[systemd-devel] [PATCH] Move apparmor code before the namespace setup
From: Michael Scherer m...@zarb.org
Since apparmor need to access /proc to communicate with the kernel,
any unit setting / as readonly will be unable to also use the
AppArmorProfile setting, as found on debian bug 760526.
---
src/core/execute.c | 19 ++-
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index b165b33..1f2da74 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1501,6 +1501,16 @@ static int exec_child(ExecCommand *command,
}
#endif
+#ifdef HAVE_APPARMOR
+if (params-apply_permissions context-apparmor_profile
use_apparmor()) {
+err = aa_change_onexec(context-apparmor_profile);
+if (err 0 !context-apparmor_profile_ignore) {
+*error = EXIT_APPARMOR_PROFILE;
+return -errno;
+}
+}
+#endif
+
if (context-private_network runtime
runtime-netns_storage_socket[0] = 0) {
err = setup_netns(runtime-netns_storage_socket);
if (err 0) {
@@ -1693,15 +1703,6 @@ static int exec_child(ExecCommand *command,
}
#endif
-#ifdef HAVE_APPARMOR
-if (context-apparmor_profile use_apparmor()) {
-err = aa_change_onexec(context-apparmor_profile);
-if (err 0 !context-apparmor_profile_ignore) {
-*error = EXIT_APPARMOR_PROFILE;
-return -errno;
-}
-}
-#endif
}
err = build_environment(context, n_fds, params-watchdog_usec, home,
username, shell, our_env);
--
1.8.3.1
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Report aa_change_onexec error code
From: Michael Scherer m...@zarb.org
Since aa_change_onexec return the error code in errno, and return
-1, the current code do not give any useful information when
something fail. This make apparmor easier to debug, as seen on
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760526
---
src/core/execute.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index 8b9bb27..b165b33 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1698,7 +1698,7 @@ static int exec_child(ExecCommand *command,
err = aa_change_onexec(context-apparmor_profile);
if (err 0 !context-apparmor_profile_ignore) {
*error = EXIT_APPARMOR_PROFILE;
-return err;
+return -errno;
}
}
#endif
--
1.8.3.1
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Add AppArmor profile switching, v3
3rd version of the patch, taking in account the feedback from Lennart. See http://lists.freedesktop.org/archives/systemd-devel/2014-January/015975.html and http://lists.freedesktop.org/archives/systemd-devel/2014-February/016916.html for details ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] FIx compilation of nspawn when seccomp is not enabled
From: Michael Scherer m...@zarb.org --- Makefile.am | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 08b94d7..e4ff7de 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1868,9 +1868,13 @@ systemd_nspawn_LDADD = \ libsystemd-capability.la \ libsystemd-internal.la \ libudev-internal.la \ - libsystemd-shared.la \ + libsystemd-shared.la + +if HAVE_SECCOMP +systemd_nspawn_LDADD += \ libsystemd-seccomp.la \ $(SECCOMP_LIBS) +endif # -- systemd_run_SOURCES = \ -- 1.8.5.3 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Add AppArmor profile switching
From: Michael Scherer m...@zarb.org
This permit to switch to a specific apparmor profile when starting a daemon.
This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
---
Makefile.am | 2 ++
configure.ac | 13 ++
man/systemd.exec.xml | 13 ++
src/core/build.h | 8 +-
src/core/dbus-execute.c | 19 ++
src/core/execute.c| 23
src/core/execute.h| 3 +++
src/core/load-fragment-gperf.gperf.m4 | 3 +++
src/core/load-fragment.c | 49 +++
src/core/load-fragment.h | 1 +
src/shared/exit-status.c | 3 +++
src/shared/exit-status.h | 3 ++-
12 files changed, 138 insertions(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index c71367d..4ac2122 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1016,6 +1016,7 @@ libsystemd_core_la_CFLAGS = \
$(AUDIT_CFLAGS) \
$(CAP_CFLAGS) \
$(KMOD_CFLAGS) \
+ $(APPARMOR_CFLAGS) \
$(SECCOMP_CFLAGS) \
-pthread
@@ -1031,6 +1032,7 @@ libsystemd_core_la_LIBADD = \
$(AUDIT_LIBS) \
$(CAP_LIBS) \
$(KMOD_LIBS) \
+ $(APPARMOR_CFLAGS) \
$(SECCOMP_LIBS)
if HAVE_SECCOMP
diff --git a/configure.ac b/configure.ac
index 05ee098..2521741 100644
--- a/configure.ac
+++ b/configure.ac
@@ -385,6 +385,18 @@ if test x$enable_selinux != xno; then
fi
AM_CONDITIONAL(HAVE_SELINUX, [test $have_selinux = yes])
+have_apparmor=no
+AC_ARG_ENABLE(apparmor, AS_HELP_STRING([--disable-apparmor], [Disable optional
AppArmor support]))
+if test x$enable_apparmor != xno; then
+PKG_CHECK_MODULES([APPARMOR], [libapparmor],
+[AC_DEFINE(HAVE_APPARMOR, 1, [Define if AppArmor is
available]) have_apparmor=yes], have_apparmor=no)
+if test x$have_apparmor = xno -a x$enable_apparmor = xyes; then
+AC_MSG_ERROR([*** AppArmor support requested but libraries not
found])
+fi
+fi
+AM_CONDITIONAL(HAVE_APPARMOR, [test $have_apparmor = yes])
+
+
AC_ARG_WITH(debug-shell,
AS_HELP_STRING([--with-debug-shell=PATH],
[Path to debug shell binary]),
@@ -1110,6 +1122,7 @@ AC_MSG_RESULT([
PAM: ${have_pam}
AUDIT: ${have_audit}
IMA: ${have_ima}
+AppArmor:${have_apparmor}
SELinux: ${have_selinux}
SECCOMP: ${have_seccomp}
SMACK: ${have_smack}
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 7dbe05d..1983993 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -968,6 +968,19 @@
/varlistentry
varlistentry
+
termvarnameAppArmorProfile=/varname/term
+
+listitemparaTake a profile name as
argument.
+The process executed by the unit will switch to
+this profile when started. Profiles must
already
+be loaded in the kernel, or the unit will fail.
+This result in a non operation if AppArmor is
not
+enabled. If prefixed by literal-/literal,
all errors
+will be ignored.
+/para/listitem
+/varlistentry
+
+varlistentry
termvarnameIgnoreSIGPIPE=/varname/term
listitemparaTakes a boolean
diff --git a/src/core/build.h b/src/core/build.h
index c8117ed..3d7cd3e 100644
--- a/src/core/build.h
+++ b/src/core/build.h
@@ -45,6 +45,12 @@
#define _SELINUX_FEATURE_ -SELINUX
#endif
+#ifdef HAVE_APPARMOR
+#define _APPARMOR_FEATURE_ +APPARMOR
+#else
+#define _APPARMOR_FEATURE_ -APPARMOR
+#endif
+
#ifdef HAVE_IMA
#define _IMA_FEATURE_ +IMA
#else
@@ -87,4 +93,4 @@
#define _SECCOMP_FEATURE_ -SECCOMP
#endif
-#define SYSTEMD_FEATURES _PAM_FEATURE_ _LIBWRAP_FEATURE_
_AUDIT_FEATURE_ _SELINUX_FEATURE_ _IMA_FEATURE_ _SYSVINIT_FEATURE_
_LIBCRYPTSETUP_FEATURE_ _GCRYPT_FEATURE_ _ACL_FEATURE_
_XZ_FEATURE_ _SECCOMP_FEATURE_
+#define SYSTEMD_FEATURES _PAM_FEATURE_ _LIBWRAP_FEATURE_
_AUDIT_FEATURE_ _SELINUX_FEATURE_ _IMA_FEATURE_ _SYSVINIT_FEATURE_
_LIBCRYPTSETUP_FEATURE_ _GCRYPT_FEATURE_ _ACL_FEATURE_
_XZ_FEATURE_ _SECCOMP_FEATURE_ _APPARMOR_FEATURE_
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 41dbbab..935c62b 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -482,6 +482,24 @@ static int
[systemd-devel] [PATCH] Do not warn on declaration-after-statement
From: Michael Scherer m...@zarb.org There is currently around 20 instances of the warning shown when compiling systemd on Fedora 20, and no one seems to correct them. As this is a valid C code for C99 and gcc support C99 since 3.0 ( ie more than 10 years ), it may not be worth showing this warning. --- configure.ac | 1 - 1 file changed, 1 deletion(-) diff --git a/configure.ac b/configure.ac index 939ba6d..3a21a77 100644 --- a/configure.ac +++ b/configure.ac @@ -127,7 +127,6 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\ -Wold-style-definition \ -Wpointer-arith \ -Winit-self \ --Wdeclaration-after-statement \ -Wfloat-equal \ -Wsuggest-attribute=noreturn \ -Wmissing-prototypes \ -- 1.8.4.2 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] make socket_instantiate_service use cleanup gcc attribute
From: Michael Scherer m...@zarb.org
---
src/core/socket.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/core/socket.c b/src/core/socket.c
index 88599ca..1f2a2c0 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -179,7 +179,8 @@ static int socket_arm_timer(Socket *s) {
}
static int socket_instantiate_service(Socket *s) {
-char *prefix, *name;
+_cleanup_free_ char *prefix = NULL;
+_cleanup_free_ char *name = NULL;
int r;
Unit *u;
@@ -199,13 +200,11 @@ static int socket_instantiate_service(Socket *s) {
return -ENOMEM;
r = asprintf(name, %s@%u.service, prefix, s-n_accepted);
-free(prefix);
if (r 0)
return -ENOMEM;
r = manager_load_unit(UNIT(s)-manager, name, NULL, NULL, u);
-free(name);
if (r 0)
return r;
--
1.8.4.2
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 2/2] Add AppArmor profile switching
From: Michael Scherer m...@zarb.org
This permit to switch to a specific apparmor profile when starting a daemon.
This
will result in a non operation if apparmor is disabled.
---
man/systemd.exec.xml | 12
src/core/dbus-execute.c | 1 +
src/core/execute.c| 19 +++
src/core/execute.h| 2 ++
src/core/load-fragment-gperf.gperf.m4 | 3 ++-
src/shared/exit-status.c | 3 +++
src/shared/exit-status.h | 3 ++-
7 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 17748d4..250de13 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -931,6 +931,18 @@
/varlistentry
varlistentry
+
termvarnameAppArmorProfile=/varname/term
+
+listitemparaTake a profile name as
argument.
+The process executed by the unit will switch to
+this profile when started. Profiles must
already
+be loaded in the kernel, or the unit will fail.
+This result in a non operation if AppArmor is
not
+enabled.
+/para/listitem
+/varlistentry
+
+varlistentry
termvarnameIgnoreSIGPIPE=/varname/term
listitemparaTakes a boolean
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index b79a456..df55fd0 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -422,6 +422,7 @@ const sd_bus_vtable bus_exec_vtable[] = {
SD_BUS_PROPERTY(PrivateNetwork, b, bus_property_get_bool,
offsetof(ExecContext, private_network), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY(SameProcessGroup, b, bus_property_get_bool,
offsetof(ExecContext, same_pgrp), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY(UtmpIdentifier, s, NULL, offsetof(ExecContext,
utmp_id), SD_BUS_VTABLE_PROPERTY_CONST),
+SD_BUS_PROPERTY(AppArmorProfile, s, NULL, offsetof(ExecContext,
apparmor_profile), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY(IgnoreSIGPIPE, b, bus_property_get_bool,
offsetof(ExecContext, ignore_sigpipe), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY(NoNewPrivileges, b, bus_property_get_bool,
offsetof(ExecContext, no_new_privileges), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY(SystemCallFilter, au, property_get_syscall_filter,
0, SD_BUS_VTABLE_PROPERTY_CONST),
diff --git a/src/core/execute.c b/src/core/execute.c
index 6ae9a5e..b0f4cd7 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -68,6 +68,7 @@
#include fileio.h
#include unit.h
#include async.h
+#include apparmor-util.h
#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
@@ -1570,6 +1571,16 @@ int exec_spawn(ExecCommand *command,
goto fail_child;
}
}
+
+if (context-apparmor_profile) {
+if (use_apparmor()) {
+err =
switch_apparmor_profile(context-apparmor_profile);
+if (err 0) {
+r = EXIT_APPARMOR;
+goto fail_child;
+}
+}
+}
}
err = build_environment(context, n_fds, watchdog_usec, home,
username, shell, our_env);
@@ -1728,6 +1739,9 @@ void exec_context_done(ExecContext *c) {
free(c-utmp_id);
c-utmp_id = NULL;
+free(c-apparmor_profile);
+c-apparmor_profile = NULL;
+
free(c-syscall_filter);
c-syscall_filter = NULL;
}
@@ -2096,6 +2110,11 @@ void exec_context_dump(ExecContext *c, FILE* f, const
char *prefix) {
fprintf(f,
%sUtmpIdentifier: %s\n,
prefix, c-utmp_id);
+
+if (c-apparmor_profile)
+fprintf(f,
+%sAppArmorProfile: %s\n,
+prefix, c-apparmor_profile);
}
void exec_status_start(ExecStatus *s, pid_t pid) {
diff --git a/src/core/execute.h b/src/core/execute.h
index 989373f..754f163 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -133,6 +133,8 @@ struct ExecContext {
char *utmp_id;
+char *apparmor_profile;
+
char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
unsigned long mount_flags;
diff --git a/src/core/load-fragment-gperf.gperf.m4
[systemd-devel] [PATCH 1/2] Add switch_apparmor_profile helper, to switch the profile of the next command to run. This can be used to load a custom apparmor profile for a unit.
From: Michael Scherer m...@zarb.org
---
src/shared/apparmor-util.c | 15 +++
src/shared/apparmor-util.h | 1 +
2 files changed, 16 insertions(+)
diff --git a/src/shared/apparmor-util.c b/src/shared/apparmor-util.c
index 2b85da1..a75bec4 100644
--- a/src/shared/apparmor-util.c
+++ b/src/shared/apparmor-util.c
@@ -39,3 +39,18 @@ bool use_apparmor(void) {
return use_apparmor_cached;
}
+
+int switch_apparmor_profile(const char * profile) {
+_cleanup_free_ char *filename = NULL;
+_cleanup_fclose_ FILE *proc = NULL;
+
+if (asprintf (filename, /proc/%d/attr/exec, getpid()) 0)
+return -ENOMEM;
+
+proc = fopen (filename, w);
+if (! proc)
+return -errno;
+
+fprintf (proc, exec %s\n, profile);
+return 0;
+}
diff --git a/src/shared/apparmor-util.h b/src/shared/apparmor-util.h
index 4b056a1..f27608d 100644
--- a/src/shared/apparmor-util.h
+++ b/src/shared/apparmor-util.h
@@ -24,3 +24,4 @@
#include stdbool.h
bool use_apparmor(void);
+int switch_apparmor_profile(const char * profile);
--
1.8.4.2
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Apparmor profile switching support
As discussed on the SELinux thread, this patch attempt to offer the same level of configuration for Apparmor distributions by permitting to the sysadmin to set the profile used by a unit. I didn't tested it but would like to get early feedback on it from openSUSE and Ubuntu users, as they are the 2 main set of users of AppArmor. Main inspiration come from the upstart support, on https://code.launchpad.net/~mdeslaur/upstart/apparmor-support However, we are currently lacking the capacity of using directly a on disk profile, and I am not sure on the best way to support that. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] Add SELinuxContext configuration item
From: Michael Scherer m...@zarb.org
This permit to let system administrators decide of the domain of a service.
This can be used with templated units to have each service in a différent
domain ( for example, a per customer database, using MLS or anything ),
or can be used to force a non selinux enabled system (jvm, erlang, etc)
to start in a different domain for each service.
---
man/systemd.exec.xml | 11 +++
src/core/dbus-execute.c | 1 +
src/core/execute.c| 27 +++
src/core/execute.h| 2 ++
src/core/load-fragment-gperf.gperf.m4 | 3 ++-
src/shared/exit-status.c | 3 +++
src/shared/exit-status.h | 3 ++-
7 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 17748d4..d93de4c 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -931,6 +931,17 @@
/varlistentry
varlistentry
+termvarnameSELinuxContext=/varname/term
+
+listitemparaSet the SELinux context of the
+executed process. If set, this will override
the
+automated domain transition. However, the
policy
+still need to autorize the transition. See
+
citerefentryrefentrytitlesetexeccon/refentrytitlemanvolnum3/manvolnum/citerefentry
+for details./para/listitem
+/varlistentry
+
+varlistentry
termvarnameIgnoreSIGPIPE=/varname/term
listitemparaTakes a boolean
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index b79a456..d1b7c58 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -422,6 +422,7 @@ const sd_bus_vtable bus_exec_vtable[] = {
SD_BUS_PROPERTY(PrivateNetwork, b, bus_property_get_bool,
offsetof(ExecContext, private_network), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY(SameProcessGroup, b, bus_property_get_bool,
offsetof(ExecContext, same_pgrp), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY(UtmpIdentifier, s, NULL, offsetof(ExecContext,
utmp_id), SD_BUS_VTABLE_PROPERTY_CONST),
+SD_BUS_PROPERTY(SELinuxContext, s, NULL, offsetof(ExecContext,
selinux_context), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY(IgnoreSIGPIPE, b, bus_property_get_bool,
offsetof(ExecContext, ignore_sigpipe), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY(NoNewPrivileges, b, bus_property_get_bool,
offsetof(ExecContext, no_new_privileges), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY(SystemCallFilter, au, property_get_syscall_filter,
0, SD_BUS_VTABLE_PROPERTY_CONST),
diff --git a/src/core/execute.c b/src/core/execute.c
index 6ae9a5e..2a6ceb4 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -47,6 +47,10 @@
#include security/pam_appl.h
#endif
+#ifdef HAVE_SELINUX
+#include selinux/selinux.h
+#endif
+
#include execute.h
#include strv.h
#include macro.h
@@ -1570,6 +1574,20 @@ int exec_spawn(ExecCommand *command,
goto fail_child;
}
}
+#ifdef HAVE_SELINUX
+if (context-selinux_context) {
+err =
security_check_context(context-selinux_context);
+if (err 0) {
+r = EXIT_SELINUX_CONTEXT;
+goto fail_child;
+}
+err = setexeccon(context-selinux_context);
+if (err 0) {
+r = EXIT_SELINUX_CONTEXT;
+goto fail_child;
+}
+}
+#endif
}
err = build_environment(context, n_fds, watchdog_usec, home,
username, shell, our_env);
@@ -1728,6 +1746,9 @@ void exec_context_done(ExecContext *c) {
free(c-utmp_id);
c-utmp_id = NULL;
+free(c-selinux_context);
+c-selinux_context = NULL;
+
free(c-syscall_filter);
c-syscall_filter = NULL;
}
@@ -2096,6 +2117,12 @@ void exec_context_dump(ExecContext *c, FILE* f, const
char *prefix) {
fprintf(f,
%sUtmpIdentifier: %s\n,
prefix, c-utmp_id);
+
+if (c-selinux_context)
+fprintf(f,
+%sSELinuxContext: %s\n,
+prefix, c-selinux_context);
+
}
void exec_status_start(ExecStatus *s, pid_t pid) {
diff --git a/src/core/execute.h b/src/core/execute.h
[systemd-devel] [PATCH] Add a bit more explicit message, to help confused users
From: Michael Scherer m...@zarb.org Seeing http://www.happyassassin.net/2013/09/27/further-sysadmin-adventures-wheres-my-freeipa-badge/ it seems that the default message is a bit confusing for people who never encountered it before, so adding a link to the manpage could help them. --- tmpfiles.d/systemd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf index c397c71..b630440 100644 --- a/tmpfiles.d/systemd.conf +++ b/tmpfiles.d/systemd.conf @@ -22,7 +22,7 @@ d /run/systemd/users 0755 root root - d /run/systemd/machines 0755 root root - d /run/systemd/shutdown 0755 root root - -F /run/nologin 0644 - - - System is booting up. +F /run/nologin 0644 - - - System is booting up. See pam_nologin(8) m /var/log/journal 2755 root systemd-journal - - m /var/log/journal/%m 2755 root systemd-journal - - -- 1.8.3.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH] fix typo in documentation of systemd-machined
From: Michael Scherer m...@zarb.org --- man/systemd-machined.service.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd-machined.service.xml b/man/systemd-machined.service.xml index abe221a..352b4a0 100644 --- a/man/systemd-machined.service.xml +++ b/man/systemd-machined.service.xml @@ -45,7 +45,7 @@ refnamediv refnamesystemd-machined.service/refname refnamesystemd-machined/refname -refpurposeVirtual machine and container registartion manager/refpurpose +refpurposeVirtual machine and container registration manager/refpurpose /refnamediv refsynopsisdiv -- 1.8.3.1 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
