Commit Graph

371 Commits

Author SHA1 Message Date
Michael Scherer
eef65bf3ee core: Add AppArmor profile switching
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
2014-02-21 03:44:20 +01:00
Lennart Poettering
fdc8509fb6 build-sys: don't use -Wcast-align anymore
We do a lot of these casts, and they are all OK, so let's get rid of the
warning, to make things quieter.

http://lists.freedesktop.org/archives/systemd-devel/2014-February/017174.html
2014-02-21 03:15:52 +01:00
Holger Schurig
3b79431414 build-sys: Add setns() functions if not in the C library.
Debian Stable is still using glibc 2.13, which doesn't provide the setns().
So we detect this and provide a tiny wrapper that issues the setns syscall
towards the kernel.
2014-02-21 03:06:29 +01:00
Lennart Poettering
e2044076bf build-sys: bump release in preparation for release 2014-02-19 21:03:55 +01:00
Lennart Poettering
6a6751fe24 core: warn when unit files with unsupported options are parsed 2014-02-17 17:49:09 +01:00
Lennart Poettering
17df7223be core: rework syscall filter
- Allow configuration of an errno error to return from blacklisted
  syscalls, instead of immediately terminating a process.

- Fix parsing logic when libseccomp support is turned off

- Only keep the actual syscall set in the ExecContext, and generate the
  string version only on demand.
2014-02-12 18:30:36 +01:00
Ronny Chevalier
c0467cf387 syscallfilter: port to libseccomp 2014-02-12 18:30:36 +01:00
Zbigniew Jędrzejewski-Szmek
32dcef3ab1 build-sys: make lxml required when generating indices
Since the manpage indices generated without lxml would be missing some
parts, it doesn't make sense to keep lxml optional anymore.
2014-02-12 03:04:57 -05:00
Zbigniew Jędrzejewski-Szmek
53e856e16a build-sys: create "compatibility libraries" section
Compat stuff is moved to src/compat-libs/.
Warnings are issued when programs are linked with the deprecated library.
2014-01-25 18:10:08 -05:00
Zbigniew Jędrzejewski-Szmek
39c4ead232 build-sys: default to gold linker
gold doesn't exhibit the problems with linking of compatibility
libraries.

It is also slightly faster:

make clean && make -j5   bfd       gold

real                   34.885s     33.707s
user                   34.486s     32.189s
sys                    9.929s      10.845s

real                   35.128s     33.508s
user                   34.660s     31.858s
sys                    10.798s     10.341s

real                   35.405s     33.748s
user                   34.765s     32.384s
sys                    11.635s     10.998s

real                   35.250s     33.795s
user                   34.704s     32.253s
sys                    11.220s     11.469s

touch src/libsystemd/sd-bus.c && make -j5
                        bfd        gold

real                   10.224s      9.030s
user                   11.664s      9.877s
sys                    3.431s       2.878s

real                   10.021s      9.165s
user                   11.526s      9.990s
sys                    3.061s       3.015s

real                   10.233s      8.961s
user                   11.657s      9.973s
sys                    3.467s       2.202s

real                   10.160s      9.086s
user                   11.637s      9.950s
sys                    3.188s       2.859s
2014-01-25 18:10:08 -05:00
Chengwei Yang
8114dedc59 build-sys: fix --enable-dbus
The incorrect shell code of AS_IF always get false value, so it always
build without dbus though build with "--enable-dbus" explicitely.
2014-01-16 00:16:02 -05:00
Dave Reisner
146ccaafd5 configure: use POSIX conformant syntax for test
In shells like bash, == and = are equivalent in test contexts. In POSIX
compliant shells, == isn't a valid operator.
2014-01-05 11:57:05 -05:00
Zbigniew Jędrzejewski-Szmek
ac6b760cee build-sys: add --disable-dbus autoconf option 2014-01-02 19:45:47 -05:00
Zbigniew Jędrzejewski-Szmek
ccd06097c7 Use format patterns for usec_t, pid_t, nsec_t, usec_t
It is nicer to predefine patterns using configure time check instead of
using casts everywhere.

Since we do not need to use any flags, include "%" in the format instead
of excluding it like PRI* macros.
2014-01-02 19:45:47 -05:00
Zbigniew Jędrzejewski-Szmek
4acbce7979 build-sys: fix generation of user@.service 2013-12-27 12:12:41 -05:00
Lennart Poettering
25ad866460 build-sys: the pure/const warning options are probably too much as default, but let's make it available via "autogen.sh a" 2013-12-25 19:00:38 +01:00
Lennart Poettering
693eb9a2d4 bus: rename message "serial" to "cookie"
Even if the lower-leveld dbus1 protocol calls it "serial", let's expose
the word "cookie" for this instead, as this is what kdbus uses and since
it doesn't imply monotonicity the same way "serial" does.
2013-12-25 18:04:04 +01:00
Lennart Poettering
cd49e2f664 build-sys: build bus-driverd if kdbus support is enabled 2013-12-17 01:36:59 +01:00
Daniel Mack
294c866023 Add bus-driverd
systemd-bus-driverd is a small daemon that connects to kdbus and
implements the org.freedesktop.DBus interface. IOW, it provides the bus
functions  traditionally taken care for by dbus-daemon.

Calls are proxied to kdbus, either via libsystemd-bus (were applicable)
or with the open-coded use of ioctl().

Note that the implementation is not yet finished as the functions to
add and remove matches and to start services by name are still missing.
2013-12-16 22:34:48 +01:00
Lennart Poettering
213298fb82 build-sys: warn if builds are not byte-by-byte reproducible due to usage of __DATE__ and suchlike 2013-12-16 04:58:20 +01:00
Lukasz Skalski
c97a6dbcf1 build-sys: fix help text for --enable-kdbus 2013-12-13 15:50:38 +01:00
Lennart Poettering
626851be97 bus: do kdbus only if this is enabled on the configure switch
Since we want to retain the ability to break kernel ←→ userspace ABI
after the next release, let's not make use by default of kdbus, so that
people with future kernels will not suddenly break with current systemd
versions.

kdbus support is left in all builds but must now be explicitly requested
at runtime (for example via setting $DBUS_SESSION_BUS). Via a configure
switch the old behaviour can be restored. In fact, we change autogen.sh
to do this, so that git builds (which run autogen.sh) get kdbus by
default, but tarball builds (which ue the configure defaults) do not get
it, and hence this stays out of the distros by default.
2013-11-30 20:18:48 +01:00
Lennart Poettering
03930e4863 Revert "build-sys: avoid warnings from assert_cc"
This reverts commit f1a1264d13.

We can turn this off with a pragma only on old gcc. Newer gcc doesn't
need this, so let's not turn this off for everybody.
2013-11-29 13:34:55 +01:00
Zbigniew Jędrzejewski-Szmek
0b340bcf0e build-sys: use C99
We already use various constructs, so let's just admit that we're using C99.
2013-11-28 14:37:11 -05:00
Zbigniew Jędrzejewski-Szmek
bd441fa27a build-sys: make multi-seat-x optional
At some point it should become disabled by default.

http://lists.freedesktop.org/archives/systemd-devel/2013-November/014869.html
2013-11-28 14:37:11 -05:00
Zbigniew Jędrzejewski-Szmek
f1a1264d13 build-sys: avoid warnings from assert_cc 2013-11-28 03:43:07 -05:00
Kay Sievers
b850b06e1e build-sys: enable gcc Link Time Optimization when optimization is enabled 2013-11-21 21:56:18 +01:00
Lennart Poettering
54b434b1b5 valgrind: make running PID 1 in valgrind useful
Since valgrind only generates useful output on exit() (rather than
exec()) we need to explicitly exit when valgrind is detected.
2013-11-20 22:12:47 +01:00
Umut Tezduyar Lindskog
6aad7f2cd7 build: Allow disabling maintainer mode
This allows make rules for generated build files (i.e.  configure,
Makefile.in, ... ) to be skipped.  This is useful when
the source is stored without timestamps (for example in CVS or GIT).

When the build rules trigger to regenerate the build files, it tries to
use the same autotools version (currently 1.14) as was originally used
for the release.  Since many of our build machines run Debian Squeeze,
they only have autotools 1.11 available and the build fails.

Currently, we have to work around this by touching all the generated
files before building to avoid triggering the make rule. With this
patch, we would be able to just run configure with
--disable-maintainer-mode instead.  The patch sets the default to enable
to not change the default behavior.

Ref: http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/
     ?id=f5cc26c77d2f332a9b40f51f0ec72e95711edf1e
2013-11-14 00:09:45 +10:00
Colin Walters
3c9317d2d9 build-sys: Add --disable-networkd option
For GNOME (Continuous), we are unlikely to require or want
systemd-networkd in the near term future; all of the tools and code
are targeting NetworkManager.

The long term story is still an open question of course, but for now,
there's no reason for gnome-continuous to build or ship this.
2013-11-12 22:38:08 +01:00
Kay Sievers
2270309471 bus: test-bus-marshal - make dbus-1 optional 2013-11-06 02:03:05 +01:00
Kay Sievers
03a170c03c build-sys: disable _FORTIFY_SOURCE for -Og builds for now
Older gcc versions throw things like:

  In file included from /usr/include/fcntl.h:302:0,
                 from ../src/core/execute.c:25:
In function 'open',
    inlined from 'open_null_as' at ../src/core/execute.c:196:12:
/usr/include/bits/fcntl2.h:50:24: error: call to '__open_missing_mode'
  declared with attribute error: open with O_CREAT in second argument needs 3 arguments
    __open_missing_mode ();
2013-10-21 18:29:53 +02:00
Kay Sievers
ca2871d9b0 bus: remove static introspection file export 2013-10-21 00:41:26 +02:00
David Strauss
70d8320978 Fix kmod error message to have correct version requirement 2013-10-17 13:19:29 -07:00
Tom Gundersen
a18535d9e1 static-nodes: don't call mkdir
This is no longer necessary with kmod-15. Bump the requirement.
2013-10-17 19:53:44 +02:00
Lennart Poettering
3990f24765 rfkill: add new rfkill tool to save/restore rfkill state across reboots
This works analogous to the existing backlight and random seed services
2013-10-14 04:31:49 +02:00
Auke Kok
8b197c3a8a Run with a custom SMACK domain (label).
Allows the systemd --system process to change its current
SMACK label to a predefined custom label (usually "system")
at boot time.

This is needed to have a few system-generated folders and
sockets automatically be created with the right SMACK
label. Without that, processes either cannot communicate with
systemd or systemd fails to perform some actions.
2013-10-07 10:23:20 -07:00
Lennart Poettering
cd4010b373 build-ss: prepare new release 2013-10-02 03:02:25 +02:00
Lennart Poettering
a3b6fafed4 hashmap: randomize hash functions a bit 2013-10-01 23:11:49 +02:00
Lennart Poettering
abaaabf40a build-sys: don't fallback to upstart defaults 2013-10-01 03:23:14 +02:00
Zbigniew Jędrzejewski-Szmek
f2ec0646ab build-sys: restore detection of sphinx 2013-09-27 08:24:08 +02:00
Zbigniew Jędrzejewski-Szmek
732bfe09ae build-sys: add ./configure --enable-address-sanitizer
Enabling address sanitizer seems like a useful thing, but is quite
tricky. Proper flags have to be passed to CPPFLAGS, CFLAGS and
LDFLAGS, but passing them on the commandline doesn't work because
we tests are done with ld directly, and not with libtool like in
real linking. We might want to fix this, but let's add a handy
way to enable address checking anyway.
2013-09-26 11:12:04 +02:00
Zbigniew Jędrzejewski-Szmek
1864b0e395 build-sys: don't build python modules after --without-python
The modules should build just fine, but AM_PATH_PYTHON sets
pkgpyexecdir for us. Without that variable we don't know where to
install modules. In addition libtool tries an empty rpath, breaking
the build. Those issues could be fixed or worked around, but we
probably don't have many people who want to avoid using python binary,
but want to compile python modules. If such uses ever come up, this
issue should be revisited.
2013-09-19 14:58:21 -04:00
Lennart Poettering
4f0be680b5 build-sys: prepare 207 2013-09-13 02:12:16 +02:00
Zbigniew Jędrzejewski-Szmek
5c390a4ae0 Add pam configuration to allow user sessions to work out of the box
systemd-logind will start user@.service. user@.service unit uses
PAM with service name 'systemd-user' to perform account and session
managment tasks. Previously, the name was 'systemd-shared', it is
now changed to 'systemd-user'.

Most PAM installations use one common setup for different callers.
Based on a quick poll, distributions fall into two camps: those that
have system-auth (Redhat, Fedora, CentOS, Arch, Gentoo, Mageia,
Mandriva), and those that have common-auth (Debian, Ubuntu, OpenSUSE).
Distributions that have system-auth have just one configuration file
that contains auth, password, account, and session blocks, and
distributions that have common-auth also have common-session,
common-password, and common-account. It is thus impossible to use one
configuration file which would work for everybody. systemd-user now
refers to system-auth, because it seems that the approach with one
file is more popular and also easier, so let's follow that.
2013-09-11 15:35:06 -04:00
Michael Marineau
4b357e1587 build-sys: Add configure check for linux/btrfs.h
btrfs.h was added to uapi in Linux 3.9. To fix building with older
header versions this adds a configure check for the header and re-adds
btrfs definitions to missing.h which was removed in bed2e820 along with
two other ioctls used by gpt-auto-generator.

[ Apparently, btrfs.h was only added recently:
  http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=55e301fd57a6239ec14b91a1cf2e70b3dd135194
  let's re-add it for now -- kay ]
2013-08-16 23:29:41 +02:00
Lennart Poettering
3731acf1ac backlight: add minimal tool to save/restore screen brightness across reboots
As many laptops don't save/restore screen brightness across reboots,
let's do this in systemd with a minimal tool, that restores the
brightness as early as possible, and saves it as late as possible. This
will cover consoles and graphical logins, but graphical desktops should
do their own per-user stuff probably.

This only touches firmware brightness controls for now.
2013-08-14 01:57:02 +02:00
William Giokas
4f87c47b35 zsh_completion: fix zsh completion installation
Moved zsh shell completion to shell-completion/zsh/_systemd for
automake's sake. Also allow users to specify where the files should go
with::

  ./configure --with-zshcompletiondir=/path/to/some/where

and by default going to `$datadir/zsh/site-functions`
2013-08-02 10:43:08 -04:00
Kay Sievers
7959ff9914 build-sys: support old glibc versions without clock_gettime() 2013-07-30 03:46:14 +02:00
Shawn Landden
fba1ea06bb build: do not link everything with -lrt (and therefore -pthread) 2013-07-30 02:35:36 +02:00