platform/upstream/systemd.git
9 months agoDescription : Change smack label for security.
wchang kim [Sun, 17 Jul 2016 22:11:13 +0000 (07:11 +0900)]
Description : Change smack label for security.

Requested by Security Lab.

Change-Id: Iaaa7a4e5f190adb72e6ff69f061ced63d6854cbc
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
9 months agoDescription : adding force option to reboot command.
wchang kim [Mon, 4 Jul 2016 11:42:24 +0000 (20:42 +0900)]
Description : adding force option to reboot command.

This patch is from tizen-2.4.

Change-Id: I21f2767dd81279878bacd44bd44a36f06406ea65
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
9 months agoDisable Online KMSG logging
Kunhoon Baik [Thu, 30 Jun 2016 12:22:10 +0000 (21:22 +0900)]
Disable Online KMSG logging

This is Unavoidable Patch for me - This is quick patch for internal issue.
If you have a question for this patch, contact to hyeongsik.min and jinmin

Change-Id: Ie21692ea85ee2e7fbfa0265f9e606b204d27a558

9 months agoDescription : Add smack label(*) to loop device for security policy
wchang kim [Wed, 29 Jun 2016 23:38:55 +0000 (08:38 +0900)]
Description : Add smack label(*) to loop device for security policy

Add smack label(*) to loop device for security policy

Change-Id: If9271c209b05f73c20c66f7e30a7d18e070c2b4a
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
9 months agoDescription : Set PATH in local script for security policy
wchang kim [Wed, 29 Jun 2016 00:18:37 +0000 (09:18 +0900)]
Description : Set PATH in local script for security policy

Set PATH in local script for security

Change-Id: If1f6163bdd936222e103822ee01d4c9a7e886a72
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
9 months agoDescription : Adding to enable/disable the multiuser feature.
wchang kim [Fri, 24 Jun 2016 09:45:58 +0000 (18:45 +0900)]
Description : Adding to enable/disable the multiuser feature.

The feature of multiuser can be disabled by changing with_multiuser value in the spec file.

When multiuser is disabled,
- Disabling logind feature.
- Making /run/systemd/users/5001
- Mounting /run/user/5001
- Do not fork sd-pam
- Running user@5001.service directly

Change-Id: Iec82c2e74a72c159d602c2fe4efff4d4c8ddf810
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
9 months agoDescription : set mount options for security policy
wchang kim [Wed, 22 Jun 2016 05:49:59 +0000 (14:49 +0900)]
Description : set mount options for security policy
For /tmp, /run/user/%U, /dev/shm directoreis, set noexec,nosuid,nodev as
mount option.

Change-Id: I07d918d9cb81642fc0d0b9c3f9a64db4c571ef58
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
9 months agoFor using persistent storage in AUTO mode.
Kunhoon Baik [Tue, 7 Jun 2016 13:51:38 +0000 (22:51 +0900)]
For using persistent storage in AUTO mode.

As Tizen default, /opt is mounted seperately, and the /var -> /opt/var
Thus, systemd flush should be done after mounting /opt.

In generic, I think that systemd-journal-flush should be done after local-fs.target
because several devices have own partition policies.

Change-Id: I4acb4bd26365681ea798441c2f154b8ba5422665

9 months agoDisable systemd-timedated and systemd-rfkill
Kunhoon Baik [Mon, 23 May 2016 06:50:59 +0000 (15:50 +0900)]
Disable systemd-timedated and systemd-rfkill

Tizen 3.0 does not use systemd-timedated for changing time-zone and related things.
Alarm-manager will manage the functionalities.

Tizen 3.0 does not use systemd-rfkill any more.
Net-config will manage the functionalities.

Change-Id: Icb3011003060c213b2bdcd0de53480acaaeed70b

9 months agoAdd some groups for user session daemons
Kidong Kim [Fri, 13 May 2016 11:52:48 +0000 (20:52 +0900)]
Add some groups for user session daemons

Because user session daemons have same uid/gid with applications,
include them in specific gids for checking privilege.
The security-manager will drop these groups from applications.

Change-Id: I1ed91e75cb605a4c6bffa604fe992ec995ff2845

9 months agotizen: kdbus: install user session dbus1 (kdbus) generator properly
Karol Lewandowski [Fri, 29 Apr 2016 13:54:58 +0000 (15:54 +0200)]
tizen: kdbus: install user session dbus1 (kdbus) generator properly

This commit fixes commit 30dfab97 ("build: remove --relative in 'ln'")
which resulted in stale symlink being installed.

  $ stat  /usr/lib/systemd/user-generators/systemd-dbus1-generator

  File: `/usr/lib/systemd/user-generators/systemd-dbus1-generator' -> `.//usr/lib/systemd/system-generators/systemd-dbus1-generator'

Change-Id: I91266b015436d8208b62360d500c93a684e696be

9 months agoDisable systemd-backlight
Kunhoon Baik [Fri, 15 Apr 2016 05:52:57 +0000 (14:52 +0900)]
Disable systemd-backlight

Tizen does not use systemd-backlight. Deviced will control whole
backlight-related operation.

Change-Id: I59b45eeb5dbc3d4ab716bcbf38df120fd1023a5f

9 months agoAdd nosuid and noexec option for mounting /tmp
Kunhoon Baik [Fri, 15 Apr 2016 01:08:52 +0000 (10:08 +0900)]
Add nosuid and noexec option for mounting /tmp
Refer to : https://bugs.tizen.org/jira/browse/TM-233

Change-Id: Ibc06d23f6743b2c21007cef5e340048a1e0d1429

9 months agoDisable systemd-coredump
Kunhoon Baik [Sat, 2 Apr 2016 05:25:38 +0000 (14:25 +0900)]
Disable systemd-coredump
Tizen 3.0 does not use systemd-coredump due to performance issue.
Instead of systemd coredump, Tizen 3.0 uses crash-manager

Change-Id: Ic73aabc9ab874a8b88db501a0d2eef5727bfbacf

9 months agoRemove bash-completion (and zsh-completion) of systemd
Kunhoon Baik [Sat, 2 Apr 2016 03:06:59 +0000 (12:06 +0900)]
Remove bash-completion (and zsh-completion) of systemd

[Note] Bash shell of current Tizen does not support several completion command due to license issue.
       Thus, most bash-completion script of systemd does not work.
       In addtion, default Tizen wdoes not support zsh.

Change-Id: I18d6a05866ff375e08402b9b4f832592c11531d0

9 months agocore: Add USBFunctionDescriptors, USBFunctionStrings service parameters
Pawel Szewczyk [Fri, 4 Sep 2015 10:23:51 +0000 (12:23 +0200)]
core: Add USBFunctionDescriptors, USBFunctionStrings service parameters

By using these parameters the functionfs service can specify ffs
descriptors and strings to be written to ep0.

origin: https://github.com/systemd/systemd/commit/6b7e592310

Change-Id: I8b16a2f7d5572cd7ef1745ec5ba297e2b1553c26
Signed-off-by: Georgia Brikis <g.brikis@samsung.com>
9 months agocore: Add socket type for usb functionfs endpoints
Pawel Szewczyk [Mon, 21 Sep 2015 13:43:47 +0000 (15:43 +0200)]
core: Add socket type for usb functionfs endpoints

For handling functionfs endpoints additional socket type is added.

origin: https://github.com/systemd/systemd/commit/602524469e

Change-Id: I6906db41734b0b8352b363528f788ac2859b5103
Signed-off-by: Georgia Brikis <g.brikis@samsung.com>
9 months agoRun the serial-getty (Open the serial console) eariler for debugging convenience.
Kunhoon Baik [Sat, 26 Mar 2016 07:31:34 +0000 (16:31 +0900)]
Run the serial-getty (Open the serial console) eariler for debugging convenience.

Change-Id: I239977c2872ed219bf2591a80c1153eeba4cdc89

9 months agospec: change LGPL license version 2.0+ to 2.1+
boseong choi [Fri, 18 Mar 2016 09:05:49 +0000 (18:05 +0900)]
spec: change LGPL license version 2.0+ to 2.1+

change LGPL license version.
2.0+ -> 2.1+

Change-Id: I56238c288bde2d21a13c390880270cee36bf1d37
Signed-off-by: boseong choi <boseong.choi@samsung.com>
9 months agospec: Remove unnecessary default.target for IVI profile
Sangjung Woo [Fri, 11 Mar 2016 04:32:10 +0000 (13:32 +0900)]
spec: Remove unnecessary default.target for IVI profile

This removes unnecessary default.target file for IVI profile.

Change-Id: Ib354a9028ab020f504e7c35cb5f9bb16ea112766
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
9 months agofix some user session targets wrong symlink
Min Kang [Thu, 18 Feb 2016 08:31:25 +0000 (17:31 +0900)]
fix some user session targets wrong symlink

Some user session target files, which is under USER_UNIT_ALIASES,
refers wrong relative path when install-aliases-hook

Therefore fix install-relative-aliases

Change-Id: I5f0c8d973c4ff85599fef586a439b40985403387
Signed-off-by: Min Kang <min1023.kang@samsung.com>
9 months agospec: exclude unused generators to speed up boot
Łukasz Stelmach [Mon, 30 Nov 2015 10:07:56 +0000 (11:07 +0100)]
spec: exclude unused generators to speed up boot

Change-Id: I9dcde28a22d7301c68280c1f72ecb1c5641296d1
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
9 months agospec: remove circular dependency on OBS
Min Kang [Wed, 13 Jan 2016 10:31:02 +0000 (19:31 +0900)]
spec: remove circular dependency on OBS

remove dbus-1 BuildRequires and dbus Requires

Change-Id: Ic2f4b419c15c5759743fbe3a5df60d4558c5bb53
Signed-off-by: Min Kang <min1023.kang@samsung.com>
9 months agopackaging: remove hwdata package in BuildRequires
Min Kang [Wed, 6 Jan 2016 00:15:16 +0000 (09:15 +0900)]
packaging: remove hwdata package in BuildRequires

hwdata package is unused, so remove BuildRequires and Requires

Change-Id: I705d002269d273985584e4d6b009ab3401a0b626
Signed-off-by: Min Kang <min1023.kang@samsung.com>
9 months agobuild: remove --relative in 'ln'
Min Kang [Tue, 5 Jan 2016 08:20:17 +0000 (17:20 +0900)]
build: remove --relative in 'ln'

removing --relative option in Makefile.am and configure.ac
 for coreutils

TIZEN SPECIFIC

Change-Id: If623dd6175507d62f0b34349aacecb8244882e4f
Signed-off-by: Min Kang <min1023.kang@samsung.com>
9 months agospec: change default.target file
Min Kang [Fri, 11 Dec 2015 00:39:51 +0000 (09:39 +0900)]
spec: change default.target file

change default.target file to graphical.target symbolic link
execpt for ivi

Change-Id: Icba283120b59ffae3804ecbf6417dc34792421a3
Signed-off-by: Min Kang <min1023.kang@samsung.com>
9 months agospec: Remove unnecessary BuildRequires
Sangjung Woo [Tue, 27 Oct 2015 08:37:54 +0000 (17:37 +0900)]
spec: Remove unnecessary BuildRequires

In order to resolve the cycle build dependency, this removes unnecessary
BuildRequires in spec file.

Change-Id: I60e5bd573986be3febcf417109f79d13f607a732
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
9 months agocg_get_root_path: Return default root path if it's not accessible due to insufficient...
Karol Lewandowski [Wed, 21 Oct 2015 16:24:14 +0000 (18:24 +0200)]
cg_get_root_path: Return default root path if it's not accessible due to insufficient permission

This commit provides default value ("/") for root path in case where
/proc/1/cgroup is not readable due to insufficient permission (eg. in
MAC system).

Inability to read root cgroup path leads to failure in determining
instance type being used (system, user), eg.

  user@localhost:~$ /usr/lib/systemd/user-generators/systemd-dbus1-generator
  [13087.175648] audit: type=1400 audit(946701489.290:1463): lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System" requested=r pid=14081 comm="systemd-dbus1-g" name="cgroup" dev="proc" ino=11149
  Failed to determine whether we are running as user or system instance: Permission denied

  strace:  open("/proc/1/cgroup", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 EACCES (Permission denied)

Change-Id: I60a17ad05b8b49cd1fb1c8aa3ad8f46d34231df3
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
9 months agounits: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled
Sangjung Woo [Wed, 14 Oct 2015 06:38:25 +0000 (15:38 +0900)]
units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled

If SMACK is enabled, 'smackfsroot=*' option should be specified in
tmp.mount file since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.

origin: https://github.com/systemd/systemd/commit/409c2a13fd65692c6

Change-Id: I11df1ad555f376eaf0588d35e91789c9e2b07f8d
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
9 months agospec: disable systemd-randomseed
Sangjung Woo [Tue, 8 Sep 2015 05:08:51 +0000 (14:08 +0900)]
spec: disable systemd-randomseed

When systemd-randomseed is enabled, random seed is generated in post
script. However, the smack functionality of Tizen build system is not
enabled so /var/lib/systemd directory is labeled as "_". Because of this
reason, some daemons or tools such as loginctl which is labeled as
"System" eventually failed to create some files in /var/lib/systemd.
This patch resolves this issue by disabling systemd-randomseed since
this functionality is not necessary for Tizen.

Change-Id: Idd95dc97b84de400fbd7a6890bd6d78f8557c2fc
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
9 months agospec: fix systemd-tmpfiles-setup.service failure
Sangjung Woo [Mon, 7 Sep 2015 05:17:47 +0000 (14:17 +0900)]
spec: fix systemd-tmpfiles-setup.service failure

systemd-tmpfiles-setup.service is failed since
/usr/share/factory/etc/nsswitch.conf is not installed. This patch fixes
that bug by adding /usr/share/factory/etc/nsswitch.conf into systemd
package. If /etc/nsswitch.conf already exists,
/usr/share/factory/etc/nsswitch.conf file is not installed in /etc
directory since etc.conf uses 'C' as the type of tmpfiles.d
configuration so this patch does not make any error in network
operation.

Change-Id: I1c4ea8dcdaae002d5cfc3db4be53470c8d2169ca
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
9 months agoTemporarily disable Smack for POSIX shared memory
Rafal Krypa [Wed, 2 Sep 2015 13:27:50 +0000 (15:27 +0200)]
Temporarily disable Smack for POSIX shared memory

Mount /dev/shm directory, used by glibc for implementation of POSIX shared
memory segments, will now be mounted with System::Run label, transmutable.
This effectively disables any access control by Smack on POSIX SHMs.
Programs running with the same UID and GIDs, but different Smack labels
(i.e. applications, user services) will be able to spy on each others SHM.

This is a temporary workaround for problems with audio architecture not
compliant with Tizen 3.0 security architecture. Applications using pulse
audio try to exchange SHM segments.

This patch is to be reverted in the near future. It is needed for now to
have a working release.

Change-Id: I82fa7b33ad415a5b57d6e2c3e8c6ea642c659ab7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
9 months agocore: fix the CGROUP spawning error as a workaround
Sangjung Woo [Wed, 26 Aug 2015 01:32:29 +0000 (10:32 +0900)]
core: fix the CGROUP spawning error as a workaround

When logging in and out continually, the below error occurs.

* systemd: Failed at step CGROUP spawning /usr/lib/systemd/systemd: No
such file or directory

This is mainly because the cgroup path of systemd user session does not
exists even though that cgroup is marked as 'realized'. That is
definitely bug and it is already reported into systemd mainline last
January. But there is no _right_ solution right now and it looks like a
picky problem to resolve. So I made this patch as a workaround for Tizen
TDC demonstration.

Change-Id: Ie2e164a4e4daeb88fc102e5fa88e0faca28088b0
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
9 months agosmack: set up the smack label '*' to symlinks in cgroupfs
Sangjung Woo [Tue, 18 Aug 2015 07:02:59 +0000 (16:02 +0900)]
smack: set up the smack label '*' to symlinks in cgroupfs

systemd creates the symbolic link to both of cpu and cpuacct in
cgroupfs. However, systemd has its smack label such as system, those
link files also have systemd's smack label as below. This patch is a
workarnoud for that bug.

lrwxrwxrwx. 1 root root System  11 Dec 31 16:00 cpu -> cpu,cpuacct
dr-xr-xr-x. 4 root root *        0 Dec 31 16:01 cpu,cpuacct
lrwxrwxrwx. 1 root root System  11 Dec 31 16:00 cpuacct -> cpu,cpuacct

Change-Id: I3db172077cfdf405bf7f99d2ced5fb131ecc0151
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
9 months agospec: exclude /usr/share/factory/etc/nsswitch.conf
Sangjung Woo [Tue, 28 Jul 2015 08:36:37 +0000 (17:36 +0900)]
spec: exclude /usr/share/factory/etc/nsswitch.conf

Since vendor specific nsswitch.conf is not used in Tizen
platform, '/usr/share/factory/etc/nsswitch.conf' is removed and
/etc/nsswitch.conf will be used.

Change-Id: Id2f0665629e4fbf89735e6396fadada5ebb5a396
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
9 months agosmack: add write_netlabel_rule() to support
Sangjung Woo [Wed, 8 Jul 2015 01:36:54 +0000 (10:36 +0900)]
smack: add write_netlabel_rule() to support

In order to support the smack networking, write_netlabel_rule()
is added instead of previous write_rules() function since that
is removed by previous mainline commit 6656aefb.

Change-Id: Ic704bc524f067f85c9dde5d8db8b54d1c80ef1ee
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
9 months agosmack: support smack access change-rule
WaLyong Cho [Wed, 10 Jun 2015 02:33:00 +0000 (11:33 +0900)]
smack: support smack access change-rule

Smack is also able to have modification rules of existing rules. In
this case, the rule has additional argument to modify previous
rule. /sys/fs/smackfs/load2 node can only take three arguments:
subject object access. So if modification rules are written to
/sys/fs/smackfs/load2, EINVAL error is happen. Those modification
rules have to be written to /sys/fs/smackfs/change-rule.
To distinguish access with operation of cipso2, split write_rules()
for each operation. And, in write access rules, parse the rule and if
the rule has four argument then write into
/sys/fs/smackfs/change-rule.
https://lwn.net/Articles/532340/

fwrite() or fputs() are fancy functions to write byte stream such like
regular file. But special files on linux such like proc, sysfs are not
stream of bytes. Those special files on linux have to be written with
specific size.
By this reason, in some of many case, fputs() was failed to write
buffer to smack load2 node.
The write operation for the smack nodes should be performed with
write().

Origin: https://github.com/systemd/systemd/commit/6656aefb

Change-Id: Ied3eb195b86514525cb1c6904a7a7b66d1bccb52
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
9 months agotizen-smack: label sound devices with *
Maciej Wereski [Thu, 28 May 2015 16:46:26 +0000 (18:46 +0200)]
tizen-smack: label sound devices with *

Change-Id: Ia41c0f7d8d4d98e34b4260cd9a8a55d99c5a33a7
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
9 months agotizen: Tune of swap
Michael I Doherty [Tue, 23 Jul 2013 13:12:50 +0000 (14:12 +0100)]
tizen: Tune of swap

Allow swap to be activated concurrently with sysinit target

Change-Id: I56aef31809e50ae6c4b10174c0f3b144f72b9746

9 months agotizen: Add pam_systemd.so to systemd-user
Łukasz Stelmach [Wed, 29 Oct 2014 11:25:32 +0000 (12:25 +0100)]
tizen: Add pam_systemd.so to systemd-user

+ Add pam_systemd.so to /etc/pam.d/systemd-user

Change-Id: I87e9b5514f2cc77c37bc40aac4f15a4c741ee4e4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
9 months agotizen-smack: Runs systemd-journald with ^
Casey Schaufler [Fri, 20 Dec 2013 00:49:28 +0000 (16:49 -0800)]
tizen-smack: Runs systemd-journald with ^

Run systemd-journald with the hat ("^") Smack label.

The journal daemon needs global read access to gather information
about the services spawned by systemd. The hat label is intended
for this purpose. The journal daemon is the only part of the
System domain that needs read access to the User domain. Giving
the journal daemon the hat label means that we can remove the
System domain's read access to the User domain.

Change-Id: Ic22633f0c9d99c04f873be8a346786ea577d0370
Signed-off-by: Casey Schaufler <casey.schaufler@intel.com>
9 months agotizen-smack: Tuning user@.service.m4.in
Patrick McCarty [Tue, 10 Dec 2013 01:09:27 +0000 (17:09 -0800)]
tizen-smack: Tuning user@.service.m4.in

- set SmackProcessLabel
- set DBUS_SESSION_BUS_ADDRESS
- set capabilities

Note: This patch should remain downstream, since it relies on the
Tizen-specific three-domain model.

On Tizen, all user@.service.m4.in instances should run with the User label, so
use the new SmackProcessLabel key to set it at runtime.

This was at first set by user-session@.service.m4.in, then by many services
(bt-fwrk) and scripts (weston.sh). This patch makes it again available
for whole user environment.

Include CAP_MAC_ADMIN and CAP_SETGID in inheritable capability set for the
whole user session. All programs started in the session will have this
enabled, unless they drop it explicitly or someone does that in proper
systemd services.

This change alone doesn't give any special capabilities to the processes.
It merely enables them to inherit capability while executing programs that
have those caps in inheritable and permitted sets (+ei).

The above change is meant as a part of solution for setting Smack label and
process groups for applications. Respective application launchers (for now
only Crosswalk) will get file capabilities mentioned above. In run-time
they will call a designated function for setting Smack label and groups and
drop the capabilities.

It seems that also CAP_MAC_OVERRIDE will be needed to bypass Smack checks
during modification of socket labels:

kernel: type=1400 audit(1416390778.371:3): lsm=SMACK fn=smack_inode_setxattr
action=denied subject="User" object="_" requested=w pid=2422
comm="amd_session_age" name="UNIX" dev="sockfs" ino=14108

CAP_MAC_ADMIN only allows policy administration, it doesn't override the
checks.

Change-Id: Ie4026dfaf4c6cd463c11f077ca97e75c5085e4c8

9 months agotizen-smack: Handling of /dev
Michael Demeter [Fri, 11 Oct 2013 22:37:57 +0000 (15:37 -0700)]
tizen-smack: Handling of /dev

Smack enabled systems need /dev special devices correctly labeled

- Add AC_DEFINE for HAVE_SMACK to configure.ac
- Add Check for smack in Makefile.am to include smack default rules
- Add smack default rules to label /dev/xxx correctly for access

Change-Id: Iebe2e349cbedb3013abdf32edb55e9310f1d17f5

9 months agotizen-smack: Handling of /run and /sys/fs/cgroup
Michael Demeter [Fri, 11 Oct 2013 22:37:57 +0000 (15:37 -0700)]
tizen-smack: Handling of /run and /sys/fs/cgroup

Make /run a transmuting directory to enable systemd
communications with services in the User domain.

Change-Id: I9e23b78d17a108d8e56ad85a9e839b6ccbe4feff

9 months agotizen-rpm: 2 useful macro for RPM
Anas Nashif [Sun, 9 Dec 2012 17:51:23 +0000 (09:51 -0800)]
tizen-rpm: 2 useful macro for RPM

- Add %install_service macro
- Define %_unitdir_user macro for user session units

Change-Id: Idc7f5c392c96981d95420b0d747eaf28964b2d02

9 months agopackaging: Bump to 219
José Bollo [Wed, 18 Mar 2015 13:28:28 +0000 (14:28 +0100)]
packaging: Bump to 219

Change-Id: I65a5d9a0a61b0d63d7563d86e0bcfe40d8bb2621
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
9 months agopackaging: Make Tizen start faster
caoxinintel [Tue, 25 Nov 2014 06:08:59 +0000 (14:08 +0800)]
packaging: Make Tizen start faster

The removed services are not useful in Tizen. However, it still wastes time
as systemd tries to load, queue and start them. And disabling these
services will save some time during Tizen boot-up.

9 months agopackaging: Add default.target just like user has
Jussi Laako [Wed, 5 Nov 2014 16:02:38 +0000 (18:02 +0200)]
packaging: Add default.target just like user has

Remove graphical.target as default boot target
and replace it with a real default.target that
will Require either multi-user.target or some
other previously final target. This allows proper
use of default.target.wants.

Change-Id: Ic0a3083dff6b3d398d3fccffcedcba2e30809f87
Signed-off-by: Jussi Laako <jussi.laako@linux.intel.com>
9 months agopackaging: Bump to 216, conditional kdbus support
Łukasz Stelmach [Wed, 29 Oct 2014 11:25:32 +0000 (12:25 +0100)]
packaging: Bump to 216, conditional kdbus support

+ Rename systemd-coredumpctl to coredumpctl (f4bab169) and introduce
  coredump.conf (34c10968).

+ Disable some new features: sysusers, firstboot, timesyncd, resolved
  and networked.

+ New tools: systemd-escape and systemd-path.

+ New header files in the devel package.

+ Add package-specific rpllint configuration file.

[Dropped kdbus support]

Change-Id: I87e9b5514f2cc77c37bc40aac4f15a4c741ee4e4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
7 years agopackaging: proper SMACK label on systemd-coredump
Maciej Wereski [Thu, 23 Oct 2014 10:20:21 +0000 (12:20 +0200)]
packaging: proper SMACK label on systemd-coredump

Bug-Tizen: TC-1578

Change-Id: I60001c2310d6ecaea459528846a010d07a4f0439
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
7 years agopackaging: Bump to v212
Kévin THIERRY [Mon, 26 May 2014 11:51:52 +0000 (13:51 +0200)]
packaging: Bump to v212

7 years agopackaging: Set proper smack label for locale.conf
Ulf Hofemeier [Mon, 31 Mar 2014 23:09:04 +0000 (16:09 -0700)]
packaging: Set proper smack label for locale.conf

Bug-fix: TIVI-2890

The post install script that creates the /etc/locale.conf
didn't set smack label, which defaults to _, and systemd is
running as System, and couldn't write to it.

Change-Id: I3639940d742aa7f20741953ae0268775788d656a
Signed-off-by: Ulf Hofemeier <ulf.hofemeier@linux.intel.com>
7 years agopackaging: Bump to v208
William Douglas [Mon, 7 Oct 2013 21:23:56 +0000 (14:23 -0700)]
packaging: Bump to v208

- Add System label to systemd

7 years agopackaging-RSA: Import platform restart from RSA
Krzysztof Opasiak [Thu, 18 Apr 2013 07:29:53 +0000 (09:29 +0200)]
packaging-RSA: Import platform restart from RSA

Platform restart functionality patch reorganized.

 Previous patch made by Sangjung Woo <sangjung.woo@samsung.com>
 had to be reorganized to ensure that it may be applied on any
 systemd version. Now it is applied without modifying any
 systemd files (ex. Makefile).

Change-Id: I187f05c24f3e8267a9e88c11a0a9ca84a6ae7d71
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
7 years agopackaging-RSA: Add pamconsole-tmp.conf from RSA
Maciej Wereski [Tue, 6 Aug 2013 11:56:31 +0000 (13:56 +0200)]
packaging-RSA: Add pamconsole-tmp.conf from RSA

7 years agopackaging: Add packaging
Anas Nashif [Tue, 8 Jan 2013 23:31:46 +0000 (15:31 -0800)]
packaging: Add packaging

- Add packaging files
- Disable sysv compatibility
- Enable readahead services
- Add baselibs.conf to support multilib
- Fix the dangling symlink /var/lock
    In upstream systemd, legacy.conf, which creates /run/lock, is only
    installed when sysvcompat is enabled, but this breaks the /var/lock
    symlink. Installing legacy.conf fixes the issue.

8 years agobuild-sys: metadata updates for v231 (#3803) v231
Lennart Poettering [Mon, 25 Jul 2016 19:49:47 +0000 (21:49 +0200)]
build-sys: metadata updates for v231 (#3803)

8 years agoCODING_STYLE fixes (#3804)
Lennart Poettering [Mon, 25 Jul 2016 19:34:42 +0000 (21:34 +0200)]
CODING_STYLE fixes (#3804)

As noted by @evverx:

https://github.com/systemd/systemd/pull/3802/files/0b81133facb7576e983ec8427ffc3a4a8cc62846#r72126018
https://github.com/systemd/systemd/pull/3802/files/0b81133facb7576e983ec8427ffc3a4a8cc62846#r72126432

8 years agoMerge pull request #3802 from poettering/id128-fixes
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jul 2016 19:08:29 +0000 (15:08 -0400)]
Merge pull request #3802 from poettering/id128-fixes

Id128 fixes and more

8 years agoMerge pull request #3800 from keszybz/systemctl-more-cleanup
Lennart Poettering [Mon, 25 Jul 2016 19:01:01 +0000 (21:01 +0200)]
Merge pull request #3800 from keszybz/systemctl-more-cleanup

Systemctl more cleanup

8 years agoman: extend documentation on the SplitMode= setting (#3801)
Lennart Poettering [Mon, 25 Jul 2016 18:56:24 +0000 (20:56 +0200)]
man: extend documentation on the SplitMode= setting (#3801)

Adressing https://github.com/systemd/systemd/issues/3755#issuecomment-234214273

8 years agoCODING_STYLE: document src/shared ←→ src/basic split
Lennart Poettering [Mon, 25 Jul 2016 18:54:34 +0000 (20:54 +0200)]
CODING_STYLE: document src/shared ←→ src/basic split

Addresses: https://github.com/systemd/systemd/pull/3580#issuecomment-227931168

While we are at it, also document that we focus on glibc, not any other libcs.

8 years agosd-id128: be more liberal when reading files with 128bit IDs
Lennart Poettering [Mon, 25 Jul 2016 18:50:24 +0000 (20:50 +0200)]
sd-id128: be more liberal when reading files with 128bit IDs

Accept both files with and without trailing newlines. Apparently some rkt
releases generated them incorrectly, missing the trailing newlines, and we
shouldn't break that.

8 years agofileio: imply /tmp as directory if passed as NULL to open_tmpfile_unlinkable()
Lennart Poettering [Mon, 25 Jul 2016 18:35:04 +0000 (20:35 +0200)]
fileio: imply /tmp as directory if passed as NULL to open_tmpfile_unlinkable()

We can make this smarter one day, to honour $TMPDIR and friends, but for now,
let's just use /tmp.

8 years agoman: minor man page fix
Lennart Poettering [Mon, 25 Jul 2016 18:14:13 +0000 (20:14 +0200)]
man: minor man page fix

Addressing:

https://github.com/systemd/systemd/commit/b541146bf8c34aaaa9efcf58325f18da9253c4ec#commitcomment-17997074

8 years agoautomount: don't cancel mount/umount request on reload/reexec (#3670)
Michael Olbrich [Mon, 25 Jul 2016 18:04:02 +0000 (20:04 +0200)]
automount: don't cancel mount/umount request on reload/reexec (#3670)

All pending tokens are already serialized correctly and will be handled
when the mount unit is done.

Without this a 'daemon-reload' cancels all pending tokens. Any process
waiting for the mount will continue with EHOSTDOWN.
This can happen when the mount unit waits for it's dependencies, e.g.
network, devices, fsck, etc.

8 years agotransaction: don't cancel jobs for units with IgnoreOnIsolate=true (#3671)
Michael Olbrich [Mon, 25 Jul 2016 18:02:55 +0000 (20:02 +0200)]
transaction: don't cancel jobs for units with IgnoreOnIsolate=true (#3671)

This is important if a job was queued for a unit but not yet started.
Without this, the job will be canceled and is never executed even though
IgnoreOnIsolate it set to 'true'.

8 years agosystemctl: use _cleanup_ for UnitCondition
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jul 2016 16:29:20 +0000 (12:29 -0400)]
systemctl: use _cleanup_ for UnitCondition

8 years agosystemctl: simplify machine_info_clear
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jul 2016 16:21:50 +0000 (12:21 -0400)]
systemctl: simplify machine_info_clear

It is only used with info allocated on the stack, so the pointer cannot be
NULL.

8 years agocoredump: turn off coredump collection only when PID 1 crashes, not when journald...
Lennart Poettering [Mon, 25 Jul 2016 17:03:43 +0000 (19:03 +0200)]
coredump: turn off coredump collection only when PID 1 crashes, not when journald crashes (#3799)

As suggested:

https://github.com/systemd/systemd/pull/3783/files/5157879b757bffce3da0a68ca207753569e8627d#r71906971

8 years agosystemctl: avoid "leaking" some strings in UnitStatusInfo
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jul 2016 16:15:57 +0000 (12:15 -0400)]
systemctl: avoid "leaking" some strings in UnitStatusInfo

% valgrind --leak-check=full systemctl status multipathd.service --no-pager -n0
...
==431== 16 bytes in 2 blocks are definitely lost in loss record 1 of 2
==431==    at 0x4C2BBAD: malloc (vg_replace_malloc.c:299)
==431==    by 0x534AF19: strdup (in /usr/lib64/libc-2.23.so)
==431==    by 0x4E81AEE: free_and_strdup (string-util.c:794)
==431==    by 0x4EF66C1: map_basic (bus-util.c:1030)
==431==    by 0x4EF6A8E: bus_message_map_all_properties (bus-util.c:1153)
==431==    by 0x120487: show_one (systemctl.c:4672)
==431==    by 0x1218F3: show (systemctl.c:4990)
==431==    by 0x4EC359E: dispatch_verb (verbs.c:92)
==431==    by 0x12A3AE: systemctl_main (systemctl.c:7742)
==431==    by 0x12B1A8: main (systemctl.c:8011)
==431==
==431== LEAK SUMMARY:
==431==    definitely lost: 16 bytes in 2 blocks

This happens because map_basic() strdups the strings. Other code in systemctl
assigns strings to UnitStatusInfo without copying them, relying on the fact
that the message is longer lived than UnitStatusInfo. Add a helper function
that is similar to map_basic, but only accepts strings and does not copy them.
The alternative of continuing to use map_basic() but adding proper cleanup
to free fields in UnitStatusInfo seems less attractive because it'd require
changing a lot of code and doing a lot of more allocations for little gain.

(I put "leaking" in quotes, because systemctl is short lived anyway.)

8 years agosystemctl: use cleanup function for UnitStatusInfo
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jul 2016 15:53:14 +0000 (11:53 -0400)]
systemctl: use cleanup function for UnitStatusInfo

There is no functional change, but clarity of the code is increased
by splitting out the cleanup part and putting it next to the structure
definition.

8 years agoMerge pull request #3681 from walyong/systemctl_condition
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jul 2016 15:27:14 +0000 (11:27 -0400)]
Merge pull request #3681 from walyong/systemctl_condition

8 years agoMerge pull request #3798 from keszybz/news-and-man-tweaks
Lennart Poettering [Mon, 25 Jul 2016 15:24:35 +0000 (17:24 +0200)]
Merge pull request #3798 from keszybz/news-and-man-tweaks

News and man tweaks

8 years agosystemctl: style tweaks for the new condition code
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jul 2016 15:20:58 +0000 (11:20 -0400)]
systemctl: style tweaks for the new condition code

8 years agocore: change ExecStart=! syntax to ExecStart=+ (#3797)
Lennart Poettering [Mon, 25 Jul 2016 14:53:33 +0000 (16:53 +0200)]
core: change ExecStart=! syntax to ExecStart=+ (#3797)

As suggested by @mbiebl we already use the "!" special char in unit file
assignments for negation, hence we should not use it in a different context for
privileged execution. Let's use "+" instead.

8 years agoman: use "search for unit"
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jul 2016 14:41:04 +0000 (10:41 -0400)]
man: use "search for unit"

To "search something", in the meaning of looking for it, is valid,
but "search _for_ something" is much more commonly used, especially when
the meaning could be confused with "looking _through_ something"
(for some other object).

(C.f. "the police search a person", "the police search for a person".)

Also reword the rest of the paragraph to avoid using "automatically"
three times.

8 years agoNEWS: reword the text about libshared
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jul 2016 14:34:56 +0000 (10:34 -0400)]
NEWS: reword the text about libshared

"strict versioned dependency" suggests that version "231" of the library
is stable. But the ABI or API might be changed in any patch, so reword
the text to avoid using "version".

8 years agoman: make chroot less prominent in discussion of nspawn
Zbigniew Jędrzejewski-Szmek [Fri, 22 Jul 2016 20:31:55 +0000 (16:31 -0400)]
man: make chroot less prominent in discussion of nspawn

Not as many people use chroot as before, so make the flow a bit nicer by
talking less about chroot.

"change to the either" is awkward and unclear. Just remove that part,
because all changes are lost, period.

8 years agoshared/install: allow "enable" on linked unit files (#3790)
Zbigniew Jędrzejewski-Szmek [Mon, 25 Jul 2016 14:20:16 +0000 (10:20 -0400)]
shared/install: allow "enable" on linked unit files (#3790)

User expectations are broken when "systemctl enable /some/path/service.service"
behaves differently to "systemctl link ..." followed by "systemctl enable".
From user's POV, "enable" with the full path just combines the two steps into
one.

Fixes #3010.

8 years agogetty@.service.m4: add Conflicts=/Before= against rescue.service (#3792)
Michal Soltys [Mon, 25 Jul 2016 14:18:00 +0000 (16:18 +0200)]
getty@.service.m4: add Conflicts=/Before= against rescue.service (#3792)

If user isolates rescue target from multi-user or graphical target (or just
starts the service), IgnoreOnIsolate will cause issues with sulogin which is
directly started on current virtual console. This patch adds necessary
Conflicts= and Before= against rescue.service.

Note that this is not needed for emergency target, as implicit Requires= and
After= against sysinit.target is in effect for this service
(DefaultDependencies=yes).

8 years agoMerge pull request #3796 from poettering/mailmap
Martin Pitt [Mon, 25 Jul 2016 13:47:24 +0000 (15:47 +0200)]
Merge pull request #3796 from poettering/mailmap

documentation, NEWS and mailmap fixes

8 years agonamespace: don't fail on masked mounts (#3794)
Alban Crequy [Mon, 25 Jul 2016 13:39:46 +0000 (15:39 +0200)]
namespace: don't fail on masked mounts (#3794)

Before this patch, a service file with ReadWriteDirectories=/file...
could fail if the file exists but is not a mountpoint, despite being
listed in /proc/self/mountinfo. It could happen with masked mounts.

Fixes https://github.com/systemd/systemd/issues/3793

8 years agoNEWS: document the new shared library for internal code
Lennart Poettering [Mon, 25 Jul 2016 13:27:10 +0000 (15:27 +0200)]
NEWS: document the new shared library for internal code

8 years agoupdate hwdb (#3795)
Lennart Poettering [Mon, 25 Jul 2016 13:24:15 +0000 (15:24 +0200)]
update hwdb (#3795)

"make update-hwdb" in preparation for v231.

8 years agoman: update systemctl man page for unit file commands, in particular "systemctl enable"
Lennart Poettering [Mon, 25 Jul 2016 13:10:15 +0000 (15:10 +0200)]
man: update systemctl man page for unit file commands, in particular "systemctl enable"

Clarify that "systemctl enable" can operate either on unit names or on unit
file paths (also, adjust the --help text to clarify this). Say that "systemctl
enable" on unit file paths also links the unit into the search path.

Many other fixes.

This should improve the documentation to avoid further confusion around #3706.

8 years agoNEWS: update mailmap to bring NEWS and "make git-contrib" in line
Lennart Poettering [Mon, 25 Jul 2016 13:03:46 +0000 (15:03 +0200)]
NEWS: update mailmap to bring NEWS and "make git-contrib" in line

Let's make sure that "make git-contrib" prints a useful contributors list
directly useful for NEWS and fixes up contributors's IDs a bit.

8 years agoNEWS: more stuff for v231 (#3786)
Zbigniew Jędrzejewski-Szmek [Sat, 23 Jul 2016 08:11:30 +0000 (04:11 -0400)]
NEWS: more stuff for v231 (#3786)

8 years agoMerge pull request #3785 from keszybz/less-return-errno
Martin Pitt [Sat, 23 Jul 2016 08:10:53 +0000 (10:10 +0200)]
Merge pull request #3785 from keszybz/less-return-errno

Use "return log_error_errno(...)" in more places + related fixes

8 years agoNEWS: remove duplicate names and fix a few typos
Zbigniew Jędrzejewski-Szmek [Sat, 23 Jul 2016 01:40:46 +0000 (21:40 -0400)]
NEWS: remove duplicate names and fix a few typos

8 years agoMerge pull request #3784 from poettering/NEWS-v231
Zbigniew Jędrzejewski-Szmek [Sat, 23 Jul 2016 01:28:31 +0000 (21:28 -0400)]
Merge pull request #3784 from poettering/NEWS-v231

8 years agonspawn: don't skip cleanup on locking error
Zbigniew Jędrzejewski-Szmek [Sat, 23 Jul 2016 00:28:57 +0000 (20:28 -0400)]
nspawn: don't skip cleanup on locking error

8 years agoimport: don't log "fake" errno values
Zbigniew Jędrzejewski-Szmek [Sat, 23 Jul 2016 00:28:30 +0000 (20:28 -0400)]
import: don't log "fake" errno values

8 years agoUse "return log_error_errno" in more places"
Zbigniew Jędrzejewski-Szmek [Sat, 23 Jul 2016 00:27:45 +0000 (20:27 -0400)]
Use "return log_error_errno" in more places"

8 years agoMerge pull request #3777 from poettering/id128-rework
Zbigniew Jędrzejewski-Szmek [Sat, 23 Jul 2016 01:18:41 +0000 (21:18 -0400)]
Merge pull request #3777 from poettering/id128-rework

uuid/id128 code rework

8 years agoPopulate NEWS a bit, in preparation for v231
Lennart Poettering [Fri, 22 Jul 2016 18:18:34 +0000 (20:18 +0200)]
Populate NEWS a bit, in preparation for v231

(Note complete yet.)

8 years agoman: rework resolved.conf's Cache= documentation
Lennart Poettering [Fri, 22 Jul 2016 18:17:23 +0000 (20:17 +0200)]
man: rework resolved.conf's Cache= documentation

Let's not mention the supposed security benefit of turning off caching. It is
really questionnable, and I#d rather not create the impression that we actually
believed turning off caching would be a good idea.

Instead, mention that Cache=no is implicit if a DNS server on the local host is
used.

8 years agomailmap: add a few more names
Lennart Poettering [Fri, 22 Jul 2016 18:16:56 +0000 (20:16 +0200)]
mailmap: add a few more names

Let's do something about my OCD and map a numbre of commiters to proper names.

8 years agoMerge pull request #3783 from poettering/fix-3285
Lennart Poettering [Fri, 22 Jul 2016 16:37:42 +0000 (18:37 +0200)]
Merge pull request #3783 from poettering/fix-3285

coredump: make sure to handle crashes of PID 1 and journald special

8 years agocoredump: turn off coredump collection entirely after journald or PID 1 crashed
Lennart Poettering [Fri, 22 Jul 2016 16:01:50 +0000 (18:01 +0200)]
coredump: turn off coredump collection entirely after journald or PID 1 crashed

Safe is safe, let's turn off the whole logic if we can, after all it is
unlikely we'll be able to process further crashes in a reasonable way.