summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-03-09/dev/console must be labeled with SELinux labelDan Walsh
If the user specifies an selinux_apifs_context all content created in the container including /dev/console should use this label. Currently when this uses the default label it gets labeled user_devpts_t, which would require us to write a policy allowing container processes to manage user_devpts_t. This means that an escaped process would be allowed to attack all users terminals as well as other container terminals. Changing the label to match the apifs_context, means the processes would only be allowed to manage their specific tty. This change fixes a problem preventing RKT containers from working with systemd-nspawn.
2016-03-07Merge pull request #2768 from benjarobin/fix-2718Daniel Mack
systemctl: Replace check_one_unit() by get_state_one_unit()
2016-03-06Merge pull request #2803 from 0xAX/lacess-tree-wideRonny Chevalier
firstboot: use laccess macro instead of facessat()
2016-03-06firstboot: use laccess macro instead of facessat()Alexander Kuleshov
2016-03-05Merge pull request #2791 from 0xAX/clear-flag-macroZbigniew Jędrzejewski-Szmek
tree-wide: use SET_FLAG() macro to make code more clear
2016-03-05Merge pull request #2795 from jhol/replace-irreversibly-on-failureZbigniew Jędrzejewski-Szmek
core/failure-action: set job-modes to replace-irreversibly
2016-03-05Merge pull request #2801 from ronnychevalier/rc/systemctl_error_msgZbigniew Jędrzejewski-Szmek
systemctl: improve error message when starting a unit failed
2016-03-05tree-wide: use SET_FLAG() macro to make code more clearAlexander Kuleshov
2016-03-05systemctl: improve error message when starting a unit failedRonny Chevalier
Fixes #2798
2016-03-04core/failure-action: Set job-modes to replace-irreversiblyJoel Holdsworth
Up until now, the failure action has launched reboot.target and poweroff.target with a less aggressive job mode than "systemctl reboot" does. This has meant that the reboot and power- off operations can stall if there are any conflicts with the target during rebooting.
2016-03-03Merge pull request #2790 from ronnychevalier/rc/systemctl_missing_oom_checkZbigniew Jędrzejewski-Szmek
systemctl: add missing OOM check
2016-03-03systemctl: add missing OOM checkRonny Chevalier
2016-03-03Merge pull request #2781 from keszybz/selinux-and-warningsLennart Poettering
Selinux loading fix and warning cleanups
2016-03-03Merge pull request #2787 from ↵Zbigniew Jędrzejewski-Szmek
ronnychevalier/rc/systemctl_edit_rm_empty_dropin_dirs systemctl: rm empty dropin dirs after cancelled edit
2016-03-02systemctl: rm empty dropin dirs after cancelled editRonny Chevalier
Fixes #2734
2016-03-02Redefine 32bit time_t format to signedZbigniew Jędrzejewski-Szmek
It seems that it is signed both on i386 and arm. Avoids a stupid gcc warning on arm: src/udev/udevadm-monitor.c: In function ‘print_device’: src/udev/udevadm-monitor.c:44:16: warning: format ‘%u’ expects argument of type ‘unsigned int’, but argument 3 has type ‘__time_t {aka long int}’ [-Wformat=] printf("%-6s[%"PRI_TIME".%06ld] %-8s %s (%s)\n", ^
2016-03-02test-sizeof: add a helper which prints variable sizes and signednessZbigniew Jędrzejewski-Szmek
This helps to understand misleading gcc warnings about type mismatches.
2016-03-02test-selinux: add some simple tests which call functions and print the ↵Zbigniew Jędrzejewski-Szmek
results and timings
2016-03-02selinux: use raw variants of security_compute_create and setfscreateconZbigniew Jędrzejewski-Szmek
As suggested by Evgeny Vereshchagin as a follow up for https://github.com/systemd/systemd/pull/2781#issuecomment-191043402.
2016-03-02Merge pull request #2779 from 0xAX/openat-opath-excess-flagsDaniel Mack
tree-wide: no need to pass excess flags to open()/openat() if O_PATH …
2016-03-02Merge pull request #2782 from AOSC-Dev/masterDaniel Mack
po/zh_CN: attempt to refresh zh_CN translation
2016-03-01po/zh_CN: attempt to refresh zh_CN translationMingcong Bai
2016-03-01selinux: always try to load the full selinux dbZbigniew Jędrzejewski-Szmek
https://github.com/systemd/systemd/pull/2508#issuecomment-190901170 Maybe fixes https://bugzilla.redhat.com/show_bug.cgi?id=1308771.
2016-03-01Merge pull request #2754 from eworm-de/ask-passwordZbigniew Jędrzejewski-Szmek
ask-password: do no print password when storing in keyring
2016-03-01Merge pull request #2777 from martinpitt/keymapMartin Pitt
keymap fixes
2016-03-02tree-wide: no need to pass excess flags to open()/openat() if O_PATH is passedAlexander Kuleshov
As described in the documentation: When O_PATH is specified in flags, flag bits other than O_CLOEXEC, O_DIRECTORY, and O_NOFOLLOW are ignored. So, we can remove unnecessary flags in a case when O_PATH is passed to the open() or openat().
2016-03-01ask-password: add option --no-output to not print password to stdoutChristian Hesse
systemd-ask-password can store passwords in kernel keyring. However it uses to print the passwords to standard output nevertheless. Depending on where systemd-ask-password is called passwords may end on display or in log, leaking sensitive information. This allows to make systemd-ask-password quiet, effectively disabling printing passwords to standard output.
2016-03-01keymap: Some HP refactoring, add Probook 440 G3 keysMartin Pitt
Apparently the vendor string for newer models now uses "svnHP" instead of "svnHewlett-Packard", so add this alternative match to the global HP map. Generalize matches for micmute key on ProBook 4xx. Silence two hardwired keys on the ProBook 440 G3 that should not produce evdev events. Thanks to Hermann Kraus for those! (See PR #2679)
2016-03-01keymap: Add HP ZBookMartin Pitt
https://launchpad.net/bugs/1535219
2016-03-01Merge pull request #2773 from eliasp/type-warningsDaniel Mack
Use `PRIu64` to print `uint64_t` in log msgs
2016-02-29Merge pull request #2702 from poettering/resolved-iterate-fixZbigniew Jędrzejewski-Szmek
resolved iteration fix
2016-02-29Merge pull request #2767 from benjarobin/fix-warnZbigniew Jędrzejewski-Szmek
systemctl: Fix warn: action_to_runlevel() is not used
2016-02-29Use `PRIu64` to print `uint64_t` in log msgsElias Probst
2016-02-29Merge pull request #2771 from 0xAX/core-kernel-timestamp-cleanupLennart Poettering
core: use DUAL_TIMESTAMP_NULL to reset kernel_timestamp
2016-02-29Merge pull request #2769 from martinpitt/adjtimeLennart Poettering
Fixes for adjtime parsing
2016-02-29test-clock: fix FILE* leakMartin Pitt
Close the FILE* instead of the underlying fd.
2016-02-29Merge pull request #2752 from eliasp/no-container-name-escapingZbigniew Jędrzejewski-Szmek
Don't escape the name of the container nspawn service
2016-02-29Merge pull request #2763 from tblume/shorten-hostname-before-removing-dotsLennart Poettering
shorten hostname before checking for trailing dot
2016-02-29Merge pull request #2756 from thom311/masterLennart Poettering
core: avoid compiler warning when compiling with -fexceptions
2016-02-29test-clock: fix assertionsMartin Pitt
Use assert_se() to ensure that they don't get optimized away.
2016-02-29timedated: trivial stylistic fixMartin Pitt
Don't use {} for single-line "then" blocks.
2016-02-29Merge pull request #2766 from keszybz/coverityMartin Pitt
test-clock: fix fd "leak"
2016-02-29systemctl: Fix warn: action_to_runlevel() is not usedBenjamin ROBIN
If HAVE_SYSV_COMPAT is not defined: ‘action_to_runlevel’ defined but not used
2016-02-29systemctl: Replace check_one_unit() by get_state_one_unit()Benjamin ROBIN
The get_state_one_unit returns the enum of the active state of the unit Do not rely on the string value of the active state. Fix #2718 since the refactoring allow to handle more case
2016-02-29test-clock: fix fd "leak"Zbigniew Jędrzejewski-Szmek
CID #1352301.
2016-02-29core: use DUAL_TIMESTAMP_NULL to reset kernel_timestampAlexander Kuleshov
instead of direct reset of kernel_timestamp fields.
2016-02-29Merge pull request #2764 from benjarobin/fix-stdio-bridgeRonny Chevalier
stdio-bridge: Correctly propagate error
2016-02-29stdio-bridge: Correctly propagate errorBenjamin Robin
Return EXIT_FAILURE and print the correct errno code if sd_bus_get_fd() or sd_bus_get_events() fail
2016-02-29shorten hostname before checking for trailing dotThomas Blume
Shortening can lead to a hostname that has a trailing dot. Therefore it should be done before checking from trailing dots.
2016-02-28Merge pull request #2746 from daurnimator/patch-1Zbigniew Jędrzejewski-Szmek
ISSUE_TEMPLATE: Use a list for submission type so that it appears as a checkbox
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2025-08-10 16:08:36 +0000