[systemd-commits] 9 commits - configure.ac Makefile.am man/systemd.exec.xml man/systemd.service.xml man/systemd.special.xml.in man/systemd.unit.xml src/dbus-execute.c src/dbus-execute.h src/execute.c src/load-fragment.c src/manager.c src/manager.h src/service.c src/special.h src/unit.c src/util.c TODO units/dbus.target units/graphical.target.m4 units/multi-user.target.m4 units/poweroff.target units/reboot.target units/rescue.service.m4 units/rescue.target units/suse units/syslog.target.in
Lennart Poettering
lennart at kemper.freedesktop.org
Thu Mar 17 20:55:25 PDT 2011
Makefile.am | 12 ++++-----
TODO | 17 ++++++++-----
configure.ac | 39 ------------------------------
man/systemd.exec.xml | 57 +++++++++++++++++++++++++++++++--------------
man/systemd.service.xml | 2 -
man/systemd.special.xml.in | 54 ------------------------------------------
man/systemd.unit.xml | 50 ++++++++++++++++++++++++++-------------
src/dbus-execute.c | 18 ++++++++++++++
src/dbus-execute.h | 3 +-
src/execute.c | 15 +++++++++--
src/load-fragment.c | 21 +++++++++++++++-
src/manager.c | 47 +++++++++++++++++++++++++++++++++++++
src/manager.h | 2 +
src/service.c | 2 -
src/special.h | 48 +++++++++++++++++++++----------------
src/unit.c | 14 +----------
src/util.c | 2 -
units/dbus.target | 11 --------
units/graphical.target.m4 | 14 -----------
units/multi-user.target.m4 | 20 ---------------
units/poweroff.target | 1
units/reboot.target | 1
units/rescue.service.m4 | 3 --
units/rescue.target | 1
units/suse/Makefile | 1
units/syslog.target.in | 6 ----
26 files changed, 224 insertions(+), 237 deletions(-)
New commits:
commit 28cf382a0afd10d0e2a71d152f0df4909e90d159
Author: Lennart Poettering <lennart at poettering.net>
Date: Fri Mar 18 04:49:53 2011 +0100
man: document pidns containers
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index ff199e4..d447c3a 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -618,6 +618,7 @@
<varname>microsoft</varname>,
<varname>oracle</varname>,
<varname>xen</varname>,
+ <varname>pidns</varname>,
<varname>openvz</varname> to test
against a specific implementation. The
test may be negated by prepending an
diff --git a/src/util.c b/src/util.c
index c9c8892..1febd07 100644
--- a/src/util.c
+++ b/src/util.c
@@ -3991,7 +3991,7 @@ int detect_container(const char **id) {
fclose(f);
if (id)
- *id = "ns";
+ *id = "pidns";
return 1;
}
commit e2130f189a543c859b569985d8670132df40673e
Author: Lennart Poettering <lennart at poettering.net>
Date: Fri Mar 18 04:49:38 2011 +0100
units: deemphesize Names= settings, and explain why nobody whould use them
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 2ae986a..ff199e4 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -219,21 +219,6 @@
dependent on the type of unit:</para>
<variablelist>
- <varlistentry>
- <term><varname>Names=</varname></term>
-
- <listitem><para>Additional names for
- this unit. The names listed here must
- have the same suffix (i.e. type) as
- the unit file name. This option may be
- specified more than once, in which
- case all listed names are used. Note
- that this option is different from the
- <varname>Alias=</varname> option from
- the [Install] section mentioned
- below. See below for details.</para>
- </listitem>
- </varlistentry>
<varlistentry>
<term><varname>Description=</varname></term>
@@ -660,6 +645,35 @@
pipe symbol must be passed first, the
exclamation second.</para></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>Names=</varname></term>
+
+ <listitem><para>Additional names for
+ this unit. The names listed here must
+ have the same suffix (i.e. type) as
+ the unit file name. This option may be
+ specified more than once, in which
+ case all listed names are used. Note
+ that this option is different from the
+ <varname>Alias=</varname> option from
+ the [Install] section mentioned
+ below. See below for details. Note
+ that in almost all cases this option
+ is not what you want. A symlink alias
+ in the file system is generally
+ preferable since it can be used as
+ lookup key. If a unit with a symlinked
+ alias name is not loaded and needs to
+ be it is easily found via the
+ symlink. However, if a unit with an
+ alias name configured with this
+ setting is not loaded it will not be
+ discovered. This settings' only use is
+ in conjunction with service
+ instances.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
<para>Unit file may include a [Install] section, which
commit b1c66c44ef9e312805295395d728e47cdd08335c
Author: Lennart Poettering <lennart at poettering.net>
Date: Fri Mar 18 04:41:47 2011 +0100
units: on mandriva/fedora create single.service alias via symlink, not Names=
diff --git a/Makefile.am b/Makefile.am
index 93225aa..3120e78 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1411,8 +1411,9 @@ if TARGET_FEDORA
rm -f halt-local.service && \
$(LN_S) $(systemunitdir)/halt-local.service halt-local.service )
( cd $(DESTDIR)$(systemunitdir) && \
- rm -f display-manager.service && \
- $(LN_S) prefdm.service display-manager.service )
+ rm -f display-manager.service single.service && \
+ $(LN_S) prefdm.service display-manager.service && \
+ $(LN_S) rescue.service single.service )
( cd $(DESTDIR)$(systemunitdir)/graphical.target.wants && \
rm -f display-manager.service && \
$(LN_S) $(systemunitdir)/display-manager.service display-manager.service )
@@ -1427,8 +1428,9 @@ if TARGET_MANDRIVA
rm -f halt-local.service && \
$(LN_S) $(systemunitdir)/halt-local.service halt-local.service )
( cd $(DESTDIR)$(systemunitdir) && \
- rm -f display-manager.service && \
- $(LN_S) prefdm.service display-manager.service )
+ rm -f display-manager.service single.service && \
+ $(LN_S) prefdm.service display-manager.service && \
+ $(LN_S) rescue.service single.service )
( cd $(DESTDIR)$(systemunitdir)/graphical.target.wants && \
rm -f display-manager.service && \
$(LN_S) $(systemunitdir)/display-manager.service display-manager.service )
diff --git a/units/rescue.service.m4 b/units/rescue.service.m4
index 8b42e9f..969ac47 100644
--- a/units/rescue.service.m4
+++ b/units/rescue.service.m4
@@ -13,9 +13,6 @@ DefaultDependencies=no
Conflicts=shutdown.target
After=basic.target
Before=shutdown.target
-m4_ifdef(`TARGET_MANDRIVA',
-`# Hide SysV script
-Names=single.service')
[Service]
Environment=HOME=/root
commit 97df13c0ac43addbf2317e438d80aa78e90c3f92
Author: Lennart Poettering <lennart at poettering.net>
Date: Fri Mar 18 04:37:31 2011 +0100
units: get rid of runlevel Names=, the symlinks in /lib/systemd/system are much more useful
diff --git a/units/graphical.target.m4 b/units/graphical.target.m4
index 1931d7f..f2e3034 100644
--- a/units/graphical.target.m4
+++ b/units/graphical.target.m4
@@ -12,20 +12,6 @@ Description=Graphical Interface
Requires=multi-user.target
After=multi-user.target
Conflicts=rescue.target
-m4_dnl
-m4_ifdef(`TARGET_FEDORA',
-# On Fedora Runlevel 5 is graphical login
-Names=runlevel5.target
-)m4_dnl
-m4_ifdef(`TARGET_SUSE',
-Names=runlevel5.target
-)m4_dnl
-m4_ifdef(`TARGET_ALTLINUX',
-Names=runlevel5.target
-)m4_dnl
-m4_ifdef(`TARGET_MANDRIVA',
-Names=runlevel5.target
-)m4_dnl
AllowIsolate=yes
[Install]
diff --git a/units/multi-user.target.m4 b/units/multi-user.target.m4
index 51e7b66..66f1a95 100644
--- a/units/multi-user.target.m4
+++ b/units/multi-user.target.m4
@@ -12,26 +12,6 @@ Description=Multi-User
Requires=basic.target
Conflicts=rescue.service rescue.target
After=basic.target rescue.service rescue.target
-m4_dnl
-m4_ifdef(`TARGET_FEDORA',
-m4_dnl On Fedora Runlevel 3 is multi-user
-Names=runlevel3.target
-)m4_dnl
-m4_ifdef(`TARGET_SUSE',
-Names=runlevel3.target
-)m4_dnl
-m4_ifdef(`TARGET_ALTLINUX',
-Names=runlevel3.target
-)m4_dnl
-m4_ifdef(`TARGET_DEBIAN',
-m4_ifdef(`TARGET_UBUNTU',
-m4_dnl On Debian/Ubuntu Runlevel 2, 3, 4 and 5 are multi-user
-Names=runlevel2.target runlevel3.target runlevel4.target runlevel5.target
-)m4_dnl
-)m4_dnl
-m4_ifdef(`TARGET_MANDRIVA',
-Names=runlevel3.target
-)m4_dnl
AllowIsolate=yes
[Install]
diff --git a/units/poweroff.target b/units/poweroff.target
index 975b088..d2ccf4b 100644
--- a/units/poweroff.target
+++ b/units/poweroff.target
@@ -10,7 +10,6 @@
[Unit]
Description=Power-Off
DefaultDependencies=no
-Names=runlevel0.target
Requires=poweroff.service
After=poweroff.service
AllowIsolate=yes
diff --git a/units/reboot.target b/units/reboot.target
index 2cd46a0..41e133c 100644
--- a/units/reboot.target
+++ b/units/reboot.target
@@ -10,7 +10,6 @@
[Unit]
Description=Reboot
DefaultDependencies=no
-Names=runlevel6.target
Requires=reboot.service
After=reboot.service
AllowIsolate=yes
diff --git a/units/rescue.target b/units/rescue.target
index ff3aef0..5bf3f8e 100644
--- a/units/rescue.target
+++ b/units/rescue.target
@@ -11,7 +11,6 @@
Description=Rescue Mode
Requires=basic.target rescue.service
After=basic.target rescue.service
-Names=runlevel1.target
AllowIsolate=yes
[Install]
commit 997a624029822ebdabf834605831bf87ce0b3085
Author: Lennart Poettering <lennart at poettering.net>
Date: Fri Mar 18 04:32:58 2011 +0100
units: get rid of empty units/suse/ subdir
diff --git a/units/suse/Makefile b/units/suse/Makefile
deleted file mode 120000
index 50be211..0000000
--- a/units/suse/Makefile
+++ /dev/null
@@ -1 +0,0 @@
-../../src/Makefile
\ No newline at end of file
commit f1dd0c3f9b4a257e81ff9c6a08070c702a0db45a
Author: Lennart Poettering <lennart at poettering.net>
Date: Fri Mar 18 04:31:22 2011 +0100
syslog: rework syslog detection so that we need no compile-time option what the name of the syslog implementation is
diff --git a/Makefile.am b/Makefile.am
index a94d2a7..93225aa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1102,7 +1102,6 @@ SED_PROCESS = \
$(SED) -e 's, at rootlibexecdir\@,$(rootlibexecdir),g' \
-e 's, at rootbindir\@,$(rootbindir),g' \
-e 's, at bindir\@,$(bindir),g' \
- -e 's, at SPECIAL_SYSLOG_SERVICE\@,$(SPECIAL_SYSLOG_SERVICE),g' \
-e 's, at SYSTEMCTL\@,$(rootbindir)/systemctl,g' \
-e 's, at SYSTEMD_NOTIFY\@,$(rootbindir)/systemd-notify,g' \
-e 's, at pkgsysconfdir\@,$(pkgsysconfdir),g' \
diff --git a/TODO b/TODO
index 620cdff..4191e55 100644
--- a/TODO
+++ b/TODO
@@ -29,6 +29,8 @@ F15:
* pull in .service from meta .targers AND vice versa too. i.e. syslog.target â†â†’ rsyslog.service, rpcbind similarly
+* document default dependencies
+
Features:
* hide passwords on TAB
diff --git a/configure.ac b/configure.ac
index 8a28c8e..e6daf03 100644
--- a/configure.ac
+++ b/configure.ac
@@ -297,30 +297,15 @@ fi
with_distro=`echo ${with_distro} | tr '[[:upper:]]' '[[:lower:]]' `
AC_DEFINE_UNQUOTED(DISTRIBUTION, ["${with_distro}"], [Target Distribution])
-# Default generic names
-SPECIAL_SYSLOG_SERVICE=syslog.service
-
# Location of the init scripts as mandated by LSB
SYSTEM_SYSVINIT_PATH=/etc/init.d
+SYSTEM_SYSVRCND_PATH=/etc/rc.d
M4_DISTRO_FLAG=
case $with_distro in
fedora)
SYSTEM_SYSVINIT_PATH=/etc/rc.d/init.d
- SYSTEM_SYSVRCND_PATH=/etc/rc.d
-
- # A little background why we define this special unit
- # names here in configure.ac: SysV services currently
- # cannot have aliases. As long as syslog is started
- # via a SysV init script we hence define this name to
- # the actual SysV name here. Later on when SysV init
- # scripts are not used anymore it is advisable to use
- # the generic name instead and use symlinks in the
- # unit directories to point to the right native unit
- # file.
-
- SPECIAL_SYSLOG_SERVICE=rsyslog.service
AC_DEFINE(TARGET_FEDORA, [], [Target is Fedora/RHEL])
M4_DISTRO_FLAG=-DTARGET_FEDORA=1
have_plymouth=true
@@ -333,61 +318,49 @@ case $with_distro in
;;
debian)
SYSTEM_SYSVRCND_PATH=/etc
- SPECIAL_SYSLOG_SERVICE=rsyslog.service
AC_DEFINE(TARGET_DEBIAN, [], [Target is Debian])
M4_DISTRO_FLAG=-DTARGET_DEBIAN=1
;;
ubuntu)
SYSTEM_SYSVRCND_PATH=/etc
- SPECIAL_SYSLOG_SERVICE=rsyslog.service
AC_DEFINE(TARGET_UBUNTU, [], [Target is Ubuntu])
M4_DISTRO_FLAG=-DTARGET_UBUNTU=1
;;
arch)
SYSTEM_SYSVINIT_PATH=/etc/rc.d
SYSTEM_SYSVRCND_PATH=/etc
- SPECIAL_SYSLOG_SERVICE=syslog-ng.service
AC_DEFINE(TARGET_ARCH, [], [Target is ArchLinux])
M4_DISTRO_FLAG=-DTARGET_ARCH=1
;;
gentoo)
SYSTEM_SYSVINIT_PATH=
SYSTEM_SYSVRCND_PATH=
- SPECIAL_SYSLOG_SERVICE=syslog-ng.service
AC_DEFINE(TARGET_GENTOO, [], [Target is Gentoo])
M4_DISTRO_FLAG=-DTARGET_GENTOO=1
;;
slackware)
SYSTEM_SYSVINIT_PATH=/etc/rc.d/init.d
- SYSTEM_SYSVRCND_PATH=/etc/rc.d
AC_DEFINE(TARGET_SLACKWARE, [], [Target is Slackware])
M4_DISTRO_FLAG=-DTARGET_SLACKWARE=1
;;
frugalware)
SYSTEM_SYSVINIT_PATH=/etc/rc.d
- SYSTEM_SYSVRCND_PATH=/etc/rc.d
AC_DEFINE(TARGET_FRUGALWARE, [], [Target is Frugalware])
M4_DISTRO_FLAG=-DTARGET_FRUGALWARE=1
;;
altlinux)
SYSTEM_SYSVINIT_PATH=/etc/rc.d/init.d
- SYSTEM_SYSVRCND_PATH=/etc/rc.d
- SPECIAL_SYSLOG_SERVICE=syslogd.service
AC_DEFINE(TARGET_ALTLINUX, [], [Target is ALTLinux])
M4_DISTRO_FLAG=-DTARGET_ALTLINUX=1
have_plymouth=true
;;
mandriva)
SYSTEM_SYSVINIT_PATH=/etc/rc.d/init.d
- SYSTEM_SYSVRCND_PATH=/etc/rc.d
- SPECIAL_SYSLOG_SERVICE=rsyslog.service
AC_DEFINE(TARGET_MANDRIVA, [], [Target is Mandriva])
M4_DISTRO_FLAG=-DTARGET_MANDRIVA=1
have_plymouth=true
;;
other)
- AS_IF([test "x$with_syslog_service" = "x"],
- [AC_MSG_ERROR([With --distro=other, you must pass --with-syslog-service= to configure])])
;;
*)
AC_MSG_ERROR([Your distribution (${with_distro}) is not yet supported, SysV init scripts could not be found! (patches welcome); you can specify --with-distro=other to skip this check])
@@ -406,15 +379,8 @@ AC_ARG_WITH([sysvrcd-path],
[SYSTEM_SYSVRCND_PATH="$withval"],
[])
-AC_ARG_WITH([syslog-service],
- [AS_HELP_STRING([--with-syslog-service=UNIT],
- [Specify the name of the special syslog service @<:@default=based on distro@:>@])],
- [SPECIAL_SYSLOG_SERVICE="$withval"],
- [])
-
AC_SUBST(SYSTEM_SYSVINIT_PATH)
AC_SUBST(SYSTEM_SYSVRCND_PATH)
-AC_SUBST(SPECIAL_SYSLOG_SERVICE)
AC_SUBST(M4_DISTRO_FLAG)
if test "x${SYSTEM_SYSVINIT_PATH}" != "x" -a "x${SYSTEM_SYSVRCND_PATH}" != "x"; then
@@ -446,8 +412,6 @@ AM_CONDITIONAL(TARGET_MANDRIVA, test x"$with_distro" = xmandriva)
AM_CONDITIONAL(HAVE_PLYMOUTH, test -n "$have_plymouth")
-AC_DEFINE_UNQUOTED(SPECIAL_SYSLOG_SERVICE, ["$SPECIAL_SYSLOG_SERVICE"], [Syslog service name])
-
AC_ARG_WITH([dbuspolicydir],
AS_HELP_STRING([--with-dbuspolicydir=DIR], [D-Bus policy directory]),
[],
@@ -501,7 +465,6 @@ echo "
SysV compatibility: ${SYSTEM_SYSV_COMPAT}
SysV init scripts: ${SYSTEM_SYSVINIT_PATH}
SysV rc?.d directories: ${SYSTEM_SYSVRCND_PATH}
- Syslog service: ${SPECIAL_SYSLOG_SERVICE}
Gtk: ${have_gtk}
libcryptsetup: ${have_libcryptsetup}
tcpwrap: ${have_tcpwrap}
diff --git a/man/systemd.special.xml.in b/man/systemd.special.xml.in
index 1506f34..df62e9c 100644
--- a/man/systemd.special.xml.in
+++ b/man/systemd.special.xml.in
@@ -78,7 +78,6 @@
<filename>sockets.target</filename>,
<filename>swap.target</filename>,
<filename>sysinit.target</filename>,
- <filename>@SPECIAL_SYSLOG_SERVICE@</filename>,
<filename>syslog.target</filename>,
<filename>systemd-initctl.service</filename>,
<filename>systemd-initctl.socket</filename>,
@@ -543,27 +542,6 @@
</listitem>
</varlistentry>
<varlistentry>
- <term><filename>@SPECIAL_SYSLOG_SERVICE@</filename></term>
- <listitem>
- <para>A special unit for the
- syslog daemon. As soon as
- this service is fully started
- up systemd will connect to it
- and use it for logging if it
- has been configured for
- that.</para>
-
- <para>Units should generally
- avoid depending on this unit
- directly and instead refer to
- the
- <filename>syslog.target</filename>
- unit instead, which pulls this
- one in directly or indirectly
- via socket-based activation.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
<term><filename>syslog.target</filename></term>
<listitem>
<para>systemd automatically
@@ -574,15 +552,6 @@
referring to the
<literal>$syslog</literal>
facility.</para>
-
- <para>Administrators should
- ensure that this target pulls
- in a service unit with the
- name or alias of
- <filename>@SPECIAL_SYSLOG_SERVICE@</filename>
- (or a socket unit that
- activates this
- service).</para>
</listitem>
</varlistentry>
<varlistentry>
diff --git a/src/manager.c b/src/manager.c
index 9edb8f0..a9aaee3 100644
--- a/src/manager.c
+++ b/src/manager.c
@@ -2451,6 +2451,12 @@ void manager_send_unit_audit(Manager *m, Unit *u, int type, bool success) {
if (m->n_deserializing > 0)
return;
+ if (m->running_as != MANAGER_SYSTEM)
+ return;
+
+ if (u->meta.type != UNIT_SERVICE)
+ return;
+
if (!(p = unit_name_to_prefix_and_instance(u->meta.id))) {
log_error("Failed to allocate unit name for audit message: %s", strerror(ENOMEM));
return;
@@ -2965,6 +2971,47 @@ int manager_set_default_controllers(Manager *m, char **controllers) {
return 0;
}
+void manager_recheck_syslog(Manager *m) {
+ Unit *u;
+
+ assert(m);
+
+ if (m->running_as != MANAGER_SYSTEM)
+ return;
+
+ if ((u = manager_get_unit(m, SPECIAL_SYSLOG_SOCKET))) {
+ SocketState state;
+
+ state = SOCKET(u)->state;
+
+ if (state != SOCKET_DEAD &&
+ state != SOCKET_FAILED &&
+ state != SOCKET_RUNNING) {
+
+ /* Hmm, the socket is not set up, or is still
+ * listening, let's better not try to use
+ * it. Note that we have no problem if the
+ * socket is completely down, since there
+ * might be a foreign /dev/log socket around
+ * and we want to make use of that.
+ */
+
+ log_close_syslog();
+ return;
+ }
+ }
+
+ if ((u = manager_get_unit(m, SPECIAL_SYSLOG_TARGET)))
+ if (TARGET(u)->state != TARGET_ACTIVE) {
+ log_close_syslog();
+ return;
+ }
+
+ /* Hmm, OK, so the socket is either fully up, or fully down,
+ * and the target is up, then let's make use of the socket */
+ log_open();
+}
+
static const char* const manager_running_as_table[_MANAGER_RUNNING_AS_MAX] = {
[MANAGER_SYSTEM] = "system",
[MANAGER_USER] = "user"
diff --git a/src/manager.h b/src/manager.h
index efca4ff..c183e10 100644
--- a/src/manager.h
+++ b/src/manager.h
@@ -285,6 +285,8 @@ void manager_check_finished(Manager *m);
void manager_run_generators(Manager *m);
void manager_undo_generators(Manager *m);
+void manager_recheck_syslog(Manager *m);
+
const char *manager_running_as_to_string(ManagerRunningAs i);
ManagerRunningAs manager_running_as_from_string(const char *s);
diff --git a/src/special.h b/src/special.h
index ba2bc14..6a75e2c 100644
--- a/src/special.h
+++ b/src/special.h
@@ -24,21 +24,24 @@
#define SPECIAL_DEFAULT_TARGET "default.target"
+/* Shutdown targets */
+#define SPECIAL_UMOUNT_TARGET "umount.target"
/* This is not really intended to be started by directly. This is
* mostly so that other targets (reboot/halt/poweroff) can depend on
* it to bring all services down that want to be brought down on
* system shutdown. */
#define SPECIAL_SHUTDOWN_TARGET "shutdown.target"
-#define SPECIAL_UMOUNT_TARGET "umount.target"
#define SPECIAL_HALT_TARGET "halt.target"
#define SPECIAL_POWEROFF_TARGET "poweroff.target"
#define SPECIAL_REBOOT_TARGET "reboot.target"
#define SPECIAL_KEXEC_TARGET "kexec.target"
#define SPECIAL_EXIT_TARGET "exit.target"
+/* Special boot targets */
#define SPECIAL_RESCUE_TARGET "rescue.target"
#define SPECIAL_EMERGENCY_TARGET "emergency.target"
+/* Early boot targets */
#define SPECIAL_SYSINIT_TARGET "sysinit.target"
#define SPECIAL_SOCKETS_TARGET "sockets.target"
#define SPECIAL_LOCAL_FS_TARGET "local-fs.target" /* LSB's $local_fs */
@@ -46,8 +49,8 @@
#define SPECIAL_SWAP_TARGET "swap.target"
#define SPECIAL_BASIC_TARGET "basic.target"
+/* LSB compatibility */
#define SPECIAL_NETWORK_TARGET "network.target" /* LSB's $network */
-
#define SPECIAL_NSS_LOOKUP_TARGET "nss-lookup.target" /* LSB's $named */
#define SPECIAL_RPCBIND_TARGET "rpcbind.target" /* LSB's $portmap */
#define SPECIAL_SYSLOG_TARGET "syslog.target" /* LSB's $syslog; Should pull in syslog.socket or syslog.service */
@@ -56,22 +59,22 @@
#define SPECIAL_MAIL_TRANSFER_AGENT_TARGET "mail-transfer-agent.target" /* Debian's $mail-{transport|transfer-agent */
#define SPECIAL_HTTP_DAEMON_TARGET "http-daemon.target"
+/* Magic early boot services */
#define SPECIAL_FSCK_SERVICE "fsck at .service"
#define SPECIAL_QUOTACHECK_SERVICE "quotacheck.service"
#define SPECIAL_REMOUNT_ROOTFS_SERVICE "remount-rootfs.service"
+/* Services systemd relies on */
#define SPECIAL_DBUS_SERVICE "dbus.service"
#define SPECIAL_DBUS_SOCKET "dbus.socket"
#define SPECIAL_LOGGER_SOCKET "systemd-logger.socket"
+#define SPECIAL_SYSLOG_SOCKET "syslog.socket"
+/* Magic init signals */
#define SPECIAL_KBREQUEST_TARGET "kbrequest.target"
#define SPECIAL_SIGPWR_TARGET "sigpwr.target"
#define SPECIAL_CTRL_ALT_DEL_TARGET "ctrl-alt-del.target"
-#ifndef SPECIAL_SYSLOG_SERVICE
-#define SPECIAL_SYSLOG_SERVICE "syslog.service"
-#endif
-
/* For SysV compatibility. Usually an alias for a saner target. On
* SysV-free systems this doesn't exist. */
#define SPECIAL_RUNLEVEL2_TARGET "runlevel2.target"
diff --git a/src/unit.c b/src/unit.c
index 10de40a..6f10f51 100644
--- a/src/unit.c
+++ b/src/unit.c
@@ -1224,12 +1224,6 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
* yet connected. */
bus_init(u->meta.manager, true);
- if (unit_has_name(u, SPECIAL_SYSLOG_SERVICE))
- /* The syslog daemon just might have become
- * available, hence try to connect to it, if
- * we aren't yet connected. */
- log_open();
-
if (u->meta.type == UNIT_SERVICE &&
!UNIT_IS_ACTIVE_OR_RELOADING(os)) {
/* Write audit record if we have just finished starting up */
@@ -1242,12 +1236,6 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
} else {
- if (unit_has_name(u, SPECIAL_SYSLOG_SERVICE))
- /* The syslog daemon might just have
- * terminated, hence try to disconnect from
- * it. */
- log_close_syslog();
-
/* We don't care about D-Bus here, since we'll get an
* asynchronous notification for it anyway. */
@@ -1277,6 +1265,8 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
unit_add_to_dbus_queue(u);
unit_add_to_gc_queue(u);
+
+ manager_recheck_syslog(u->meta.manager);
}
int unit_watch_fd(Unit *u, int fd, uint32_t events, Watch *w) {
diff --git a/units/syslog.target.in b/units/syslog.target.in
index 37d5de3..d5410cf 100644
--- a/units/syslog.target.in
+++ b/units/syslog.target.in
@@ -9,9 +9,3 @@
[Unit]
Description=Syslog
-
-# As soon as all syslog services have native unit files this explicit
-# dependency should be dropped, and replaced by alias symlinks in the
-# .wants/ directory, to either the .service or .socket unit of the
-# syslog service.
-After=@SPECIAL_SYSLOG_SERVICE@
commit 0732ec002ea941f32e8def518150d2b6423315e3
Author: Lennart Poettering <lennart at poettering.net>
Date: Fri Mar 18 03:32:47 2011 +0100
man: document .requires/ directories
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 54903fb..2ae986a 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -139,7 +139,10 @@
with the <command>enable</command> command of the
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
tool which reads information from the [Install]
- section of unit files. (See below.)</para>
+ section of unit files. (See below.) A similar
+ functionality exists for <varname>Requires=</varname>
+ type dependencies as well, the directory suffix is
+ <filename>.requires/</filename> in this case.</para>
<para>Note that while systemd offers a flexible
dependency system between units it is recommended to
commit 177b3ffedbfc1aea839324edeb1f35a1a754ef5b
Author: Lennart Poettering <lennart at poettering.net>
Date: Fri Mar 18 03:32:33 2011 +0100
special: get rid of dbus.target
diff --git a/Makefile.am b/Makefile.am
index 8d23430..a94d2a7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -229,7 +229,6 @@ dist_systemunit_DATA = \
units/sigpwr.target \
units/sockets.target \
units/swap.target \
- units/dbus.target \
units/systemd-initctl.socket \
units/systemd-logger.socket \
units/systemd-shutdownd.socket \
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 7200525..e444efe 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -180,7 +180,7 @@
acquired. Service units with this
option configured implicitly gain
dependencies on the
- <filename>dbus.target</filename>
+ <filename>dbus.socket</filename>
unit.</para>
<para>Behaviour of
diff --git a/man/systemd.special.xml.in b/man/systemd.special.xml.in
index afe882e..1506f34 100644
--- a/man/systemd.special.xml.in
+++ b/man/systemd.special.xml.in
@@ -51,7 +51,6 @@
<para><filename>basic.target</filename>,
<filename>ctrl-alt-del.target</filename>,
<filename>dbus.service</filename>,
- <filename>dbus.target</filename>,
<filename>default.target</filename>,
<filename>display-manager.service</filename>,
<filename>emergency.target</filename>,
@@ -143,28 +142,6 @@
up systemd will connect to it
and register its
service.</para>
-
- <para>Units should generally
- avoid depending on this unit
- directly and instead refer to
- the
- <filename>dbus.target</filename>
- unit instead, which pulls this
- one in directly or indirectly
- via socket-based activation.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><filename>dbus.target</filename></term>
- <listitem>
- <para>Administrators should
- ensure that this target pulls
- in a service unit with the
- name or alias of
- <filename>dbus.service</filename>
- (or a socket unit that
- activates this
- service).</para>
</listitem>
</varlistentry>
<varlistentry>
diff --git a/src/service.c b/src/service.c
index 0f28312..f0c72f2 100644
--- a/src/service.c
+++ b/src/service.c
@@ -1129,7 +1129,7 @@ static int service_load(Unit *u) {
s->notify_access = NOTIFY_MAIN;
if (s->type == SERVICE_DBUS || s->bus_name)
- if ((r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, SPECIAL_DBUS_TARGET, NULL, true)) < 0)
+ if ((r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, NULL, true)) < 0)
return r;
if (s->meta.default_dependencies)
diff --git a/src/special.h b/src/special.h
index 2f2d9e7..ba2bc14 100644
--- a/src/special.h
+++ b/src/special.h
@@ -30,17 +30,24 @@
* system shutdown. */
#define SPECIAL_SHUTDOWN_TARGET "shutdown.target"
#define SPECIAL_UMOUNT_TARGET "umount.target"
+#define SPECIAL_HALT_TARGET "halt.target"
+#define SPECIAL_POWEROFF_TARGET "poweroff.target"
+#define SPECIAL_REBOOT_TARGET "reboot.target"
+#define SPECIAL_KEXEC_TARGET "kexec.target"
+#define SPECIAL_EXIT_TARGET "exit.target"
-#define SPECIAL_LOGGER_SOCKET "systemd-logger.socket"
-
-#define SPECIAL_KBREQUEST_TARGET "kbrequest.target"
-#define SPECIAL_SIGPWR_TARGET "sigpwr.target"
-#define SPECIAL_CTRL_ALT_DEL_TARGET "ctrl-alt-del.target"
+#define SPECIAL_RESCUE_TARGET "rescue.target"
+#define SPECIAL_EMERGENCY_TARGET "emergency.target"
+#define SPECIAL_SYSINIT_TARGET "sysinit.target"
+#define SPECIAL_SOCKETS_TARGET "sockets.target"
#define SPECIAL_LOCAL_FS_TARGET "local-fs.target" /* LSB's $local_fs */
#define SPECIAL_REMOTE_FS_TARGET "remote-fs.target" /* LSB's $remote_fs */
#define SPECIAL_SWAP_TARGET "swap.target"
+#define SPECIAL_BASIC_TARGET "basic.target"
+
#define SPECIAL_NETWORK_TARGET "network.target" /* LSB's $network */
+
#define SPECIAL_NSS_LOOKUP_TARGET "nss-lookup.target" /* LSB's $named */
#define SPECIAL_RPCBIND_TARGET "rpcbind.target" /* LSB's $portmap */
#define SPECIAL_SYSLOG_TARGET "syslog.target" /* LSB's $syslog; Should pull in syslog.socket or syslog.service */
@@ -48,22 +55,18 @@
#define SPECIAL_DISPLAY_MANAGER_SERVICE "display-manager.service" /* Debian's $x-display-manager */
#define SPECIAL_MAIL_TRANSFER_AGENT_TARGET "mail-transfer-agent.target" /* Debian's $mail-{transport|transfer-agent */
#define SPECIAL_HTTP_DAEMON_TARGET "http-daemon.target"
-#define SPECIAL_DBUS_TARGET "dbus.target"
-#define SPECIAL_BASIC_TARGET "basic.target"
-#define SPECIAL_SOCKETS_TARGET "sockets.target"
-#define SPECIAL_SYSINIT_TARGET "sysinit.target"
+
#define SPECIAL_FSCK_SERVICE "fsck at .service"
#define SPECIAL_QUOTACHECK_SERVICE "quotacheck.service"
-#define SPECIAL_RESCUE_TARGET "rescue.target"
-#define SPECIAL_EXIT_TARGET "exit.target"
-#define SPECIAL_EMERGENCY_TARGET "emergency.target"
-#define SPECIAL_HALT_TARGET "halt.target"
-#define SPECIAL_POWEROFF_TARGET "poweroff.target"
-#define SPECIAL_REBOOT_TARGET "reboot.target"
-#define SPECIAL_KEXEC_TARGET "kexec.target"
+#define SPECIAL_REMOUNT_ROOTFS_SERVICE "remount-rootfs.service"
+
#define SPECIAL_DBUS_SERVICE "dbus.service"
#define SPECIAL_DBUS_SOCKET "dbus.socket"
-#define SPECIAL_REMOUNT_ROOTFS_SERVICE "remount-rootfs.service"
+#define SPECIAL_LOGGER_SOCKET "systemd-logger.socket"
+
+#define SPECIAL_KBREQUEST_TARGET "kbrequest.target"
+#define SPECIAL_SIGPWR_TARGET "sigpwr.target"
+#define SPECIAL_CTRL_ALT_DEL_TARGET "ctrl-alt-del.target"
#ifndef SPECIAL_SYSLOG_SERVICE
#define SPECIAL_SYSLOG_SERVICE "syslog.service"
diff --git a/units/dbus.target b/units/dbus.target
deleted file mode 100644
index 6389768..0000000
--- a/units/dbus.target
+++ /dev/null
@@ -1,11 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-
-# See systemd.special(7) for details
-
-[Unit]
-Description=D-Bus
commit 260abb780a135e4cae8c10715c7e85675efc345a
Author: Lennart Poettering <lennart at poettering.net>
Date: Fri Mar 18 03:13:15 2011 +0100
exec: properly apply capability bounding set, add inverted bounding sets
diff --git a/TODO b/TODO
index d2614b7..620cdff 100644
--- a/TODO
+++ b/TODO
@@ -23,23 +23,26 @@ F15:
* 0595f9a1c182a84581749823ef47c5f292e545f9 is borked, freezes shutdown
(path: after installing inotify watches, recheck file again to fix race)
-* capability_bounding_set_drop not used
-
-* rework syslog.service being up logic in PID 1
-
* rsyslog.service should hook itself into syslog.target?
* syslog.target should be pulled in by multi-user.target?
* pull in .service from meta .targers AND vice versa too. i.e. syslog.target â†â†’ rsyslog.service, rpcbind similarly
-* drop Names= option? Symlinks only should be used. We don't want to need to read all service files.
-
Features:
+
+* hide passwords on TAB
+
+* add switch to systemctl to show enabled but not running services. Or
+ another switch that shows service that have been running since
+ booting but aren't running anymore.
+
+* reuse mkdtemp namespace dirs in /tmp?
+
* don't strip facility from kmsg log messages as soon as that is possible.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9d90c8d9cde929cbc575098e825d7c29d9f45054
-* recreate systemd'd D-Bus private socket file on SIGUSR2
+* recreate systemd's D-Bus private socket file on SIGUSR2
* be more specific what failed:
Unmounting file systems.
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index f96d181..fb8496f 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -597,16 +597,34 @@
</varlistentry>
<varlistentry>
- <term><varname>Capabilities=</varname></term>
- <listitem><para>Controls the
+ <term><varname>CapabilityBoundingSet=</varname></term>
+
+ <listitem><para>Controls which
+ capabilities to include in the
+ capability bounding set for the
+ executed process. See
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
- set for the executed process. Take a
- capability string as described in
- <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
- Note that this capability set is
- usually influenced by the capabilities
- attached to the executed
- file.</para></listitem>
+ for details. Takes a whitespace
+ seperated list of capability names as
+ read by
+ <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ Capabilities listed will be included
+ in the bounding set, all others are
+ removed. If the list of capabilities
+ is prefixed with ~ all but the listed
+ capabilities will be included, the
+ effect of this assignment
+ inverted. Note that this option does
+ not actually set or unset any
+ capabilities in the effective,
+ permitted or inherited capability
+ sets. That's what
+ <varname>Capabilities=</varname> is
+ for. If this option is not used the
+ capability bounding set is not
+ modified on process execution, hence
+ no limits on the capabilities of the
+ process are enforced.</para></listitem>
</varlistentry>
<varlistentry>
@@ -625,16 +643,21 @@
</varlistentry>
<varlistentry>
- <term><varname>CapabilityBoundingSetDrop=</varname></term>
-
+ <term><varname>Capabilities=</varname></term>
<listitem><para>Controls the
- capability bounding set drop set for
- the executed process. See
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
- for details. Takes a list of
- capability names as read by
- <citerefentry><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
- </para></listitem>
+ set for the executed process. Take a
+ capability string describing the
+ effective, permitted and inherited
+ capability sets as documented in
+ <citerefentry><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ Note that these capability sets are
+ usually influenced by the capabilities
+ attached to the executed file. Due to
+ that
+ <varname>CapabilityBoundingSet=</varname>
+ is probably the much more useful
+ setting.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/dbus-execute.c b/src/dbus-execute.c
index 504651f..35e6d37 100644
--- a/src/dbus-execute.c
+++ b/src/dbus-execute.c
@@ -234,6 +234,24 @@ int bus_execute_append_timer_slack_nsec(Manager *m, DBusMessageIter *i, const ch
return 0;
}
+int bus_execute_append_capability_bs(Manager *m, DBusMessageIter *i, const char *property, void *data) {
+ ExecContext *c = data;
+ uint64_t normal, inverted;
+
+ assert(m);
+ assert(i);
+ assert(property);
+ assert(c);
+
+ /* We store this negated internally, to match the kernel, bu
+ * we expose it normalized. */
+
+ normal = *(uint64_t*) data;
+ inverted = ~normal;
+
+ return bus_property_append_uint64(m, i, property, &inverted);
+}
+
int bus_execute_append_capabilities(Manager *m, DBusMessageIter *i, const char *property, void *data) {
ExecContext *c = data;
char *t = NULL;
diff --git a/src/dbus-execute.h b/src/dbus-execute.h
index 082456a..8bfaaaf 100644
--- a/src/dbus-execute.h
+++ b/src/dbus-execute.h
@@ -131,7 +131,7 @@
{ interface, "SyslogLevelPrefix", bus_property_append_bool, "b", &(context).syslog_level_prefix }, \
{ interface, "Capabilities", bus_execute_append_capabilities, "s",&(context) }, \
{ interface, "SecureBits", bus_property_append_int, "i", &(context).secure_bits }, \
- { interface, "CapabilityBoundingSetDrop", bus_property_append_uint64, "t", &(context).capability_bounding_set_drop }, \
+ { interface, "CapabilityBoundingSet", bus_execute_append_capability_bs, "t", &(context).capability_bounding_set_drop }, \
{ interface, "User", bus_property_append_string, "s", (context).user }, \
{ interface, "Group", bus_property_append_string, "s", (context).group }, \
{ interface, "SupplementaryGroups", bus_property_append_strv, "as", (context).supplementary_groups }, \
@@ -167,6 +167,7 @@ int bus_execute_append_cpu_sched_priority(Manager *m, DBusMessageIter *i, const
int bus_execute_append_affinity(Manager *m, DBusMessageIter *i, const char *property, void *data);
int bus_execute_append_timer_slack_nsec(Manager *m, DBusMessageIter *i, const char *property, void *data);
int bus_execute_append_capabilities(Manager *m, DBusMessageIter *i, const char *property, void *data);
+int bus_execute_append_capability_bs(Manager *m, DBusMessageIter *i, const char *property, void *data);
int bus_execute_append_rlimits(Manager *m, DBusMessageIter *i, const char *property, void *data);
int bus_execute_append_command(Manager *m, DBusMessageIter *u, const char *property, void *data);
int bus_execute_append_kill_mode(Manager *m, DBusMessageIter *i, const char *property, void *data);
diff --git a/src/execute.c b/src/execute.c
index c1edf61..a467411 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -1249,6 +1249,15 @@ int exec_spawn(ExecCommand *command,
}
}
+ if (context->capability_bounding_set_drop)
+ for (i = 0; i <= CAP_LAST_CAP; i++)
+ if (context->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) i)) {
+ if (prctl(PR_CAPBSET_DROP, i) < 0) {
+ r = EXIT_CAPABILITIES;
+ goto fail_child;
+ }
+ }
+
if (context->user)
if (enforce_user(context, uid) < 0) {
r = EXIT_USER;
@@ -1664,15 +1673,15 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
(c->secure_bits & SECURE_NOROOT_LOCKED) ? "noroot-locked" : "");
if (c->capability_bounding_set_drop) {
- fprintf(f, "%sCapabilityBoundingSetDrop:", prefix);
+ fprintf(f, "%sCapabilityBoundingSet:", prefix);
for (i = 0; i <= CAP_LAST_CAP; i++)
- if (c->capability_bounding_set_drop & (1 << i)) {
+ if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) i))) {
char *t;
if ((t = cap_to_name(i))) {
fprintf(f, " %s", t);
- free(t);
+ cap_free(t);
}
}
diff --git a/src/load-fragment.c b/src/load-fragment.c
index 334bc71..ac22b94 100644
--- a/src/load-fragment.c
+++ b/src/load-fragment.c
@@ -852,12 +852,24 @@ static int config_parse_bounding_set(
char *w;
size_t l;
char *state;
+ bool invert = false;
+ uint64_t sum = 0;
assert(filename);
assert(lvalue);
assert(rvalue);
assert(data);
+ if (rvalue[0] == '~') {
+ invert = true;
+ rvalue++;
+ }
+
+ /* Note that we store this inverted internally, since the
+ * kernel wants it like this. But we actually expose it
+ * non-inverted everywhere to have a fully normalized
+ * interface. */
+
FOREACH_WORD_QUOTED(w, l, rvalue, state) {
char *t;
int r;
@@ -874,9 +886,14 @@ static int config_parse_bounding_set(
return 0;
}
- c->capability_bounding_set_drop |= 1 << cap;
+ sum |= ((uint64_t) 1ULL) << (uint64_t) cap;
}
+ if (invert)
+ c->capability_bounding_set_drop |= sum;
+ else
+ c->capability_bounding_set_drop |= ~sum;
+
return 0;
}
@@ -1772,7 +1789,7 @@ static int load_from_path(Unit *u, const char *path) {
{ "SyslogLevelPrefix", config_parse_bool, &(context).syslog_level_prefix, section }, \
{ "Capabilities", config_parse_capabilities, &(context), section }, \
{ "SecureBits", config_parse_secure_bits, &(context), section }, \
- { "CapabilityBoundingSetDrop", config_parse_bounding_set, &(context), section }, \
+ { "CapabilityBoundingSet", config_parse_bounding_set, &(context), section }, \
{ "TimerSlackNSec", config_parse_timer_slack_nsec,&(context), section }, \
{ "LimitCPU", config_parse_limit, &(context).rlimit[RLIMIT_CPU], section }, \
{ "LimitFSIZE", config_parse_limit, &(context).rlimit[RLIMIT_FSIZE], section }, \
More information about the systemd-commits
mailing list