We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
This extends the shutdownd interface to expose schedule shutdown
information in /run/systemd/shutdown/schedule.
This also cleans up the shutdownd protocol and documents it in a header
file sd-shutdown.h.
This is supposed to be used by client code that wants to control and
monitor scheduled shutdown.
This separates user/group NSS lookups from host/network NSS lookups.
By default order all network mounts after host/network NSS lookups now,
and logind execution after user/group NSS lookups.
This adds minimal hardware watchdog support to PID 1. The idea is that
PID 1 supervises and watchdogs system services, while the hardware
watchdog is used to supervise PID 1.
This adds two hardware watchdog configuration options, for the runtime
watchdog and for a shutdown watchdog. The former is active during normal
operation, the latter only at reboots to ensure that if a clean reboot
times out we reboot nonetheless.
If the runtime watchdog is enabled PID 1 will automatically wake up at
half the configured interval and write to the watchdog daemon.
By default we enable the shutdown watchdog, but leave the runtime
watchdog disabled in order not to break independent hardware watchdog
daemons people might be using.
This is only the most basic hookup. If necessary we can later on hook
up the watchdog ping more closely with services deemed crucial.
Especially in the case of --enable-split-usr, several units will point
to the wrong location for systemctl. Use @SYSTEMCTL@ which will always
contain the proper path.
This logic can be turned off by defining SD_JOURNAL_SUPPRESS_LOCATION
before including sd-journal.h.
This also saves/restores errno in all logging functions, in order to be
useful as logging calls without side-effects.
This also adds a couple of __unlikely__ around the early checks in the
logging calls, in order to minimize the runtime impact.
The default setups should be a stateless as possible. /tmp as tmpfs is
the intended default for general purpose systems.
Small temporary files should not be stored on disk; lager files, or
files which should potentially survive a reboot, belong into /var/tmp.
Also catch up with some good old UNIX history.
More details are here:
https://fedoraproject.org/wiki/Features/tmp-on-tmpfs
Since a number of distribitions don't need this compat glue anymore drop
it from systemd upstream. Distributions which still haven't converted
to /run can steal these unit files from the git history if they need to.
udisks2 doesn't use /media anymore, instead mounts removable media in a
user-private directory beneath /run. /media is hence mostly obsolete and
hence it makes little sense to continue to mount a tmpfs to it.
Distributions should consider dropping the mount point entirely since
nothing uses it anymore.
Let's make things a bit easier to type, drop the systemd- prefix for
journalctl and loginctl, but provide the old names for compat.
All systemd binaries are hence now prefixed with "systemd-" with the
exception of the three primary user interface binaries:
systemctl
loginctl
journalctl
For those three we do provide systemd-xyz names as well, via symlinks:
systemd-systemctl → systemctl
systemd-loginctl → loginctl
systemd-journalctl → journalctl
We do this only for the *primary* user tools, in order to avoid
unnecessary namespace problems. That means tools like systemd-notify
stay the way they are.
This is an S/MIME signed message
The new function ima_setup() loads an IMA custom policy from a file in the
default location '/etc/ima/ima-policy', if present, and writes it to the
path 'ima/policy' in the security filesystem. This function is executed
at early stage in order to avoid that some file operations are not measured
by IMA and it is placed after the initialization of SELinux because IMA
needs the latter (or other security modules) to understand LSM-specific
rules. This feature is enabled by default and can be disabled by providing
the option '--disable-ima' to the configure script.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
This is an S/MIME signed message
The mount of the securityfs filesystem is now performed in the main systemd
executable as it is used by IMA to provide the interface for loading custom
policies. The unit file 'units/sys-kernel-security.mount' has been removed
because it is not longer necessary.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Lennart Poettering