-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch adds the ability to look at the calling process that is trying to
do dbus calls into systemd, then it checks with the SELinux policy to see if
the calling process is allowed to do the activity.
The basic idea is we want to allow NetworkManager_t to be able to start and
stop ntpd.service, but not necessarly mysqld.service.
Similarly we want to allow a root admin webadm_t that can only manage the
apache environment. systemctl enable httpd.service, systemctl disable
iptables.service bad.
To make this code cleaner, we really need to refactor the dbus-manager.c code.
This has just become a huge if-then-else blob, which makes doing the correct
check difficult.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBJBi8ACgkQrlYvE4MpobOzTwCdEUikbvRWUCwOb83KlVF0Nuy5
lRAAnjZZNuc19Z+aNxm3k3nwD4p/JYco
=yops
-----END PGP SIGNATURE-----
All "btrfs" file systems will be registered with the kernel when they
show up.
Incomplete multi-device volumes will set SYSTEMD_READY=0, to prevent
access until the volume is complete and fully registered.
Systemd has a large (and growing) number of manpages. Sometimes it's
not immediately obvious, where to look for a directive. Especially,
when something is described in more than one place. Making sense of
all the settings should be easier with an index.
instead of having one simple per-file cache implement an more
comprehensive one that works for multiple files and can actually
maintain multiple maps per file and per object type.
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
Currently MIPS and ARM define syscall numbers for multiple ABI in one
<asm/unistd.h>. The #define statments for each syscall are formated as:
#define __NR_scname (BASE_OFFSET + sc_number)
Thus we need a more generic regular expression to match these in awk.
It's time to get rid of prefdm. Distributions which still want to use
this should maintain this downstream, but it's probably better to just
provide proper units for the various display managers, like Fedora is
doing this, for example:
https://fedoraproject.org/wiki/Features/DisplayManagerRework
This file is generated, so it should be referred to as
$(top_builddir)/src/gudev/gudevenumtypes.h. It could only appear in
$(top_srcdir) as a result of previous build in $(top_srcdir). Better
to just let automake add the prefix for us, so there's no need to
spell it out.
Remove the prefix from other source files too, $(top_srcdir) is the
default anyway.
$(MKDIR_P) is added where missing, and rules are standardized on one
form of $(MKDIR_P), to make it easier to spot when it is missing.
Single line $(MKDIR)&&command form is broken into two line form.
https://bugs.freedesktop.org/show_bug.cgi?id=49459
For compilation in a separate build directory to work, when a file is
generated, the rule must include an explicit mkdir first, unless the
file is created at the top level. Even when building in a separate
build-dir, automake would normally create all directories as a side
result of creating the dependencies files. Therefore the bug was only
visible with -C (turning off dependency generation).
We want to keep things uniform, and hence treat udevd's man page like
any other in the repo. What matters is how users primarily interface
with a service, and that is not the binary path in /usr/lib/systemd but
the service name.
This reverts commit 6c1f3ba54a.