| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
| |
can reuse it in logind
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
a) Instead of parsing the bus messages inside of selinux-access.c
simply pass everything pre-parsed in the functions
b) implement the access checking with a macro that resolves to nothing
on non-selinux builds
c) split out the selinux checks into their own sources
selinux-util.[ch]
d) this unifies the job creation code behind the D-Bus calls
Manager.StartUnit() and Unit.Start().
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch adds the ability to look at the calling process that is trying to
do dbus calls into systemd, then it checks with the SELinux policy to see if
the calling process is allowed to do the activity.
The basic idea is we want to allow NetworkManager_t to be able to start and
stop ntpd.service, but not necessarly mysqld.service.
Similarly we want to allow a root admin webadm_t that can only manage the
apache environment. systemctl enable httpd.service, systemctl disable
iptables.service bad.
To make this code cleaner, we really need to refactor the dbus-manager.c code.
This has just become a huge if-then-else blob, which makes doing the correct
check difficult.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBJBi8ACgkQrlYvE4MpobOzTwCdEUikbvRWUCwOb83KlVF0Nuy5
lRAAnjZZNuc19Z+aNxm3k3nwD4p/JYco
=yops
-----END PGP SIGNATURE-----
|
| |
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=54501
|
| | |
|
| |
|
|
|
|
| |
It made no sense, and since we are documenting the bus calls now and
want to include them in our stability promise we really should get it
cleaned up sooner, not later.
|
| |
|
|
|
|
|
|
| |
all other dependencies are in 3rd person. Change BindTo= accordingly to
BindsTo=.
Of course, the dependency is widely used, hence we parse the old name
too for compatibility.
|
| |
|
|
|
|
| |
UnitPath= is also writable via native units and may be used by generators
to clarify from which file a unit is generated. This patch also hooks up
the cryptsetup and fstab generators to set UnitPath= accordingly.
|
| |
|
|
|
|
|
|
|
|
| |
This should help making the boot process a bit easier to explore and
understand for the administrator. The simple idea is that "systemctl
status" now shows a link to documentation alongside the other status and
decriptionary information of a service.
This patch adds the necessary fields to all our shipped units if we have
proper documentation for them.
|
| |
|
|
|
|
|
|
|
|
| |
We need to be able to show the properties even of inactive units.
systemctl loads the unit before getting its properties, but this is racy
as the garbage collector may kick in right after the loading.
Fix it by always loading the unit before handling a message for it.
https://bugzilla.redhat.com/show_bug.cgi?id=814966#c6
|
| |
|
|
|
|
|
|
| |
RequiresMountsFor= is a shortcut for adding requires and after
dependencies to all mount units neeed for the specified paths.
This solves a couple of issues regarding dep loop cycles for encrypted
swap.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
|
| |
|
