chiark / gitweb /
Jan Alexander Steffens (heftig) [Tue, 28 May 2013 18:45:34 +0000 (20:45 +0200)]
journald: DO recalculate the ACL mask, but only if it doesn't exist
Since
11ec7ce, journald isn't setting the ACLs properly anymore if
the files had no ACLs to begin with: acl_set_fd fails with EINVAL.
An ACL with ACL_USER or ACL_GROUP entries but no ACL_MASK entry is
invalid, so make sure a mask exists before trying to set the ACL.
Zbigniew Jędrzejewski-Szmek [Thu, 30 May 2013 02:48:58 +0000 (22:48 -0400)]
build-sys: more pretty colors
Nirbheek Chauhan [Wed, 29 May 2013 19:38:04 +0000 (15:38 -0400)]
core: use the same test as upstart for apparmor
Lennart:
> Hmm, I just noticed this patch:
>
> https://code.launchpad.net/~mdeslaur/upstart/apparmor-support/+merge/164169
>
> It contains a different check for AppArmor. Basically something like this:
>
> /sys/module/apparmor/parameters/enabled == 'Y'
>
> I'd prefer if we could change our code to do the same, given that
> the Ubuntu guys are guys are upstream for apparmor.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
Zbigniew Jędrzejewski-Szmek [Thu, 30 May 2013 02:31:20 +0000 (22:31 -0400)]
man: fix display of keys which appear in two sections in directive index
When an index key appeared in multiple sections (e.g.
CPUAffinity= was present in both "SYSTEM MANAGER DIRECTIVES"
and "UNIT DIRECTIVES"), when lxml was used, the key would
be not be displayed in all but one of those sections, and
only an empty <term/> element would be present. This
happens because lxml allows only one parent for each node,
and when the same formatted element was used in multiple places,
it was actually moved between them. Fix this by making a copy
of the element. The bug was present since lxml support was
introduced.
Also fix some indentation issues.
Zbigniew Jędrzejewski-Szmek [Thu, 30 May 2013 02:38:06 +0000 (22:38 -0400)]
man: link to XKB conf. guide in localectl(1)
Eelco Dolstra [Fri, 24 May 2013 17:34:53 +0000 (13:34 -0400)]
Fix CPUShares configuration option
This fixes the error message "Unknown or unsupported cgroup attribute
CPUShares".
Kay Sievers [Thu, 30 May 2013 03:35:42 +0000 (05:35 +0200)]
bus: update for kdbus changes
Zachary Cook [Mon, 13 May 2013 22:00:37 +0000 (18:00 -0400)]
systemd: record efi timestamps after /sys is mounted
This partially reverts commit
c3a170f3, which moved
efi_get_boot_timestamps too early in main(), before
/sys is assured to be mounted
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=64371
[tomegun: in particular /sys/firmware/efi/efivars needs to be
mounted, which is not a problem if a systemd-initramfs containing
the correct module is being used. But not everyone uses an
initramfs...]
Lennart Poettering [Wed, 29 May 2013 07:59:10 +0000 (16:59 +0900)]
bus: rework benchmark test to actually yield useful results
Lennart Poettering [Wed, 29 May 2013 07:58:31 +0000 (16:58 +0900)]
bus: when adding memfds to cache and we shorten them, make sure to unmap the remainder
Lennart Poettering [Tue, 28 May 2013 08:04:35 +0000 (17:04 +0900)]
bus: properly unmap mapped area
Martin Pitt [Fri, 24 May 2013 06:35:47 +0000 (08:35 +0200)]
keymap: Add Logitech USB (iTouch)
https://launchpad.net/bugs/
1152377
Kay Sievers [Fri, 24 May 2013 01:08:48 +0000 (03:08 +0200)]
bus: update kdbus.h from upstream
Václav Pavlín [Fri, 17 May 2013 14:03:36 +0000 (16:03 +0200)]
systemctl: mangle names when avoiding dbus
Unit names were mangled in function enable_unit only when dbus was
used. This patch adds mangling also when the dbus is not in use.
This makes it possible to say e.g.:
systemctl --root=/path enable cups
without spelling cups.service out in full.
Jan Janssen [Fri, 17 May 2013 13:38:12 +0000 (15:38 +0200)]
Fix --no-ask-password
POSIX_ME_HARDER mode is disabled for localectl. It doesn't
make much sense in case of localectl, and there's little reason
for localectl to behave specially.
Zbigniew Jędrzejewski-Szmek [Thu, 23 May 2013 01:11:29 +0000 (21:11 -0400)]
man: mention net.ifnames in kernel-command-line(3)
Lennart Poettering [Wed, 22 May 2013 14:02:21 +0000 (16:02 +0200)]
bus: add benchmark tool to determine the right threshold for copying vs. memfd
Jan Janssen [Fri, 17 May 2013 13:38:13 +0000 (15:38 +0200)]
man: Document missing options
Michael Tremer [Sun, 19 May 2013 13:45:48 +0000 (15:45 +0200)]
systemctl: make systemctl is-enabled work for templated units
Patch resolves the problem that 'systemctl is-enabled' does
not work for templated units.
Without this patch, systemctl is-enabled something@abc.service
returned "No such file or directory", because it first checked
if /usr/lib/systemd/system/something@abc.service, etc. exists.
If systemctl is-enabled is called for templated units, this
check should be omitted and it should search for symlinks in
the .wants dirs right away.
This patch fixes the broken behaviour and resolves
https://bugs.freedesktop.org/show_bug.cgi?id=55318.
[zj: fixed the patch to still check for broken symlinks and
masked instances. Also removed untrue assumptions from
the patch description.]
Michael Olbrich [Sun, 19 May 2013 10:10:55 +0000 (12:10 +0200)]
service: kill processes with SIGKILL on watchdog failure
Just calling service_enter_dead() does not kill any processes.
As a result, the old process may still be running when the new one is
started.
After a watchdog failure the service is in an undefined state.
Using the normal shutdown mechanism makes no sense. Instead all processes
are just killed and the service can try to restart.
Mantas Mikulėnas [Mon, 20 May 2013 08:20:15 +0000 (11:20 +0300)]
systemctl: honor "--no-legend" in 'list-sockets'
Martin Pitt [Tue, 21 May 2013 07:52:33 +0000 (09:52 +0200)]
keymap: Add DIXONSP
https://launchpad.net/bugs/
1157334
Martin Pitt [Tue, 21 May 2013 07:40:21 +0000 (09:40 +0200)]
keymap: Add BenQ JoyBook
https://launchpad.net/bugs/727139
Martin Pitt [Tue, 21 May 2013 07:28:29 +0000 (09:28 +0200)]
keymap: Add Samsung 900XC3
https://launchpad.net/bugs/
1012365
Michal Schmidt [Mon, 20 May 2013 14:17:38 +0000 (16:17 +0200)]
core: fix DBus property ExecMainExitTimestamp
Possibly due to copy&paste error it was identical to
ExecMainStartTimestamp.
Lennart Poettering [Sun, 19 May 2013 22:36:50 +0000 (00:36 +0200)]
bus: add test for bloom filter prefix match
Lennart Poettering [Sun, 19 May 2013 22:21:56 +0000 (00:21 +0200)]
bus: add a more comprehensive test for the bloom filter logic
Lennart Poettering [Sun, 19 May 2013 16:39:08 +0000 (18:39 +0200)]
bus: calculate bloom filter for match
Yay! Filtering using kernel bloom filter matches works now! Yippieh!
David Strauss [Sat, 18 May 2013 09:28:25 +0000 (02:28 -0700)]
Standardize on 'file system' and 'namespace' in man pages.
This change is based on existing usage in systemd and online.
'File-system' may make sense in adjectival form, but man pages
seem to prefer 'file system' even in those situations.
Kay Sievers [Fri, 17 May 2013 21:25:31 +0000 (23:25 +0200)]
bus: do not pass a pointer but a uint64_t address in RECV
Karol Lewandowski [Thu, 16 May 2013 08:40:03 +0000 (10:40 +0200)]
Make it possible to disable smack separately from xattr support
Additionally, compile out rule loading if feature is disabled.
Lennart Poettering [Fri, 17 May 2013 02:25:56 +0000 (04:25 +0200)]
bus: add APIs for negotiating what is attached to messages
Lennart Poettering [Fri, 17 May 2013 01:13:58 +0000 (03:13 +0200)]
bus: add minimal locking around the memfd cache
We want to allow clients to process an sd_bus_message on a different
thread than it was received on. Since unreffing a bus message might
readd some of its memfds to the memfd cache add some minimal locking
around the cache.
Lennart Poettering [Fri, 17 May 2013 00:50:00 +0000 (02:50 +0200)]
bus: return ECHILD as soon as people try to reuse a bus connection across a fork()
Lennart Poettering [Fri, 17 May 2013 00:32:32 +0000 (02:32 +0200)]
bus: actually unmap kdbus pool after use
Lennart Poettering [Fri, 17 May 2013 00:22:37 +0000 (02:22 +0200)]
bus: keep kernel bus fd around during entire life-time of bus
We need this since we might need to invoke the release ioctl for
messages. Since we don't want to add any locking for that we simply keep
a reference to the bus and then rely that the fd stays valid all the
time.
Zbigniew Jędrzejewski-Szmek [Thu, 16 May 2013 00:42:22 +0000 (20:42 -0400)]
systemd-delta: count overrides only of the requested type
Lukas Nykryn [Thu, 16 May 2013 09:09:03 +0000 (11:09 +0200)]
systemd-delta: add support for drop-in snippets
Lennart Poettering [Thu, 16 May 2013 19:52:35 +0000 (21:52 +0200)]
bus: make bus ref counting atomic
This is preparation to allow sd_bus_message obejcts to be processed in a
different thread from their originating sd_bus object.
Lennart Poettering [Thu, 16 May 2013 19:14:56 +0000 (21:14 +0200)]
bus: synthesize timeout message errors instead of returning error codes
Lennart Poettering [Thu, 16 May 2013 14:53:03 +0000 (16:53 +0200)]
bus: implement sd_bus_message_append_string_memfd()
Lennart Poettering [Thu, 16 May 2013 14:26:35 +0000 (16:26 +0200)]
bus: send memfds as payload only on directed messages and for large parts
Zbigniew Jędrzejewski-Szmek [Thu, 16 May 2013 04:38:39 +0000 (00:38 -0400)]
systemd-python: do not attempt to convert str to bytes
Bug-spotted-by: Steven Hiscocks <steven-systemd@hiscocks.me.uk>
Chengwei Yang [Tue, 14 May 2013 01:03:04 +0000 (09:03 +0800)]
Fix syscall(__NR_fanotify_mark, ...) on arm
Michał Bartoszkiewicz [Wed, 15 May 2013 09:28:58 +0000 (11:28 +0200)]
journal: correctly convert usec_t to timespec.
Use timespec_store instead of (incorrectly) doing it inline.
Lennart Poettering [Thu, 16 May 2013 00:37:42 +0000 (02:37 +0200)]
bus: implement receiving side of memfd hookup
Lennart Poettering [Thu, 16 May 2013 00:04:13 +0000 (02:04 +0200)]
bus: put together messages with memfd payload correctly
Lennart Poettering [Wed, 15 May 2013 22:19:03 +0000 (00:19 +0200)]
utmp: turn systemd-update-utmp-shutdown.service into a normal runtime service
With this change systemd-update-utmp-shutdown.service is replaced by
systemd-update-utmp.service which is started at boot and stays around
until shutdown. This allows us to properly order the unit against both
/var/log and auditd.
https://bugzilla.redhat.com/show_bug.cgi?id=853104
https://bugs.freedesktop.org/show_bug.cgi?id=64365
Lennart Poettering [Wed, 15 May 2013 20:40:36 +0000 (22:40 +0200)]
update TODO
Lennart Poettering [Wed, 15 May 2013 20:38:51 +0000 (22:38 +0200)]
units: rework systemd-random-seed-{load,save}.service to be a single service
That way ordering it with MountsRequiredFor= works properly, as this no
longer results in mount units start requests to be added to the shutdown
transaction that conflict with stop requests for the same unit.
Lennart Poettering [Wed, 15 May 2013 17:45:05 +0000 (19:45 +0200)]
bus: add support for adding memfds into message payload
Zbigniew Jędrzejewski-Szmek [Wed, 15 May 2013 03:08:00 +0000 (23:08 -0400)]
journalctl: add -k/--dmesg
Zbigniew Jędrzejewski-Szmek [Wed, 15 May 2013 02:23:00 +0000 (22:23 -0400)]
build-sys: fix gtkdocize check
gtkdocize: GTK_DOC_CHECK not called in configure.ac
Fixup for
6581f00f7ea.
Zbigniew Jędrzejewski-Szmek [Wed, 15 May 2013 02:10:44 +0000 (22:10 -0400)]
build-sys: properly report missing gtk-doc
This brings the check for ENABLE_GTK_DOC in line with
HAVE_INTROSPECTION and other similar checks. Only
the status line that is printed with uninstalled
gtk-doc is changed.
https://bugs.freedesktop.org/show_bug.cgi?id=63108
Thomas Hindoe Paaboel Andersen [Fri, 12 Oct 2012 18:26:47 +0000 (20:26 +0200)]
sd-journal: check if the pointers passed are the same
Johan Heikkilä [Fri, 3 May 2013 13:59:51 +0000 (16:59 +0300)]
keymap: Add support for Eject button on MSI GE60/GE70
Lennart Poettering [Wed, 15 May 2013 00:56:45 +0000 (02:56 +0200)]
bus: rework message struct to keep header with fields in same malloc() block
This allows us to guarantee that the first payload_vec we pass to the
kernel for each message is guaranteed to include the full header and all
its field.
Lennart Poettering [Tue, 14 May 2013 23:43:15 +0000 (01:43 +0200)]
bus: add macro for iterating through body parts of a message
Lennart Poettering [Tue, 14 May 2013 23:36:09 +0000 (01:36 +0200)]
bus: minor fixes
Lennart Poettering [Tue, 14 May 2013 22:46:24 +0000 (00:46 +0200)]
bus: seal off memfds when sealing messages
Lennart Poettering [Tue, 14 May 2013 20:52:58 +0000 (22:52 +0200)]
bus: fix allocation of body parts from memfd
Lennart Poettering [Tue, 14 May 2013 20:24:26 +0000 (22:24 +0200)]
bus: properly handle message bodies that are a chain of memory areas rather than a single one
Kay Sievers [Tue, 14 May 2013 14:13:52 +0000 (16:13 +0200)]
bus: add and use UINT64_TO_PTR()
Lennart Poettering [Tue, 14 May 2013 12:01:20 +0000 (14:01 +0200)]
update TODO
Auke Kok [Mon, 13 May 2013 21:40:55 +0000 (14:40 -0700)]
journald-stream: typo in error message.
Kay Sievers [Mon, 13 May 2013 20:21:54 +0000 (22:21 +0200)]
TODO: add "debug" kernel cmdline switch
Kay Sievers [Mon, 13 May 2013 13:12:25 +0000 (15:12 +0200)]
bus: test-bus-memfd - use pread()/pwrite()
Kay Sievers [Mon, 13 May 2013 03:56:31 +0000 (05:56 +0200)]
bus: update test-bus-memfd
Kay Sievers [Sun, 12 May 2013 18:11:03 +0000 (20:11 +0200)]
bus: remove KDBUS_MAKE_ACCESS_WORLD, remove (n_payload > 2) check
KDBUS_MAKE_ACCESS_WORLD is no longer needed, the kernel creates the
kdbus device node with the uid/gid of the caller now.
Auke Kok [Sat, 11 May 2013 20:40:08 +0000 (13:40 -0700)]
Add support for ConditionSecurity=ima
Just as with SMACK, we don't really know if a policy has been
loaded or not, as the policy interface is write-only. Assume
therefore that if ima is present in securityfs that it is
enabled.
Update the man page to reflect that "ima" is a valid option
now as well.
Auke Kok [Sat, 11 May 2013 20:35:38 +0000 (13:35 -0700)]
Re-indent with spaces.
Kay Sievers [Sat, 11 May 2013 12:48:24 +0000 (14:48 +0200)]
bus: update test-bus-memfd
Kay Sievers [Fri, 10 May 2013 17:58:05 +0000 (19:58 +0200)]
bus: fix test-bus-memfd
Lennart Poettering [Fri, 10 May 2013 17:15:55 +0000 (19:15 +0200)]
bus: fix error check in memfd code
Lennart Poettering [Fri, 10 May 2013 15:33:44 +0000 (17:33 +0200)]
bus: extend memfd test
Dave Reisner [Fri, 10 May 2013 12:59:00 +0000 (08:59 -0400)]
nspawn: only warn about audit when booting the container
The audit subsystem isn't relevant when nspawn is only being used as a
chroot.
Lennart Poettering [Fri, 10 May 2013 12:34:57 +0000 (14:34 +0200)]
bus: add new API for kdbus memfd functionality
Kay Sievers [Fri, 10 May 2013 02:55:43 +0000 (04:55 +0200)]
kdbus: update kdbus.h from upstream
Lennart Poettering [Fri, 10 May 2013 01:36:55 +0000 (03:36 +0200)]
bus: catch up with latest kdbus
Lennart Poettering [Thu, 9 May 2013 23:12:15 +0000 (01:12 +0200)]
bus: add sd_bus_message_append_string_space() for zero-copy string appending
Colin Walters [Thu, 9 May 2013 23:31:20 +0000 (19:31 -0400)]
nspawn: Include netlink headers rather than using #ifdef
This is a better fix than
e13e1fad8b231e187bd5de3ce668411bdcd3ac1a for
failing to compile without audit that
77b6e19458f37cfde127ec6aa9494c0ac45ad890 introduced.
Colin Walters [Thu, 9 May 2013 22:32:32 +0000 (18:32 -0400)]
Fix previous commit for !HAVE_AUDIT
Zbigniew Jędrzejewski-Szmek [Thu, 9 May 2013 22:28:15 +0000 (18:28 -0400)]
systemd-python: allow threads around flush
flush() is potentially costly.
Zbigniew Jędrzejewski-Szmek [Thu, 9 May 2013 22:25:54 +0000 (18:25 -0400)]
systemd-python: use consistent indentation
Lennart Poettering [Thu, 9 May 2013 22:14:12 +0000 (00:14 +0200)]
audit: since audit is apparently never going to be fixed for containers tell the user what's going on
Let's try to be helpful to the user and give him a hint what he can do
to make nspawn work with normal OS containers.
https://bugzilla.redhat.com/show_bug.cgi?id=893751
Eelco Dolstra [Tue, 7 May 2013 12:16:53 +0000 (14:16 +0200)]
Start ctrl-alt-del.target irreversibly
This makes ctrl-alt-del reboots more robust, just like "systemctl
reboot".
Zbigniew Jędrzejewski-Szmek [Thu, 9 May 2013 22:10:44 +0000 (18:10 -0400)]
build-sys: add convinience 'make python-shell'
This will launch $(PYTHON) with $LD_LIBRARY_PATH and $PYTHONPATH
as ./configure-d and DESTDIR-ed. Use as:
make install DESTDIR=/var/tmp/inst python-shell
Zbigniew Jędrzejewski-Szmek [Thu, 9 May 2013 22:10:30 +0000 (18:10 -0400)]
systemd-python: wrap sd_login_monitor
Lennart Poettering [Thu, 9 May 2013 18:00:51 +0000 (20:00 +0200)]
bus: add API for appending/reading fixed arrays
Auke Kok [Thu, 9 May 2013 16:39:15 +0000 (09:39 -0700)]
systemctl does not expand %u, so revert back to %I
The description field is only displayed by systemctl, and
it can't expand %u properly (it will always display "root").
Lennart Poettering [Thu, 9 May 2013 13:45:50 +0000 (15:45 +0200)]
build-sys: prepare 204
Lennart Poettering [Thu, 9 May 2013 13:32:27 +0000 (15:32 +0200)]
man: document that the kernel's audit subsystem is currently incompatible with nspawn containers
Karol Lewandowski [Tue, 7 May 2013 11:21:46 +0000 (13:21 +0200)]
condition, man: Add support for ConditionSecurity=smack
According to Documentation/security/Smack.txt:
In keeping with the intent of Smack, configuration data is minimal
and not strictly required. The most important configuration step is
mounting the smackfs pseudo filesystem.
This means that checking the mount point should be enough.
Zbigniew Jędrzejewski-Szmek [Wed, 8 May 2013 23:46:49 +0000 (19:46 -0400)]
systemd-python: add wrappers for easy functions in sd-login
sd_get_uids, sd_get_seats, sd_get_sessions, and sd_get_machine_names.
Zbigniew Jędrzejewski-Szmek [Thu, 9 May 2013 01:08:14 +0000 (21:08 -0400)]
systemd-python: add __version__ strings
Zbigniew Jędrzejewski-Szmek [Wed, 8 May 2013 01:07:39 +0000 (21:07 -0400)]
Rearrange a few fields to reduce holes
Zbigniew Jędrzejewski-Szmek [Tue, 7 May 2013 00:00:16 +0000 (20:00 -0400)]
man: add permalinks to subsection titles too
Lennart Poettering [Tue, 7 May 2013 18:56:30 +0000 (20:56 +0200)]
update TODO
Lennart Poettering [Tue, 7 May 2013 18:56:05 +0000 (20:56 +0200)]
hostnamectl: suppress outputting of pretty hostname field in status if empty
Lennart Poettering [Tue, 7 May 2013 18:55:11 +0000 (20:55 +0200)]
hostname: only suppress setting of pretty hostname if it is non-equal to the static hostname and if the static hostname is set, too
https://bugzilla.redhat.com/show_bug.cgi?id=957814