chiark / gitweb /
elogind.git
5 years agocore: send sigabrt on watchdog timeout to get the stacktrace
Umut Tezduyar Lindskog [Tue, 28 Oct 2014 15:35:40 +0000 (16:35 +0100)]
core: send sigabrt on watchdog timeout to get the stacktrace

if sigabrt doesn't do the job, follow regular shutdown
routine, sigterm > sigkill.

5 years agoswap: don't add too many deps for swap files form /proc/swap
Lennart Poettering [Tue, 28 Oct 2014 16:27:38 +0000 (17:27 +0100)]
swap: don't add too many deps for swap files form /proc/swap

5 years agoudev: path_id - set supported_parent for well-known SCSI setups
Kay Sievers [Tue, 28 Oct 2014 15:50:24 +0000 (16:50 +0100)]
udev: path_id - set supported_parent for well-known SCSI setups

5 years agoNEWS: fix typos
Ronny Chevalier [Tue, 28 Oct 2014 15:04:21 +0000 (16:04 +0100)]
NEWS: fix typos

5 years agoNEWS: update
Kay Sievers [Tue, 28 Oct 2014 14:53:44 +0000 (15:53 +0100)]
NEWS: update

5 years agoNEWS
Tom Gundersen [Tue, 28 Oct 2014 14:42:57 +0000 (15:42 +0100)]
NEWS

5 years agoupdate NEWS
Lennart Poettering [Tue, 28 Oct 2014 14:44:00 +0000 (15:44 +0100)]
update NEWS

5 years agoupdate NEWS
Lennart Poettering [Tue, 28 Oct 2014 14:35:35 +0000 (15:35 +0100)]
update NEWS

5 years agobuild-sys: bump version number in preparation for release
Lennart Poettering [Tue, 28 Oct 2014 14:29:49 +0000 (15:29 +0100)]
build-sys: bump version number in preparation for release

5 years agobuild-sys: bump library versions in preparation for 217 release
Lennart Poettering [Tue, 28 Oct 2014 14:29:36 +0000 (15:29 +0100)]
build-sys: bump library versions in preparation for 217 release

5 years agoNEWS: add contributor list in preparation for 217 release
Lennart Poettering [Tue, 28 Oct 2014 14:20:16 +0000 (15:20 +0100)]
NEWS: add contributor list in preparation for 217 release

5 years agoupdate NEWS
Lennart Poettering [Tue, 28 Oct 2014 14:17:53 +0000 (15:17 +0100)]
update NEWS

5 years agopolkit: actually generate new InteractiveAuthorizationRequired error on the right...
Lennart Poettering [Tue, 28 Oct 2014 14:11:39 +0000 (15:11 +0100)]
polkit: actually generate new InteractiveAuthorizationRequired error on the right occasions

5 years agoupdate TODO
Lennart Poettering [Tue, 28 Oct 2014 14:06:30 +0000 (15:06 +0100)]
update TODO

5 years agosd-bus: add support for new InteractiveAuthorizationRequired error from dbus spec
Lennart Poettering [Tue, 28 Oct 2014 13:59:08 +0000 (14:59 +0100)]
sd-bus: add support for new InteractiveAuthorizationRequired error from dbus spec

5 years agoupdate TODO
Lennart Poettering [Tue, 28 Oct 2014 13:47:35 +0000 (14:47 +0100)]
update TODO

5 years agoman: minor corrections on how the overall system states are actually defined
Lennart Poettering [Tue, 28 Oct 2014 13:38:47 +0000 (14:38 +0100)]
man: minor corrections on how the overall system states are actually defined

5 years agomac: add mac_ prefix to distinguish origin security apis
WaLyong Cho [Fri, 24 Oct 2014 12:15:25 +0000 (21:15 +0900)]
mac: add mac_ prefix to distinguish origin security apis

5 years agoupdate TODO
Lennart Poettering [Tue, 28 Oct 2014 13:31:17 +0000 (14:31 +0100)]
update TODO

5 years agoswap: drop noauto/nofail bools from Swap structure
Lennart Poettering [Tue, 28 Oct 2014 13:30:30 +0000 (14:30 +0100)]
swap: drop noauto/nofail bools from Swap structure

We nowadays always set them to "false" anyway, hence let's get rid of
them entirely.

5 years agoswap: replace Discard= setting by a more generic Options= setting
Lennart Poettering [Tue, 28 Oct 2014 13:24:46 +0000 (14:24 +0100)]
swap: replace Discard= setting by a more generic Options= setting

For now, it's systemd itself that parses the options string, but as soon
as util-linux' swapon can take the option string directly with -o we
should pass it on unmodified.

5 years agoudev hwdb: Support shipping pre-compiled database in system images
Martin Pitt [Fri, 17 Oct 2014 13:01:01 +0000 (15:01 +0200)]
udev hwdb: Support shipping pre-compiled database in system images

In some cases it is preferable to ship system images with a pre-generated
binary hwdb database, to avoid having to build it at runtime, avoid shipping
the source hwdb files, or avoid storing large binary files in /etc.

So if hwdb.bin does not exist in /etc/udev/, fall back to looking for it in
UDEVLIBEXECDIR. This keeps the possibility to add files to /etc/udev/hwdb.d/
and re-generating the database which trumps the one in /usr/lib.

Add a new --usr flag to "udevadm hwdb --update" which puts the database
into UDEVLIBEXECDIR.

Adjust systemd-udev-hwdb-update.service to not generate the file in /etc if we
already have it in /usr.

5 years agoupdate TODO
Lennart Poettering [Tue, 28 Oct 2014 11:33:25 +0000 (12:33 +0100)]
update TODO

5 years agoman: document that $XDG_SESSION_DESKTOP only takes a single item, not a list, unlike...
Lennart Poettering [Tue, 28 Oct 2014 11:32:25 +0000 (12:32 +0100)]
man: document that $XDG_SESSION_DESKTOP only takes a single item, not a list, unlike $XDG_CURRENT_DESKTOP

5 years agosd-login: let's not needlessly yell at users
Lennart Poettering [Tue, 28 Oct 2014 11:31:11 +0000 (12:31 +0100)]
sd-login: let's not needlessly yell at users

While GNOME/KDE are generally capitalized, systemd tools generally are
not, hence let's not start doing so in the XDG_CURRENT_SESSION
environment variable.

5 years agomanager: print warning on console before reboot
Zbigniew Jędrzejewski-Szmek [Tue, 28 Oct 2014 03:14:23 +0000 (23:14 -0400)]
manager: print warning on console before reboot

It will be printed even if a prompt is blocking other messages.

5 years agomanager: convert ephemeral to enum
Zbigniew Jędrzejewski-Szmek [Tue, 28 Oct 2014 03:02:54 +0000 (23:02 -0400)]
manager: convert ephemeral to enum

In preparation for subsequent changes.

5 years agoman: add table of manager states
Zbigniew Jędrzejewski-Szmek [Tue, 28 Oct 2014 02:16:11 +0000 (22:16 -0400)]
man: add table of manager states

5 years agoshell-completion: systemctl set-default,get-default,is-system-running
Zbigniew Jędrzejewski-Szmek [Tue, 28 Oct 2014 02:34:28 +0000 (21:34 -0500)]
shell-completion: systemctl set-default,get-default,is-system-running

5 years agorpm: add user macros
Zbigniew Jędrzejewski-Szmek [Tue, 28 Oct 2014 02:34:09 +0000 (21:34 -0500)]
rpm: add user macros

5 years agomanager: do not print anything while passwords are being queried
Zbigniew Jędrzejewski-Szmek [Sun, 26 Oct 2014 00:30:51 +0000 (20:30 -0400)]
manager: do not print anything while passwords are being queried

https://bugs.freedesktop.org/show_bug.cgi?id=73942

5 years agocdrom_id: do not attempt to read past end of buffer
Zbigniew Jędrzejewski-Szmek [Tue, 28 Oct 2014 01:52:38 +0000 (21:52 -0400)]
cdrom_id: do not attempt to read past end of buffer

CID #1238437

5 years agoselinux: make sure we do not try to print missing fields
Zbigniew Jędrzejewski-Szmek [Tue, 28 Oct 2014 01:31:29 +0000 (21:31 -0400)]
selinux: make sure we do not try to print missing fields

UID or GID of 0 is valid, so we cannot use that to distinguish whether
calls to sd_bus_creds_get_* succeeded, and the return value from the
function is the only way to know about missing fields. Print "n/a" if
the fields are missing.

CID #1238779

5 years agologin: remove multi-seat-x
Timofey Titovets [Sat, 25 Oct 2014 21:17:24 +0000 (00:17 +0300)]
login: remove multi-seat-x

5 years agoupdate TODO
Lennart Poettering [Tue, 28 Oct 2014 01:19:37 +0000 (02:19 +0100)]
update TODO

5 years agoUpdate NEWS
Lennart Poettering [Tue, 28 Oct 2014 01:17:12 +0000 (02:17 +0100)]
Update NEWS

5 years agounits: define appropriate job timeout actions when boot or shutdown timeouts are hit
Lennart Poettering [Tue, 28 Oct 2014 00:49:39 +0000 (01:49 +0100)]
units: define appropriate job timeout actions when boot or shutdown timeouts are hit

Using the new JobTimeoutAction= setting make sure we power off the
machine after basic.target is queued for longer than 15min but not
executed. Similar, if poweroff.target is queued for longer than 30min
but does not complete, forcibly turn off the system. Similar, if
reboot.target is queued for longer than 30min but does not complete,
forcibly reboot the system.

5 years agojob: optionally, when a job timeout is hit, also execute a failure action
Lennart Poettering [Tue, 28 Oct 2014 00:49:07 +0000 (01:49 +0100)]
job: optionally, when a job timeout is hit, also execute a failure action

5 years agocore: remove system start timeout logic again
Lennart Poettering [Tue, 28 Oct 2014 00:42:13 +0000 (01:42 +0100)]
core: remove system start timeout logic again

The system start timeout as previously implemented would get confused by
long-running services that are included in the initial system startup
transaction for example by being cron-job-like long-running services
triggered immediately at boot. Such long-running jobs would be subject
to the default 15min timeout, esily triggering it.

Hence, remove this again. In a subsequent commit, introduce per-target
job timeouts instead, that allow us to control these timeouts more
finegrained.

5 years agoupdate TODO
Lennart Poettering [Mon, 27 Oct 2014 23:52:48 +0000 (00:52 +0100)]
update TODO

5 years agojournald: be nice to coverity, add an extra assert
Lennart Poettering [Mon, 27 Oct 2014 22:50:51 +0000 (23:50 +0100)]
journald: be nice to coverity, add an extra assert

coverity otherwise assumes that the chain object might be NULL.

5 years agoCODING_STYLE: don't clobber arguments on failure
Lennart Poettering [Mon, 27 Oct 2014 17:09:07 +0000 (18:09 +0100)]
CODING_STYLE: don't clobber arguments on failure

5 years agocalendarspec: parse 'quarterly' and 'semi-annually' as shortcuts
Lennart Poettering [Mon, 27 Oct 2014 17:08:46 +0000 (18:08 +0100)]
calendarspec: parse 'quarterly' and 'semi-annually' as shortcuts

5 years agonetworkd: network - if no prefixlength is given, try to deduce one from the address...
Tom Gundersen [Mon, 27 Oct 2014 16:39:18 +0000 (17:39 +0100)]
networkd: network - if no prefixlength is given, try to deduce one from the address class

In case of a class E or F address, ignore the address.

5 years agoshared: in-addr-utils - add default_subnet_mask and default_prefixlen methods
Tom Gundersen [Mon, 27 Oct 2014 16:38:03 +0000 (17:38 +0100)]
shared: in-addr-utils - add default_subnet_mask and default_prefixlen methods

These use the (deprecated) IPv4 address classes to deduce the corresponding subnet masks. This is useful when addresses
without subnet masks and prefix lengths are given.

Make use of these new functions from sd-dhcp-lease.

5 years agoman: tmpfiles.d - recommend using b! and c!
Tom Gundersen [Mon, 27 Oct 2014 16:28:29 +0000 (17:28 +0100)]
man: tmpfiles.d - recommend using b! and c!

We should avoid creating static device nodes at runtime.

5 years agounits: tmpfiles-setup-dev - allow unsafe file creation to happen in /dev at boot
Tom Gundersen [Mon, 27 Oct 2014 16:15:42 +0000 (17:15 +0100)]
units: tmpfiles-setup-dev - allow unsafe file creation to happen in /dev at boot

This will allow us to mark static device nodes with '!' to indicate that they should only be created at early boot.

5 years agosd-bus: sync kdbus.h (ABI break)
Daniel Mack [Mon, 27 Oct 2014 16:02:31 +0000 (17:02 +0100)]
sd-bus: sync kdbus.h (ABI break)

Some comment fixes and header cleanups in kdbus.h, and the task capability
meta information has been factored out to its own struct.

5 years agoman: document what "minutely" now means
Lennart Poettering [Mon, 27 Oct 2014 12:54:19 +0000 (13:54 +0100)]
man: document what "minutely" now means

5 years agocalendar: new case 'minutely'
Daniele Medri [Mon, 27 Oct 2014 07:42:42 +0000 (08:42 +0100)]
calendar: new case 'minutely'

5 years agoupdate TODO
Lennart Poettering [Mon, 27 Oct 2014 12:32:04 +0000 (13:32 +0100)]
update TODO

5 years agoupdate NEWS
Lennart Poettering [Mon, 27 Oct 2014 12:31:56 +0000 (13:31 +0100)]
update NEWS

5 years agosd-bus: explicitly cast asprintf() return value away we are not interested in
Lennart Poettering [Mon, 27 Oct 2014 12:06:11 +0000 (13:06 +0100)]
sd-bus: explicitly cast asprintf() return value away we are not interested in

Let's give coverity a hint what's going on here.

5 years agoRevert "sd-bus: check return value of asprintf()"
Lennart Poettering [Mon, 27 Oct 2014 12:04:12 +0000 (13:04 +0100)]
Revert "sd-bus: check return value of asprintf()"

This reverts commit b1543c4c93855b61b40118e9f14a0423dac2e078.

We check b->address anyway, no need to check the return value,
especially given that the other #ifdef branch don't get the same
treatment.

5 years agoshutdown: do final unmounting only if not running inside the container
Michal Sekletar [Tue, 21 Oct 2014 16:38:42 +0000 (18:38 +0200)]
shutdown: do final unmounting only if not running inside the container

If we run in the container then we run in a mount namespace. If namespace dies
then kernel should do unmounting for us, hence we skip unmounting in containers.

Also, it may be the case that we no longer have capability to do umount,
because we are running in the unprivileged container.

See: http://lists.freedesktop.org/archives/systemd-devel/2014-October/023536.html

5 years agoman: fix typos in description of SELinuxContextFromNet=
Ivan Shapovalov [Mon, 27 Oct 2014 09:07:36 +0000 (12:07 +0300)]
man: fix typos in description of SELinuxContextFromNet=

5 years agonetworkd: don't stop the dhcp server when link goes down
Tom Gundersen [Sun, 26 Oct 2014 13:01:27 +0000 (14:01 +0100)]
networkd: don't stop the dhcp server when link goes down

5 years agoutil: fix copy-paste error and actually set the new hostname
Michal Sekletar [Mon, 27 Oct 2014 10:08:26 +0000 (11:08 +0100)]
util: fix copy-paste error and actually set the new hostname

Reported-by: sztanpet on irc
5 years agoutil: introduce sethostname_idempotent
Michal Sekletar [Tue, 21 Oct 2014 16:17:54 +0000 (18:17 +0200)]
util: introduce sethostname_idempotent

Function queries system hostname and applies changes only when necessary. Also,
migrate all client of sethostname to sethostname_idempotent while at it.

5 years agojournald: fix flushing
Zbigniew Jędrzejewski-Szmek [Sun, 26 Oct 2014 04:14:30 +0000 (00:14 -0400)]
journald: fix flushing

Commit 74055aa762 'journalctl: add new --flush command and make use of
it in systemd-journal-flush.service' broke flushing because journald
checks for the /run/systemd/journal/flushed file before opening the
permanent journal. When the creation of this file was postponed,
flushing stoppage ensued.

5 years agosystemctl: do not ignore errors in symlink removal
Zbigniew Jędrzejewski-Szmek [Sat, 25 Oct 2014 19:15:28 +0000 (15:15 -0400)]
systemctl: do not ignore errors in symlink removal

On an ro fs, systemctl disable ... would fail silently.

5 years agoRearrange Unit to make pahole happy
Zbigniew Jędrzejewski-Szmek [Fri, 24 Oct 2014 20:09:35 +0000 (16:09 -0400)]
Rearrange Unit to make pahole happy

After all we have lots of those.

5 years agocalendarspec: fix typo in "annually"
Zbigniew Jędrzejewski-Szmek [Sat, 25 Oct 2014 15:59:36 +0000 (11:59 -0400)]
calendarspec: fix typo in "annually"

https://bugs.freedesktop.org/show_bug.cgi?id=85447

5 years agojournalctl: correct help text for --until
Santiago Vila [Sat, 25 Oct 2014 14:40:30 +0000 (10:40 -0400)]
journalctl: correct help text for --until

http://bugs.debian.org/766598

5 years agobus-proxy: it's OK if getpeercred doesn't work
Lennart Poettering [Fri, 24 Oct 2014 17:29:01 +0000 (19:29 +0200)]
bus-proxy: it's OK if getpeercred doesn't work

We should use the data if we can (if stdin/stdout is an AF_UNIX socket),
but still work if we can't (if stdin/stdout are pipes, like in the SSH
case).

This effectively reverts 55534fb5e4742b0db9ae5e1e0202c53804147697

5 years agosd-bus: if we don't manage to properly allocate the error message for an sd_bus_error...
Lennart Poettering [Fri, 24 Oct 2014 17:24:53 +0000 (19:24 +0200)]
sd-bus: if we don't manage to properly allocate the error message for an sd_bus_error, just go on

sd_bus_error_setfv() must initialize the sd_bus_error value to some
sensible value and then return a good errno code matching that. If it
cannot work at all it should set the error statically to the OOM error.
But if it can work half-way (i.e. initialize the name, but not the
message) it should do so and still return the correct errno number for
it.

This effectively reverts 8bf13eb1e02b9977ae1cd331ae5dc7305a305a09

5 years agotime: don't do comparison twice
Lennart Poettering [Fri, 24 Oct 2014 17:10:09 +0000 (19:10 +0200)]
time: don't do comparison twice

5 years agotime: minor simplification
Lennart Poettering [Fri, 24 Oct 2014 17:09:36 +0000 (19:09 +0200)]
time: minor simplification

5 years agotime: earlier exit from format_timestamp_relative() on special times
Lennart Poettering [Fri, 24 Oct 2014 17:08:22 +0000 (19:08 +0200)]
time: earlier exit from format_timestamp_relative() on special times

5 years agotime: also support 'infinity' syntax in parse_nsec()
Lennart Poettering [Fri, 24 Oct 2014 17:07:26 +0000 (19:07 +0200)]
time: also support 'infinity' syntax in parse_nsec()

Let's make parse_usec() and parse_nsec() work similar

5 years agoupdate TODO
Lennart Poettering [Fri, 24 Oct 2014 17:07:01 +0000 (19:07 +0200)]
update TODO

5 years agoNEWS: more preparations for 217
Lennart Poettering [Fri, 24 Oct 2014 17:06:23 +0000 (19:06 +0200)]
NEWS: more preparations for 217

5 years agodelta: use wait_for_terminate_and_warn() to generate warnin when diff fails
Lennart Poettering [Fri, 24 Oct 2014 16:48:11 +0000 (18:48 +0200)]
delta: use wait_for_terminate_and_warn() to generate warnin when diff fails

5 years agocalendar: make freeing a calendar spec object deal fine with NULL
Lennart Poettering [Fri, 24 Oct 2014 16:33:29 +0000 (18:33 +0200)]
calendar: make freeing a calendar spec object deal fine with NULL

In order to make object destruction easier (in particular in combination
with _cleanup_) we usually make destructors deal with NULL objects as
NOPs. Change the calendar spec destructor to follow the same scheme.

5 years agotimesyncd: the IP_TOS sockopt is really just an optimization, we shouldn't fail if...
Lennart Poettering [Fri, 24 Oct 2014 16:32:30 +0000 (18:32 +0200)]
timesyncd: the IP_TOS sockopt is really just an optimization, we shouldn't fail if we can't set it

This partially undos 2f905e821e0342c36f5a5d3a51d53aabccc800bd

5 years agoupdate TODO
Lennart Poettering [Fri, 24 Oct 2014 14:52:55 +0000 (16:52 +0200)]
update TODO

5 years agojournalctl: Unify boot id lookup into common function get_boots
Jan Janssen [Thu, 23 Oct 2014 17:37:29 +0000 (19:37 +0200)]
journalctl: Unify boot id lookup into common function get_boots

5 years agoudev: do NOT re-label smack
WaLyong Cho [Fri, 24 Oct 2014 04:51:09 +0000 (13:51 +0900)]
udev: do NOT re-label smack

If selinux is disabled and smack is only enabled, smack label is
relable-ed by label_fix. To avoid, make only be labeled for selinux.

5 years agomanager: Linux on hppa has fewer rtsigs, hence avoid using the higher ones there
Lennart Poettering [Fri, 24 Oct 2014 11:44:45 +0000 (13:44 +0200)]
manager: Linux on hppa has fewer rtsigs, hence avoid using the higher ones there

https://bugs.freedesktop.org/show_bug.cgi?id=84931

5 years agoman: remove another gendered pronoun
Klaus Purer [Fri, 24 Oct 2014 11:03:15 +0000 (13:03 +0200)]
man: remove another gendered pronoun

5 years agojournald: removed gendered pronouns in comment
Klaus Purer [Fri, 24 Oct 2014 11:00:57 +0000 (13:00 +0200)]
journald: removed gendered pronouns in comment

5 years agoman: fix minor typo
Lennart Poettering [Fri, 24 Oct 2014 10:30:43 +0000 (12:30 +0200)]
man: fix minor typo

5 years agoman: add a link to the XDG basedir spec from the pam_sytemd man page
Lennart Poettering [Fri, 24 Oct 2014 10:07:05 +0000 (12:07 +0200)]
man: add a link to the XDG basedir spec from the pam_sytemd man page

5 years agoman: avoid gendered singular pronouns
Lennart Poettering [Fri, 24 Oct 2014 10:02:44 +0000 (12:02 +0200)]
man: avoid gendered singular pronouns

Using "their" as pronoun in these places is confusing since it is more
associated with plural rather than singular, and the sentence already
contains a plural. The word "her/his" apparently offends some people,
hence let's avoid the problem altogether and just name the noun again.

5 years agoman: minor addition to coredumpctl example
Lennart Poettering [Fri, 24 Oct 2014 00:22:57 +0000 (02:22 +0200)]
man: minor addition to coredumpctl example

5 years agocryptsetup: Fix timeout on dm device.
Hugo Grostabussiat [Sun, 28 Sep 2014 01:05:41 +0000 (03:05 +0200)]
cryptsetup: Fix timeout on dm device.

Fix a bug in systemd-cryptsetup-generator which caused the drop-in
setting the job timeout for the dm device unit to be written with a
name different than the unit name.

https://bugs.freedesktop.org/show_bug.cgi?id=84409

5 years agoshutdown: pass own argv to /run/initramfs/shutdown
Marius Tessmann [Fri, 29 Aug 2014 15:51:45 +0000 (17:51 +0200)]
shutdown: pass own argv to /run/initramfs/shutdown

Since commit b1e90ec515408aec2702522f6f68c4920b56375b systemd passes
its log settings to systemd-shutdown via command line parameters.
However, systemd-shutdown doesn't pass these parameters to
/run/initramfs/shutdown, causing it to fall back to the default log
settings.

This fixes the following bugs about the shutdown not being quiet
despite "quiet" being in the kernel parameters:

https://bugs.freedesktop.org/show_bug.cgi?id=79582
https://bugs.freedesktop.org/show_bug.cgi?id=57216

5 years agoselinux: fix handling of relative paths when setting up create label
Lennart Poettering [Thu, 23 Oct 2014 23:15:53 +0000 (01:15 +0200)]
selinux: fix handling of relative paths when setting up create label

5 years agoman: in pam_systemd, it must be "his" (or "her"), not their
Lennart Poettering [Thu, 23 Oct 2014 23:14:38 +0000 (01:14 +0200)]
man: in pam_systemd, it must be "his" (or "her"), not their

5 years agosocket: properly label socket symlinks
Lennart Poettering [Thu, 23 Oct 2014 21:58:01 +0000 (23:58 +0200)]
socket: properly label socket symlinks

5 years agosocket: fix error comparison
Lennart Poettering [Thu, 23 Oct 2014 21:57:50 +0000 (23:57 +0200)]
socket: fix error comparison

5 years agolabel: move is_dir() to util.c
Lennart Poettering [Thu, 23 Oct 2014 19:36:38 +0000 (21:36 +0200)]
label: move is_dir() to util.c

5 years agolabel: unify code to make directories, symlinks
Lennart Poettering [Thu, 23 Oct 2014 17:58:45 +0000 (19:58 +0200)]
label: unify code to make directories, symlinks

5 years agolabel: don't try to create labelled directories more than once
Lennart Poettering [Thu, 23 Oct 2014 17:41:56 +0000 (19:41 +0200)]
label: don't try to create labelled directories more than once

5 years agoselinux: clean up selinux label function naming
Lennart Poettering [Thu, 23 Oct 2014 17:41:27 +0000 (19:41 +0200)]
selinux: clean up selinux label function naming

5 years agoselinux: simplify and unify logging
Lennart Poettering [Thu, 23 Oct 2014 17:07:02 +0000 (19:07 +0200)]
selinux: simplify and unify logging

Normally we shouldn#t log from "library" functions, but SELinux is
weird, hence upgrade security messages uniformly to LOG_ERR when in
enforcing mode.

5 years agoselinux: rework label query APIs
Lennart Poettering [Thu, 23 Oct 2014 16:58:18 +0000 (18:58 +0200)]
selinux: rework label query APIs

APIs that query and return something cannot silently fail, they must
either return something useful, or an error. Fix that.

Also, properly rollback socket unit fd creation when something goes
wrong with the security framework.

5 years agosmack: we don't need the special labels exported, hence don't
Lennart Poettering [Thu, 23 Oct 2014 16:40:03 +0000 (18:40 +0200)]
smack: we don't need the special labels exported, hence don't

5 years agoselinux: drop 3 unused function prototypes
Lennart Poettering [Thu, 23 Oct 2014 16:38:01 +0000 (18:38 +0200)]
selinux: drop 3 unused function prototypes

5 years agosmack: rework SMACK label fixing code to follow more closely the semantics of the...
Lennart Poettering [Thu, 23 Oct 2014 16:34:58 +0000 (18:34 +0200)]
smack: rework SMACK label fixing code to follow more closely the semantics of the matching selinux code