Allows the systemd --system process to change its current
SMACK label to a predefined custom label (usually "system")
at boot time.
This is needed to have a few system-generated folders and
sockets automatically be created with the right SMACK
label. Without that, processes either cannot communicate with
systemd or systemd fails to perform some actions.
Mount /run, /dev/shm usable to tasks when using SMACK.
Once systemd itself is running in a security domain for SMACK,
it will fail to start countless tasks due to missing privileges
for mounted and created directory structures. For /run and shm
specifically, we grant all tasks access.
These 2 mounts are allowed to fail, which will happen if the
system is not running a SMACK enabled kernel or security=none is
passed to the kernel.
systemd: order remote mounts from mountinfo before remote-fs.target
Usually the network is stopped before filesystems are umounted.
Ordering network filesystems before remote-fs.target means that their
unmounting will be performed earlier, and can terminate sucessfully.
David Herrmann [Tue, 1 Oct 2013 16:08:54 +0000 (18:08 +0200)]
logind: remove fbdev session-device support
fbdev does not support access-handover so it is quite useless to route it
through logind. If compositors want to use it they ought to open it
themselves. It's highly recommended to be ignored entirely, though. fbdev
is about to be deprecated in the kernel.
David Herrmann [Tue, 1 Oct 2013 15:59:44 +0000 (17:59 +0200)]
logind: run with CAP_SYS_ADMIN
DRM Master access requires CAP_SYS_ADMIN, yay! Add it to the capability
bounding set for systemd-logind. As CAP_SYS_ADMIN actually allows a huge
set of actions, this mostly renders the restriction-set useless. Anyway,
patches are already pending to reduce the restriction on the kernel side.
But these won't really make it into any stable-release so for now we're
stuck with CAP_SYS_ADMIN.
David Herrmann [Tue, 1 Oct 2013 15:58:58 +0000 (17:58 +0200)]
logind: send PropertyChanged during deactivation
We only send the PropertyChanged signal for the to-be-activated session
but not for the to-be-deactivated one. Fix that so both listeners get
notified about the new state.
David Herrmann [Tue, 1 Oct 2013 15:53:43 +0000 (17:53 +0200)]
logind: check whether first drmSetMaster succeeded
The initial drmSetMaster may fail if there is an active master already. We
must not assume that all existing clients comply to logind rules. We check
for this during session-activation already but didn't during device setup.
Fix this by checking the return code.
As drmSetMaster has had horrible return codes in the past (0 for failure?
EINVAL for denied access, ..) we need to be quite pedantic. To guarantee
an open file-descriptor we need to close the device and reopen it without
master if setting master failed first.
David Herrmann [Tue, 1 Oct 2013 15:48:15 +0000 (17:48 +0200)]
logind: fix session-device dbus notify
Had this fix lying around here for some time. Thanks to missing
type-checking for va-args we passed in the actual major/minor values
instead of pointers to it. Fix it by saving the values on the stack first
and passing in the pointers.
Tom Gundersen [Wed, 25 Sep 2013 22:38:34 +0000 (00:38 +0200)]
kernel-install: add compat with 'installkernel'
If 'kernel-install' is called as 'installkernel' it will be compatible with the
syntax used by the kernel's build system.
This means it can be called by doing 'make install' in a kernel build
directory, if the correct symlink has been installed (which we don't do by
default yet).
[Edit harald@redhat.com: removed basename and use shift]
With the advent of systemd --user sessions, it's become very interesting to spawn X as a user unit, as well as accompanying processes that may have previously been in a .xinitrc/.xsession, or even just to replace a collection of XDG/GDM/KDM/etc session files with independent systemd --user units. The simplest case here would be to login on a tty, with the traditional /usr/sbin/login "login manager".
However, systemd --user (spawned by user@.service) is at the top level of the slice for the user, and does not inherit any environment variables from the login process. Given the number of common applications which rely on SHELL being set in the environment, it seems like the cleanest way to provide this variable is to set it to %s in the user@.service.
Ideally in the long-term, applications which rely on SHELL being set should be fixed to just grab it from getpwnam() or similar, but until that becomes more common, I propose this simple change to make user sessions a little bit nicer out of the box.
Patrick McCarty [Tue, 1 Oct 2013 00:43:38 +0000 (17:43 -0700)]
smack-setup: fix path to Smack/CIPSO mappings
The correct path to the dir with CIPSO mappings is /etc/smack/cipso.d/;
/etc/smack/cipso is a file that can include these mappings as well,
though it is no longer supported in upstream libsmack.
Kay Sievers [Mon, 30 Sep 2013 22:19:25 +0000 (00:19 +0200)]
Revert "build-sys: link libsystemd-login with libsystemd-label.la"
Systemd-logind does not pull in cg_create(), if we unconditionally link
this, all users of systemd-logind qill need the label stuff and therefore
link against selinux.
It is probably a build-system issue, or something that need to be sorted
out in a differnt way than linking not needed libs.
Instead of fixing the hashmap bucket array to 127 entries dynamically
size it, starting with a smaller one of 31. As soon as a fill level of
75% is reached, quadruple the size, and so on.
This should siginficantly optimize the lookup time in large tables
(from O(n) back to O(1)), and save memory on smaller tables (which most
are).
Michał Górny [Mon, 30 Sep 2013 08:08:09 +0000 (10:08 +0200)]
build-sys: link libsystemd-login with libsystemd-label.la
libsystemd-login.la uses cg_create() that currently seems to be a part
of libsystemd-label.la. However, it doesn't link against that library
and it seems that none of the (unconditional) libraries it uses do. In
the end, people end up getting «undefined reference to `cg_create'»
when trying to build e.g. dbus.
set IgnoreOnIsolate=true for systemd-cryptsetup@.service
When crypttab contains noauto, cryptsetup service does not have any
explicit dependencies. If service is started later manually (directly or via
mount dependency) it will be stopped on isolate.
mount units already have IgnoreOnIsolate set by default. Set it by
default for cryptsetup units as well.
Michael Scherer [Fri, 27 Sep 2013 09:43:28 +0000 (11:43 +0200)]
Add a bit more explicit message, to help confused users
Seeing http://www.happyassassin.net/2013/09/27/further-sysadmin-adventures-wheres-my-freeipa-badge/
it seems that the default message is a bit confusing for people
who never encountered it before, so adding a link to the manpage could
help them.
Since cgroups are mostly now an implementation detail of systemd lets
deemphasize it a bit in the man pages. This renames systemd.cgroup(5) to
systemd.resource-control(5) and uses the term "resource control" rather
than "cgroup" where appropriate.
This leaves the word "cgroup" in at a couple of places though, like for
example systemd-cgtop and systemd-cgls where cgroup stuff is at the core
of what is happening.
core: rework how we match mount units against each other
Previously to automatically create dependencies between mount units we
matched every mount unit agains all others resulting in O(n^2)
complexity. On setups with large amounts of mount units this might make
things slow.
This change replaces the matching code to use a hashtable that is keyed
by a path prefix, and points to a set of units that require that path to
be around. When a new mount unit is installed it is hence sufficient to
simply look up this set of units via its own file system paths to know
which units to order after itself.
This patch also changes all unit types to only create automatic mount
dependencies via the RequiresMountsFor= logic, and this is exposed to
the outside to make things more transparent.
With this change we still have some O(n) complexities in place when
handling mounts, but that's currently unavoidable due to kernel APIs,
and still substantially better than O(n^2) as before.
liblogind-core.la was underlinked, missing a few functions
defined in logind.c. They are moved to a new file, logind-core.c,
and this file is linked into liblogind-core.la.
In addition, logind-acl.c is attached to the liblogind-core.la,
instead of systemd-logind directly.
Enabling address sanitizer seems like a useful thing, but is quite
tricky. Proper flags have to be passed to CPPFLAGS, CFLAGS and
LDFLAGS, but passing them on the commandline doesn't work because
we tests are done with ld directly, and not with libtool like in
real linking. We might want to fix this, but let's add a handy
way to enable address checking anyway.
cgroup: if we do a cgroup operation then do something on all supported controllers
Previously we did operations like attach, trim or migrate only on the
controllers that were enabled for a specific unit. With this changes we
will now do them for all supproted controllers, and fall back to all
possible prefix paths if the specified paths do not exist.
This fixes issues if a controller is being disabled for a unit where it
was previously enabled, and makes sure that all processes stay as "far
down" the tree as groups exist.
Kay Sievers [Mon, 23 Sep 2013 22:23:35 +0000 (17:23 -0500)]
support acpi firmware performance data (FPDT)
Prefer firmware-provided performance data over loader-exported ones; if
ACPI data is available, always use it, otherwise try to read the loader
data.
The firmware-provided variables start at the time the first EFI image
is executed and end when the operating system exits the boot services;
the (loader) time calculated in systemd-analyze increases.
cgroup: always enable memory.use_hierarchy= for all cgroups in the memory hierarchy
The non-hierarchial mode contradicts the whole idea of a cgroup tree so
let's not support this. In the future the kernel will only support the
hierarchial logic anyway.
Martin Pitt [Thu, 19 Sep 2013 21:42:10 +0000 (16:42 -0500)]
keymap: Fix wrong assignments to F23
These days, F21/F22/F23 mean Touchpad toggle/on/off. Clean up other assignments
to that from ancient times which belong to keys like "Auto Brightness" (which
doesn't have a keycode and is usually hardwired) or some "launch vendor tool"
key.