Commit Graph

9628 Commits

Author SHA1 Message Date
Auke Kok
0eb59ccfe6 SMACK: Add configuration options. (v3)
This adds SMACK label configuration options to socket units.

SMACK labels should be applied to most objects on disk well before
execution time, but two items remain that are generated dynamically
at run time that require SMACK labels to be set in order to enforce
MAC on all objects.

Files on disk can be labelled using package management.

For device nodes, simple udev rules are sufficient to add SMACK labels
at boot/insertion time.

Sockets can be created at run time and systemd does just that for
several services. In order to protect FIFO's and UNIX domain sockets,
we must instruct systemd to apply SMACK labels at runtime.

This patch adds the following options:

Smack - applicable to FIFO's.
SmackIpIn/SmackIpOut - applicable to sockets.

No external dependencies are required to support SMACK, as setting
the labels is done using fsetxattr(). The labels can be set on a
kernel that does not have SMACK enabled either, so there is no need
to #ifdef any of this code out.

For more information about SMACK, please see Documentation/Smack.txt
in the kernel source code.

v3 of this patch changes the config options to be CamelCased.
2012-10-30 03:40:42 +01:00
Lennart Poettering
978cf3c75f logind: it's OK if a process on an pty requests a session for seat0
After all, if a sudo/su inside an X terminal should get added to the
same session as the X session itself.
2012-10-30 03:40:42 +01:00
Lennart Poettering
7ba6438631 logind: unify all session lock loop 2012-10-30 03:40:42 +01:00
Lennart Poettering
faf22b6559 update TODO 2012-10-30 03:40:42 +01:00
Lee, Chun-Yi
f271dd9762 systemd: mount the EFI variable filesystem
Add efivarfs to the mount_table in mount-setup.c, so the EFI variable
filesystem will be mounted when systemd executed.

The EFI variable filesystem will merge in v3.7 or v3.8 linux kernel.

Cc: Kay Sievers <kay@vrfy.org>
Cc: Lennart Poettering <lennart@poettering.net>
Cc: Mantas Mikulėnas <grawity@gmail.com>
Cc: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Cc: Matt Fleming <matt.fleming@intel.com>
Cc: Jeremy Kerr <jeremy.kerr@canonical.com>
Cc: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
2012-10-30 03:40:42 +01:00
Michal Schmidt
2161de72c5 units: agetty overrides TERM
Environment=TERM=... has no effect on agetty who sets it by itself. To
really set TERM to a specified value, it has to be given on the command
line.

https://bugzilla.redhat.com/show_bug.cgi?id=870622
2012-10-29 22:58:40 +01:00
Michal Schmidt
fd09c93de9 util: improve overflow checks
commit 49371bb fixed the observed division by zero, but missed another
occurrence of the same bug. It was also not the optimal fix. We can
simply make the divisor a constant by swapping it with the compared
value.
2012-10-29 22:57:24 +01:00
Kay Sievers
f36d7992ef hostnamectl: do not choke on set-hostname with no argument
https://bugzilla.redhat.com/show_bug.cgi?id=871172
2012-10-29 20:56:02 +01:00
Kay Sievers
6c1703cc35 update TODO 2012-10-29 20:56:02 +01:00
Dave Reisner
49371bb50e util: avoid divide by zero FPE
In early userspace, if kernel initialization happens extremely quickly,
a call to systemd-timestamp can potentially result in division by zero.
Ensure that the check in timespec_load, which only makes sense if tv_sec
is greater than zero, is guarded by this condition.
2012-10-29 15:53:03 -04:00
Zbigniew Jędrzejewski-Szmek
6827101ab4 NEWS: fix typo 2012-10-29 09:52:31 +00:00
Olivier Brunel
b61e88162a swap: fix swap behaviour with symlinks
Starting a swap unit pointing to (What) a symlink (e.g. /dev/mapper/swap
or /dev/disk/by-uuid/...) would have said unit marked active, following
the one using the "actual" device (/dev/{dm-1,sda3}), but that new unit
would be seen as inactive.
Since all requests to stop swap units would follow/redirect to it,
and it is seen inactive, nothing would be done (swapoff never called).

This is because this unit would be treated twice in
swap_process_new_swap, the second call to swap_add_one causing it to
eventually be marked inactive.
2012-10-29 09:04:25 +00:00
Zbigniew Jędrzejewski-Szmek
646134dc0d swap: modernize style 2012-10-29 09:03:56 +00:00
Zbigniew Jędrzejewski-Szmek
170ca19e4d swap: use automatic cleanup 2012-10-29 09:01:20 +00:00
Zbigniew Jędrzejewski-Szmek
df326b8463 swap: introduce helper variable
Just for readability, no funcational change.
2012-10-29 09:00:56 +00:00
Zbigniew Jędrzejewski-Szmek
92b3623304 login: trivial grammar fix 2012-10-28 22:43:11 +01:00
Zbigniew Jędrzejewski-Szmek
ccd413871b systemctl: skip JOBS column if no jobs
Output is very constrained. This change saves 4 columns in the common
case.
2012-10-28 22:43:11 +01:00
Dave Reisner
35cdd0437d bash-completion: avoid usage of ls for listing devices 2012-10-28 12:27:27 -04:00
Kay Sievers
0caa6ba969 bash-completion: add minimal 'udevadm' support 2012-10-28 17:18:55 +01:00
Ben Boeckel
15f47220ab NEWS: fix a typo 2012-10-28 13:46:09 +01:00
Lennart Poettering
7654b2c259 logind: add 'lock' as possible choice for handling hw keys 2012-10-28 12:29:27 +01:00
Kay Sievers
9485d98d77 libudev: hwdb - cleanup list before getting new properties 2012-10-28 04:59:38 +01:00
Kay Sievers
23b7245397 udev: add "udevadm hwdb --test=<modalias>" 2012-10-28 04:41:15 +01:00
Kay Sievers
ff944daa01 udev: get rid of SYSCONFDIR 2012-10-28 04:04:22 +01:00
Ramkumar Ramachandra
a8f454e8a3 completion: fix typo in accessing array index
Remove spurious '}'. This error went unnoticed so far because Bash
doesn't complain.
2012-10-28 02:14:41 +02:00
Ramkumar Ramachandra
9c2cd81e0e units: teach m4 scripts in units/ about Debian's rc.local
This makes the behaviour wrt. to rc[-.]local consistent between
various distributions supporting it.
2012-10-28 02:14:41 +02:00
Zbigniew Jędrzejewski-Szmek
f2d433e178 Tweak TODO 2012-10-28 02:14:41 +02:00
Thomas Bächler
4e84ae7e76 man/logind.conf.xml: Add missing 'suspend' value for Handle*Key options. 2012-10-28 02:14:41 +02:00
Michal Sekletar
3dd8ee8fa6 util: fix possible integer overflows 2012-10-28 02:14:41 +02:00
Michal Sekletar
7ca7021a9e localectl: fix memleak, use _cleanup_strv_free_
l might contain zero strings, however there is still memory
allocated for NULL terminator, use _cleanup_strv_free_ instead to
prevent tiny leak in such case.
2012-10-28 02:14:41 +02:00
Michal Sekletar
2f7a4867ba localectl: fix memleak, jump to finish before returning 2012-10-28 02:14:40 +02:00
Michal Sekletar
4a207bb2a5 journal: fix memleak, call set_free before return 2012-10-28 02:14:40 +02:00
Zbigniew Jędrzejewski-Szmek
aa6eba407b units: reword rescue mode hints
Do not suggest to the user that commands can be issued before
logging in.

sulogin prints it own message, which mentions ^D, so there's no need
to repeat it here.
2012-10-28 02:14:00 +02:00
Lennart Poettering
9ec82de172 update TODO 2012-10-28 00:50:35 +02:00
Lennart Poettering
6524990fdc logind: support for hybrid sleep (i.e. suspend+hibernate at the same time) 2012-10-28 00:50:35 +02:00
Kay Sievers
2001208c2a libudev: import hwdb and export lookup interface 2012-10-27 23:39:41 +02:00
Kay Sievers
19e6561356 hwclock: do not seal the kernel's time-warp call from inside the initrd 2012-10-27 16:31:10 +02:00
Dave Reisner
b80f194eea bash-compleiton: add missing --disk-usage option for journalctl 2012-10-26 19:22:32 -04:00
Lennart Poettering
e8988fc2a2 util: return the remaining string in startswith() 2012-10-27 01:20:01 +02:00
Lennart Poettering
ada45c785f coredumpctl: add 'gdb' verb to start gdb right-away on a collected coredump 2012-10-27 01:19:47 +02:00
Lennart Poettering
684341b073 coredumpctl: show timestamps in list 2012-10-26 20:34:39 +02:00
Lennart Poettering
34741aa3e2 journal: special case the trivial cache chain cache entry 2012-10-26 20:25:36 +02:00
Lennart Poettering
8bc8ab83c8 coredumpctl: optimize journal entry parsing a bit by enumerating only once 2012-10-26 20:25:10 +02:00
Lennart Poettering
ccc403587c coredumpctl: initialize global vars 2012-10-26 20:23:28 +02:00
Lennart Poettering
85210bffd8 journal: provide an API that allows client to figure out whether they need to recheck the journal manually for changes in regular intervals
Network file systems generally do not offer inotify() that would work
across the network. We hence cannot rely on inotify() exclusiely in
those case. Provide an API to determine these cases, and suggest doing
manual regular rechecks.

Note that this is not complete yet, as we need to rescan journal dirs on
network file systems explicitly to find new/removed files
2012-10-26 20:07:33 +02:00
Lennart Poettering
e9f600f2fb journal: fix parsing of monotonic kernel timestamps 2012-10-26 14:56:41 +02:00
Martin Pitt
221a6c2a26 keymap: Add HP EliteBook 8440p
Thanks to Glen Ditchfield <gjditchfield@acm.org>!

https://launchpad.net/bugs/1071579
2012-10-26 06:31:14 +02:00
Lennart Poettering
e707c49485 update TODO 2012-10-26 03:55:58 +02:00
Kay Sievers
4af113f997 udev: builtin - do not fail builtin initialization if one of them returns an error 2012-10-26 03:45:25 +02:00
Lennart Poettering
a4bcff5ba3 journal: introduce entry array chain cache
When traversing entry array chains for a bisection or for retrieving an
item by index we previously always started at the beginning of the
chain. Since we tend to look at the same chains repeatedly, let's cache
where we have been the last time, and maybe we can skip ahead with this
the next time.

This turns most bisections and index lookups from O(log(n)*log(n)) into
O(log(n)). More importantly however, we seek around on disk much less,
which is good to reduce buffer cache and seek times on rotational disks.
2012-10-26 03:24:03 +02:00