Commit Graph

788 Commits

Author SHA1 Message Date
Lennart Poettering
c309067483 selinux: use existing library calls for audit data 2012-09-18 01:55:49 +02:00
Daniel J Walsh
e2417e4143 selinux: add bus service access control
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This patch adds the ability to look at the calling process that is trying to
do dbus calls into systemd, then it checks with the SELinux policy to see if
the calling process is allowed to do the activity.

The basic idea is we want to allow NetworkManager_t to be able to start and
stop ntpd.service, but not necessarly mysqld.service.

Similarly we want to allow a root admin webadm_t that can only manage the
apache environment.  systemctl enable httpd.service, systemctl disable
iptables.service bad.

To make this code cleaner, we really need to refactor the dbus-manager.c code.
 This has just become a huge if-then-else blob, which makes doing the correct
check difficult.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBJBi8ACgkQrlYvE4MpobOzTwCdEUikbvRWUCwOb83KlVF0Nuy5
lRAAnjZZNuc19Z+aNxm3k3nwD4p/JYco
=yops
-----END PGP SIGNATURE-----
2012-09-18 01:21:17 +02:00
Kay Sievers
0bb91b5010 udev: add btrfs support
All "btrfs" file systems will be registered with the kernel when they
show up.

Incomplete multi-device volumes will set SYSTEMD_READY=0, to prevent
access until the volume is complete and fully registered.
2012-09-17 13:54:03 +02:00
Zbigniew Jędrzejewski-Szmek
f6c2e28b07 directive-index: journal directives 2012-09-17 12:42:22 +02:00
Zbigniew Jędrzejewski-Szmek
ffafe91b5a directive-index: system manager directives 2012-09-17 12:42:22 +02:00
Zbigniew Jędrzejewski-Szmek
e1abd3efab directive-index: add UDEV fields 2012-09-17 12:42:22 +02:00
Zbigniew Jędrzejewski-Szmek
d9cfd69403 man: generate an index of directives
Systemd has a large (and growing) number of manpages. Sometimes it's
not immediately obvious, where to look for a directive. Especially,
when something is described in more than one place. Making sense of
all the settings should be easier with an index.
2012-09-17 12:42:22 +02:00
Shawn Landden
608da9e9b5 man: remove timezone(5) and add localtime(5) 2012-09-14 19:27:59 +02:00
Lennart Poettering
a1d41e17a5 rpm: expose preset dir as rpm macro and in systemd.pc 2012-09-13 22:17:46 +02:00
Lennart Poettering
ff89a42a86 python: make gcc shut up 2012-09-13 19:34:09 +02:00
Lennart Poettering
0aee68ad02 python: reindent to follow coding style 2012-09-13 04:16:10 +02:00
Lennart Poettering
8d7e170a52 python: integrate David Strauss' python-systemd package 2012-09-13 04:01:18 +02:00
Dave Reisner
b51fc639f0 build-sys: perform autodetection of quota-tools binaries
Use AC_PATH_PROG to try and locate the quotaon and quotacheck binaries,
falling back on hardcoded defaults when they can't be found.
2012-09-11 01:43:48 +02:00
Lennart Poettering
b5b46d5995 when determining unit file list, include invalid unit names in an "invalid" state 2012-09-11 01:14:25 +02:00
Lennart Poettering
54aa25e63c build-sys: add libsystemd-id128-internal.la as dep to libsystemd-core.la
condition.c makes use of sd_id128_get_machine() after all.

Spotted by Khem Raj.
2012-09-10 09:28:42 +02:00
Lennart Poettering
a1a03e3075 journal: add call to determine current journal file disk usage 2012-09-07 23:20:28 +02:00
Lennart Poettering
cb7ed9dfca tmpfiles: don't attempt creation of device nodes when we run in a container 2012-09-05 23:42:05 -07:00
Lennart Poettering
ddffe89246 journal: don't pull in flush service from journald service
In the initrd we don't need the flush service hence don't attempt to
pull it in.
2012-09-03 18:59:05 -07:00
Lennart Poettering
877d54e9b0 journal: generate structured journal messages for a number of events 2012-09-03 18:59:04 -07:00
Zbigniew Jędrzejewski-Szmek
fe1fed02c7 build-sys: xsltproc is required for man pages and gtk-doc 2012-08-25 02:01:44 +02:00
Lennart Poettering
38a60d7112 build-sys: prepare release 189 2012-08-23 02:46:22 +02:00
Lennart Poettering
d2bd7630d7 journal: the ratelimiter is part of journald 2012-08-22 03:43:45 +02:00
Lennart Poettering
0153028ae3 journald: split off native protocol support into its own .c file 2012-08-22 03:42:23 +02:00
Lennart Poettering
3b7124a8db journald: split console transport stuff into its own file 2012-08-22 03:36:29 +02:00
Lennart Poettering
a45b9fca6b journald: move stream protocol into its own .c file 2012-08-22 03:32:41 +02:00
Lennart Poettering
35e2e347d3 journald: splitt of syslog protocol support into its own file 2012-08-22 03:21:03 +02:00
Lennart Poettering
ef63833d53 journald: split /dev/kmsg related stuff into its own .c file 2012-08-22 03:09:44 +02:00
Lennart Poettering
bdfb9e7f7c journald: augment journal entries from the kernel with data from udev 2012-08-22 02:49:17 +02:00
Lennart Poettering
2cfa886eb1 build-sys: fix ntp-units.d path creation
Spotted by Dave Reisner
2012-08-21 16:40:19 +02:00
Lennart Poettering
f6a971bc0b journalctl: output FSS key as QR code on generating 2012-08-20 22:02:19 +02:00
Lennart Poettering
feb12d3ed2 journal: make libgcrypt dependency optional 2012-08-20 16:51:46 +02:00
Kay Sievers
45b51b6b71 keymap: fix map name reference 2012-08-16 21:00:06 +02:00
Lennart Poettering
f5028bfaf0 journal: journal-send.h doesn't actually exist 2012-08-16 17:19:47 +02:00
Lennart Poettering
0284adc6a6 journal: split up journal-file.c 2012-08-16 17:10:57 +02:00
Lennart Poettering
beec008561 journal: implement basic journal file verification logic 2012-08-16 17:10:57 +02:00
Lennart Poettering
16e9f408fa journal: implement generic sharable mmap caching logic
instead of having one simple per-file cache implement an more
comprehensive one that works for multiple files and can actually
maintain multiple maps per file and per object type.
2012-08-16 17:10:56 +02:00
Lennart Poettering
7560fffcd2 journald: initial version of FSPRG hookup
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
Kay Sievers
dbf61afb29 udev: export udev_device_new_from_device_id() 2012-08-10 19:56:57 +02:00
Huang Hang
af18d7ca4b build-sys: use more generic regular expression to generate syscall-list.txt correctly
Currently MIPS and ARM define syscall numbers for multiple ABI in one
<asm/unistd.h>. The #define statments for each syscall are formated as:

 #define __NR_scname (BASE_OFFSET + sc_number)

Thus we need a more generic regular expression to match these in awk.
2012-08-09 12:21:04 +02:00
Lennart Poettering
c269cec334 build-sys: prepare release 188 2012-08-08 21:49:01 +02:00
Peter Alfredsen
276c54e799 build-sys: add CFLAGS to CPP calls
It changes the defines WORDSIZE and __I386, CFLAGS=-m32.
2012-08-08 21:33:42 +02:00
Kay Sievers
81311bbd12 build-sys: link internal selinux lib to systemd-remount-fs 2012-08-08 12:29:54 +02:00
Lennart Poettering
3984d657ff build-sys: typo fix 2012-08-08 12:27:10 +02:00
Lennart Poettering
5a45a93627 build-sys: enable a couple of security features
Most distributions enable these downstream anyway, but it probably makes
sense to enable them unconditionally upstream too.
2012-08-08 12:03:34 +02:00
Lennart Poettering
b2c9cbafb8 units: remove prefdm
It's time to get rid of prefdm. Distributions which still want to use
this should maintain this downstream, but it's probably better to just
provide proper units for the various display managers, like Fedora is
doing this, for example:

https://fedoraproject.org/wiki/Features/DisplayManagerRework
2012-08-07 17:08:31 +02:00
Simon Peeters
f9a3b83bf4 build-sys: do not link systemctl against journal-internal and id128-internal
systemctl does not need the internal journal and id128 libraries to
function, so don't link against them.
2012-08-03 18:20:09 +02:00
Lennart Poettering
18c7ed186b journal: add sd_journal_perror() to API 2012-08-01 19:53:23 +02:00
Zbigniew Jędrzejewski-Szmek
cd8654b13e build-sys: fix path to src/gudev/gudevenumtypes.h
This file is generated, so it should be referred to as
$(top_builddir)/src/gudev/gudevenumtypes.h. It could only appear in
$(top_srcdir) as a result of previous build in $(top_srcdir). Better
to just let automake add the prefix for us, so there's no need to
spell it out.

Remove the prefix from other source files too, $(top_srcdir) is the
default anyway.
2012-07-31 00:28:46 +02:00
Zbigniew Jędrzejewski-Szmek
bd923ff29e build-sys: always create the output directory first
$(MKDIR_P) is added where missing, and rules are standardized on one
form of $(MKDIR_P), to make it easier to spot when it is missing.
Single line $(MKDIR)&&command form is broken into two line form.

https://bugs.freedesktop.org/show_bug.cgi?id=49459

For compilation in a separate build directory to work, when a file is
generated, the rule must include an explicit mkdir first, unless the
file is created at the top level. Even when building in a separate
build-dir, automake would normally create all directories as a side
result of creating the dependencies files. Therefore the bug was only
visible with -C (turning off dependency generation).
2012-07-31 00:27:56 +02:00
Lennart Poettering
bad1837c18 Revert "man: ship systemd-udevd as the real manpage"
We want to keep things uniform, and hence treat udevd's man page like
any other in the repo. What matters is how users primarily interface
with a service, and that is not the binary path in /usr/lib/systemd but
the service name.

This reverts commit 6c1f3ba54a.
2012-07-29 11:58:41 +02:00