diff options
| -rw-r--r-- | man/systemd.exec.xml | 5 | ||||
| -rw-r--r-- | src/bootchart/svg.c | 5 | ||||
| -rw-r--r-- | src/bus-proxyd/proxy.c | 24 | ||||
| -rw-r--r-- | src/core/kmod-setup.c | 2 | ||||
| -rw-r--r-- | src/login/logind-dbus.c | 2 | ||||
| -rw-r--r-- | src/sysv-generator/sysv-generator.c | 24 | ||||
| -rw-r--r-- | src/udev/udevd.c | 68 |
7 files changed, 70 insertions, 60 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 64877720bc..45a4422dc3 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -858,9 +858,10 @@ <listitem><para>Takes a boolean argument or <literal>read-only</literal>. If true, the directories - <filename>/home</filename> and <filename>/run/user</filename> + <filename>/home</filename>, <filename>/root</filename> and + <filename>/run/user</filename> are made inaccessible and empty for processes invoked by this - unit. If set to <literal>read-only</literal>, the two + unit. If set to <literal>read-only</literal>, the three directories are made read-only instead. It is recommended to enable this setting for all long-running services (in particular network-facing ones), to ensure they cannot get diff --git a/src/bootchart/svg.c b/src/bootchart/svg.c index 0ac1f55a91..a7ef653d5d 100644 --- a/src/bootchart/svg.c +++ b/src/bootchart/svg.c @@ -172,7 +172,7 @@ static int svg_title(FILE *of, const char *build, int pscount, double log_start, r = read_one_line_file(filename, &model); if (r < 0) - log_warning("Error reading disk model for %s: %m\n", rootbdev); + log_info("Error reading disk model for %s: %m\n", rootbdev); } /* various utsname parameters */ @@ -208,7 +208,8 @@ static int svg_title(FILE *of, const char *build, int pscount, double log_start, fprintf(of, "<text class=\"t2\" x=\"20\" y=\"50\">System: %s %s %s %s</text>\n", uts.sysname, uts.release, uts.version, uts.machine); fprintf(of, "<text class=\"t2\" x=\"20\" y=\"65\">CPU: %s</text>\n", cpu); - fprintf(of, "<text class=\"t2\" x=\"20\" y=\"80\">Disk: %s</text>\n", model); + if (model) + fprintf(of, "<text class=\"t2\" x=\"20\" y=\"80\">Disk: %s</text>\n", model); fprintf(of, "<text class=\"t2\" x=\"20\" y=\"95\">Boot options: %s</text>\n", cmdline); fprintf(of, "<text class=\"t2\" x=\"20\" y=\"110\">Build: %s</text>\n", build); fprintf(of, "<text class=\"t2\" x=\"20\" y=\"125\">Log start time: %.03fs</text>\n", log_start); diff --git a/src/bus-proxyd/proxy.c b/src/bus-proxyd/proxy.c index 28ab1c97fc..1dc55171e7 100644 --- a/src/bus-proxyd/proxy.c +++ b/src/bus-proxyd/proxy.c @@ -494,7 +494,16 @@ static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, } /* First check if we (the sender) can send to this name */ - if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, destination_names, m->path, m->interface, m->member, true, &n)) { + if (sd_bus_message_is_signal(m, NULL, NULL)) { + /* If we forward a signal from dbus-1 to kdbus, we have + * no idea who the recipient is. Therefore, we cannot + * apply any dbus-1 policies that match on receiver + * credentials. We know sd-bus always sets + * KDBUS_MSG_SIGNAL, so the kernel applies policies to + * the message. Therefore, skip policy checks in this + * case. */ + return 0; + } else if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, destination_names, m->path, m->interface, m->member, true, &n)) { if (n) { /* If we made a receiver decision, then remember which * name's policy we used, and to which unique ID it @@ -512,19 +521,8 @@ static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, return r; } - if (sd_bus_message_is_signal(m, NULL, NULL)) { - /* If we forward a signal from dbus-1 to kdbus, - * we have no idea who the recipient is. - * Therefore, we cannot apply any dbus-1 - * receiver policies that match on receiver - * credentials. We know sd-bus always sets - * KDBUS_MSG_SIGNAL, so the kernel applies - * receiver policies to the message. Therefore, - * skip policy checks in this case. */ - return 0; - } else if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, owned_names, NULL, m->path, m->interface, m->member, true)) { + if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, owned_names, NULL, m->path, m->interface, m->member, true)) return 0; - } } /* Return an error back to the caller */ diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c index e7a6bdc8c4..fc6d2f4acb 100644 --- a/src/core/kmod-setup.c +++ b/src/core/kmod-setup.c @@ -116,7 +116,7 @@ int kmod_setup(void) { else if (r == KMOD_PROBE_APPLY_BLACKLIST) log_info("Module '%s' is blacklisted", kmod_module_get_name(mod)); else { - bool print_warning = kmod_table[i].warn_if_unavailable || (r < 0 && r != -ENOSYS); + bool print_warning = kmod_table[i].warn_if_unavailable || (r < 0 && r != -ENOENT); log_full_errno(print_warning ? LOG_WARNING : LOG_DEBUG, r, "Failed to insert module '%s': %m", kmod_module_get_name(mod)); diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 640ae92f7f..659ce18a48 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -690,6 +690,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus } manager_get_session_by_pid(m, leader, &session); + if (!session && vtnr > 0) + session = (vtnr < m->seat0->position_count) ? m->seat0->positions[vtnr] : NULL; if (session) { _cleanup_free_ char *path = NULL; _cleanup_close_ int fifo_fd = -1; diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c index 0d246b1835..45b119362c 100644 --- a/src/sysv-generator/sysv-generator.c +++ b/src/sysv-generator/sysv-generator.c @@ -240,22 +240,21 @@ static bool usage_contains_reload(const char *line) { } static char *sysv_translate_name(const char *name) { - char *r; - _cleanup_free_ char *c; + _cleanup_free_ char *c = NULL; + char *res; c = strdup(name); if (!c) - return NULL; + return NULL; - r = endswith(c, ".sh"); - if (r) { - *r = '\0'; - } + res = endswith(c, ".sh"); + if (res) + *res = 0; - if (unit_name_mangle(c, UNIT_NAME_NOGLOB, &r) >= 0) - return r; - else - return NULL; + if (unit_name_mangle(c, UNIT_NAME_NOGLOB, &res) < 0) + return NULL; + + return res; } static int sysv_translate_facility(const char *name, const char *filename, char **_r) { @@ -377,8 +376,7 @@ static int handle_provides(SysvStub *s, unsigned line, const char *full_text, co if (r < 0) return log_oom(); } - } - else if (t == _UNIT_TYPE_INVALID) + } else if (t == _UNIT_TYPE_INVALID) log_warning("Unit name '%s' is invalid", m); else log_warning("Unknown unit type for unit '%s'", m); diff --git a/src/udev/udevd.c b/src/udev/udevd.c index cf15ddf641..e27fb1fd9e 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -1608,8 +1608,42 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg return 0; } -int main(int argc, char *argv[]) { +static int run(int fd_ctrl, int fd_uevent, const char *cgroup) { _cleanup_(manager_freep) Manager *manager = NULL; + int r; + + r = manager_new(&manager, fd_ctrl, fd_uevent, cgroup); + if (r < 0) { + r = log_error_errno(r, "failed to allocate manager object: %m"); + goto exit; + } + + r = udev_rules_apply_static_dev_perms(manager->rules); + if (r < 0) + log_error_errno(r, "failed to apply permissions on static device nodes: %m"); + + (void) sd_notify(false, + "READY=1\n" + "STATUS=Processing..."); + + r = sd_event_loop(manager->event); + if (r < 0) { + log_error_errno(r, "event loop failed: %m"); + goto exit; + } + + sd_event_get_exit_code(manager->event, &r); + +exit: + sd_notify(false, + "STOPPING=1\n" + "STATUS=Shutting down..."); + if (manager) + udev_ctrl_cleanup(manager->ctrl); + return r; +} + +int main(int argc, char *argv[]) { _cleanup_free_ char *cgroup = NULL; int r, fd_ctrl, fd_uevent; @@ -1625,8 +1659,10 @@ int main(int argc, char *argv[]) { if (r < 0) log_warning_errno(r, "failed to parse kernel command line, ignoring: %m"); - if (arg_debug) + if (arg_debug) { + log_set_target(LOG_TARGET_CONSOLE); log_set_max_level(LOG_DEBUG); + } if (getuid() != 0) { r = log_error_errno(EPERM, "root privileges required"); @@ -1714,35 +1750,9 @@ int main(int argc, char *argv[]) { write_string_file("/proc/self/oom_score_adj", "-1000"); } - r = manager_new(&manager, fd_ctrl, fd_uevent, cgroup); - if (r < 0) { - r = log_error_errno(r, "failed to allocate manager object: %m"); - goto exit; - } - - r = udev_rules_apply_static_dev_perms(manager->rules); - if (r < 0) - log_error_errno(r, "failed to apply permissions on static device nodes: %m"); - - (void) sd_notify(false, - "READY=1\n" - "STATUS=Processing..."); - - r = sd_event_loop(manager->event); - if (r < 0) { - log_error_errno(r, "event loop failed: %m"); - goto exit; - } - - sd_event_get_exit_code(manager->event, &r); + r = run(fd_ctrl, fd_uevent, cgroup); exit: - sd_notify(false, - "STOPPING=1\n" - "STATUS=Shutting down..."); - - if (manager) - udev_ctrl_cleanup(manager->ctrl); mac_selinux_finish(); log_close(); return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; |