summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Martin Pitt [Sun, 28 Dec 2014 11:49:35 +0000 (12:49 +0100)]
Don't enable audit by default
It causes flooding of dmesg and syslog, suppressing actually important
messages.
Don't enable it for now, until a better solution is found:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html
Bug-Debian: https://bugs.debian.org/773528
Gbp-Pq: Topic debian
Gbp-Pq: Name Don-t-enable-audit-by-default.patch
Martin Pitt [Fri, 28 Nov 2014 13:43:25 +0000 (14:43 +0100)]
Re-enable journal forwarding to syslog
Revert upstream commit
46b131574fdd7d77 for now, until Debian's sysloggers
can/do all read from the journal directly. See
http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html
for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved
to pulling from the journal one by one and disable forwarding again in such a
conf.d snippet.
Gbp-Pq: Topic debian
Gbp-Pq: Name Re-enable-journal-forwarding-to-syslog.patch
Julien Muchembled [Tue, 29 Apr 2014 09:40:50 +0000 (11:40 +0200)]
Add support for TuxOnIce hibernation
systemd does not support non-mainline kernel features so upstream rejected this
patch.
It is however required for systemd integration by tuxonice-userui package.
Forwarded: http://lists.freedesktop.org/archives/systemd-devel/2014-April/018960.html
Gbp-Pq: Topic debian
Gbp-Pq: Name Add-support-for-TuxOnIce-hibernation.patch
Michael Biebl [Thu, 4 Sep 2014 23:15:16 +0000 (01:15 +0200)]
Make /run/lock tmpfs an API fs
The /run/lock directory is world-writable in Debian due to historic
reasons. To avoid user processes filling up /run, we mount a separate
tmpfs for /run/lock. As this directory needs to be available during
early boot, we make it an API fs.
Drop it from tmpfiles.d/legacy.conf to not clobber the permissions.
Closes: #751392
Gbp-Pq: Topic debian
Gbp-Pq: Name Make-run-lock-tmpfs-an-API-fs.patch
Tollef Fog Heen [Tue, 5 Jun 2012 18:59:36 +0000 (20:59 +0200)]
Bring tmpfiles.d/tmp.conf in line with Debian defaults
Closes: #675422
Gbp-Pq: Topic debian
Gbp-Pq: Name Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
Michael Biebl [Thu, 18 Jul 2013 18:11:02 +0000 (20:11 +0200)]
Use Debian specific config files
Use /etc/default/locale instead of /etc/locale.conf for locale settings.
Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for
keyboard configuration.
Read/write /etc/timezone if /etc/localtime does not exist.
Gbp-Pq: Topic debian
Gbp-Pq: Name Use-Debian-specific-config-files.patch
Lennart Poettering [Tue, 7 Apr 2020 09:15:49 +0000 (11:15 +0200)]
catalog: add entry for SD_MESSAGE_UNSAFE_USER_NAME
(cherry picked from commit
ad313ec33bb367624c25c9264994d6e43b8a7e2e)
Gbp-Pq: Name catalog-add-entry-for-SD_MESSAGE_UNSAFE_USER_NAME.patch
Lennart Poettering [Tue, 7 Apr 2020 09:04:59 +0000 (11:04 +0200)]
docs: hook up the new USER_NAMES document everywhere
(Also correct the set of names we accept in User=, which was forgotten
to be updated in
ae480f0b09aec815b64579bb1828ea935d8ee236.
(cherry picked from commit
887a8fa341d9b24a7c9cd3f1fce328f8e43a1b4f)
Gbp-Pq: Name docs-hook-up-the-new-USER_NAMES-document-everywhere.patch
Lennart Poettering [Tue, 7 Apr 2020 08:38:39 +0000 (10:38 +0200)]
docs: add a longer document explaining our rules on user/group names
(cherry picked from commit
cafed7b32cdac13024c4093b7942a49ee8602dcf)
Gbp-Pq: Name docs-add-a-longer-document-explaining-our-rules-on-user-g.patch
Lennart Poettering [Sat, 4 Apr 2020 10:23:02 +0000 (12:23 +0200)]
user-util: rework how we validate user names
This reworks the user validation infrastructure. There are now two
modes. In regular mode we are strict and test against a strict set of
valid chars. And in "relaxed" mode we just filter out some really
obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
"relaxed" is blacklisting what is really not OK.
The idea is that we use strict mode whenever we allocate a new user
(i.e. in sysusers.d or homed), while "relaxed" mode is when we process
users registered elsewhere, (i.e. userdb, logind, …)
The requirements on user name validity vary wildly. SSSD thinks its fine
to embedd "@" for example, while the suggested NAME_REGEX field on
Debian does not even allow uppercase chars…
This effectively liberaralizes a lot what we expect from usernames.
The code that warns about questionnable user names is now optional and
only used at places such as unit file parsing, so that it doesn't show
up on every userdb query, but only when processing configuration files
that know better.
Fixes: #15149 #15090
(cherry picked from commit
7a8867abfab10e5bbca10590ec2aa40c5b27d8fb)
Gbp-Pq: Name user-util-rework-how-we-validate-user-names.patch
Lennart Poettering [Fri, 3 Apr 2020 20:27:09 +0000 (22:27 +0200)]
userdbctl: drop redundant user name validity check
The userdb_by_name() invocation immediately following does the same check
anyway, no need to do this twice.
(Also, make sure we exit the function early on failure)
(cherry picked from commit
2aea5883f1d016ec7304acdb59516c30cae92452)
Gbp-Pq: Name userdbctl-drop-redundant-user-name-validity-check.patch
Franck Bui [Fri, 3 Apr 2020 08:00:25 +0000 (10:00 +0200)]
pid1: by default make user units inherit their umask from the user manager
This patch changes the way user managers set the default umask for the units it
manages.
Indeed one can expect that if user manager's umask is redefined through PAM
(via /etc/login.defs or pam_umask), all its children including the units it
spawns have their umask set to the new value.
Hence make user units inherit their umask value from their parent instead of
the hard coded value 0022 but allow them to override this value via their unit
file.
Note that reexecuting managers with 'systemctl daemon-reexec' after changing
UMask= has no effect. To take effect managers need to be restarted with
'systemct restart' instead. This behavior was already present before this
patch.
Fixes #6077.
(cherry picked from commit
5e37d1930b41b24c077ce37c6db0e36c745106c7)
Gbp-Pq: Name pid1-by-default-make-user-units-inherit-their-umask-from-.patch
Michael Biebl [Fri, 10 Apr 2020 09:55:15 +0000 (10:55 +0100)]
systemd (245.4-3) unstable; urgency=medium
[ Dan Streetman ]
* d/rules: in dh_auto_test, include meson param --print-errorlogs.
Also, don't cat testlog.txt; it's noisy and not very helpful.
Upstream request:
https://github.com/systemd/systemd/pull/14338#issuecomment-
603432989
[ Michael Biebl ]
* pid1: by default make user units inherit their umask from the user manager
(Closes: #945000)
* user-util: rework how we validate user names.
This reworks the user validation infrastructure. There are now two
modes. In regular mode we are strict and test against a strict set of
valid chars. And in "relaxed" mode we just filter out some really
obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
"relaxed" is blacklisting what is really not OK.
The idea is that we use strict mode whenever we allocate a new user,
while "relaxed" mode is used when we process users registered elsewhere.
(Closes: #955541)
[dgit import unpatched systemd 245.4-3]
Michael Biebl [Fri, 10 Apr 2020 09:55:15 +0000 (10:55 +0100)]
Import systemd_245.4-3.debian.tar.xz
[dgit import tarball systemd 245.4-3 systemd_245.4-3.debian.tar.xz]
Michael Biebl [Thu, 2 Apr 2020 09:58:18 +0000 (10:58 +0100)]
Import systemd_245.4.orig.tar.gz
[dgit import orig systemd_245.4.orig.tar.gz]
projects / systemd.git / log