kay@vrfy.org>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Mantas Mikulėnas <grawity@gmail.com>
Cc: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Cc: Matt Fleming <matt.fleming@intel.com>
Cc: Jeremy Kerr <jeremy.kerr@canonical.com>
Cc: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
2012-10-30 03:40:42 +01:00