INSUN PYO [Wed, 29 Mar 2017 16:25:40 +0000 (01:25 +0900)]
dbus: change session dbus address from /run/user/uid/dbus/user_bus_socket to /usr/user/uid/bus
Sync to upstream.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I40ac5b641e5e7484a19a3fe9d7844c3491e48846
Krzysztof Jackiewicz [Fri, 26 May 2017 08:06:57 +0000 (10:06 +0200)]
rules: watch metadata changes in mmcblk devices
Formatting sd-cards does not trigger "change" uevents. As a result clients
using udev API don't get any updates afterwards and get outdated information
about the device.
Include mmcblk* in a match for watch option assignment.
Origin: https://github.com/systemd/systemd/commit/
e74d0a9a5cdd8562aeaab1994ebd9c4cd07e82c3
Change-Id: Icdac9968d9cca85eb2c5e413433f7f8238182c90
Signed-off-by: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
INSUN PYO [Thu, 25 May 2017 05:50:55 +0000 (14:50 +0900)]
packaging: Disable systemd-tmpfiles-clean.timer
If you change the time in 15 minutes after booting,
some files in /tmp are removed by systemd-tmpfiles-clean.service.
Also, VD and MCD does't want tmpfile cleanup to be run.
I have modified the timer to not run automatically at boot time.
The timer and service are left unerased.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I5ce99c5a37488e5a89af6a49f32150cc7391a5ef
Krzysztof Opasiak [Thu, 18 May 2017 12:04:18 +0000 (14:04 +0200)]
Export sd_bus_message_append_ap. It is renamed to sd_bus_message_appendv to follow systemd naming conventions. (#5753)
Moreover, man page for sd_bus_message_append is updated with reference to new exposed function.
Makefile-man is updated too, to reflect new alias.
Change-Id: I7c02ce686a2699b35afd583fd4646f734adc9c7b
Origin: https://github.com/systemd/systemd/commit/
19fe49f62cc916f1237ea92a04fc80ee75285dde
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
sanghyeok.oh [Tue, 25 Apr 2017 03:22:06 +0000 (12:22 +0900)]
license:change test-runner's license from Apache 2.0 to BSD-2-clause
To avoid license conflict between LGPL-2.1 and Apache-2.0, change it.
Change-Id: I60125a53b19193fb300f516387d08243cfa94698
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
sanghyeok.oh [Fri, 14 Apr 2017 05:50:54 +0000 (14:50 +0900)]
License:add license file for Apache-2.0
Change-Id: I9c6d1128fdc89b099c68c5fc2c7fd46fa193f0bc
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
INSUN PYO [Tue, 11 Apr 2017 07:26:57 +0000 (16:26 +0900)]
tizen: Do not try to read /proc/1/cgroup from unprivileged processes
In Tizen access to /proc/1 is restricted via Smack. However, there are
unprivileged functions that need to work with information from this dir.
This function caches cgroup information in /run, allowing system-wide
access to this information.
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I2a2977400c7917804599cfb6f225dab897dc8b14
INSUN PYO [Tue, 4 Apr 2017 15:29:09 +0000 (00:29 +0900)]
smack: remove duplicated code
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I248de63a01529eb490d5ca1585783f8c0679a640
INSUN PYO [Thu, 30 Mar 2017 06:18:35 +0000 (15:18 +0900)]
License: add license files for systemd-analyze package
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: Iea4a6b72d5c277e1bcf3a4604ec6c5b603d1d973
INSUN PYO [Mon, 27 Mar 2017 13:50:39 +0000 (22:50 +0900)]
License: add license files
Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I39d99a2040f267c29529d331ff5de7591cbf1fa5
Paweł Szewczyk [Mon, 26 Sep 2016 16:45:47 +0000 (18:45 +0200)]
core: Fix USB functionfs activation and clarify its documentation (#4188)
There was no certainty about how the path in service file should look
like for usb functionfs activation. Because of this it was treated
differently in different places, which made this feature unusable.
This patch fixes the path to be the *mount directory* of functionfs, not
ep0 file path and clarifies in the documentation that ListenUSBFunction should be
the location of functionfs mount point, not ep0 file itself.
Change-Id: I320c34c0037f2bd6a6f6cf09a90eba632a54e9e9
Karol Lewandowski [Mon, 20 Mar 2017 16:35:25 +0000 (17:35 +0100)]
packaging: Make documentation package optional
By default documentation is disabled.
Change-Id: I33648ee019945d47d367e5db3abe84afa3400cc0
hk57.kim [Thu, 9 Mar 2017 08:14:32 +0000 (17:14 +0900)]
[4.0] Remove OBS Project Dependency (kdbus/TV)
- When you SR this, you need to create JIRA-TRE issue of:
: add systemd-extension-kdbus for TV/arm-wayland images.
- Without this commit, this package won't be built correctly in Tizen 4.0.
(It's add, not replace.)
Change-Id: Ic616a3b20450d4594857cc268e2dbf25e80dba37
Signed-off-by: hk57.kim <hk57.kim@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: hk57.kim <hk57.kim@samsung.com>
Signed-off-by: insun.pyo <insun.pyo@samsung.com>
Łukasz Stelmach [Mon, 6 Mar 2017 13:36:27 +0000 (14:36 +0100)]
spec: Enable systemd-tests package
This reverts commit
7137c6fe9d362f69d14581ac1bde124b77930f67.
Change-Id: I2679eb43d68d9d74075ed339c7b7f397c43bc340
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Karol Lewandowski [Fri, 2 Dec 2016 12:05:41 +0000 (13:05 +0100)]
Revert "busctl: use Monitoring interface (#3245)"
This reverts commit
17fd746098bb, which reworks busctl monitor to use D-Bus'
new BecomeMonitor call. This broke monitor on kdbus system so revert this
change for now.
Change-Id: I70626c03b375f692a184214a3d5055ec0a96b5c8
Lukasz Skalski [Mon, 21 Nov 2016 10:00:09 +0000 (11:00 +0100)]
systemd-tests: set common output format
Change-Id: Ia52ad37927bca67e36a932982523cfc75e80e640
silas jeon [Wed, 18 Jan 2017 05:42:13 +0000 (14:42 +0900)]
Remove etc tmpfile generation as they are unused
To support read-only root filesystem, there should be nothing modified on /etc.
Also these five files in /etc are handled by other packages as below. So these
are removed.
os-release : tizen-release
localtime : tzdata
mtab : setup
nsswitch.conf : glibc
pam.d : pam
Change-Id: I0dc490ddf6d299d956504405419e6c5d71e52a97
silas jeon [Tue, 17 Jan 2017 10:05:28 +0000 (19:05 +0900)]
Remove mtab generation line from tmpfile
To support read-only root filesystem, there should be nothing modified in root
filesystem. This line was made to make mtab symlink in /etc, so it should be
deleted. Also, it was not used anyway. 'Setup' package is handling the mtabfile
in /etc.
Change-Id: I2ff30ec94ca5833a2b95762cd2d7715bb7f93476
wchang kim [Fri, 6 Jan 2017 00:04:50 +0000 (09:04 +0900)]
tizen : Disable the predictable network interface name
Change-Id: Ic2f2d9b50bb5601d3ec7d5940284f89acab7d3f0
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Fri, 2 Dec 2016 07:52:22 +0000 (16:52 +0900)]
tizen: upgrade script patches
1) tizen : Adding the priority number to the filename of systemd_upgrade.sh
(https://review.tizen.org/gerrit/#/c/101825/)
2) tizen: exclude upgrade script directory
(https://review.tizen.org/gerrit/#/c/104341/)
Change-Id: I708a8505fcd08ed5789e69e716163cf9cd0dd0be
Hyeongsik Min [Wed, 30 Nov 2016 07:33:22 +0000 (16:33 +0900)]
journald: Limit system journal size to 10M
In v219, journald implicitly limits system journal(/var/log/journal) size
to 8MB(twice of the minimum journal file size) with SystemMaxUse=0 setting.
But in v231, journald doesn't stop allocating when max_use is 0.
Change-Id: I6b36320191fcc69d5b45cfec5b27a462d0ab8310
Signed-off-by: Hyeongsik Min <hyeongsik.min@samsung.com>
Rafal Krypa [Wed, 16 Nov 2016 09:47:49 +0000 (10:47 +0100)]
Revert "Add some groups for user session daemons"
Security-manager 1.1.16 has made this obsolete.
There is no longer a need for manually adding privilege-related supplementary
groups to user sessions. They will be added by a dedicated NSS plugin:
libnss-security-manager.
This reverts commit
78a648a0611caccdd87a38f99f65ba296608da69.
Change-Id: Ic421a2ee65550762356784b585d2fba8645fbd5c
wchang kim [Wed, 16 Nov 2016 01:26:37 +0000 (10:26 +0900)]
Description : Fixed to fail to systemd-hostnamed service
tizen platform links /opt/home to /home.
systemd-hostnamed.service has the parameter - ProtectHome=yes.
In this case, it occurs that systemd-hostnamed.service: Failed at step NAMESPACE spawning /usr/lib/systemd/systemd-hostnamed: Too many levels of symbolic links
I can't change the link. So I removed "ProtectHome=yes".
Change-Id: I640c2f6d410eb9aff7ba3d120a2ffb58b9990c95
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Tue, 15 Nov 2016 02:29:15 +0000 (11:29 +0900)]
Description : Adding to send new system signal for user session done.
When user-session is done, systemd will send new system signal for user-session done.
interface=org.freedesktop.systemd1.Manager,member=UserSessionStartupFinished
UserSessionStartupFinished(t user_id)
Change-Id: I2ee9a2f232c22428894217fc2a519ec9c017fb2c
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Thu, 10 Nov 2016 06:11:24 +0000 (15:11 +0900)]
Description : Added the compatiblie pkgconfig to v219 version.
systemd v231 removed the libraries of login, id128, journal and daemon and merged the
libsystemd.
And it removed thier pkgconfig files.
Other packages in tizen still use them.
So we need to add their pkgconfig files.
Change-Id: Ia120a0f2441cf9744ee192300a33d4b0d0cfb872
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Thu, 10 Nov 2016 02:49:47 +0000 (11:49 +0900)]
Description : Changed the spec file for systemd v231
Change-Id: I50cc42956efb6093286b8bacdc3af4789c8b8fa0
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Thu, 10 Nov 2016 02:48:19 +0000 (11:48 +0900)]
Descrciption : Fixed the mistakes of rebase v231.
Change-Id: I9d770908f4e65d286756483b2e6b5909623949d7
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 9 Nov 2016 23:14:15 +0000 (08:14 +0900)]
Description : Changed the spec file for systemd-231
Change-Id: I44eb84919bddf4d251e082b3a379aaae0b1ee9b5
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 9 Nov 2016 22:10:39 +0000 (07:10 +0900)]
Description : Fixing the mistakes of rebase.
Change-Id: I1309509e17ce5a8f80e962344c6fd79c33725ecc
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 9 Nov 2016 08:15:56 +0000 (17:15 +0900)]
Revert: "core: drop Capabilities= setting"
This reverts commit
479050b36302a360048c2af5e79683d14ad56fb3
Change-Id: I24367aea159b1decc732b3fbaf448a40e59f2634
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Mon, 31 Oct 2016 23:08:26 +0000 (08:08 +0900)]
Description : pid1: don't return any error in manager_dispatch_notify_fd()
If manager_dispatch_notify_fd() fails and returns an error then the handling of
service notifications will be disabled entirely leading to a compromised system.
For example pid1 won't be able to receive the WATCHDOG messages anymore and
will kill all services supposed to send such messages.
This patch is related to CVE-2016-7795 and CVE-2016-7796.
Back-ported fbuihuu's committed on 29 Sep, commit
f1e852245a30b60d5e6e0a487d049a04a40772fe
Change-Id: I27b6b78cff23c774f6fbcc59dacefcdcc45e7326
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Lukasz Skalski [Fri, 16 Sep 2016 15:30:35 +0000 (17:30 +0200)]
sd-bus: add support for 'dbus-integration-tests' framework
Change-Id: Ie5da780d4c90d943676c5d1872d32d76af50478b
Karol Lewandowski [Thu, 6 Oct 2016 09:40:08 +0000 (11:40 +0200)]
Fix for Kdbus-disabled Profiles to avoid busname parsing
Change-Id: Id45193adf624d60fc3bfbda09c4f6c357ff90e2a
wchang kim [Thu, 29 Sep 2016 22:17:55 +0000 (07:17 +0900)]
Description : Added the local PATH to a shell script.
Adding the local PATH into 50-systemd-user.sh
Change-Id: Ic466577a5db001d99a41410c950220cb49f3d55e
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 28 Sep 2016 09:05:28 +0000 (18:05 +0900)]
Description : Fixed the security hole.
In case of "systemctl --user enable <path>", a application can insert
the malicious user service.
So systemctl can only enable the service with service name.
Change-Id: I570f45985516ee3636720f36787080590e6f90ef
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Mon, 12 Sep 2016 06:51:15 +0000 (15:51 +0900)]
Description : Added the upgrade script from 2.4 to 3.0
systemd_upgrade.sh is installed to /usr/share/upgrade/scripts.
It changes the smack rule for /var/log/wtmp and /var/lib/systemd.
Change-Id: Iebffca3238bcedd195ec2e91afdf5e46a882ec42
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Kunhoon Baik [Mon, 12 Sep 2016 04:05:57 +0000 (13:05 +0900)]
Disable Polkit
Tizen uses Cynara instead of Polkit.
https://wiki.tizen.org/wiki/Security:Cynara:ComparisonWithOtherSolutions
Change-Id: I519d84e41225e9a4c3343bec74871727e51a54ad
Paweł Szewczyk [Thu, 21 Jul 2016 08:17:43 +0000 (10:17 +0200)]
usb: socket activation fix
There was no certainty about how the path in service file should look
like for usb functionfs activation. Because of this ot was trated
differently in different places, which made this feature unusable.
This patch fixes the path to be the *mount directory* of functionfs, not
ep0 file path.
Change-Id: I387bed097d5246d020f81336027f4878a63d6c48
Signed-off-by: Paweł Szewczyk <p.szewczyk@samsung.com>
Kunhoon Baik [Thu, 1 Sep 2016 07:01:12 +0000 (16:01 +0900)]
Watchdog : support to change timeout to USEC_INFINITY (disable timeout)
Change-Id: I459471c2d210eb31c22a17e0e45653b3de04233a
Kunhoon Baik [Fri, 26 Aug 2016 04:50:36 +0000 (13:50 +0900)]
Bug-fix for functionfs-activation patches
Current Systemd Version (v219) uses old-style log. (no reworked log)
Change-Id: Ief2f19ba85df5cef37a40a80783e6a3899774f51
Kunhoon Baik [Fri, 26 Aug 2016 04:22:20 +0000 (13:22 +0900)]
watchdog: Support changing watchdog_usec during runtime
(#3492)
Add sd_notify() parameter to change watchdog_usec during runtime.
Application can change watchdog_usec value by
sd_notify like this. Example. sd_notify(0, "WATCHDOG_USEC=
20000000").
To reset watchdog_usec as configured value in service file,
restart service.
Notice.
sd_event is not currently supported. If application uses
sd_event_set_watchdog, or sd_watchdog_enabled, do not use
"WATCHDOG_USEC" option through sd_notify.
Origin: https://github.com/systemd/systemd/commit/
2787d83c2
Note: There are two additional patches for clean backport patch
1)rework unit timeout patch - https://github.com/systemd/systemd/commit/
36c16a7cd
2)rework per-object logging - https://github.com/systemd/systemd/commit/
f2341e0a8
However, we will not apply the patch for minimal backport
Change-Id: Ic1a91dc4e611f3e92fdc734fb1eb70e27244aa37
Kunhoon Baik [Fri, 26 Aug 2016 02:08:21 +0000 (11:08 +0900)]
time-util: Rename and fix call of deserialize_timestamp_value()
The deserialize_timestamp_value() is renamed timestamp_deserialize() to be more
consistent with dual_timestamp_deserialize()
And add the NULL check back on realtime and monotonic
Change-Id: I77d047981d87332424b20241a8f0514ba400ecb0
Origin: https://github.com/systemd/systemd/commit/
b895a7353b
Kunhoon Baik [Fri, 26 Aug 2016 01:33:24 +0000 (10:33 +0900)]
time-util: introduce deserialize_timestamp_value()
The time-util.c provides dual_timestamp_deserialize() function to
convert value to usec_t and set it as value of ts->monotonic and
ts->realtime.
There are some places in code which do the same but only for one
clockid_t (realtime or monotonic), when dual_timestamp_deserialize()
sets value of both.
This patch introduces the deserialize_timestamp_value() which converts
a given value to usec_t and write it to a given timestamp.
Change-Id: I29140ec8b39aa2f7168671fd9dbac041044f13e4
Origin: https://github.com/systemd/systemd/commit/
ebf30a086
Kunhoon Baik [Wed, 17 Aug 2016 12:25:55 +0000 (21:25 +0900)]
Patch for unlimited timeout for User Session
This patch should be used for specific purpose of Tizen
Change-Id: Ida7448da300b0c4cf9a5189c6f8903a2e8729df3
Karol Lewandowski [Fri, 12 Aug 2016 09:40:34 +0000 (11:40 +0200)]
kdbus: synchronize kdbus interface header between repositories
Change-Id: I4294bcbe9782748478ad393c7ca349f0f4373f6f
Kunhoon Baik [Wed, 10 Aug 2016 13:02:22 +0000 (22:02 +0900)]
Modification of journald configuration for minimal log saving
There were several requirements for minimal disk log.
Especially, Default Tizen tries to keep the the log size under 10MB
because Tizen provides other logging system DLOG.
Change-Id: I633bf5a15041da8f40f8cde66e488c1b14f25045
Sunmin Lee [Mon, 1 Aug 2016 02:48:45 +0000 (11:48 +0900)]
system-update: restore update generator
Tizen is about to support system update.
It would be implemented through systemd feature,
offline system updates. And to do this, the binary
system-update-generator is essential so the removed
file should be restored.
Change-Id: I00f7d5125d9218c474f74a6003d7ae38bad2373c
Signed-off-by: Sunmin Lee <sunm.lee@samsung.com>
wchang kim [Wed, 27 Jul 2016 08:04:23 +0000 (17:04 +0900)]
Description : Adding cap_dac_override for valgrind profiling in SDK
Adding cap_dac_override for valgrind profiling in SDK.
Requested by AppFW
Change-Id: I908a0d95f9dd0d64156e173c566e95ac1b300fdc
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Hyeongsik Min [Tue, 19 Jul 2016 01:41:28 +0000 (10:41 +0900)]
packaging: Disable gcrypt to remove dependency
This patch removes gcrypt dependency to save resource and
will disable FSS(anti log-file tampering feature) as well.
In addition, importd depends on gcrypt. Thus, importd was disabled explictly.
Finally, machined feature was disabled because the feature is not used
and some parts of the feature depends on importd.
Change-Id: I44c7ec43d1861d67a18049cdff2821a849c636d6
Signed-off-by: Hyeongsik Min <hyeongsik.min@samsung.com>
wchang kim [Fri, 22 Jul 2016 07:09:38 +0000 (16:09 +0900)]
Description : Fixed the smack error after applying onlycap.
Set exec-label "System" to systemd-cgroup-agent"
Change-Id: I5bf36f7b7e8b8750bacac407f160b56820ae8625
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
jin-gyu.kim [Wed, 20 Jul 2016 11:28:15 +0000 (20:28 +0900)]
Set SmackProcessLabel as System.
Change-Id: I37c3c1ee8152f82bf45b50f6e81f7986b62547c1
wchang kim [Mon, 18 Jul 2016 00:23:18 +0000 (09:23 +0900)]
Description : Add cap_sys_admin to user@.service for lauchpad capability.
Refs apps uses the fixed path of tizen 2.4 structure.
So launchpad will mount it as bind.
It needs the capability of cap_sys_admin.
Requested by App framework.
Change-Id: Iee18f24197a86127d6e593d798c120278256f6b2
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Sun, 17 Jul 2016 22:11:13 +0000 (07:11 +0900)]
Description : Change smack label for security.
Requested by Security Lab.
Change-Id: Iaaa7a4e5f190adb72e6ff69f061ced63d6854cbc
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Mon, 4 Jul 2016 11:42:24 +0000 (20:42 +0900)]
Description : adding force option to reboot command.
This patch is from tizen-2.4.
Change-Id: I21f2767dd81279878bacd44bd44a36f06406ea65
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Kunhoon Baik [Thu, 30 Jun 2016 12:22:10 +0000 (21:22 +0900)]
Disable Online KMSG logging
This is Unavoidable Patch for me - This is quick patch for internal issue.
If you have a question for this patch, contact to hyeongsik.min and jinmin
Change-Id: Ie21692ea85ee2e7fbfa0265f9e606b204d27a558
wchang kim [Wed, 29 Jun 2016 23:38:55 +0000 (08:38 +0900)]
Description : Add smack label(*) to loop device for security policy
Add smack label(*) to loop device for security policy
Change-Id: If9271c209b05f73c20c66f7e30a7d18e070c2b4a
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 29 Jun 2016 00:18:37 +0000 (09:18 +0900)]
Description : Set PATH in local script for security policy
Set PATH in local script for security
Change-Id: If1f6163bdd936222e103822ee01d4c9a7e886a72
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Fri, 24 Jun 2016 09:45:58 +0000 (18:45 +0900)]
Description : Adding to enable/disable the multiuser feature.
The feature of multiuser can be disabled by changing with_multiuser value in the spec file.
When multiuser is disabled,
- Disabling logind feature.
- Making /run/systemd/users/5001
- Mounting /run/user/5001
- Do not fork sd-pam
- Running user@5001.service directly
Change-Id: Iec82c2e74a72c159d602c2fe4efff4d4c8ddf810
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
wchang kim [Wed, 22 Jun 2016 05:49:59 +0000 (14:49 +0900)]
Description : set mount options for security policy
For /tmp, /run/user/%U, /dev/shm directoreis, set noexec,nosuid,nodev as
mount option.
Change-Id: I07d918d9cb81642fc0d0b9c3f9a64db4c571ef58
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
Kunhoon Baik [Tue, 7 Jun 2016 13:51:38 +0000 (22:51 +0900)]
For using persistent storage in AUTO mode.
As Tizen default, /opt is mounted seperately, and the /var -> /opt/var
Thus, systemd flush should be done after mounting /opt.
In generic, I think that systemd-journal-flush should be done after local-fs.target
because several devices have own partition policies.
Change-Id: I4acb4bd26365681ea798441c2f154b8ba5422665
Kunhoon Baik [Mon, 23 May 2016 06:50:59 +0000 (15:50 +0900)]
Disable systemd-timedated and systemd-rfkill
Tizen 3.0 does not use systemd-timedated for changing time-zone and related things.
Alarm-manager will manage the functionalities.
Tizen 3.0 does not use systemd-rfkill any more.
Net-config will manage the functionalities.
Change-Id: Icb3011003060c213b2bdcd0de53480acaaeed70b
Kidong Kim [Fri, 13 May 2016 11:52:48 +0000 (20:52 +0900)]
Add some groups for user session daemons
Because user session daemons have same uid/gid with applications,
include them in specific gids for checking privilege.
The security-manager will drop these groups from applications.
Change-Id: I1ed91e75cb605a4c6bffa604fe992ec995ff2845
Karol Lewandowski [Fri, 29 Apr 2016 13:54:58 +0000 (15:54 +0200)]
tizen: kdbus: install user session dbus1 (kdbus) generator properly
This commit fixes commit
30dfab97 ("build: remove --relative in 'ln'")
which resulted in stale symlink being installed.
$ stat /usr/lib/systemd/user-generators/systemd-dbus1-generator
File: `/usr/lib/systemd/user-generators/systemd-dbus1-generator' -> `.//usr/lib/systemd/system-generators/systemd-dbus1-generator'
Change-Id: I91266b015436d8208b62360d500c93a684e696be
Kunhoon Baik [Fri, 15 Apr 2016 05:52:57 +0000 (14:52 +0900)]
Disable systemd-backlight
Tizen does not use systemd-backlight. Deviced will control whole
backlight-related operation.
Change-Id: I59b45eeb5dbc3d4ab716bcbf38df120fd1023a5f
Kunhoon Baik [Fri, 15 Apr 2016 01:08:52 +0000 (10:08 +0900)]
Add nosuid and noexec option for mounting /tmp
Refer to : https://bugs.tizen.org/jira/browse/TM-233
Change-Id: Ibc06d23f6743b2c21007cef5e340048a1e0d1429
Kunhoon Baik [Sat, 2 Apr 2016 05:25:38 +0000 (14:25 +0900)]
Disable systemd-coredump
Tizen 3.0 does not use systemd-coredump due to performance issue.
Instead of systemd coredump, Tizen 3.0 uses crash-manager
Change-Id: Ic73aabc9ab874a8b88db501a0d2eef5727bfbacf
Kunhoon Baik [Sat, 2 Apr 2016 03:06:59 +0000 (12:06 +0900)]
Remove bash-completion (and zsh-completion) of systemd
[Note] Bash shell of current Tizen does not support several completion command due to license issue.
Thus, most bash-completion script of systemd does not work.
In addtion, default Tizen wdoes not support zsh.
Change-Id: I18d6a05866ff375e08402b9b4f832592c11531d0
Pawel Szewczyk [Fri, 4 Sep 2015 10:23:51 +0000 (12:23 +0200)]
core: Add USBFunctionDescriptors, USBFunctionStrings service parameters
By using these parameters the functionfs service can specify ffs
descriptors and strings to be written to ep0.
origin: https://github.com/systemd/systemd/commit/
6b7e592310
Change-Id: I8b16a2f7d5572cd7ef1745ec5ba297e2b1553c26
Signed-off-by: Georgia Brikis <g.brikis@samsung.com>
Pawel Szewczyk [Mon, 21 Sep 2015 13:43:47 +0000 (15:43 +0200)]
core: Add socket type for usb functionfs endpoints
For handling functionfs endpoints additional socket type is added.
origin: https://github.com/systemd/systemd/commit/
602524469e
Change-Id: I6906db41734b0b8352b363528f788ac2859b5103
Signed-off-by: Georgia Brikis <g.brikis@samsung.com>
Kunhoon Baik [Sat, 26 Mar 2016 07:31:34 +0000 (16:31 +0900)]
Run the serial-getty (Open the serial console) eariler for debugging convenience.
Change-Id: I239977c2872ed219bf2591a80c1153eeba4cdc89
boseong choi [Fri, 18 Mar 2016 09:05:49 +0000 (18:05 +0900)]
spec: change LGPL license version 2.0+ to 2.1+
change LGPL license version.
2.0+ -> 2.1+
Change-Id: I56238c288bde2d21a13c390880270cee36bf1d37
Signed-off-by: boseong choi <boseong.choi@samsung.com>
Sangjung Woo [Fri, 11 Mar 2016 04:32:10 +0000 (13:32 +0900)]
spec: Remove unnecessary default.target for IVI profile
This removes unnecessary default.target file for IVI profile.
Change-Id: Ib354a9028ab020f504e7c35cb5f9bb16ea112766
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Min Kang [Thu, 18 Feb 2016 08:31:25 +0000 (17:31 +0900)]
fix some user session targets wrong symlink
Some user session target files, which is under USER_UNIT_ALIASES,
refers wrong relative path when install-aliases-hook
Therefore fix install-relative-aliases
Change-Id: I5f0c8d973c4ff85599fef586a439b40985403387
Signed-off-by: Min Kang <min1023.kang@samsung.com>
Łukasz Stelmach [Mon, 30 Nov 2015 10:07:56 +0000 (11:07 +0100)]
spec: exclude unused generators to speed up boot
Change-Id: I9dcde28a22d7301c68280c1f72ecb1c5641296d1
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Min Kang [Wed, 13 Jan 2016 10:31:02 +0000 (19:31 +0900)]
spec: remove circular dependency on OBS
remove dbus-1 BuildRequires and dbus Requires
Change-Id: Ic2f4b419c15c5759743fbe3a5df60d4558c5bb53
Signed-off-by: Min Kang <min1023.kang@samsung.com>
Min Kang [Wed, 6 Jan 2016 00:15:16 +0000 (09:15 +0900)]
packaging: remove hwdata package in BuildRequires
hwdata package is unused, so remove BuildRequires and Requires
Change-Id: I705d002269d273985584e4d6b009ab3401a0b626
Signed-off-by: Min Kang <min1023.kang@samsung.com>
Min Kang [Tue, 5 Jan 2016 08:20:17 +0000 (17:20 +0900)]
build: remove --relative in 'ln'
removing --relative option in Makefile.am and configure.ac
for coreutils
TIZEN SPECIFIC
Change-Id: If623dd6175507d62f0b34349aacecb8244882e4f
Signed-off-by: Min Kang <min1023.kang@samsung.com>
Min Kang [Fri, 11 Dec 2015 00:39:51 +0000 (09:39 +0900)]
spec: change default.target file
change default.target file to graphical.target symbolic link
execpt for ivi
Change-Id: Icba283120b59ffae3804ecbf6417dc34792421a3
Signed-off-by: Min Kang <min1023.kang@samsung.com>
Sangjung Woo [Tue, 27 Oct 2015 08:37:54 +0000 (17:37 +0900)]
spec: Remove unnecessary BuildRequires
In order to resolve the cycle build dependency, this removes unnecessary
BuildRequires in spec file.
Change-Id: I60e5bd573986be3febcf417109f79d13f607a732
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Karol Lewandowski [Wed, 21 Oct 2015 16:24:14 +0000 (18:24 +0200)]
cg_get_root_path: Return default root path if it's not accessible due to insufficient permission
This commit provides default value ("/") for root path in case where
/proc/1/cgroup is not readable due to insufficient permission (eg. in
MAC system).
Inability to read root cgroup path leads to failure in determining
instance type being used (system, user), eg.
user@localhost:~$ /usr/lib/systemd/user-generators/systemd-dbus1-generator
[13087.175648] audit: type=1400 audit(
946701489.290:1463): lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System" requested=r pid=14081 comm="systemd-dbus1-g" name="cgroup" dev="proc" ino=11149
Failed to determine whether we are running as user or system instance: Permission denied
strace: open("/proc/1/cgroup", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 EACCES (Permission denied)
Change-Id: I60a17ad05b8b49cd1fb1c8aa3ad8f46d34231df3
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Sangjung Woo [Wed, 14 Oct 2015 06:38:25 +0000 (15:38 +0900)]
units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled
If SMACK is enabled, 'smackfsroot=*' option should be specified in
tmp.mount file since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.
origin: https://github.com/systemd/systemd/commit/
409c2a13fd65692c6
Change-Id: I11df1ad555f376eaf0588d35e91789c9e2b07f8d
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Sangjung Woo [Tue, 8 Sep 2015 05:08:51 +0000 (14:08 +0900)]
spec: disable systemd-randomseed
When systemd-randomseed is enabled, random seed is generated in post
script. However, the smack functionality of Tizen build system is not
enabled so /var/lib/systemd directory is labeled as "_". Because of this
reason, some daemons or tools such as loginctl which is labeled as
"System" eventually failed to create some files in /var/lib/systemd.
This patch resolves this issue by disabling systemd-randomseed since
this functionality is not necessary for Tizen.
Change-Id: Idd95dc97b84de400fbd7a6890bd6d78f8557c2fc
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Sangjung Woo [Mon, 7 Sep 2015 05:17:47 +0000 (14:17 +0900)]
spec: fix systemd-tmpfiles-setup.service failure
systemd-tmpfiles-setup.service is failed since
/usr/share/factory/etc/nsswitch.conf is not installed. This patch fixes
that bug by adding /usr/share/factory/etc/nsswitch.conf into systemd
package. If /etc/nsswitch.conf already exists,
/usr/share/factory/etc/nsswitch.conf file is not installed in /etc
directory since etc.conf uses 'C' as the type of tmpfiles.d
configuration so this patch does not make any error in network
operation.
Change-Id: I1c4ea8dcdaae002d5cfc3db4be53470c8d2169ca
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Rafal Krypa [Wed, 2 Sep 2015 13:27:50 +0000 (15:27 +0200)]
Temporarily disable Smack for POSIX shared memory
Mount /dev/shm directory, used by glibc for implementation of POSIX shared
memory segments, will now be mounted with System::Run label, transmutable.
This effectively disables any access control by Smack on POSIX SHMs.
Programs running with the same UID and GIDs, but different Smack labels
(i.e. applications, user services) will be able to spy on each others SHM.
This is a temporary workaround for problems with audio architecture not
compliant with Tizen 3.0 security architecture. Applications using pulse
audio try to exchange SHM segments.
This patch is to be reverted in the near future. It is needed for now to
have a working release.
Change-Id: I82fa7b33ad415a5b57d6e2c3e8c6ea642c659ab7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Sangjung Woo [Wed, 26 Aug 2015 01:32:29 +0000 (10:32 +0900)]
core: fix the CGROUP spawning error as a workaround
When logging in and out continually, the below error occurs.
* systemd: Failed at step CGROUP spawning /usr/lib/systemd/systemd: No
such file or directory
This is mainly because the cgroup path of systemd user session does not
exists even though that cgroup is marked as 'realized'. That is
definitely bug and it is already reported into systemd mainline last
January. But there is no _right_ solution right now and it looks like a
picky problem to resolve. So I made this patch as a workaround for Tizen
TDC demonstration.
Change-Id: Ie2e164a4e4daeb88fc102e5fa88e0faca28088b0
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Sangjung Woo [Tue, 18 Aug 2015 07:02:59 +0000 (16:02 +0900)]
smack: set up the smack label '*' to symlinks in cgroupfs
systemd creates the symbolic link to both of cpu and cpuacct in
cgroupfs. However, systemd has its smack label such as system, those
link files also have systemd's smack label as below. This patch is a
workarnoud for that bug.
lrwxrwxrwx. 1 root root System 11 Dec 31 16:00 cpu -> cpu,cpuacct
dr-xr-xr-x. 4 root root * 0 Dec 31 16:01 cpu,cpuacct
lrwxrwxrwx. 1 root root System 11 Dec 31 16:00 cpuacct -> cpu,cpuacct
Change-Id: I3db172077cfdf405bf7f99d2ced5fb131ecc0151
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Sangjung Woo [Tue, 28 Jul 2015 08:36:37 +0000 (17:36 +0900)]
spec: exclude /usr/share/factory/etc/nsswitch.conf
Since vendor specific nsswitch.conf is not used in Tizen
platform, '/usr/share/factory/etc/nsswitch.conf' is removed and
/etc/nsswitch.conf will be used.
Change-Id: Id2f0665629e4fbf89735e6396fadada5ebb5a396
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Sangjung Woo [Wed, 8 Jul 2015 01:36:54 +0000 (10:36 +0900)]
smack: add write_netlabel_rule() to support
In order to support the smack networking, write_netlabel_rule()
is added instead of previous write_rules() function since that
is removed by previous mainline commit
6656aefb.
Change-Id: Ic704bc524f067f85c9dde5d8db8b54d1c80ef1ee
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
WaLyong Cho [Wed, 10 Jun 2015 02:33:00 +0000 (11:33 +0900)]
smack: support smack access change-rule
Smack is also able to have modification rules of existing rules. In
this case, the rule has additional argument to modify previous
rule. /sys/fs/smackfs/load2 node can only take three arguments:
subject object access. So if modification rules are written to
/sys/fs/smackfs/load2, EINVAL error is happen. Those modification
rules have to be written to /sys/fs/smackfs/change-rule.
To distinguish access with operation of cipso2, split write_rules()
for each operation. And, in write access rules, parse the rule and if
the rule has four argument then write into
/sys/fs/smackfs/change-rule.
https://lwn.net/Articles/532340/
fwrite() or fputs() are fancy functions to write byte stream such like
regular file. But special files on linux such like proc, sysfs are not
stream of bytes. Those special files on linux have to be written with
specific size.
By this reason, in some of many case, fputs() was failed to write
buffer to smack load2 node.
The write operation for the smack nodes should be performed with
write().
Origin: https://github.com/systemd/systemd/commit/
6656aefb
Change-Id: Ied3eb195b86514525cb1c6904a7a7b66d1bccb52
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
Maciej Wereski [Thu, 28 May 2015 16:46:26 +0000 (18:46 +0200)]
tizen-smack: label sound devices with *
Change-Id: Ia41c0f7d8d4d98e34b4260cd9a8a55d99c5a33a7
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Michael I Doherty [Tue, 23 Jul 2013 13:12:50 +0000 (14:12 +0100)]
tizen: Tune of swap
Allow swap to be activated concurrently with sysinit target
Change-Id: I56aef31809e50ae6c4b10174c0f3b144f72b9746
Łukasz Stelmach [Wed, 29 Oct 2014 11:25:32 +0000 (12:25 +0100)]
tizen: Add pam_systemd.so to systemd-user
+ Add pam_systemd.so to /etc/pam.d/systemd-user
Change-Id: I87e9b5514f2cc77c37bc40aac4f15a4c741ee4e4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Casey Schaufler [Fri, 20 Dec 2013 00:49:28 +0000 (16:49 -0800)]
tizen-smack: Runs systemd-journald with ^
Run systemd-journald with the hat ("^") Smack label.
The journal daemon needs global read access to gather information
about the services spawned by systemd. The hat label is intended
for this purpose. The journal daemon is the only part of the
System domain that needs read access to the User domain. Giving
the journal daemon the hat label means that we can remove the
System domain's read access to the User domain.
Change-Id: Ic22633f0c9d99c04f873be8a346786ea577d0370
Signed-off-by: Casey Schaufler <casey.schaufler@intel.com>
Patrick McCarty [Tue, 10 Dec 2013 01:09:27 +0000 (17:09 -0800)]
tizen-smack: Tuning user@.service.m4.in
- set SmackProcessLabel
- set DBUS_SESSION_BUS_ADDRESS
- set capabilities
Note: This patch should remain downstream, since it relies on the
Tizen-specific three-domain model.
On Tizen, all user@.service.m4.in instances should run with the User label, so
use the new SmackProcessLabel key to set it at runtime.
This was at first set by user-session@.service.m4.in, then by many services
(bt-fwrk) and scripts (weston.sh). This patch makes it again available
for whole user environment.
Include CAP_MAC_ADMIN and CAP_SETGID in inheritable capability set for the
whole user session. All programs started in the session will have this
enabled, unless they drop it explicitly or someone does that in proper
systemd services.
This change alone doesn't give any special capabilities to the processes.
It merely enables them to inherit capability while executing programs that
have those caps in inheritable and permitted sets (+ei).
The above change is meant as a part of solution for setting Smack label and
process groups for applications. Respective application launchers (for now
only Crosswalk) will get file capabilities mentioned above. In run-time
they will call a designated function for setting Smack label and groups and
drop the capabilities.
It seems that also CAP_MAC_OVERRIDE will be needed to bypass Smack checks
during modification of socket labels:
kernel: type=1400 audit(
1416390778.371:3): lsm=SMACK fn=smack_inode_setxattr
action=denied subject="User" object="_" requested=w pid=2422
comm="amd_session_age" name="UNIX" dev="sockfs" ino=14108
CAP_MAC_ADMIN only allows policy administration, it doesn't override the
checks.
Change-Id: Ie4026dfaf4c6cd463c11f077ca97e75c5085e4c8
Michael Demeter [Fri, 11 Oct 2013 22:37:57 +0000 (15:37 -0700)]
tizen-smack: Handling of /dev
Smack enabled systems need /dev special devices correctly labeled
- Add AC_DEFINE for HAVE_SMACK to configure.ac
- Add Check for smack in Makefile.am to include smack default rules
- Add smack default rules to label /dev/xxx correctly for access
Change-Id: Iebe2e349cbedb3013abdf32edb55e9310f1d17f5
Michael Demeter [Fri, 11 Oct 2013 22:37:57 +0000 (15:37 -0700)]
tizen-smack: Handling of /run and /sys/fs/cgroup
Make /run a transmuting directory to enable systemd
communications with services in the User domain.
Change-Id: I9e23b78d17a108d8e56ad85a9e839b6ccbe4feff
Anas Nashif [Sun, 9 Dec 2012 17:51:23 +0000 (09:51 -0800)]
tizen-rpm: 2 useful macro for RPM
- Add %install_service macro
- Define %_unitdir_user macro for user session units
Change-Id: Idc7f5c392c96981d95420b0d747eaf28964b2d02
José Bollo [Wed, 18 Mar 2015 13:28:28 +0000 (14:28 +0100)]
packaging: Bump to 219
Change-Id: I65a5d9a0a61b0d63d7563d86e0bcfe40d8bb2621
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
caoxinintel [Tue, 25 Nov 2014 06:08:59 +0000 (14:08 +0800)]
packaging: Make Tizen start faster
The removed services are not useful in Tizen. However, it still wastes time
as systemd tries to load, queue and start them. And disabling these
services will save some time during Tizen boot-up.
Jussi Laako [Wed, 5 Nov 2014 16:02:38 +0000 (18:02 +0200)]
packaging: Add default.target just like user has
Remove graphical.target as default boot target
and replace it with a real default.target that
will Require either multi-user.target or some
other previously final target. This allows proper
use of default.target.wants.
Change-Id: Ic0a3083dff6b3d398d3fccffcedcba2e30809f87
Signed-off-by: Jussi Laako <jussi.laako@linux.intel.com>
projects / platform / upstream / systemd.git / log