summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* build-sys: prepare new releasev6Lennart Poettering2010-08-061-1/+1
|
* man: document %triggerin usageLennart Poettering2010-08-061-0/+27
|
* device: properly handle devices that are referenced before they show upLennart Poettering2010-08-061-6/+12
|
* cgroup: if the system bus cannot be found, send cgroup empty msg directly to ↵Lennart Poettering2010-08-063-3/+36
| | | | init proces
* manager: downgrade a few log msgs regarding conflicting but fixable jobsLennart Poettering2010-08-062-5/+3
|
* automount: order automount units after fsck, tooLennart Poettering2010-08-063-11/+9
|
* units: add missing fsck.target fileLennart Poettering2010-08-061-0/+11
|
* units: split fsck.target from sysinit.target for suse compatLennart Poettering2010-08-064-2/+13
|
* main: automatically spawn a getty on the kernel configured serial consoleLennart Poettering2010-08-061-6/+41
|
* manager: fix conflicting job checkLennart Poettering2010-08-051-1/+1
|
* manager: when breaking ordering cycle show full cycle loopLennart Poettering2010-08-051-5/+12
|
* units: always send HUP when dealing with shells/gettys/loginsLennart Poettering2010-08-053-6/+7
|
* service: read special startup dirs only on the respective distrosLennart Poettering2010-08-051-0/+4
|
* selinux: minor error handling fixLennart Poettering2010-08-051-3/+5
|
* service: always sort services from suse B runlevel before services from ↵Lennart Poettering2010-08-051-1/+9
| | | | normal runlevels
* reboot: handle -p switch properlyMichal Schmidt2010-08-051-1/+2
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=618678
* selinux: fix labels only when configured for itLennart Poettering2010-08-051-4/+4
|
* units: getty - suse: login wants SIGHUPKay Sievers2010-08-041-0/+3
|
* units: suse - reboot: do not wait for ttyKay Sievers2010-08-043-3/+3
|
* reboot: don't wait for input ttyLennart Poettering2010-08-044-4/+6
|
* prepare new releasev5Lennart Poettering2010-08-041-1/+1
|
* units: remove redundant ordering dependencyLennart Poettering2010-08-041-1/+0
|
* selinux: rework selinux tests a littleLennart Poettering2010-08-041-48/+65
|
* selinux: fix if vs. ifdef mixupLennart Poettering2010-08-041-11/+11
|
* units: make sure that prefdm wins over the getty if both are pulled inLennart Poettering2010-08-031-1/+4
|
* units: add conflicts between prefdm and getty@tty1 to avoid race for tty1Lennart Poettering2010-08-031-0/+4
|
* Systemd is causing mislabeled devices to be created and then attempting to ↵Daniel J Walsh2010-08-038-99/+293
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | read them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/28/2010 05:57 AM, Kay Sievers wrote: > On Wed, Jul 28, 2010 at 11:43, Lennart Poettering > <lennart@poettering.net> wrote: >> On Mon, 26.07.10 16:42, Daniel J Walsh (dwalsh@redhat.com) wrote: >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:7): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> type=1400 audit(1280174589.476:8): avc: denied { read } for pid=1 >>> comm="systemd" name="autofs" dev=devtmpfs ino=9482 >>> scontext=system_u:system_r:init_t:s0 >>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file >>> >>> Lennart, we talked about this earlier. I think this is caused by the >>> modprobe calls to create /dev/autofs. Since udev is not created at the >>> point that init loads the kernel modules, the devices get created with >>> the wrong label. Once udev starts the labels get fixed. >>> >>> I can allow init_t to read device_t chr_files. >> >> Hmm, I think a cleaner fix would be to make systemd relabel this device >> properly before accessing it? Given that this is only one device this >> should not be a problem for us to maintain, I think? How would the >> fixing of the label work? Would we have to spawn restorecon for this, or >> can we actually do this in C without too much work? > > I guess we can just do what udev is doing, and call setfilecon(), with > a context of an earlier matchpathcon(). > > Kay > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel Here is the updated patch with a fix for the labeling of /dev/autofs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxQMyoACgkQrlYvE4MpobNviACfWgxsjW2xzz1qznFex8RVAQHf gIEAmwRmRcLvGqYtwQaZ3WKIg8wmrwNk =pC2e
* update fixmeLennart Poettering2010-08-031-4/+4
|
* socket: Allow selection of TCP Congestion Avoidance algorithm to socketTomasz Torcz2010-08-034-2/+26
| | | | | | | | | | | | | Hi, attached path extends socket configurables with another knob - TCP Congestion Avoidance selection. Linux implements handful of those, useful in various situations. For example, TCP Low Priority may be used by FTP service to gracefully yield bandwidth for more important TCP/IP streams. Until recently TCP_CONGESTION was Linux-specific, recently FreeBSD 8 and OpenSolaris gained compatible support.
* update fixmeLennart Poettering2010-08-031-0/+4
|
* fixme updateKay Sievers2010-08-031-1/+7
|
* telinit: forward to upstart, if not booted with systemdv4Lennart Poettering2010-07-241-2/+16
|
* systemctl: don't use the systemd bus to talk to upstartLennart Poettering2010-07-241-6/+5
|
* systemctl: don't hit an assert when we are run from a non-systemd bootLennart Poettering2010-07-241-1/+0
|
* main: disable NSS disabling logic for now, since this is incompatible with rpmLennart Poettering2010-07-242-6/+6
|
* systemctl: fold systemd-install into systemctlLennart Poettering2010-07-248-1673/+1135
|
* systemctl: support force-reload and condrestart as aliases for ↵Lennart Poettering2010-07-231-1/+5
| | | | reload-or-try-restart
* install: default to minimal realization modeLennart Poettering2010-07-232-4/+4
|
* systemctl: accept -p more than onceLennart Poettering2010-07-233-5/+19
|
* socket: SELinux support for socket creation.Daniel J Walsh2010-07-235-25/+107
| | | | | | | | | | | | | | It seems to work on my machine. /proc/1/fd/20 system_u:system_r:system_dbusd_t:s0 /proc/1/fd/21 system_u:system_r:avahi_t:s0 And the AVC's seem to have dissapeared when a confined app trys to connect to dbus or avahi. If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch You should be able to boot in enforcing mode.
* sshd, tmux and others are broken when /dev/pts is mounted with "-o nodev"Robert "arachnist" Gerus2010-07-231-1/+1
|
* build-sys: prepare release 4Lennart Poettering2010-07-221-1/+1
|
* units: add [Install] section to getty.target and remote-fs.targetLennart Poettering2010-07-222-0/+6
|
* update fixmeLennart Poettering2010-07-221-0/+2
|
* build-sys: fix compatibility with vala 0.9Lennart Poettering2010-07-222-2/+2
|
* update fixmeLennart Poettering2010-07-212-9/+16
|
* service: save/restore status text stringLennart Poettering2010-07-211-7/+24
|
* job: make sure restart jobs are readded to the run queue after conversion to ↵Lennart Poettering2010-07-211-0/+2
| | | | start jobs
* unit: deduce following unit value dynamically instead of statically, to ↵Lennart Poettering2010-07-215-27/+65
| | | | avoid dangling pointers
* pam: remove only sessions we ourselves created in the first placeLennart Poettering2010-07-213-12/+44
|
View Lorry Controller Status