Age | Commit message (Collapse) | Author |
|
Always cache the results, and bypass low-level security calls when the
respective subsystem is not enabled.
|
|
We use VTNR, not VTNr as key. Until now sd_session_get_vt() just returns
an error.
|
|
We need to clear variables markes as _cleanup_free_. Otherwise, our
error-paths might corrupt random memory.
|
|
So far we tried to use epoll directly wherever we needed an event loop.
However, that has various shortcomings, such as the inability to handle
larger amounts of timers (since each timerfd costs one fd, which is a
very limited resource, usually bounded to 1024), and inability to do
priorisation between multiple queued events.
Let's add a minimal event loop API around epoll that is suitable for
implementation of our own daemons and maybe one day can become public
API for those who desire it.
This loop is part of libsystemd-bus, but may be used independently of
it.
|
|
Before, when the user journal file was rotated, journal_file_rotate
could close the old file and fail to open the new file. In that
case, we would leave the old (deallocated) file in the hashmap.
On subsequent accesses, we could retrieve this stale entry, leading
to a segfault.
When journal_file_rotate fails with the file pointer set to 0,
old file is certainly gone, and cannot be used anymore.
https://bugzilla.redhat.com/show_bug.cgi?id=890463
|
|
|
|
00000000 46 42 50 54 38 00 00 00 02 00 30 02 00 00 00 00 |FBPT8.....0.....|
00000010 23 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |#E..............|
00000020 f5 6a 51 00 00 00 00 00 00 00 00 00 00 00 00 00 |.jQ.............|
00000030 00 00 00 00 00 00 00 00 70 74 61 6c 58 00 00 00 |........ptalX...|
|
|
Since on most systems with xattr systemd will compile with Smack
support enabled, we still attempt to mount various fs's with
Smack-only options.
Before mounting any of these Smack-related filesystems with
Smack specific mount options, check if Smack is functionally
active on the running kernel.
If Smack is really enabled in the kernel, all these Smack mounts
are now *fatal*, as they should be.
We no longer mount smackfs if systemd was compiled without
Smack support. This makes it easier to make smackfs mount
failures a critical error when Smack is enabled.
We no longer mount these filesystems with their Smack specific
options inside containers. There these filesystems will be
mounted with there non-mount smack options for now.
|
|
|
|
It appears that it's not really the 900 vs. 940 or the X3 vs X4, but the
A/B/C/D suffix after that which makes the difference between the keymaps. On a
NP900X3C-A04RU you get
MODALIAS=dmi:bvn*:bvr*:bd*:svnSAMSUNGELECTRONICSCO.,LTD.:pn900X3C/900X3D/900X4C/900X4D:*
So change the matches to use AB vs. CDG as the differentiator.
Thanks to Anatoly Markov for reporting and testing!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
objects on the bus
This adds a lightweight scheme how to define interfaces in static fixed
arrays which then can be easily registered on a bus connection. This
makes it much easier to write bus services.
This automatically handles implementation of the Properties,
ObjectManager, and Introspection bus interfaces.
|
|
|
|
The Service type's forbid_restart field was not preserved by
serialization/deserialization, so the fact that the service should not
be restarted after stopping was lost.
If a systemctl stop foo command has been given, but the foo service
has not yet stopped, and then the systemctl --system daemon-reload was
given, then when the foo service eventually stopped, systemd would
restart it.
https://bugs.freedesktop.org/show_bug.cgi?id=69800
|
|
We already shew lines in full when using a pager or not on a
tty. The commit disables ellipsization in the sole remaining case,
namely when --follow is used.
This has been a popular request for a long time, and indeed, full
output seems much more useful. Old behaviour can still be requested by
using --no-full. Old options retain their behaviour for compatiblity,
but aren't advertised as much. This change applies only to jornalctl,
not to systemctl, when ellipsization is useful to keep the layout.
https://bugzilla.redhat.com/show_bug.cgi?id=984758
|
|
|
|
Allows the systemd --system process to change its current
SMACK label to a predefined custom label (usually "system")
at boot time.
This is needed to have a few system-generated folders and
sockets automatically be created with the right SMACK
label. Without that, processes either cannot communicate with
systemd or systemd fails to perform some actions.
|
|
Once systemd itself is running in a security domain for SMACK,
it will fail to start countless tasks due to missing privileges
for mounted and created directory structures. For /run and shm
specifically, we grant all tasks access.
These 2 mounts are allowed to fail, which will happen if the
system is not running a SMACK enabled kernel or security=none is
passed to the kernel.
|
|
Triggered false negatives when encoding a string which needed every
character to be escaped, e.g. "LABEL=/".
|
|
|
|
For cifs mount like //server/share, we would get
RequiresMountsFor=/server/share, which probably isn't
harmful, but quite confusing.
Unfortunately a bunch of static functions had to be moved
up, but patch is really one line.
|
|
Since a57f7e2c828b85, a mount unit with garbage in it would cause
systemd to crash on loading it.
ref: https://bugs.freedesktop.org/show_bug.cgi?id=70148
|
|
|
|
check for "reload" rather "reboot"
This appears to be a copy/paste error.
|
|
|
|
Usually the network is stopped before filesystems are umounted.
Ordering network filesystems before remote-fs.target means that their
unmounting will be performed earlier, and can terminate sucessfully.
https://bugs.freedesktop.org/show_bug.cgi?id=70002
|
|
|
|
Otherwise we get an ugly warning when running systemd in
a container.
|
|
|
|
|
|
In e6dca81 $SHELL was added to user@.service. Let's
instead provide it to all units which have a user.
|
|
4608af4333d0f7f5 set permissions for journal storage on persistent disk
but not the volatile storage.
ref: https://bugs.archlinux.org/task/37170
|
|
We were already creating the file if it was missing, and this way
containers can reconfigure the file without running into problems.
This also makes resolv.conf handling more alike to handling of
/etc/localtime, which is also not a bind mount.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|