1. 15 Nov, 2012 1 commit
    • Olivier Brunel's avatar
      systemd: highlight ordering cycle deletions · f09a7d25
      Olivier Brunel authored
      Having unit(s) removed/not started, even if it solved the issue and allowed
      to boot successfully, should still be considered an error, as something
      clearly isn't right.
      
      This patch elevates the log message from warning to error, and adds a status
      message to make things more obvious.
      f09a7d25
  2. 06 Nov, 2012 2 commits
  3. 04 Nov, 2012 4 commits
  4. 03 Nov, 2012 1 commit
  5. 31 Oct, 2012 1 commit
  6. 30 Oct, 2012 3 commits
    • Michal Schmidt's avatar
      shared, core: do not always accept numbers in string lookups · f8b69d1d
      Michal Schmidt authored
      The behaviour of the common name##_from_string conversion is surprising.
      It accepts not only the strings from name##_table but also any number
      that falls within the range of the table. The order of items in most of
      our tables is an internal affair. It should not be visible to the user.
      
      I know of a case where the surprising numeric conversion leads to a crash.
      
      We will allow the direct numeric conversion only for the tables where the
      mapping of strings to numeric values has an external meaning. This holds
      for the following lookup tables:
       - netlink_family, ioprio_class, ip_tos, sched_policy - their numeric
         values are stable as they are defined by the Linux kernel interface.
       - log_level, log_facility_unshifted - the well-known syslog interface.
      
      We allow the user to use numeric values whose string names systemd does
      not know. For instance, the user may want to test a new kernel featuring
      a scheduling policy that did not exist when his systemd version was
      released. A slightly unpleasant effect of this is that the
      name##_to_string conversion cannot return pointers to constant strings
      anymore. The strings have to be allocated on demand and freed by the
      caller.
      f8b69d1d
    • Auke Kok's avatar
      SMACK: Add configuration options. (v3) · 0eb59ccf
      Auke Kok authored
      This adds SMACK label configuration options to socket units.
      
      SMACK labels should be applied to most objects on disk well before
      execution time, but two items remain that are generated dynamically
      at run time that require SMACK labels to be set in order to enforce
      MAC on all objects.
      
      Files on disk can be labelled using package management.
      
      For device nodes, simple udev rules are sufficient to add SMACK labels
      at boot/insertion time.
      
      Sockets can be created at run time and systemd does just that for
      several services. In order to protect FIFO's and UNIX domain sockets,
      we must instruct systemd to apply SMACK labels at runtime.
      
      This patch adds the following options:
      
      Smack - applicable to FIFO's.
      SmackIpIn/SmackIpOut - applicable to sockets.
      
      No external dependencies are required to support SMACK, as setting
      the labels is done using fsetxattr(). The labels can be set on a
      kernel that does not have SMACK enabled either, so there is no need
      to #ifdef any of this code out.
      
      For more information about SMACK, please see Documentation/Smack.txt
      in the kernel source code.
      
      v3 of this patch changes the config options to be CamelCased.
      0eb59ccf
    • Lee, Chun-Yi's avatar
      systemd: mount the EFI variable filesystem · f271dd97
      Lee, Chun-Yi authored
      
      
      Add efivarfs to the mount_table in mount-setup.c, so the EFI variable
      filesystem will be mounted when systemd executed.
      
      The EFI variable filesystem will merge in v3.7 or v3.8 linux kernel.
      
      Cc: Kay Sievers <kay@vrfy.org>
      Cc: Lennart Poettering <lennart@poettering.net>
      Cc: Mantas Mikulėnas <grawity@gmail.com>
      Cc: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
      Cc: Matt Fleming <matt.fleming@intel.com>
      Cc: Jeremy Kerr <jeremy.kerr@canonical.com>
      Cc: Matthew Garrett <mjg@redhat.com>
      Signed-off-by: default avatarLee, Chun-Yi <jlee@suse.com>
      f271dd97
  7. 29 Oct, 2012 4 commits
  8. 27 Oct, 2012 2 commits
  9. 25 Oct, 2012 2 commits
    • Michal Schmidt's avatar
      job: avoid recursion into transaction code from job cancelation · 1abc85b8
      Michal Schmidt authored
      I hit an "assert(j->installed)" failure in transaction_apply(). Looking
      into the backtrace I saw what happened:
      1. The system was booting. var.mount/start was an installed job.
      2. I pressed Ctrl+Alt+Del.
      3. reboot.target was going to be isolated.
      4. transaction_apply() proceeded to install a var.mount/stop job.
      5. job_install() canceled the conflicting start job.
      6. Depending jobs ended recursively with JOB_DEPENDENCY, among them was
         local-fs.target/start.
      7. Its OnFailure action triggered - emergency.target was now going to be
         isolated.
      8. We recursed back into transaction_apply() where the half-installed
         var.mount/stop job confused us.
      
      Recursing from job installation back into the transaction code cannot be
      a good idea. Avoid the problem by canceling the conflicting job
      non-recursively in job_install(). I don't think we'll miss anything by
      not recursing here. After all, we are called from transaction_apply().
      We will not be installing just this one job, but all jobs from a
      transaction. All requirement dependencies will be included in it and
      will be installed separately. Every transaction job will get a chance
      to cancel its own conflicting installed job.
      1abc85b8
    • Michal Schmidt's avatar
      job: add comments to JobResult values · 65eb544e
      Michal Schmidt authored
      65eb544e
  10. 24 Oct, 2012 1 commit
  11. 22 Oct, 2012 1 commit
    • Will Woods's avatar
      mount: make sure m->where is set before unit_add_exec_dependencies() · bcbd5405
      Will Woods authored
      If you enter unit_add_exec_dependencies with m->where = NULL, you'll
      very likely end up aborting somewhere under socket_needs_mount.
      
      (When systemd goes to check to see if the journald socket requires your
      mount, it'll do path_startswith(path, m->where)... *kaboom*)
      
      This patch should ensure that:
      
          a) both branches in mount_add_one() set m->where, and
          b) mount_add_extras() calls unit_add_exec_dependencies() *after*
             setting m->where.
      bcbd5405
  12. 18 Oct, 2012 2 commits
  13. 17 Oct, 2012 3 commits
  14. 16 Oct, 2012 4 commits
  15. 15 Oct, 2012 2 commits
  16. 13 Oct, 2012 1 commit
  17. 08 Oct, 2012 2 commits
  18. 04 Oct, 2012 1 commit
  19. 03 Oct, 2012 2 commits
  20. 02 Oct, 2012 1 commit