diff options
author | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-09-14 18:33:57 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2016-09-14 18:33:57 -0400 |
commit | 3c72c8d3ee67388336aca58c5afa3fb93a9c24c0 (patch) | |
tree | d072df7fee0f5906fad88c08398b2fe887cbc064 /src/grp-machine/grp-import | |
parent | e51613a3291342c6006edda8783755fb8994fd75 (diff) | |
parent | 6ba6ca19507add38549e07058c57489a8cd98cd1 (diff) |
Merge branch 'notsystemd/postmove' into notsystemd/master
# Conflicts:
# src/grp-journal/systemd-journald/Makefile
# src/grp-login/systemd-logind/Makefile
# src/grp-machine/grp-import/systemd-export/Makefile
# src/grp-machine/grp-import/systemd-import/Makefile
# src/grp-machine/grp-import/systemd-pull/Makefile
# src/grp-machine/systemd-machined/Makefile
# src/grp-network/libnetworkd-core/Makefile
# src/grp-resolve/libbasic-dns/Makefile
# src/grp-resolve/systemd-resolved/Makefile
# src/grp-utils/systemd-path/Makefile
# src/libshared/src/Makefile
# src/libsystemd-network/include/systemd-network/sd-ndisc.h
# src/libsystemd/Makefile
# src/libsystemd/src/test.mk
# src/libudev/Makefile
# src/systemd-dbus1-generator/Makefile
# src/systemd-nspawn/nspawn.c
Signed-off-by: Luke Shumaker <lukeshu@sbcglobal.net>
Diffstat (limited to 'src/grp-machine/grp-import')
11 files changed, 16 insertions, 23 deletions
diff --git a/src/grp-machine/grp-import/libimport/Makefile b/src/grp-machine/grp-import/libimport/Makefile index 5691d0bba1..ee10c0f6df 100644 --- a/src/grp-machine/grp-import/libimport/Makefile +++ b/src/grp-machine/grp-import/libimport/Makefile @@ -45,7 +45,7 @@ test_qcow2_CFLAGS = \ $(ZLIB_CFLAGS) test_qcow2_LDADD = \ - libshared.la \ + libsystemd-shared.la \ $(ZLIB_LIBS) include $(topsrcdir)/build-aux/Makefile.tail.mk diff --git a/src/grp-machine/grp-import/libimport/import-common.c b/src/grp-machine/grp-import/libimport/import-common.c index cd69e900ec..9061cd4da1 100644 --- a/src/grp-machine/grp-import/libimport/import-common.c +++ b/src/grp-machine/grp-import/libimport/import-common.c @@ -126,9 +126,7 @@ int import_fork_tar_x(const char *path, pid_t *ret) { if (null_fd != STDOUT_FILENO) null_fd = safe_close(null_fd); - fd_cloexec(STDIN_FILENO, false); - fd_cloexec(STDOUT_FILENO, false); - fd_cloexec(STDERR_FILENO, false); + stdio_unset_cloexec(); if (unshare(CLONE_NEWNET) < 0) log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m"); @@ -200,9 +198,7 @@ int import_fork_tar_c(const char *path, pid_t *ret) { if (null_fd != STDIN_FILENO) null_fd = safe_close(null_fd); - fd_cloexec(STDIN_FILENO, false); - fd_cloexec(STDOUT_FILENO, false); - fd_cloexec(STDERR_FILENO, false); + stdio_unset_cloexec(); if (unshare(CLONE_NEWNET) < 0) log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m"); diff --git a/src/grp-machine/grp-import/systemd-export/Makefile b/src/grp-machine/grp-import/systemd-export/Makefile index f8fcbc3cca..aa8792565a 100644 --- a/src/grp-machine/grp-import/systemd-export/Makefile +++ b/src/grp-machine/grp-import/systemd-export/Makefile @@ -39,7 +39,7 @@ systemd_export_CFLAGS = \ $(BZIP2_CFLAGS) systemd_export_LDADD = \ - libshared.la \ + libsystemd-shared.la \ libimport.la \ $(XZ_LIBS) \ $(ZLIB_LIBS) \ diff --git a/src/grp-machine/grp-import/systemd-import/Makefile b/src/grp-machine/grp-import/systemd-import/Makefile index 06fd01fcd7..221659c346 100644 --- a/src/grp-machine/grp-import/systemd-import/Makefile +++ b/src/grp-machine/grp-import/systemd-import/Makefile @@ -38,8 +38,7 @@ systemd_import_CFLAGS = \ $(BZIP2_CFLAGS) systemd_import_LDADD = \ - libshared.la \ - libimport.la \ + libsystemd-shared.la \ $(XZ_LIBS) \ $(ZLIB_LIBS) \ $(BZIP2_LIBS) diff --git a/src/grp-machine/grp-import/systemd-import/import.c b/src/grp-machine/grp-import/systemd-import/import.c index 6744006312..38fe7f8110 100644 --- a/src/grp-machine/grp-import/systemd-import/import.c +++ b/src/grp-machine/grp-import/systemd-import/import.c @@ -91,7 +91,7 @@ static int import_tar(int argc, char *argv[], void *userdata) { if (r < 0) return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local); else if (r > 0) { - log_error_errno(EEXIST, "Image '%s' already exists.", local); + log_error("Image '%s' already exists.", local); return -EEXIST; } } @@ -186,7 +186,7 @@ static int import_raw(int argc, char *argv[], void *userdata) { if (r < 0) return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local); else if (r > 0) { - log_error_errno(EEXIST, "Image '%s' already exists.", local); + log_error("Image '%s' already exists.", local); return -EEXIST; } } diff --git a/src/grp-machine/grp-import/systemd-importd/Makefile b/src/grp-machine/grp-import/systemd-importd/Makefile index 1f5bae1267..e00f531a0d 100644 --- a/src/grp-machine/grp-import/systemd-importd/Makefile +++ b/src/grp-machine/grp-import/systemd-importd/Makefile @@ -34,9 +34,9 @@ systemd_importd_CFLAGS = \ -D SYSTEMD_EXPORT_PATH=\"$(rootlibexecdir)/systemd-export\" systemd_importd_LDADD = \ - libshared.la + libsystemd-shared.la -dist_rootlibexec_DATA = \ +dist_rootlibexec_DATA += \ src/import/import-pubring.gpg nodist_systemunit_DATA += \ diff --git a/src/grp-machine/grp-import/systemd-importd/importd.c b/src/grp-machine/grp-import/systemd-importd/importd.c index e790c0c475..f032f06fcf 100644 --- a/src/grp-machine/grp-import/systemd-importd/importd.c +++ b/src/grp-machine/grp-import/systemd-importd/importd.c @@ -448,9 +448,7 @@ static int transfer_start(Transfer *t) { safe_close(null_fd); } - fd_cloexec(STDIN_FILENO, false); - fd_cloexec(STDOUT_FILENO, false); - fd_cloexec(STDERR_FILENO, false); + stdio_unset_cloexec(); setenv("SYSTEMD_LOG_TARGET", "console-prefixed", 1); setenv("NOTIFY_SOCKET", "/run/systemd/import/notify", 1); diff --git a/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in b/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in index b74ad72cdc..0f5489e7e3 100644 --- a/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in +++ b/src/grp-machine/grp-import/systemd-importd/systemd-importd.service.in @@ -17,3 +17,5 @@ CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_ NoNewPrivileges=yes WatchdogSec=3min KillMode=mixed +MemoryDenyWriteExecute=yes +SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io diff --git a/src/grp-machine/grp-import/systemd-pull/Makefile b/src/grp-machine/grp-import/systemd-pull/Makefile index 1ee9fa25de..780a5a4610 100644 --- a/src/grp-machine/grp-import/systemd-pull/Makefile +++ b/src/grp-machine/grp-import/systemd-pull/Makefile @@ -48,8 +48,8 @@ systemd_pull_CFLAGS = \ -D USER_KEYRING_PATH=\"$(pkgsysconfdir)/import-pubring.gpg\" systemd_pull_LDADD = \ + libsystemd-shared.la \ libimport.la \ - libshared.la \ $(LIBCURL_LIBS) \ $(XZ_LIBS) \ $(ZLIB_LIBS) \ diff --git a/src/grp-machine/grp-import/systemd-pull/pull-common.c b/src/grp-machine/grp-import/systemd-pull/pull-common.c index f5815c216d..bd1623e003 100644 --- a/src/grp-machine/grp-import/systemd-pull/pull-common.c +++ b/src/grp-machine/grp-import/systemd-pull/pull-common.c @@ -507,9 +507,7 @@ int pull_verify(PullJob *main_job, cmd[k++] = "-"; cmd[k++] = NULL; - fd_cloexec(STDIN_FILENO, false); - fd_cloexec(STDOUT_FILENO, false); - fd_cloexec(STDERR_FILENO, false); + stdio_unset_cloexec(); execvp("gpg2", (char * const *) cmd); execvp("gpg", (char * const *) cmd); diff --git a/src/grp-machine/grp-import/systemd-pull/pull.c b/src/grp-machine/grp-import/systemd-pull/pull.c index 166f91d6e1..4153c938d8 100644 --- a/src/grp-machine/grp-import/systemd-pull/pull.c +++ b/src/grp-machine/grp-import/systemd-pull/pull.c @@ -98,7 +98,7 @@ static int pull_tar(int argc, char *argv[], void *userdata) { if (r < 0) return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local); else if (r > 0) { - log_error_errno(EEXIST, "Image '%s' already exists.", local); + log_error("Image '%s' already exists.", local); return -EEXIST; } } @@ -184,7 +184,7 @@ static int pull_raw(int argc, char *argv[], void *userdata) { if (r < 0) return log_error_errno(r, "Failed to check whether image '%s' exists: %m", local); else if (r > 0) { - log_error_errno(EEXIST, "Image '%s' already exists.", local); + log_error("Image '%s' already exists.", local); return -EEXIST; } } |