Youngjae Cho [Wed, 6 May 2020 06:39:03 +0000 (15:39 +0900)]
Fix delayed.target
Add binary wait-target-done.c for waiting creation of *.done file.
Change-Id: I0d87c574086073b28aa52dccca3e760914e2abbd
Signed-off-by: Youngjae Cho <y0.cho@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
INSUN PYO [Tue, 21 Apr 2020 07:11:15 +0000 (16:11 +0900)]
Delayed target: check interval is changed from 1 second to 0.2 seconds.
Change-Id: I2206ada9509d503ac02733d0cb0c1539d932b184
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
INSUN PYO [Thu, 16 Apr 2020 00:04:39 +0000 (09:04 +0900)]
spec: fix indent in systemd.spec
Change-Id: I7b48f4cd8e66e3c52a23305d48466c75e5443845
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
INSUN PYO [Thu, 9 Apr 2020 05:17:05 +0000 (14:17 +0900)]
Change file permission of org.tizen.system.conf to 644.
Change-Id: Ibdf905f96c6f72951db4e90b761462e05a956232
Adrian Szyndela [Mon, 6 Apr 2020 10:14:04 +0000 (12:14 +0200)]
delayed: replace dbus-send with a dedicated program
In release versions there can be no helper programs for sending
any messages over D-Bus. Thus, dbus-send, busctl etc. are removed.
This commit replaces dbus-send use cases with a specialized little
tool, which does what dbus-send did in those cases.
Change-Id: I54e51fc3fe563961f18b953215cee41c3bf4510e
INSUN PYO [Fri, 3 Apr 2020 01:37:48 +0000 (10:37 +0900)]
logind: add SmackProcessLabel=System::Privileged to user-runtime-dir@.service
To change smack label /run/user/5001/system_share to "*", we need System::Privileged.
Change-Id: Icd1e8c7794236670575df68d1fe35c35584f24f2
Adrian Szyndela [Thu, 2 Apr 2020 12:32:02 +0000 (14:32 +0200)]
socket: fix printing of size_t value
Change-Id: I9a6fa9f3a15c091fdda0e738de96dcebca8ee1c3
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Łukasz Stelmach [Thu, 25 Jan 2024 14:14:39 +0000 (15:14 +0100)]
Merge upgrade-to-244 into tizen
Change-Id: Id141f6a5f624ba6a4a24b0bf85a20b7e51878781
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Łukasz Stelmach [Wed, 20 Mar 2024 09:40:39 +0000 (10:40 +0100)]
test-copy: allow copy from symlinked dir
Change-Id: I96f7e86c4f3b26bc79431ccd962dffc82befb14f
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Łukasz Stelmach [Tue, 19 Mar 2024 15:48:08 +0000 (16:48 +0100)]
tests: make tests pass with non-utf8 locale
Change-Id: Id9056e66b5b3619f7f30a8e1a12b184bf82b1991
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Łukasz Stelmach [Tue, 19 Mar 2024 13:33:16 +0000 (14:33 +0100)]
tree-wide: replace realpath with readlink -f
Tizen's coreutils doesn't include 'realpath' utility, which was
introduced in coreutils 8.15. However, Tizen's coreutils includes 'readlink'
utility, which is very close to 'realpath' if called with '-f' param.
Change-Id: I08b6ed68fc6bf0c384b599f4de3724724345d5c7
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Adrian Szyndela [Thu, 5 Mar 2020 08:30:26 +0000 (09:30 +0100)]
Revert "units: drop units/user/busnames.target"
This reverts commit
df134443395f6e043e0cd2a45ab529583df96e4e.
Adrian Szyndela [Thu, 5 Mar 2020 08:28:16 +0000 (09:28 +0100)]
Revert "units: remove unused busnames.target"
This reverts commit
0ba89873372c3ab508852b4e0071da0719bcea0a.
Adrian Szyndela [Thu, 26 Mar 2020 10:19:37 +0000 (11:19 +0100)]
sd-bus: fix fcntl flag for duplicating fd
Adrian Szyndela [Tue, 25 Feb 2020 15:51:26 +0000 (16:51 +0100)]
tests: correct test-bus-benchmark test name
Additionally, move the entry to the alphabetically correct position after
the name change.
Change-Id: I348bae84a948eb35cfcb9858465156c66b6f01eb
Hyotaek Shim [Mon, 17 Feb 2020 04:54:18 +0000 (13:54 +0900)]
Increase the max number of INotify instances per real user ID
Change-Id: I49a2ed1881d03def82be5a83ae5b6eb0db01ce6c
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
INSUN PYO [Wed, 22 Jan 2020 02:21:43 +0000 (11:21 +0900)]
Exclude systemd-remount-fs.service
Change-Id: I653420164edb44a7a941f5c98887dc3ee6d4852e
Hyotaek Shim [Thu, 9 Jan 2020 09:23:18 +0000 (18:23 +0900)]
Apply priv_keygrab:r ACL rule to /dev/input
Change-Id: I8174ccd81aa3970a76a6f3680234dae77d920429
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
INSUN PYO [Tue, 5 Nov 2019 02:51:19 +0000 (11:51 +0900)]
logind: change the power key to disabled
Tizen does not support power off without deviced.
So, you need to turn off the power key function in logind.
1. Disable TAG+="power-switch" uevent rules because logind uses "power-switch" uevent to recognize the power key.
2. Change default behavior for power key to ignore.
Change-Id: I0523d4cc46ce2edd05e479e9101c6d20f70b4296
Hyotaek Shim [Mon, 7 Oct 2019 11:43:04 +0000 (20:43 +0900)]
Remove the smack exec label of busctl
Change-Id: Iaab47bd04b0c480fa2c2e9e5deeeded9d461c4b4
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Hyungju Lee [Tue, 10 Sep 2019 02:06:08 +0000 (11:06 +0900)]
Change smack label of /dev/full from '_' to '*'
Change-Id: I706f14f7e8d767b0d7904a08e793f424c47e001b
Hyotaek Shim [Thu, 22 Aug 2019 11:46:11 +0000 (20:46 +0900)]
Add dbus policy for org.tizen.system.BootingDone
Change-Id: I8f0bd7887b5f1cbd7637c00e03240e4d5e09e4c7
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Paweł Szewczyk [Fri, 26 Jul 2019 08:48:24 +0000 (10:48 +0200)]
Use separate udev tag for devices in user session
The system-user tag can be used to mark devices that will be enumerated by
systemd in 'systemd --user' instance.
Change-Id: I5889f50df6c329de36c2544ee5cf1ba1c52ad433
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
INSUN PYO [Fri, 19 Jul 2019 08:23:57 +0000 (17:23 +0900)]
Rework delayed.target
start delayed.service --> finish default.target --> start all of delayed.service -->
finish delayed.target --> StartupFinished
Change-Id: I2f291ea8b5f535157eec4f105f2c37b0cea448c9
INSUN PYO [Wed, 26 Jun 2019 00:12:45 +0000 (09:12 +0900)]
Change the config value of the "RemainAfterExit=" ("true" -> "yes")
Change-Id: I56db28be6f0cecd0562ba8db6bb1d4af0b1a3b7b
INSUN PYO [Fri, 7 Jun 2019 06:30:41 +0000 (15:30 +0900)]
Add delayed target
Change-Id: I0527d1387500c699be0fbc319c702a77d9ae587b
Cheoleun Moon [Fri, 19 Apr 2019 07:31:03 +0000 (16:31 +0900)]
Add SECLABEL for /dev/net/tun
Change smack label of /dev/net/tun to *
Change-Id: Ie3c7d4e908a077064cb4d5ba5e4e082a7409da64
Signed-off-by: Cheoleun Moon <chleun.moon@samsung.com>
Łukasz Stelmach [Thu, 14 Mar 2024 23:42:20 +0000 (00:42 +0100)]
fixup! socket: Serialize auxiliary file descriptors
Change-Id: I0c5b4d51523c4c2ef96aef6aec79723a11699e03
Łukasz Stelmach [Thu, 14 Mar 2024 23:14:59 +0000 (00:14 +0100)]
Enable stack protection option, -fstack-clash-protection
http://suprem.sec.samsung.net/jira/browse/SATIZENVUL-1930
http://suprem.sec.samsung.net/jira/browse/SATIZENVUL-1933
Change-Id: I0c3292fd0d7fdd69a1aa902a1e9d8b75a6f11d87
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
sanghyeok.oh [Tue, 29 Jan 2019 07:19:49 +0000 (16:19 +0900)]
busctl: set execute label as 'System'
Change-Id: Id76f4cc5c2ab52c61355033fb4bcf8681d2cedbf
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
Hyotaek Shim [Fri, 25 Jan 2019 08:50:42 +0000 (17:50 +0900)]
Minor fix regarding "update-alternatives --remove systemd-shutdown.."
Change-Id: I33510d36510a468c9fa67265f3ba3e73934080a0
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Karol Lewandowski [Wed, 9 Jan 2019 15:16:19 +0000 (16:16 +0100)]
tizen: Allow replacing systemd-shutdown
This will be used by deviced to install custom shutdown handler.
Change-Id: I1f921fbae7d05f9ba937bb68cfa997a310407484
Karol Lewandowski [Thu, 15 Nov 2018 13:02:51 +0000 (14:02 +0100)]
tizen: All logins should use User::Shell smack label
Change-Id: I8c0e7de59689aa83bd0273af4a66dd7a8f823ec9
Łukasz Stelmach [Thu, 14 Mar 2024 22:58:17 +0000 (23:58 +0100)]
socket: Serialize auxiliary file descriptors
When socket is serialized/deserialized it's important to keep all file
descriptors. This commit adds the serialization of auxiliary fds.
For now, only ffs sockets are using auxiliary descriptors.
Change-Id: I5fea0152fee51560e160fe5df4806b55a5b369d6
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
Adrian Szyndela [Fri, 21 Sep 2018 14:11:05 +0000 (16:11 +0200)]
D-Bus policy configs: fixed rules
Removed duplicate rules in all three configs, and specified proper sender
for receiving ActivationRequest signal in org.freedesktop.systemd1.conf.
Change-Id: I550c07ede30a0bb70a9bb3ca00d5771e1722826b
Łukasz Stelmach [Wed, 13 Mar 2024 21:09:16 +0000 (22:09 +0100)]
fixup! logind: change smack label /run/user/%UID/system_share to "*"
Change-Id: I515b016407a253ec0b49a3c52bab5e370332e7a9
Łukasz Stelmach [Wed, 13 Mar 2024 21:08:45 +0000 (22:08 +0100)]
Remove build warnings
- Add TIZEN_JOURNALD_KMSG
- Print kmsg log on dlogutil because journald is heavier than dlogutil
Change-Id: I763cfccbb0d877c52d8448de4a50966a33c84981
Signed-off-by: pr.jung <pr.jung@samsung.com>
Hyotaek Shim [Wed, 5 Sep 2018 09:23:10 +0000 (18:23 +0900)]
Set the smack label of executable binary tools
Apps (3rd party and even in-house Apps) are not permitted to run systemd tools directly.
User System::Tools rx
User::Shell System::Tools rx
System::TEF System::Tools rx
System::Privileged System::Tools rx
System System::Tools rx
Change-Id: I55a9b00a6ec0583d4673d9a41cdda7fbd9e23310
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Łukasz Stelmach [Fri, 31 Mar 2017 11:05:09 +0000 (13:05 +0200)]
spec: configure rpmmacrosdir instead of manually installing rpm macros
Change-Id: Iec5f938f97695f8eafcfc4f3b0b120d5fe77a54e
Mateusz Moscicki [Fri, 11 May 2018 12:58:41 +0000 (14:58 +0200)]
Set the default deny policy for system dbus
org.freedesktop.locale1.conf - send: deny, own: deny
org.freedesktop.login1.conf - send: deny, own: deny
org.freedesktop.systemd1.conf - send: deny, own: deny
Change-Id: I49f402d56f83700fe7528eab3e034cd845afc0a2
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
INSUN PYO [Wed, 7 Mar 2018 07:40:53 +0000 (16:40 +0900)]
logind: change smack label /run/user/%UID/system_share to "*"
INSUN PYO [Tue, 27 Feb 2018 08:48:52 +0000 (17:48 +0900)]
logind: change group and permission /run/user/%UID
1. change group and pemission of /run/usre/%UID to uid/system_share,0750
2. make /run/user/%UID/system_share to uid/system_share,0750
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ie22b8d4e96c1669f7068005952d83f7f4086b60c
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
INSUN PYO [Wed, 31 Jan 2018 01:02:17 +0000 (10:02 +0900)]
journald: Limit system journal size from 10M to 4M
A journald always loads two journal files (one is current and the other is just before) in memory using mmap.
So it always consumes as much memory as file size.
A journald rotates the log in 8 files.
Each log file has a SystemMaxUse/8 size.
(But the minimum value is 512k.)
So SystemMaxUse is 4M to minimize memory usage. (512k * 8 = 4M)
sh-3.2# memps `pidof systemd-journald`
S(CODE) S(DATA) P(CODE) P(DATA) ADDR(start-end) OBJECT NAME
-------- -------- -------- -------- -----------------------------------------------
4 0 508 0
f6d80000-
f6ec0000 /opt/var/log/journal/
999fcdd05c714da0859337c08df2230e/system@
800f735a88e44c35bc7cca47\
9a6984b1-
00000000000015ad-
000561d5c48aab1f.journal
0 4 302 0
f6c40000-
f6d80000 /opt/var/log/journal/
999fcdd05c714da0859337c08df2230e/system.journal
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I9aa53189eae878464acba58b5fdd490f6b3ba7f8
Dawid Kuczma [Tue, 5 Dec 2017 08:31:16 +0000 (09:31 +0100)]
Add well-known-names -> unique names on graph
Usage:
--well-known-names=true
Change-Id: Ife01bd8d1a2d6acc4a45c6595bcc52c15d523742
Łukasz Stelmach [Tue, 12 Mar 2024 14:26:56 +0000 (15:26 +0100)]
fixup! Generate graph from the traffic observable by busctl monitor.
Change-Id: I74dd13254322d1cc3cb3f8e52c40d807f86f05f0
Łukasz Stelmach [Tue, 12 Mar 2024 14:21:44 +0000 (15:21 +0100)]
Add tool for processing graph generated by busctl dot.
Usage:
1) gvpr -f graphinfo.gvpr input_file
2) gvpr -f graphinfo.gvpr input_file -a node -a NODE
3) gvpr -f graphinfo.gvpr input_file -a -node -a NODE
Change-Id: Ie4d05c715df17b61c8c7ad1f7724977c9c2f8bb8
Dawid Kuczma [Thu, 28 Sep 2017 13:08:20 +0000 (15:08 +0200)]
Generate graph from the traffic observable by busctl monitor.
Busctl dot is used to visualize IPC traffic.
It generate dot output whitch can be visualized e.g. by using graphviz.
Also adds filtering by sender/receiver pid.
Internally busctl dot works similar to busctl capture.
It reuses monitor() framework.
--pid=PID -only show messages where sender or receiver pid is equal to PID
--sender-pid=PID -only show messages where sender pid is equal to PID
--receiver-pid=PID -same as above, but filtering by receiver pid.
Signed-off-by: Dawid Kuczma <d.kuczma@partner.samsung.com>
Change-Id: Id9ce46f5085dde10010e89057f78d58b3088d3bc
Hyotaek Shim [Fri, 15 Dec 2017 06:56:43 +0000 (15:56 +0900)]
tizen: Change the permission of /dev/kmsg to "root:log 660 *"
Through this patch, /usr/bin/dlog_logger (log:log) can access /dev/kmsg
without root credentials.
Change-Id: Ie955499c4a0bf1581cd64244cb94acfa6279719d
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
[ Minor style change in commit log. ]
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
INSUN PYO [Wed, 27 Sep 2017 07:10:21 +0000 (16:10 +0900)]
units: [user@.service] Set Group as users
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iaf0d6f57e6a4a124ac0301e38527bddcbb7fe679
INSUN PYO [Thu, 31 Aug 2017 04:10:36 +0000 (13:10 +0900)]
packaging: Remove unused systemd-tmpfiles-clean.service, systemd-tmpfiles-clean.timer
systemd-tmpfiles-clean.service and systemd-tmpfiles-clean.timer are already disabled.
Removes the file that was left to identify the history.
Removes the user to remove the systemd-tmpfiles-clean.service manually.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Ifb105bedc29d7ab660c303059c8e3378c59a6e31
Yunmi Ha [Fri, 18 Aug 2017 08:37:11 +0000 (17:37 +0900)]
Remove upgrade script file from package
Change-Id: If547cb04400e412c00559881e312f831c2d25688
Signed-off-by: Yunmi Ha <yunmi.ha@samsung.com>
INSUN PYO [Mon, 31 Jul 2017 07:46:46 +0000 (16:46 +0900)]
hostnamed : disable hostnamed
Requested by MCD.
The connman, efl, bluez using hostnamed have also agreed to disable.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iecb82b74305201696caa77d108efa216051181ce
Hyotaek Shim [Fri, 9 Jun 2017 12:10:29 +0000 (21:10 +0900)]
Remove "Requires(post): gawk" in the spec.
This patch is needed for reducing storage usage in IoT/Headless devices.
Change-Id: Ie0a5833ef1cf114202d9d783eb63135b31a1f6d6
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Hyotaek Shim [Wed, 7 Jun 2017 04:37:29 +0000 (13:37 +0900)]
55-udev-smack-default.rules: add group rw permission to input nodes
Change-Id: I61c7a3bb1098406172e5ed289cc0510b02794ea5
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
Łukasz Stelmach [Fri, 8 Mar 2024 15:41:27 +0000 (16:41 +0100)]
fixup! tizen: Patch for unlimited timeout for User Session
Change-Id: I13ba233a5f4101c55f06be29f91a4b8d5558770d
INSUN PYO [Thu, 25 May 2017 05:50:55 +0000 (14:50 +0900)]
packaging: Disable systemd-tmpfiles-clean.timer
If you change the time in 15 minutes after booting,
some files in /tmp are removed by systemd-tmpfiles-clean.service.
Also, VD and MCD does't want tmpfile cleanup to be run.
I have modified the timer to not run automatically at boot time.
The timer and service are left unerased.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I5ce99c5a37488e5a89af6a49f32150cc7391a5ef
sanghyeok.oh [Tue, 25 Apr 2017 03:22:06 +0000 (12:22 +0900)]
license:change test-runner's license from Apache 2.0 to BSD-2-clause
To avoid license conflict between LGPL-2.1 and Apache-2.0, change it.
Change-Id: I60125a53b19193fb300f516387d08243cfa94698
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
sanghyeok.oh [Fri, 14 Apr 2017 05:50:54 +0000 (14:50 +0900)]
License:add license file for Apache-2.0
Change-Id: I9c6d1128fdc89b099c68c5fc2c7fd46fa193f0bc
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
INSUN PYO [Tue, 11 Apr 2017 07:26:57 +0000 (16:26 +0900)]
tizen: Do not try to read /proc/1/cgroup from unprivileged processes
In Tizen access to /proc/1 is restricted via Smack. However, there are
unprivileged functions that need to work with information from this dir.
This function caches cgroup information in /run, allowing system-wide
access to this information.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I2a2977400c7917804599cfb6f225dab897dc8b14
INSUN PYO [Thu, 30 Mar 2017 06:18:35 +0000 (15:18 +0900)]
License: add license files for systemd-analyze package
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iea4a6b72d5c277e1bcf3a4604ec6c5b603d1d973
INSUN PYO [Mon, 27 Mar 2017 13:50:39 +0000 (22:50 +0900)]
License: add license files
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I39d99a2040f267c29529d331ff5de7591cbf1fa5
Karol Lewandowski [Mon, 20 Mar 2017 16:35:25 +0000 (17:35 +0100)]
packaging: Make documentation package optional
By default documentation is disabled.
Change-Id: I33648ee019945d47d367e5db3abe84afa3400cc0
hk57.kim [Thu, 9 Mar 2017 08:14:32 +0000 (17:14 +0900)]
[4.0] Remove OBS Project Dependency (kdbus/TV)
- When you SR this, you need to create JIRA-TRE issue of:
: add systemd-extension-kdbus for TV/arm-wayland images.
- Without this commit, this package won't be built correctly in Tizen 4.0.
(It's add, not replace.)
Change-Id: Ic616a3b20450d4594857cc268e2dbf25e80dba37
Signed-off-by: hk57.kim <hk57.kim@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: hk57.kim <hk57.kim@samsung.com>
Signed-off-by: insun.pyo <insun.pyo@samsung.com>
Łukasz Stelmach [Mon, 6 Mar 2017 13:36:27 +0000 (14:36 +0100)]
spec: Enable systemd-tests package
This reverts commit
7137c6fe9d362f69d14581ac1bde124b77930f67.
Change-Id: I2679eb43d68d9d74075ed339c7b7f397c43bc340
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Lukasz Skalski [Mon, 21 Nov 2016 10:00:09 +0000 (11:00 +0100)]
systemd-tests: set common output format
Change-Id: Ia52ad37927bca67e36a932982523cfc75e80e640
wchang kim [Fri, 6 Jan 2017 00:04:50 +0000 (09:04 +0900)]
tizen : Disable the predictable network interface name
Change-Id: Ic2f2d9b50bb5601d3ec7d5940284f89acab7d3f0
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Fri, 2 Dec 2016 07:52:22 +0000 (16:52 +0900)]
tizen: upgrade script patches
1) tizen : Adding the priority number to the filename of systemd_upgrade.sh
(https://review.tizen.org/gerrit/#/c/101825/)
2) tizen: exclude upgrade script directory
(https://review.tizen.org/gerrit/#/c/104341/)
Change-Id: I708a8505fcd08ed5789e69e716163cf9cd0dd0be
Hyeongsik Min [Wed, 30 Nov 2016 07:33:22 +0000 (16:33 +0900)]
journald: Limit system journal size to 10M
In v219, journald implicitly limits system journal(/var/log/journal) size
to 8MB(twice of the minimum journal file size) with SystemMaxUse=0 setting.
But in v231, journald doesn't stop allocating when max_use is 0.
Change-Id: I6b36320191fcc69d5b45cfec5b27a462d0ab8310
Signed-off-by: Hyeongsik Min <hyeongsik.min@samsung.com>
wchang kim [Tue, 15 Nov 2016 02:29:15 +0000 (11:29 +0900)]
Description : Adding to send new system signal for user session done.
When user-session is done, systemd will send new system signal for user-session done.
interface=org.freedesktop.systemd1.Manager,member=UserSessionStartupFinished
UserSessionStartupFinished(t user_id)
Change-Id: I2ee9a2f232c22428894217fc2a519ec9c017fb2c
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Thu, 10 Nov 2016 06:11:24 +0000 (15:11 +0900)]
Description : Added the compatiblie pkgconfig to v219 version.
systemd v231 removed the libraries of login, id128, journal and daemon and merged the
libsystemd.
And it removed thier pkgconfig files.
Other packages in tizen still use them.
So we need to add their pkgconfig files.
Change-Id: Ia120a0f2441cf9744ee192300a33d4b0d0cfb872
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Thu, 10 Nov 2016 02:49:47 +0000 (11:49 +0900)]
Description : Changed the spec file for systemd v231
Change-Id: I50cc42956efb6093286b8bacdc3af4789c8b8fa0
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 9 Nov 2016 23:14:15 +0000 (08:14 +0900)]
Description : Changed the spec file for systemd-231
Change-Id: I44eb84919bddf4d251e082b3a379aaae0b1ee9b5
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Łukasz Stelmach [Fri, 8 Mar 2024 10:35:29 +0000 (11:35 +0100)]
fixup! Revert: "core: drop Capabilities= setting"
Change-Id: Idd92370d7b2286da137bdb5a432f3b65b3619ede
Łukasz Stelmach [Fri, 8 Mar 2024 10:26:09 +0000 (11:26 +0100)]
fixup! Description : Fixed the security hole.
Change-Id: Icae9c45d8e22497673392b772016b829da83158b
Łukasz Stelmach [Fri, 8 Mar 2024 10:20:44 +0000 (11:20 +0100)]
fixup! Description : Fixed the security hole.
Change-Id: Ie9862458b3b0a69b8bbcdb87e890821e9d61275c
Łukasz Stelmach [Fri, 8 Mar 2024 09:12:02 +0000 (10:12 +0100)]
fixup! watchdog: Support changing watchdog_usec during runtime (#3492)
Change-Id: I7d8e9805d78a5be9d513c72d40c05f40f86f69e2
Łukasz Stelmach [Fri, 8 Mar 2024 07:51:53 +0000 (08:51 +0100)]
fixup! Temporarily disable Smack for POSIX shared memory
Change-Id: Iffbcf2a671856b4d94e1e8397e791e1f8195b199
Łukasz Stelmach [Fri, 8 Mar 2024 07:45:42 +0000 (08:45 +0100)]
fixup! watchdog: Support changing watchdog_usec during runtime (#3492)
Change-Id: Ie696f9e99476c68c888a85240745147f41e7eac1
Łukasz Stelmach [Thu, 7 Mar 2024 22:22:46 +0000 (23:22 +0100)]
Revert: "core: drop Capabilities= setting"
This reverts commit
479050b36302a360048c2af5e79683d14ad56fb3
Change-Id: I24367aea159b1decc732b3fbaf448a40e59f2634
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Lukasz Skalski [Fri, 16 Sep 2016 15:30:35 +0000 (17:30 +0200)]
sd-bus: add support for 'dbus-integration-tests' framework
Change-Id: Ie5da780d4c90d943676c5d1872d32d76af50478b
wchang kim [Thu, 29 Sep 2016 22:17:55 +0000 (07:17 +0900)]
Description : Added the local PATH to a shell script.
Adding the local PATH into 50-systemd-user.sh
Change-Id: Ic466577a5db001d99a41410c950220cb49f3d55e
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 28 Sep 2016 09:05:28 +0000 (18:05 +0900)]
Description : Fixed the security hole.
In case of "systemctl --user enable <path>", a application can insert
the malicious user service.
So systemctl can only enable the service with service name.
Change-Id: I570f45985516ee3636720f36787080590e6f90ef
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Mon, 12 Sep 2016 06:51:15 +0000 (15:51 +0900)]
Description : Added the upgrade script from 2.4 to 3.0
systemd_upgrade.sh is installed to /usr/share/upgrade/scripts.
It changes the smack rule for /var/log/wtmp and /var/lib/systemd.
Change-Id: Iebffca3238bcedd195ec2e91afdf5e46a882ec42
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Kunhoon Baik [Mon, 12 Sep 2016 04:05:57 +0000 (13:05 +0900)]
Disable Polkit
Tizen uses Cynara instead of Polkit.
https://wiki.tizen.org/wiki/Security:Cynara:ComparisonWithOtherSolutions
Change-Id: I519d84e41225e9a4c3343bec74871727e51a54ad
Kunhoon Baik [Thu, 1 Sep 2016 07:01:12 +0000 (16:01 +0900)]
Watchdog : support to change timeout to USEC_INFINITY (disable timeout)
Change-Id: I459471c2d210eb31c22a17e0e45653b3de04233a
Kunhoon Baik [Fri, 26 Aug 2016 04:22:20 +0000 (13:22 +0900)]
watchdog: Support changing watchdog_usec during runtime
(#3492)
Add sd_notify() parameter to change watchdog_usec during runtime.
Application can change watchdog_usec value by
sd_notify like this. Example. sd_notify(0, "WATCHDOG_USEC=
20000000").
To reset watchdog_usec as configured value in service file,
restart service.
Notice.
sd_event is not currently supported. If application uses
sd_event_set_watchdog, or sd_watchdog_enabled, do not use
"WATCHDOG_USEC" option through sd_notify.
Origin: https://github.com/systemd/systemd/commit/
2787d83c2
Note: There are two additional patches for clean backport patch
1)rework unit timeout patch - https://github.com/systemd/systemd/commit/
36c16a7cd
2)rework per-object logging - https://github.com/systemd/systemd/commit/
f2341e0a8
However, we will not apply the patch for minimal backport
Change-Id: Ic1a91dc4e611f3e92fdc734fb1eb70e27244aa37
Kunhoon Baik [Wed, 17 Aug 2016 12:25:55 +0000 (21:25 +0900)]
tizen: Patch for unlimited timeout for User Session
This patch should be used for specific purpose of Tizen
Change-Id: Ida7448da300b0c4cf9a5189c6f8903a2e8729df3
Kunhoon Baik [Wed, 10 Aug 2016 13:02:22 +0000 (22:02 +0900)]
Modification of journald configuration for minimal log saving
There were several requirements for minimal disk log.
Especially, Default Tizen tries to keep the the log size under 10MB
because Tizen provides other logging system DLOG.
Change-Id: I633bf5a15041da8f40f8cde66e488c1b14f25045
Sunmin Lee [Mon, 1 Aug 2016 02:48:45 +0000 (11:48 +0900)]
system-update: restore update generator
Tizen is about to support system update.
It would be implemented through systemd feature,
offline system updates. And to do this, the binary
system-update-generator is essential so the removed
file should be restored.
Change-Id: I00f7d5125d9218c474f74a6003d7ae38bad2373c
Signed-off-by: Sunmin Lee <sunm.lee@samsung.com>
Hyeongsik Min [Tue, 19 Jul 2016 01:41:28 +0000 (10:41 +0900)]
packaging: Disable gcrypt to remove dependency
This patch removes gcrypt dependency to save resource and
will disable FSS(anti log-file tampering feature) as well.
In addition, importd depends on gcrypt. Thus, importd was disabled explictly.
Finally, machined feature was disabled because the feature is not used
and some parts of the feature depends on importd.
Change-Id: I44c7ec43d1861d67a18049cdff2821a849c636d6
Signed-off-by: Hyeongsik Min <hyeongsik.min@samsung.com>
wchang kim [Fri, 22 Jul 2016 07:09:38 +0000 (16:09 +0900)]
Description : Fixed the smack error after applying onlycap.
Set exec-label "System" to systemd-cgroup-agent"
Change-Id: I5bf36f7b7e8b8750bacac407f160b56820ae8625
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
jin-gyu.kim [Wed, 20 Jul 2016 11:28:15 +0000 (20:28 +0900)]
Set SmackProcessLabel as System.
Change-Id: I37c3c1ee8152f82bf45b50f6e81f7986b62547c1
Kunhoon Baik [Thu, 30 Jun 2016 12:22:10 +0000 (21:22 +0900)]
Disable Online KMSG logging
This is Unavoidable Patch for me - This is quick patch for internal issue.
If you have a question for this patch, contact to hyeongsik.min and jinmin
Change-Id: Ie21692ea85ee2e7fbfa0265f9e606b204d27a558
wchang kim [Wed, 29 Jun 2016 23:38:55 +0000 (08:38 +0900)]
Description : Add smack label(*) to loop device for security policy
Add smack label(*) to loop device for security policy
Change-Id: If9271c209b05f73c20c66f7e30a7d18e070c2b4a
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 29 Jun 2016 00:18:37 +0000 (09:18 +0900)]
Description : Set PATH in local script for security policy
Set PATH in local script for security
Change-Id: If1f6163bdd936222e103822ee01d4c9a7e886a72
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Kunhoon Baik [Tue, 7 Jun 2016 13:51:38 +0000 (22:51 +0900)]
For using persistent storage in AUTO mode.
As Tizen default, /opt is mounted seperately, and the /var -> /opt/var
Thus, systemd flush should be done after mounting /opt.
In generic, I think that systemd-journal-flush should be done after local-fs.target
because several devices have own partition policies.
Change-Id: I4acb4bd26365681ea798441c2f154b8ba5422665
Kunhoon Baik [Mon, 23 May 2016 06:50:59 +0000 (15:50 +0900)]
Disable systemd-timedated and systemd-rfkill
Tizen 3.0 does not use systemd-timedated for changing time-zone and related things.
Alarm-manager will manage the functionalities.
Tizen 3.0 does not use systemd-rfkill any more.
Net-config will manage the functionalities.
Change-Id: Icb3011003060c213b2bdcd0de53480acaaeed70b
Kunhoon Baik [Fri, 15 Apr 2016 05:52:57 +0000 (14:52 +0900)]
Disable systemd-backlight
Tizen does not use systemd-backlight. Deviced will control whole
backlight-related operation.
Change-Id: I59b45eeb5dbc3d4ab716bcbf38df120fd1023a5f
Kunhoon Baik [Fri, 15 Apr 2016 01:08:52 +0000 (10:08 +0900)]
Add nosuid and noexec option for mounting /tmp
Refer to : https://bugs.tizen.org/jira/browse/TM-233
Change-Id: Ibc06d23f6743b2c21007cef5e340048a1e0d1429
Kunhoon Baik [Sat, 2 Apr 2016 05:25:38 +0000 (14:25 +0900)]
Disable systemd-coredump
Tizen 3.0 does not use systemd-coredump due to performance issue.
Instead of systemd coredump, Tizen 3.0 uses crash-manager
Change-Id: Ic73aabc9ab874a8b88db501a0d2eef5727bfbacf
projects / platform / upstream / systemd.git / log