chiark / gitweb /
7 years agosystemd-python: cleanup up usec_t handling
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 22:40:05 +0000 (18:40 -0400)]
systemd-python: cleanup up usec_t handling

The behaviour wrt. seconds vs. microseconds was inconsistent.
Now _Reader always uses native units (us), while Reader always
uses seconds and accepts both floats and ints. This way the
conversion is always done in the Python layer, and the lower
level API allows access to the journal API without the potentially
lossy conversion between double and uint64_t.

7 years agosystemd-python: export sd_journal_get_usage
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 22:30:10 +0000 (18:30 -0400)]
systemd-python: export sd_journal_get_usage

7 years agoefivars: fix return code
Zbigniew Jędrzejewski-Szmek [Fri, 22 Mar 2013 00:55:17 +0000 (20:55 -0400)]
efivars: fix return code

Was returning 1 on read error.

7 years agoshutdownd: shut up bogus gcc warning
Zbigniew Jędrzejewski-Szmek [Thu, 21 Mar 2013 23:20:41 +0000 (19:20 -0400)]
shutdownd: shut up bogus gcc warning

This one is fake. But let's kill it, avoiding two condition checks
in the process.

src/shutdownd/shutdownd.c: In function 'when_wall':
src/shutdownd/shutdownd.c:182:44: warning: 'sub' may be used uninitialized in this function [-Wmaybe-uninitialized]
         return elapse > sub ? elapse - sub : 1;

7 years agobootchart: fix two unitialized memory frees
Zbigniew Jędrzejewski-Szmek [Thu, 21 Mar 2013 23:10:50 +0000 (19:10 -0400)]
bootchart: fix two unitialized memory frees

The new gcc isn't bad!

In file included from src/bootchart/svg.c:36:0:
src/bootchart/svg.c: In function 'svg_ps_bars':
./src/shared/util.h:524:13: warning: 'enc_name' may be used uninitialized in this function [-Wmaybe-uninitialized]
         free(*(void**) p);
src/bootchart/svg.c:821:37: note: 'enc_name' was declared here
                 char _cleanup_free_*enc_name;
  CC     src/udev/mtd_probe/mtd_probe-probe_smartmedia.o
  XSLT     man/systemd.unit.5
In file included from src/bootchart/svg.c:36:0:
src/bootchart/svg.c: In function 'svg_pss_graph':
./src/shared/util.h:524:13: warning: 'enc_name' may be used uninitialized in this function [-Wmaybe-uninitialized]
         free(*(void**) p);
src/bootchart/svg.c:395:37: note: 'enc_name' was declared here
                 char _cleanup_free_*enc_name;

7 years agoinitctl: fix return from unitialized memory in error path
Zbigniew Jędrzejewski-Szmek [Thu, 21 Mar 2013 23:06:55 +0000 (19:06 -0400)]
initctl: fix return from unitialized memory in error path

src/initctl/initctl.c: In function 'server_init':
src/initctl/initctl.c:282:13: warning: 'r' may be used uninitialized in this function [-Wmaybe-uninitialized]
         int r;

7 years agobuild-sys: use _FORTIFY_SOURCE with new gcc level -Og
Zbigniew Jędrzejewski-Szmek [Thu, 21 Mar 2013 18:53:12 +0000 (18:53 +0000)]
build-sys: use _FORTIFY_SOURCE with new gcc level -Og

7 years agobus: implicitly collect ucred/label information
Lennart Poettering [Fri, 22 Mar 2013 02:36:58 +0000 (03:36 +0100)]
bus: implicitly collect ucred/label information

7 years agobus: also finish connection before returning from sd_bus_get_unique_name()
Lennart Poettering [Fri, 22 Mar 2013 02:34:29 +0000 (03:34 +0100)]
bus: also finish connection before returning from sd_bus_get_unique_name()

7 years agobus: when parsing enforce maximum container depth
Lennart Poettering [Fri, 22 Mar 2013 01:32:34 +0000 (02:32 +0100)]
bus: when parsing enforce maximum container depth

7 years agobus: fix uninitialized variable
Lennart Poettering [Fri, 22 Mar 2013 01:20:39 +0000 (02:20 +0100)]
bus: fix uninitialized variable

7 years agobus: validate the hello response properly
Lennart Poettering [Fri, 22 Mar 2013 01:20:21 +0000 (02:20 +0100)]
bus: validate the hello response properly

7 years agobus: properly verify recursion depth of signatures
Lennart Poettering [Fri, 22 Mar 2013 01:19:49 +0000 (02:19 +0100)]
bus: properly verify recursion depth of signatures

7 years agobus: rework synchronization logic
Lennart Poettering [Fri, 22 Mar 2013 00:49:56 +0000 (01:49 +0100)]
bus: rework synchronization logic

Instead of allowing certain actions fail during authentication and
connection setup, implicitly synchronize on the connection to be set up
completely before returning.

7 years agobus: reuse more code
Lennart Poettering [Fri, 22 Mar 2013 00:49:13 +0000 (01:49 +0100)]
bus: reuse more code

7 years agobus: validate the entire header more closely
Lennart Poettering [Fri, 22 Mar 2013 00:15:20 +0000 (01:15 +0100)]
bus: validate the entire header more closely

7 years agobus: properly validate object path values
Lennart Poettering [Thu, 21 Mar 2013 23:42:53 +0000 (00:42 +0100)]
bus: properly validate object path values

7 years agobus: generate a nice error when attempting to add a NULL string
Lennart Poettering [Thu, 21 Mar 2013 23:24:21 +0000 (00:24 +0100)]
bus: generate a nice error when attempting to add a NULL string

7 years agobus: implicitly handle peer commands Ping() and GetMachineId()
Lennart Poettering [Thu, 21 Mar 2013 23:08:58 +0000 (00:08 +0100)]
bus: implicitly handle peer commands Ping() and GetMachineId()

7 years agobus: enforce limits on all client influenced data objects
Lennart Poettering [Thu, 21 Mar 2013 22:20:25 +0000 (23:20 +0100)]
bus: enforce limits on all client influenced data objects

7 years agobus: implicitly set no_reply flag on outgoing messages if the serial number is not...
Lennart Poettering [Thu, 21 Mar 2013 22:01:59 +0000 (23:01 +0100)]
bus: implicitly set no_reply flag on outgoing messages if the serial number is not kept

If nobody keeps the serial number of an outgoing message we know that
nobody expects an answer to it, so set the no_reply flag accordingly.

7 years agoudev: always set selinux label at "add" events
Kay Sievers [Thu, 21 Mar 2013 22:11:51 +0000 (23:11 +0100)]
udev: always set selinux label at "add" events

7 years agobus: implement full method call timeout logic
Lennart Poettering [Thu, 21 Mar 2013 21:50:25 +0000 (22:50 +0100)]
bus: implement full method call timeout logic

7 years agohwdb: update
Kay Sievers [Thu, 21 Mar 2013 21:17:13 +0000 (22:17 +0100)]
hwdb: update

7 years whitespace cleanup
Kay Sievers [Thu, 21 Mar 2013 21:16:55 +0000 (22:16 +0100)] whitespace cleanup

7 years agodoc: disable gtk-doc test again - you are a really annoying piece of software
Kay Sievers [Thu, 21 Mar 2013 14:07:54 +0000 (15:07 +0100)]
doc: disable gtk-doc test again - you are a really annoying piece of software

make  check-TESTS
make[5]: Nothing to be done for `/usr/bin/gtkdoc-check.log'.
fatal: making test-suite.log: failed to create /usr/bin/gtkdoc-check.trs
fatal: making test-suite.log: failed to create /usr/bin/gtkdoc-check.log
make[4]: *** [test-suite.log] Error 1
make[3]: *** [check-TESTS] Error 2
make[2]: *** [check-am] Error 2
make[1]: *** [check-recursive] Error 1
make: *** [check] Error 2

7 years agobuild-sys: include missing header in dist tarball
Michael Biebl [Thu, 21 Mar 2013 10:05:43 +0000 (11:05 +0100)]
build-sys: include missing header in dist tarball

7 years agoshared: add simple priority queue implementation
Lennart Poettering [Thu, 21 Mar 2013 01:42:28 +0000 (02:42 +0100)]
shared: add simple priority queue implementation

7 years agobus: compare to negative errno
Dave Reisner [Wed, 20 Mar 2013 23:25:37 +0000 (19:25 -0400)]
bus: compare to negative errno

7 years agoactivate: avoid warning from -Wshadow
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 22:30:31 +0000 (18:30 -0400)]
activate: avoid warning from -Wshadow

src/activate/activate.c:167:51: warning: declaration shadows a variable in the global scope [-Wshadow]
static int launch(char* name, char **argv, char **environ, int fds) {
/usr/include/unistd.h:546:15: note: previous declaration is here
extern char **environ;

7 years agoMake two functions static
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 22:27:49 +0000 (18:27 -0400)]
Make two functions static

7 years agoRemove some unused variables
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 22:25:35 +0000 (18:25 -0400)]
Remove some unused variables

7 years agosystemd-analyze: do not format timestamp when not printing it
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 22:22:20 +0000 (18:22 -0400)]
systemd-analyze: do not format timestamp when not printing it

../src/analyze/systemd-analyze.c:530:88: warning: data argument not used by format string [-Wformat-extra-args]
  ...svg_text(false, u->ixt, y, u->time? "%s (%s)" : "%s", u->name, format_timespan(ts, sizeof(ts), u->time));
                                                     ~~~~           ^

7 years agocore: remove unnecessary goto in setup_namespace
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 22:12:37 +0000 (18:12 -0400)]
core: remove unnecessary goto in setup_namespace

7 years agobus-message: fix typo
Tom Gundersen [Wed, 20 Mar 2013 23:01:14 +0000 (00:01 +0100)]
bus-message: fix typo

7 years agoupdate TODO
Lennart Poettering [Wed, 20 Mar 2013 21:57:55 +0000 (22:57 +0100)]
update TODO

7 years agobus: hook up client with socket communication
Lennart Poettering [Wed, 20 Mar 2013 21:56:25 +0000 (22:56 +0100)]
bus: hook up client with socket communication

7 years agobus: introduce bus_error_is_dirty() independently of sd_bus_error_is_set()
Lennart Poettering [Wed, 20 Mar 2013 12:10:12 +0000 (13:10 +0100)]
bus: introduce bus_error_is_dirty() independently of sd_bus_error_is_set()

7 years agobus: demarshal header fields properly
Lennart Poettering [Wed, 20 Mar 2013 04:29:20 +0000 (05:29 +0100)]
bus: demarshal header fields properly

7 years agobus: implement demarshaller
Lennart Poettering [Wed, 20 Mar 2013 02:15:03 +0000 (03:15 +0100)]
bus: implement demarshaller

7 years agobus: suppress reply messages to method calls with no_reply set
Lennart Poettering [Tue, 19 Mar 2013 19:16:27 +0000 (20:16 +0100)]
bus: suppress reply messages to method calls with no_reply set

7 years agobus: add basic implementation of a native bus client library
Lennart Poettering [Tue, 19 Mar 2013 19:03:16 +0000 (20:03 +0100)]
bus: add basic implementation of a native bus client library

7 years agostdio-bridge: modernization
Lennart Poettering [Tue, 19 Mar 2013 19:01:35 +0000 (20:01 +0100)]
stdio-bridge: modernization

7 years agoutil: add hexmem() and strextend() calls
Lennart Poettering [Tue, 19 Mar 2013 19:01:18 +0000 (20:01 +0100)]
util: add hexmem() and strextend() calls

7 years agomacro: add CHAR_TO_STR macro to make a one character string from a char
Lennart Poettering [Tue, 19 Mar 2013 19:00:55 +0000 (20:00 +0100)]
macro: add CHAR_TO_STR macro to make a one character string from a char

7 years agomacro: don't redefine CLAMP if it is already defined by glib or some other library
Lennart Poettering [Tue, 19 Mar 2013 19:00:29 +0000 (20:00 +0100)]
macro: don't redefine CLAMP if it is already defined by glib or some other library

7 years agoMake PrivateTmp dirs also inaccessible from the outside
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 05:38:28 +0000 (01:38 -0400)]
Make PrivateTmp dirs also inaccessible from the outside

Currently, PrivateTmp=yes means that the service cannot see the /tmp
shared by rest of the system and is isolated from other services using
PrivateTmp, but users can access and modify /tmp as seen by the

Move the private /tmp and /var/tmp directories into a 0077-mode
directory. This way unpriviledged users on the system cannot see (or
modify) /tmp as seen by the service.

7 years agobuild-sys: fix typo in human-readable output
Jan Engelhardt [Wed, 20 Mar 2013 14:23:30 +0000 (15:23 +0100)]
build-sys: fix typo in human-readable output

7 years agolibudev: avoid potential misaligned accesses
Jan Engelhardt [Wed, 20 Mar 2013 14:23:32 +0000 (15:23 +0100)]
libudev: avoid potential misaligned accesses

clang reports:
  src/libudev/libudev-util.c:665:35: warning: cast from
  "const unsigned char *" to "unsigned int *" increases required alignment
  from 1 to 4 [-Wcast-align]

7 years agolibude: remove special handling of "device" link, it should not be used
Kay Sievers [Wed, 20 Mar 2013 14:57:13 +0000 (15:57 +0100)]
libude: remove special handling of "device" link, it should not be used

7 years agozsh completion: udev - remove firmware builtin
Tom Gundersen [Wed, 20 Mar 2013 12:09:58 +0000 (13:09 +0100)]
zsh completion: udev - remove firmware builtin

7 years agoman/service: document behaviour on failure
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 02:13:48 +0000 (22:13 -0400)]
man/service: document behaviour on failure

7 years agocatalog: remove broken links to wiki
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 00:57:25 +0000 (20:57 -0400)]
catalog: remove broken links to wiki

7 years agojournalct: beef up entry listing
Zbigniew Jędrzejewski-Szmek [Wed, 20 Mar 2013 00:54:04 +0000 (20:54 -0400)]
journalct: beef up entry listing

The ability to dump catalog entries in full and by id is added.

7 years agosystemd-python: small cleanups
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2013 22:10:51 +0000 (18:10 -0400)]
systemd-python: small cleanups

- separate methods with two empty lines for clarity
- avoid malloc(0) by specyfing private data size as -1
- add method name in error messages

7 years agosystemd-python: add journal.get_catalog()
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2013 22:10:51 +0000 (18:10 -0400)]
systemd-python: add journal.get_catalog()

This one wraps sd_journal_get_catalog_from_message_id.
Thanks to Python namespacing, we can stick to a shorter name.

7 years agosystemd-python: add _Reader.get_catalog()
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2013 22:10:51 +0000 (18:10 -0400)]
systemd-python: add _Reader.get_catalog()

This one wraps sd_journaal_get_catalog.

7 years agoman/catalog: fix synopsis and remind to free
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2013 22:10:51 +0000 (18:10 -0400)]
man/catalog: fix synopsis and remind to free

7 years agosystemd-python: add _Reader.closed attribute
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2013 22:10:51 +0000 (18:10 -0400)]
systemd-python: add _Reader.closed attribute

This should make the file interface of _Reader complete.

7 years agojournalctl: use _cleanup_ in one function
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2013 22:00:57 +0000 (18:00 -0400)]
journalctl: use _cleanup_ in one function

7 years agorules: move builtin calls before the permissions section
Kay Sievers [Wed, 20 Mar 2013 00:26:17 +0000 (01:26 +0100)]
rules: move builtin calls before the permissions section

<heftig> kay: systemd commit 22582bb broke cups usb printing for me
<heftig> because the "lp" group isn't applied anymore
<heftig> SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0701??:*", GROUP="lp"
<heftig> moving this line to the end of 50-udev-default.rules restores correct behavior, as it's after usb_id

7 years agoshell-completion/bash/journalctl: suppress stderr
Harald Hoyer [Tue, 19 Mar 2013 13:55:50 +0000 (14:55 +0100)]
shell-completion/bash/journalctl: suppress stderr

7 years agokeymap: Remap microphone mute and touchpad toggle for Lenovo U300s
Ozan Çağlayan [Tue, 19 Mar 2013 13:49:30 +0000 (15:49 +0200)]
keymap: Remap microphone mute and touchpad toggle for Lenovo U300s

Separate out Ideapad U300s to its own line and add Microphone mute key.

Signed-off-by: Martin Pitt <>
7 years agokeymaps: Use F20 for micmute keys to be friendly to
Martin Pitt [Tue, 19 Mar 2013 12:10:29 +0000 (13:10 +0100)]
keymaps: Use F20 for micmute keys to be friendly to

The "micmute" key code is outside of's allowed range [1].
gnome-settings-daemon interprets F20 as "microphone mute" these days [2], so
use this until either gets fixed or obsoleted.


7 years agokeymap: Fix touchpad toggling on Lenovo IdeaPad U300s
Ozan Çağlayan [Tue, 19 Mar 2013 09:34:57 +0000 (11:34 +0200)]
keymap: Fix touchpad toggling on Lenovo IdeaPad U300s

IdeaPad U300s needs mapping 0xf1 to f21 just like Lenovo V480.

Signed-off-by: Martin Pitt <>
7 years agologind: exploit previous cleanups and simplify returns
Zbigniew Jędrzejewski-Szmek [Tue, 19 Mar 2013 00:31:21 +0000 (20:31 -0400)]
logind: exploit previous cleanups and simplify returns

7 years agologind: Make more use of cleanup macros
Colin Walters [Mon, 18 Mar 2013 18:38:48 +0000 (14:38 -0400)]
logind: Make more use of cleanup macros

7 years agoUse bus_maybe_send_reply() where applicable
Colin Walters [Mon, 18 Mar 2013 18:38:24 +0000 (14:38 -0400)]
Use bus_maybe_send_reply() where applicable

This is a followup to: commit 1a37b9b9043ef83e9900e460a9a1fccced3acf89

It will fix denial messages from dbus-daemon between gdm and
systemd-logind on logging into GNOME due to this.

See the previous commit for more details.

7 years agosd-journal: do not require path to be absolute
Zbigniew Jędrzejewski-Szmek [Sun, 4 Nov 2012 15:19:04 +0000 (16:19 +0100)]
sd-journal: do not require path to be absolute

Seems natural to be able to specify relative directory,
e.g. with journalctl -D. And even if, this should be checked
in front-end code, not in the library.

7 years agojournal,shared: add _cleanup_journal_close_
Zbigniew Jędrzejewski-Szmek [Mon, 18 Mar 2013 03:36:25 +0000 (23:36 -0400)]
journal,shared: add _cleanup_journal_close_

7 years agojournal: use _cleanup_
Zbigniew Jędrzejewski-Szmek [Mon, 18 Mar 2013 02:00:01 +0000 (22:00 -0400)]
journal: use _cleanup_

One log_debug() moved to match order in other functions.

7 years agojournal: use sd_journal_close on error in sd_journal_new
Zbigniew Jędrzejewski-Szmek [Mon, 18 Mar 2013 01:52:57 +0000 (21:52 -0400)]
journal: use sd_journal_close on error in sd_journal_new

7 years agosystemd-python: allow Reader to be used as a context manager
Zbigniew Jędrzejewski-Szmek [Mon, 18 Mar 2013 05:12:25 +0000 (01:12 -0400)]
systemd-python: allow Reader to be used as a context manager

7 years agotest-strv.c: test STRV_FOREACH_PAIR macro
Daniel Buch [Sat, 16 Mar 2013 09:00:03 +0000 (10:00 +0100)]
test-strv.c: test STRV_FOREACH_PAIR macro

7 years agoudev: rename kernel command line option to net.ifnames=
Kay Sievers [Mon, 18 Mar 2013 18:31:34 +0000 (19:31 +0100)]
udev: rename kernel command line option to net.ifnames=

7 years agoman: udev - clarify when RUN is executed
Tom Gundersen [Mon, 18 Mar 2013 17:09:46 +0000 (18:09 +0100)]
man: udev - clarify when RUN is executed

Unlike IMPORT and PROGRAM, RUN is not executed inline, but after all the rules of the given event have been processed.

7 years agoudev: builtin - use RUN rather than IMPORT for loading modules
Tom Gundersen [Sat, 16 Mar 2013 08:26:47 +0000 (17:26 +0900)]
udev: builtin - use RUN rather than IMPORT for loading modules

The 'kmod' builtin, like the 'firmware' and 'uaccess' builtins, does not set
any variables, so don't use IMPORT.

Notice that this changes the behaviour slightly: the processing of subsequent
rules for the event that loads a module will no longer wait for the module
loading to finish. This is not expected to cause any problems, but we should
keep an eye on it.

7 years agoudev: net-name-slot - disable by kernel command line switch
Tom Gundersen [Sun, 17 Mar 2013 04:23:33 +0000 (13:23 +0900)]
udev: net-name-slot - disable by kernel command line switch

The properties will still be set in the udev database, but they will not be used
for setting the interface names. As for the other kernel commandline switches,
we allow it to be prefixed by 'rd.' to only apply in the initrd.

7 years agoman: udev - move documentation of configuration file
Tom Gundersen [Mon, 18 Mar 2013 14:58:37 +0000 (15:58 +0100)]
man: udev - move documentation of configuration file

Moved from udev(7) to systemd-udevd.service(8), where the rest of the
documentation of the configuration of the daemon lives.

7 years agoudev: ifdef all firmware special handling
Kay Sievers [Mon, 18 Mar 2013 14:22:32 +0000 (15:22 +0100)]
udev: ifdef all firmware special handling

7 years agoudev: make firmware loading optional and disable by default
Tom Gundersen [Mon, 18 Mar 2013 14:12:18 +0000 (15:12 +0100)]
udev: make firmware loading optional and disable by default

Distros that whish to support old kernels should set
to retain the old behaviour.

7 years agoman: udev - document 'builtin'
Tom Gundersen [Mon, 18 Mar 2013 13:17:24 +0000 (14:17 +0100)]
man: udev - document 'builtin'

The new IMPORT{builtin} and RUN{builtin} were not documented. Also make it clear
that RUN= is really an alias for RUN{program}=.

7 years agounits: initrd, multi-user - add a few more words to Description=
Kay Sievers [Sat, 16 Mar 2013 15:29:29 +0000 (16:29 +0100)]
units: initrd, multi-user - add a few more words to Description=

7 years agoman: bootup - -->
Kay Sievers [Sat, 16 Mar 2013 15:21:47 +0000 (16:21 +0100)]
man: bootup - -->

7 years agojournal: pass the *pid* to sd_pid_get_owner_uid()
Kay Sievers [Sat, 16 Mar 2013 15:10:22 +0000 (16:10 +0100)]
journal: pass the *pid* to sd_pid_get_owner_uid()

7 years agotimer: fix grammar in message
Zbigniew Jędrzejewski-Szmek [Sat, 16 Mar 2013 02:48:45 +0000 (22:48 -0400)]
timer: fix grammar in message

7 years agocore: reuse the same /tmp, /var/tmp and inaccessible dir
Michal Sekletar [Thu, 14 Mar 2013 17:12:27 +0000 (18:12 +0100)]
core: reuse the same /tmp, /var/tmp and inaccessible dir

All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.

7 years agoTODO: uses for SO_REUSEPORT
Josh Triplett [Fri, 15 Mar 2013 15:50:12 +0000 (08:50 -0700)]

The new socket option SO_REUSEPORT would enable some new functionality;
add it to TODO.

7 years agosmack-setup: enable Smack/CIPSO mapping
Nathaniel Chen [Tue, 12 Mar 2013 23:16:44 +0000 (16:16 -0700)]
smack-setup: enable Smack/CIPSO mapping

CIPSO is the Common IP Security Option, an IETF standard for setting
security levels for a process sending packets. In Smack kernels,
CIPSO headers are mapped to Smack labels automatically, but can be changed.

This patch writes label/category mappings from /etc/smack/cipso/ to
/sys/fs/smackfs/cipso2. The mapping format is "%s%4d%4d"["%4d"]...

For more information about Smack and CIPSO, see:

7 years agosmack-setup: extract rule writing into a separate function
Zbigniew Jędrzejewski-Szmek [Thu, 14 Mar 2013 03:23:06 +0000 (23:23 -0400)]
smack-setup: extract rule writing into a separate function

Check all errors.

7 years agounits: ignore systemd-sysctl on shutdown
Umut Tezduyar [Wed, 13 Mar 2013 09:27:38 +0000 (10:27 +0100)]
units: ignore systemd-sysctl on shutdown

No need to try to stop systemd-sysctl on shutdown as
this service doesn't have ExecStop= anyways.

7 years agocore: keep mountinfo .mounts until late shutdown
Umut Tezduyar [Mon, 11 Mar 2013 15:30:10 +0000 (16:30 +0100)]
core: keep mountinfo .mounts until late shutdown

.mount units coming from /proc/self/mountinfo file are
unmounted after is reached during shutdown.

Problem: .mount units popping up in mountinfo file are
added to systemd without any dependency. For that reason,
they are the first one to be unmounted during shutdown.
Whichever program mounted the file system deserves a
chance to also unmount it. This patch ensures that
/proc/self/mountinfo units will be unmounted after during shutdown (if they haven't been
unmounted already)

7 years agoman: fix grammar
Zbigniew Jędrzejewski-Szmek [Thu, 14 Mar 2013 22:44:03 +0000 (18:44 -0400)]
man: fix grammar

7 years agosystemd-python: add systemd.daemon wrapping sd-daemon
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2013 23:01:10 +0000 (19:01 -0400)]
systemd-python: add systemd.daemon wrapping sd-daemon

Please see the documentation (e.g. pydoc3 systemd.daemon) for full
description. As usual, systemd._daemon wraps the raw interface, while
systemd.daemon provides the more pythonic API. sd_listen_fds,
sd_booted, sd_is_fifo, sd_is_socket, sd_is_socket_unix,
sd_is_socket_inet, sd_is_mq, and SD_LISTEN_FDS_START are currently

7 years agosystemd-activate: pass environment variables through
Zbigniew Jędrzejewski-Szmek [Fri, 15 Mar 2013 22:57:44 +0000 (18:57 -0400)]
systemd-activate: pass environment variables through

I need this to test half-installed socket-activated python
script, which requires PYTHONPATH and LD_LIBRARY_PATH set.
I assume that other people might find it useful to.

-E VAR passes through VAR from the environment, while
-E VAR=value sets VAR=value.

systemd-activate -E PYTHONPATH=/var/tmp/inst1/usr/lib64/python3.3/site-packages -E LD_LIBRARY_PATH=/var/tmp/inst1/usr/lib -l 2000 python3 -c 'from systemd.daemon import listen_fds; print(listen_fds())'

7 years agosysctl: default - add safe sysrq options
Kay Sievers [Fri, 15 Mar 2013 18:30:53 +0000 (19:30 +0100)]
sysctl: default - add safe sysrq options

7 years agoTODO: update
Kay Sievers [Fri, 15 Mar 2013 16:48:12 +0000 (17:48 +0100)]
TODO: update

7 years agonspawn: don't make assumptions about the size of pid_t
Lennart Poettering [Fri, 15 Mar 2013 15:48:48 +0000 (16:48 +0100)]
nspawn: don't make assumptions about the size of pid_t

7 years agologind: explicitly create state directories during early initialization
Lennart Poettering [Fri, 15 Mar 2013 15:46:35 +0000 (16:46 +0100)]
logind: explicitly create state directories during early initialization

Strictly speaking this isn't necessary for the /run/systemd/seats/
directory, since that is created anyway as the first seat is found, and
seat0 is always found. But let's be explicit here, and also create the
sessions/ and users/ directories, so that people can always install
inotify watches from very early on, even when nobody logged in yet.

7 years agosd-booted: update sd_booted() check a bit
Lennart Poettering [Fri, 15 Mar 2013 15:41:40 +0000 (16:41 +0100)]
sd-booted: update sd_booted() check a bit

Previously we were testing whether /sys/fs/cgroup/systemd/ was a mount
point. This might be problematic however, when the cgroup trees are bind
mounted into a container from the host (which should be absolutely
valid), which might create the impression that the container was running
systemd, but only the host actually is.

Replace this by a check for the existance of the directory
/run/systemd/system/, which should work unconditionally, since /run can
never be a bind mount but *must* be a tmpfs on systemd systems, which is
flushed at boots. This means that data in /run always reflects
information about the current boot, and only of the local container,
which makes it the perfect choice for a check like this.

(As side effect this is nice to Ubuntu people who now use logind with
the systemd cgroup hierarchy, where the old sd_booted() check misdetects
systemd, even though they still run legacy Upstart.)