diff options
| author | Lennart Poettering <lennart@poettering.net> | 2011-10-12 04:29:11 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2011-10-12 04:29:11 +0200 |
| commit | 689b9a22f7fa89686b2b5240b7ee9f449dea5630 (patch) | |
| tree | 47d44e0bdb73c40808a5150e081a286df38a055e /src | |
| parent | cec736d21ff86c4ac81b4d306ddba2120333818c (diff) | |
| parent | 64685e0cea62b4937f0804e47ce2cb7929f58223 (diff) | |
Merge branch 'master' into journal
Diffstat (limited to 'src')
| -rw-r--r-- | src/condition.c | 36 | ||||
| -rw-r--r-- | src/condition.h | 1 | ||||
| -rw-r--r-- | src/execute.c | 7 | ||||
| -rwxr-xr-x | src/generate-kbd-model-map | 42 | ||||
| -rw-r--r-- | src/hostname-setup.c | 4 | ||||
| -rw-r--r-- | src/load-fragment-gperf.gperf.m4 | 1 | ||||
| -rw-r--r-- | src/localed.c | 8 | ||||
| -rw-r--r-- | src/logind-dbus.c | 7 | ||||
| -rw-r--r-- | src/mount.c | 6 | ||||
| -rw-r--r-- | src/nspawn.c | 8 | ||||
| -rw-r--r-- | src/pager.c | 2 | ||||
| -rw-r--r-- | src/readahead-common.h | 2 | ||||
| -rw-r--r-- | src/sd-login.h | 4 | ||||
| -rw-r--r-- | src/service.c | 1 | ||||
| -rw-r--r-- | src/special.h | 2 | ||||
| -rw-r--r-- | src/timedated.c | 20 | ||||
| -rw-r--r-- | src/tmpfiles.c | 1 | ||||
| -rw-r--r-- | src/util.c | 41 | ||||
| -rw-r--r-- | src/util.h | 2 |
19 files changed, 138 insertions, 57 deletions
diff --git a/src/condition.c b/src/condition.c index e978656772..f18c45421a 100644 --- a/src/condition.c +++ b/src/condition.c @@ -23,6 +23,7 @@ #include <errno.h> #include <string.h> #include <unistd.h> +#include <sys/capability.h> #ifdef HAVE_SELINUX #include <selinux/selinux.h> @@ -148,7 +149,7 @@ static bool test_virtualization(const char *parameter) { return true; /* Finally compare id */ - return streq(parameter, id); + return v > 0 && streq(parameter, id); } static bool test_security(const char *parameter) { @@ -159,6 +160,36 @@ static bool test_security(const char *parameter) { return false; } +static bool test_capability(const char *parameter) { + cap_value_t value; + FILE *f; + char line[LINE_MAX]; + unsigned long long capabilities = (unsigned long long) -1; + + /* If it's an invalid capability, we don't have it */ + + if (cap_from_name(parameter, &value) < 0) + return false; + + /* If it's a valid capability we default to assume + * that we have it */ + + f = fopen("/proc/self/status", "re"); + if (!f) + return true; + + while (fgets(line, sizeof(line), f)) { + truncate_nl(line); + + if (startswith(line, "CapBnd:")) { + (void) sscanf(line+7, "%llx", &capabilities); + break; + } + } + + return !!(capabilities & (1ULL << value)); +} + bool condition_test(Condition *c) { assert(c); @@ -214,6 +245,9 @@ bool condition_test(Condition *c) { case CONDITION_SECURITY: return test_security(c->parameter) == !c->negate; + case CONDITION_CAPABILITY: + return test_capability(c->parameter) == !c->negate; + case CONDITION_NULL: return !c->negate; diff --git a/src/condition.h b/src/condition.h index dd65aa6054..71b1c6761e 100644 --- a/src/condition.h +++ b/src/condition.h @@ -37,6 +37,7 @@ typedef enum ConditionType { CONDITION_KERNEL_COMMAND_LINE, CONDITION_VIRTUALIZATION, CONDITION_SECURITY, + CONDITION_CAPABILITY, CONDITION_NULL, _CONDITION_TYPE_MAX, _CONDITION_TYPE_INVALID = -1 diff --git a/src/execute.c b/src/execute.c index 53e7e77fde..866e8bf2f6 100644 --- a/src/execute.c +++ b/src/execute.c @@ -895,12 +895,9 @@ static int do_capability_bounding_set_drop(uint64_t drop) { } } - for (i = 0; i <= MAX(63LU, (unsigned long) CAP_LAST_CAP); i++) + for (i = 0; i <= cap_last_cap(); i++) if (drop & ((uint64_t) 1ULL << (uint64_t) i)) { if (prctl(PR_CAPBSET_DROP, i) < 0) { - if (errno == EINVAL) - break; - r = -errno; goto finish; } @@ -1720,7 +1717,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { unsigned long l; fprintf(f, "%sCapabilityBoundingSet:", prefix); - for (l = 0; l <= (unsigned long) CAP_LAST_CAP; l++) + for (l = 0; l <= cap_last_cap(); l++) if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) { char *t; diff --git a/src/generate-kbd-model-map b/src/generate-kbd-model-map index 4fcf785e10..624c5179fa 100755 --- a/src/generate-kbd-model-map +++ b/src/generate-kbd-model-map @@ -1,49 +1,33 @@ #!/usr/bin/python -import system_config_keyboard.keyboard_models, sys +import sys +import system_config_keyboard.keyboard_models def strdash(s): - r = s.strip() - - if r == "": - return "-" - - return r - -def tab_extend(s, n = 1): + return s.strip() or '-' +def tab_extend(s, n=1): s = strdash(s) - k = len(s) / 8 + k = len(s) // 8 if k >= n: f = 1 else: f = n - k - for x in range(0, f): - s = s + "\t" - - return s - + return s + '\t'*f models = system_config_keyboard.keyboard_models.KeyboardModels().get_models() print "# Generated from system-config-keyboard's model list" - print "# consolelayout\t\txlayout\txmodel\t\txvariant\txoptions" -k = models.keys() - -k.reverse() - -for key in k: - value = models[key] - - options = value[4] - if len(options) > 0: - options = "terminate:ctrl_alt_bksp," + options - else: - options = "terminate:ctrl_alt_bksp" +for key, value in reversed(models.items()): + options = "terminate:ctrl_alt_bksp" + if value[4]: + options += ',' + value[4] - print "%s%s%s%s%s" % (tab_extend(key, 3), tab_extend(value[1]), tab_extend(value[2], 2), tab_extend(value[3], 2), options) + print ''.join((tab_extend(key, 3), tab_extend(value[1]), + tab_extend(value[2], 2), tab_extend(value[3], 2), + options)) diff --git a/src/hostname-setup.c b/src/hostname-setup.c index 57db9fbf7c..7216b75c8a 100644 --- a/src/hostname-setup.c +++ b/src/hostname-setup.c @@ -32,7 +32,7 @@ #if defined(TARGET_FEDORA) || defined(TARGET_ALTLINUX) || defined(TARGET_MANDRIVA) || defined(TARGET_MEEGO) #define FILENAME "/etc/sysconfig/network" -#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE) +#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) #define FILENAME "/etc/HOSTNAME" #elif defined(TARGET_ARCH) #define FILENAME "/etc/rc.conf" @@ -114,7 +114,7 @@ finish: fclose(f); return r; -#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE) +#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) return read_and_strip_hostname(FILENAME, hn); #else return -ENOENT; diff --git a/src/load-fragment-gperf.gperf.m4 b/src/load-fragment-gperf.gperf.m4 index 7749b88dfb..41797d20c0 100644 --- a/src/load-fragment-gperf.gperf.m4 +++ b/src/load-fragment-gperf.gperf.m4 @@ -119,6 +119,7 @@ Unit.ConditionFileIsExecutable, config_parse_unit_condition_path, CONDITION_F Unit.ConditionKernelCommandLine, config_parse_unit_condition_string, CONDITION_KERNEL_COMMAND_LINE, 0 Unit.ConditionVirtualization, config_parse_unit_condition_string, CONDITION_VIRTUALIZATION, 0 Unit.ConditionSecurity, config_parse_unit_condition_string, CONDITION_SECURITY, 0 +Unit.ConditionCapability, config_parse_unit_condition_string, CONDITION_CAPABILITY, 0 Unit.ConditionNull, config_parse_unit_condition_null, 0, 0 m4_dnl Service.PIDFile, config_parse_unit_path_printf, 0, offsetof(Service, pid_file) diff --git a/src/localed.c b/src/localed.c index e627c3a716..c6b48de5f9 100644 --- a/src/localed.c +++ b/src/localed.c @@ -574,6 +574,10 @@ static int write_data_x11(void) { #ifdef TARGET_FEDORA unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf"); + + /* Symlink this to /dev/null, so that s-s-k (if it is + * still running) doesn't recreate this. */ + symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf"); #endif if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) @@ -619,6 +623,10 @@ static int write_data_x11(void) { #ifdef TARGET_FEDORA unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf"); + + /* Symlink this to /dev/null, so that s-s-k (if it is + * still running) doesn't recreate this. */ + symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf"); #endif r = 0; diff --git a/src/logind-dbus.c b/src/logind-dbus.c index bc1e49d18f..0550d1bd1c 100644 --- a/src/logind-dbus.c +++ b/src/logind-dbus.c @@ -973,8 +973,11 @@ static DBusHandlerResult manager_message_handler( } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CreateSession")) { r = bus_manager_create_session(m, message, &reply); - if (r == -ENOMEM) - goto oom; + + /* Don't delay the work on OOM here, since it might be + * triggered by a low RLIMIT_NOFILE here (since we + * send a dupped fd to the client), and we'd rather + * see this fail quickly then be retried later */ if (r < 0) return bus_send_error_reply(connection, message, &error, r); diff --git a/src/mount.c b/src/mount.c index 2fc799a6ed..ef953f0d0a 100644 --- a/src/mount.c +++ b/src/mount.c @@ -357,9 +357,11 @@ static int mount_add_fstab_links(Mount *m) { if (mount_is_network(p)) { target = SPECIAL_REMOTE_FS_TARGET; - after = SPECIAL_NETWORK_TARGET; - } else + after = SPECIAL_REMOTE_FS_PRE_TARGET; + } else { target = SPECIAL_LOCAL_FS_TARGET; + after = SPECIAL_LOCAL_FS_PRE_TARGET; + } if (!path_equal(m->where, "/")) if ((r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true)) < 0) diff --git a/src/nspawn.c b/src/nspawn.c index 8441c057b9..653d7db730 100644 --- a/src/nspawn.c +++ b/src/nspawn.c @@ -361,7 +361,7 @@ static int drop_capabilities(void) { unsigned long l; - for (l = 0; l <= MAX(63LU, (unsigned long) CAP_LAST_CAP); l++) { + for (l = 0; l <= cap_last_cap(); l++) { unsigned i; for (i = 0; i < ELEMENTSOF(retain); i++) @@ -372,12 +372,6 @@ static int drop_capabilities(void) { continue; if (prctl(PR_CAPBSET_DROP, l) < 0) { - - /* If this capability is not known, EINVAL - * will be returned, let's ignore this. */ - if (errno == EINVAL) - break; - log_error("PR_CAPBSET_DROP failed: %m"); return -errno; } diff --git a/src/pager.c b/src/pager.c index 6e2bb4901e..3fc81820e9 100644 --- a/src/pager.c +++ b/src/pager.c @@ -32,7 +32,7 @@ static pid_t pager_pid = 0; -static void pager_fallback(void) { +_noreturn_ static void pager_fallback(void) { ssize_t n; do { n = splice(STDIN_FILENO, NULL, STDOUT_FILENO, NULL, 64*1024, 0); diff --git a/src/readahead-common.h b/src/readahead-common.h index 167df316d9..9547ad201c 100644 --- a/src/readahead-common.h +++ b/src/readahead-common.h @@ -27,7 +27,7 @@ #include "macro.h" -#define READAHEAD_FILE_SIZE_MAX (128*1024*1024) +#define READAHEAD_FILE_SIZE_MAX (10*1024*1024) int file_verify(int fd, const char *fn, off_t file_size_max, struct stat *st); diff --git a/src/sd-login.h b/src/sd-login.h index 7102eb88e0..0cb0bf06bb 100644 --- a/src/sd-login.h +++ b/src/sd-login.h @@ -83,7 +83,7 @@ int sd_session_get_seat(const char *session, char **seat); int sd_seat_get_active(const char *seat, char **session, uid_t *uid); /* Return sessions and users on seat. Returns number of sessions as - * return value. If sessions is NULL returs only the number of + * return value. If sessions is NULL returns only the number of * sessions. */ int sd_seat_get_sessions(const char *seat, char ***sessions, uid_t **uid, unsigned *n_uids); @@ -94,7 +94,7 @@ int sd_seat_can_multi_session(const char *seat); * seats is NULL only returns number of seats. */ int sd_get_seats(char ***seats); -/* Get all sessions, store in *seessions. Returns the number of +/* Get all sessions, store in *sessions. Returns the number of * sessions. If sessions is NULL only returns number of sessions. */ int sd_get_sessions(char ***sessions); diff --git a/src/service.c b/src/service.c index c2053ce3ac..e64d289fed 100644 --- a/src/service.c +++ b/src/service.c @@ -829,6 +829,7 @@ static int service_load_sysv_path(Service *s, const char *path) { /* Special setting for all SysV services */ s->type = SERVICE_FORKING; s->remain_after_exit = !s->pid_file; + s->guess_main_pid = false; s->restart = SERVICE_RESTART_NO; if (s->meta.manager->sysv_console) diff --git a/src/special.h b/src/special.h index 614e53ca1b..3fe34c955c 100644 --- a/src/special.h +++ b/src/special.h @@ -45,7 +45,9 @@ #define SPECIAL_SYSINIT_TARGET "sysinit.target" #define SPECIAL_SOCKETS_TARGET "sockets.target" #define SPECIAL_LOCAL_FS_TARGET "local-fs.target" /* LSB's $local_fs */ +#define SPECIAL_LOCAL_FS_PRE_TARGET "local-fs-pre.target" #define SPECIAL_REMOTE_FS_TARGET "remote-fs.target" /* LSB's $remote_fs */ +#define SPECIAL_REMOTE_FS_PRE_TARGET "remote-fs-pre.target" #define SPECIAL_SWAP_TARGET "swap.target" #define SPECIAL_BASIC_TARGET "basic.target" diff --git a/src/timedated.c b/src/timedated.c index f6fe2d83b6..16f54b59d2 100644 --- a/src/timedated.c +++ b/src/timedated.c @@ -170,8 +170,24 @@ static int read_data(void) { free_data(); r = read_one_line_file("/etc/timezone", &zone); - if (r < 0 && r != -ENOENT) - return r; + if (r < 0) { + if (r != -ENOENT) + log_warning("Failed to read /etc/timezone: %s", strerror(-r)); + +#ifdef TARGET_FEDORA + r = parse_env_file("/etc/sysconfig/clock", NEWLINE, + "ZONE", &zone, + NULL); + + if (r < 0 && r != -ENOENT) + log_warning("Failed to read /etc/sysconfig/clock: %s", strerror(-r)); +#endif + } + + if (isempty(zone)) { + free(zone); + zone = NULL; + } verify_timezone(); diff --git a/src/tmpfiles.c b/src/tmpfiles.c index a6b8f859aa..21bf44d3a4 100644 --- a/src/tmpfiles.c +++ b/src/tmpfiles.c @@ -157,6 +157,7 @@ static void load_unix_sockets(void) { } } + fclose(f); return; fail: diff --git a/src/util.c b/src/util.c index a3cfe864b6..26c2f22ff0 100644 --- a/src/util.c +++ b/src/util.c @@ -2336,8 +2336,10 @@ int chvt(int vt) { 0 }; - if (ioctl(fd, TIOCLINUX, tiocl) < 0) - return -errno; + if (ioctl(fd, TIOCLINUX, tiocl) < 0) { + r = -errno; + goto fail; + } vt = tiocl[0] <= 0 ? 1 : tiocl[0]; } @@ -2345,7 +2347,8 @@ int chvt(int vt) { if (ioctl(fd, VT_ACTIVATE, vt) < 0) r = -errno; - close_nointr_nofail(r); +fail: + close_nointr_nofail(fd); return r; } @@ -5899,4 +5902,36 @@ int prot_from_flags(int flags) { default: return -EINVAL; } + +unsigned long cap_last_cap(void) { + static __thread unsigned long saved; + static __thread bool valid = false; + unsigned long p; + + if (valid) + return saved; + + p = (unsigned long) CAP_LAST_CAP; + + if (prctl(PR_CAPBSET_READ, p) < 0) { + + /* Hmm, look downwards, until we find one that + * works */ + for (p--; p > 0; p --) + if (prctl(PR_CAPBSET_READ, p) >= 0) + break; + + } else { + + /* Hmm, look upwards, until we find one that doesn't + * work */ + for (;; p++) + if (prctl(PR_CAPBSET_READ, p+1) < 0) + break; + } + + saved = p; + valid = true; + + return p; } diff --git a/src/util.h b/src/util.h index 89a7bec612..1db82f83e0 100644 --- a/src/util.h +++ b/src/util.h @@ -515,4 +515,6 @@ bool kexec_loaded(void); int prot_from_flags(int flags); +unsigned long cap_last_cap(void); + #endif |