| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: I4d02ee034226a00de0c7ffd81ba357a72ae5aea6
Signed-off-by: Slava Barinov <v.barinov@samsung.com>
|
|
Address Sanitizer uses approach alike to Valgrind one and therefore reports
memory issues on the same code sections with intentional operations.
Code prepare for Valgrind will work for ASan as well.
Change-Id: I65331237e4530861e9df2818db31cbfb0875a486
Signed-off-by: Slava Barinov <v.barinov@samsung.com>
|
|
Uninitialized data is read from local variable 'r.
In case that strjoin returns NULL, r is not initialized.
Change-Id: Ib2374e5b966766dc9594fb50937459ba3e1edd46
https://github.com/systemd/systemd/commit/c43b2132f37264600cc26e07c8d85dfdd6c969f0
Backported-by: Woochang Kim <wchang.kim@samsung.com>
Signed-off-by: Woochang Kim <wchang.kim@samsung.com>
|
|
As Tizen default, /opt is mounted seperately, and the /var -> /opt/var
Thus, systemd flush should be done after mounting /opt.
In generic, I think that systemd-journal-flush should be done after local-fs.target
because several devices have own partition policies.
Change-Id: I4acb4bd26365681ea798441c2f154b8ba5422665
|
|
Tizen 3.0 does not use systemd-timedated for changing time-zone and related things.
Alarm-manager will manage the functionalities.
Tizen 3.0 does not use systemd-rfkill any more.
Net-config will manage the functionalities.
Change-Id: Icb3011003060c213b2bdcd0de53480acaaeed70b
|
|
This fixes "machinectl login" on systems configured with --disable-kdbus.
The error was:
machinectl login foo
Failed to get machine PTY: Input/output error
Change-Id: Ib4228926ed33d2b628d1f381ade7c42098879b77
Origin: http://cgit.freedesktop.org/systemd/systemd/commit/?id=f2273101c21bc59a390379e182e53cd4f07a7e71
Backported-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
|
|
Because user session daemons have same uid/gid with applications,
include them in specific gids for checking privilege.
The security-manager will drop these groups from applications.
Change-Id: I1ed91e75cb605a4c6bffa604fe992ec995ff2845
|
|
This commit fixes commit 30dfab97 ("build: remove --relative in 'ln'")
which resulted in stale symlink being installed.
$ stat /usr/lib/systemd/user-generators/systemd-dbus1-generator
File: `/usr/lib/systemd/user-generators/systemd-dbus1-generator' -> `.//usr/lib/systemd/system-generators/systemd-dbus1-generator'
Change-Id: I91266b015436d8208b62360d500c93a684e696be
|
|
Tizen does not use systemd-backlight. Deviced will control whole
backlight-related operation.
Change-Id: I59b45eeb5dbc3d4ab716bcbf38df120fd1023a5f
|
|
Refer to : https://bugs.tizen.org/jira/browse/TM-233
Change-Id: Ibc06d23f6743b2c21007cef5e340048a1e0d1429
|
|
Tizen 3.0 does not use systemd-coredump due to performance issue.
Instead of systemd coredump, Tizen 3.0 uses crash-manager
Change-Id: Ic73aabc9ab874a8b88db501a0d2eef5727bfbacf
|
|
[Note] Bash shell of current Tizen does not support several completion command due to license issue.
Thus, most bash-completion script of systemd does not work.
In addtion, default Tizen wdoes not support zsh.
Change-Id: I18d6a05866ff375e08402b9b4f832592c11531d0
|
|
convenience.
Change-Id: I239977c2872ed219bf2591a80c1153eeba4cdc89
|
|
change LGPL license version.
2.0+ -> 2.1+
Change-Id: I56238c288bde2d21a13c390880270cee36bf1d37
Signed-off-by: boseong choi <boseong.choi@samsung.com>
|
|
This removes unnecessary default.target file for IVI profile.
Change-Id: Ib354a9028ab020f504e7c35cb5f9bb16ea112766
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
this patch for support linux-kernel-3.4
origin: https://github.com/systemd/systemd/commit/d97fb4083
Change-Id: Ia06e81faf7aa2c4e37461979c078fca05d1b72cd
Signed-off-by: Min Kang <min1023.kang@samsung.com>
|
|
This is necessary to build with older kernel headers. NDA_VLAN was
introduced in v3.9 and NDA_PORT, NDA_VNI and NDA_IFINDEX in v3.10
this patch for support linux-kernel-3.4
origin: https://github.com/systemd/systemd/commit/cf1755ba
Change-Id: I26a320475c0a36b8eab6a22997b20f1b6915afab
Signed-off-by: Min Kang <min1023.kang@samsung.com>
|
|
this patch for support linux-kernel-3.4
origin: https://github.com/systemd/systemd/commit/8e8ba7922
Change-Id: I1bf5ee71b0e34d0662544576eb78d37edd4706f8
Signed-off-by: Min Kang <min1023.kang@samsung.com>
|
|
IA64 is missing this syscall as of linux-4.2.
This works around it until the necessary kernel patch gets merged.
this patch for support linux-kernel-3.4
origin: https://github.com/systemd/systemd/commit/75b55457
Change-Id: I2f6c4a6266f30fe7435d2e1b8a79c69ff2564c09
Signed-off-by: Min Kang <min1023.kang@samsung.com>
|
|
Some user session target files, which is under USER_UNIT_ALIASES,
refers wrong relative path when install-aliases-hook
Therefore fix install-relative-aliases
Change-Id: I5f0c8d973c4ff85599fef586a439b40985403387
Signed-off-by: Min Kang <min1023.kang@samsung.com>
|
|
|
|
Change-Id: I9dcde28a22d7301c68280c1f72ecb1c5641296d1
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
|
|
remove dbus-1 BuildRequires and dbus Requires
Change-Id: Ic2f4b419c15c5759743fbe3a5df60d4558c5bb53
Signed-off-by: Min Kang <min1023.kang@samsung.com>
|
|
Change-Id: Id2458b3765cb6ccb5b41a96eea42ae6da5d2c557
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
|
|
hwdata package is unused, so remove BuildRequires and Requires
Change-Id: I705d002269d273985584e4d6b009ab3401a0b626
Signed-off-by: Min Kang <min1023.kang@samsung.com>
|
|
removing --relative option in Makefile.am and configure.ac
for coreutils
TIZEN SPECIFIC
Change-Id: If623dd6175507d62f0b34349aacecb8244882e4f
Signed-off-by: Min Kang <min1023.kang@samsung.com>
|
|
On kdbus, we get cgroups-agent messages via the system bus, not the
private systemd socket. Therefore, we must install the match properly or
we will never receive cgroup notifications.
origin: https://github.com/systemd/systemd/commit/f5b51ea7fcb0b6380
Change-Id: Ifde091cdba0aa8dba961b1a1a09d7e30328f5e67
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
Forwarding messages that are not rewinded will drop data. Fix this for
cgroups-agent messages that we might remarshal before forwarding to the
system bus.
origin: https://github.com/systemd/systemd/commit/39881ed299a39ad33
Change-Id: I3611a9390a66e0d23da48df497058ecb82da5d15
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
If we receive an sd_bus_message from the kernel, m->kdbus will contain
additional items that cannot be used when sending a message. Therefore,
always remarshal the message if it is used again.
origin: https://github.com/systemd/systemd/commit/908b8a42e645887f1
Change-Id: I691a71e645e0357cb2c063f5e2011784350fc9a3
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
This assignment is already done in the parent context, no need to do it
again.
origin: https://github.com/systemd/systemd/commit/8b9972db
Change-Id: Iefa9de732aaa46a5d3f1b20555d23698fd74695b
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
change default.target file to graphical.target symbolic link
execpt for ivi
Change-Id: Icba283120b59ffae3804ecbf6417dc34792421a3
Signed-off-by: Min Kang <min1023.kang@samsung.com>
|
|
This commit adds 'smackfsdef=*' to kdbusfs mount options.
In kdbus system security checking is being handled in LSM layer
on per-connection basis.
This change does not affect non-kdbus systems.
Change-Id: I85cd0d1aee3dc06a2b31ba45f6c55e1b6da64ddc
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
|
|
to insufficient permission" into tizen
|
|
In order to resolve the cycle build dependency, this removes unnecessary
BuildRequires in spec file.
Change-Id: I60e5bd573986be3febcf417109f79d13f607a732
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
insufficient permission
This commit provides default value ("/") for root path in case where
/proc/1/cgroup is not readable due to insufficient permission (eg. in
MAC system).
Inability to read root cgroup path leads to failure in determining
instance type being used (system, user), eg.
user@localhost:~$ /usr/lib/systemd/user-generators/systemd-dbus1-generator
[13087.175648] audit: type=1400 audit(946701489.290:1463): lsm=SMACK fn=smack_inode_permission action=denied subject="User" object="System" requested=r pid=14081 comm="systemd-dbus1-g" name="cgroup" dev="proc" ino=11149
Failed to determine whether we are running as user or system instance: Permission denied
strace: open("/proc/1/cgroup", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 EACCES (Permission denied)
Change-Id: I60a17ad05b8b49cd1fb1c8aa3ad8f46d34231df3
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
|
|
If SMACK is enabled, 'smackfsroot=*' option should be specified in
tmp.mount file since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.
origin: https://github.com/systemd/systemd/commit/409c2a13fd65692c6
Change-Id: I11df1ad555f376eaf0588d35e91789c9e2b07f8d
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
--with-smack-run-label' is enabled
systemd-sysusers.service unit creates system users and groups and it
could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow.
Those files should have '_' smack label because of accessibility.
However, if systemd has its own smack label using '--with-smack-run-label'
configuration, systemd-sysusers process spawned by systemd(pid:1) has
its parent smack label and eventually updated files also is set as its
parent smack label as below.
---------------------------------------------------------------
sh-4.3# ls -alZ /etc/passwd
-rw-r--r--. 1 root root System 2768 Dec 31 19:58 /etc/passwd
---------------------------------------------------------------
This patch fixes that bug by labeling updated files as '_' smack label
when --with-smack-run-label' is enabled.
origin: https://github.com/systemd/systemd/commit/c02e7b1ecc7d88f65
Change-Id: I075b743d9364fe2724335a944912ddbc39b9ba83
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
This cleans up exec_child() function by moving mac_smack_apply_pid()
and setup_pam() to the same condition block, since both of them have
the same condition (i.e params->apply_permissions). It improves
readability without changing its operation.
origin: https://github.com/systemd/systemd/commit/b213e1c1
Change-Id: I827f5f339910329e9cb492323002d4b9f0a247c1
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
When 'SmackProcessLabel=' is used in user@.service file, all processes
launched in systemd user session should be labeled as the designated name
of 'SmackProcessLabel' directive. However, if systemd has its own smack
label using '--with-smack-run-label' configuration, '(sd-pam)' is
labeled as the specific name of '--with-smack-run-label'. If
'SmackProcessLabel=' is used in user@.service file without
'--with-smack-run-label' configuration, (sd-pam) is labeled as "_" since
systemd (i.e. pid=1) is labeled as "_".
This is mainly because setup_pam() function is called before applying
smack label to child process. This patch fixes it by calling setup_pam()
after setting the smack label.
orgin: https://github.com/systemd/systemd/commit/6bf6e43e
Change-Id: I71fd8cc87db5c3e59deed8bd305c39cb1fa741a8
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
/etc/mtab should be labeled as "_", even though systemd has its own
smack label using '--with-smack-run-label' configuration. This is mainly
because all processes could read that file and the origin of this file
(i.e. /proc/mounts) is labeled as "_". This labels /etc/mtab as "_" when
'--with-smack-run-label' is enabled.
Origin: https://github.com/systemd/systemd/commit/1fab0cb
Change-Id: I098571444fe32ee67efea51e852610ff240b7a0a
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
When systemd-randomseed is enabled, random seed is generated in post
script. However, the smack functionality of Tizen build system is not
enabled so /var/lib/systemd directory is labeled as "_". Because of this
reason, some daemons or tools such as loginctl which is labeled as
"System" eventually failed to create some files in /var/lib/systemd.
This patch resolves this issue by disabling systemd-randomseed since
this functionality is not necessary for Tizen.
Change-Id: Idd95dc97b84de400fbd7a6890bd6d78f8557c2fc
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
systemd-tmpfiles-setup.service is failed since
/usr/share/factory/etc/nsswitch.conf is not installed. This patch fixes
that bug by adding /usr/share/factory/etc/nsswitch.conf into systemd
package. If /etc/nsswitch.conf already exists,
/usr/share/factory/etc/nsswitch.conf file is not installed in /etc
directory since etc.conf uses 'C' as the type of tmpfiles.d
configuration so this patch does not make any error in network
operation.
Change-Id: I1c4ea8dcdaae002d5cfc3db4be53470c8d2169ca
Signed-off-by: Sangjung Woo <sangjung.woo@samsung.com>
|
|
Mount /dev/shm directory, used by glibc for implementation of POSIX shared
memory segments, will now be mounted with System::Run label, transmutable.
This effectively disables any access control by Smack on POSIX SHMs.
Programs running with the same UID and GIDs, but different Smack labels
(i.e. applications, user services) will be able to spy on each others SHM.
This is a temporary workaround for problems with audio architecture not
compliant with Tizen 3.0 security architecture. Applications using pulse
audio try to exchange SHM segments.
This patch is to be reverted in the near future. It is needed for now to
have a working release.
Change-Id: I82fa7b33ad415a5b57d6e2c3e8c6ea642c659ab7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The gvariant root container contains a 'variant' at the end, which embeds
the whole message body. This variant *must* contain a structure so we are
compatible to dbus1. Otherwise, it could encode at most 1 type, instead
of a full signature.
Our gvariant message parser already parses the variant-content as a
structure, so we're mostly good. However, it does *not* include the
opening and closing parantheses, nor does it parse them.
This patch fixes the decoder to verify a message contains the
parantheses, and also make the encoder add those parantheses into the
marshaled message.
Change-Id: I351f482f7c8fd050cbbbe64dbc9028909172c305
|
