Age | Commit message (Collapse) | Author |
|
This makes privilege escalation attacks harder by putting traps and exploits
into /tmp.
https://bugs.debian.org/826377
|
|
* sd_bus_add_match
* sd_bus_get_fd
* sd_bus_message_read_basic
* sd_bus_process
|
|
Do not ellipsize cgroups when showing slices in --full mode
|
|
Quoting @cgwalters:
Just uploading this as an RFC. Now I know reading the code that systemd says
`Welcome to $OS` as a generic thing, but my initial impression on seeing this
was that it was almost sarcastic =)
Let's say "You are in emergency mode" as a more neutral/less excited phrase.
This patch is based on #3556, but makes the same change for rescue mode.
|
|
Jun 16 05:12:08 systemd[1]: Controller 'io' supported: yes
Jun 16 05:12:08 systemd[1]: Controller 'memory' supported: yes
Jun 16 05:12:08 systemd[1]: Controller 'pids' supported: yes
instead of
Jun 16 04:06:50 systemd[1]: Controller 'memory' supported: yes
Jun 16 04:06:50 systemd[1]: Controller 'devices' supported: yes
Jun 16 04:06:50 systemd[1]: Controller 'pids' supported: yes
|
|
tests: fix memory leak, don't run test_get_process_cmdline_harder under valgrind
|
|
See https://github.com/systemd/systemd/pull/3555#issuecomment-226564908
|
|
In makefile we create symlinks runlevel5.target to graphical.target and
runlevel2-4.target to multi-user.target. Let's say the same thing in
systemd.special manpage.
|
|
Fixes:
==27917== 3 bytes in 1 blocks are definitely lost in loss record 1 of 1
==27917== at 0x4C28BF6: malloc (vg_replace_malloc.c:299)
==27917== by 0x55083D9: strdup (in /usr/lib64/libc-2.22.so)
==27917== by 0x1140DA: find_converted_keymap (keymap-util.c:524)
==27917== by 0x110844: test_find_converted_keymap (test-keymap-util.c:52)
==27917== by 0x1124FE: main (test-keymap-util.c:213)
==27917==
|
|
Delete the dbus1 generator and some critical wiring. This prevents
kdbus from being loaded or detected. As such, it will never be used,
even if the user still has a useful kdbus module loaded on their system.
Sort of fixes #3480. Not really, but it's better than the current state.
|
|
Hwdb updates
|
|
Likely bad measurement and all other websites refer to it being 1000dpi.
See https://bugs.freedesktop.org/show_bug.cgi?id=96225#c13
This reverts commit e7b90ddc345d1817ca48bfcc4e3e73836c8051af.
|
|
From https://bugs.freedesktop.org/show_bug.cgi?id=95417
|
|
See:
https://github.com/systemd/systemd/pull/3529#issuecomment-226421007
|
|
Systemctl fixes
|
|
(#3553)
dns_transaction_maybe_restart() is supposed to return 1 if the the transaction
has been restarted and 0 otherwise. dns_transaction_process_dnssec() relies on
this behaviour. Before this change in case of restart we'd call
dns_transaction_go() when restarting the lookup, returning its return value
unmodified. This is wrong however, as that function returns 1 if the
transaction is pending, and 0 if it completed immediately, which is a very
different set of return values. Fix this, by always returning 1 on redirection.
The wrong return value resulted in all kinds of bad memory accesses as we might
continue processing a transaction that was redirected and completed immediately
(and thus freed).
This patch also adds comments to the two functions to clarify the return values
for the future.
Most likely fixes: #2942 #3475 #3484
|
|
|
|
In https://github.com/systemd/systemd/issues/3543, we would open the pager
before starting ssh, and the pipe fd was "leaked" into the ssh child as the
stderr fd. Previous commit fixes bus-socket to nullify stderr before launching
the child, but it seems reasonable to also delay starting the pager.
If we are going to croak when trying to open the transport, it seems better
to do this before starting the pager.
This commit would also fix #3543 on its own.
|
|
the pager (#3550)
If "systemctl -H" is used, let's make sure we first terminate the bus
connection, and only then close the pager. If done in this order ssh will get
an EOF on stdin (as we speak D-Bus through ssh's stdin/stdout), and then
terminate. This makes sure the standard error we were invoked on is released by
ssh, and only that makes sure we don't deadlock on the pager which waits for
all clients closing its input pipe.
(Similar fixes for the various other xyzctl tools that support both pagers and
-H)
Fixes: #3543
|
|
networkd: add support for vrf interfaces (#3316)
|
|
various changes, most importantly regarding memory metrics
|
|
Permit services to detect whether their stdout/stderr is connected to the journal.
|
|
|
|
|
|
If for whatever reason the file system is "corrupted", we want
to be resilient and ignore the error, as long as we can load the units
from a different place.
Arch bug https://bugs.archlinux.org/task/49547.
A user had an ntfs symlink (essentially a file) instead of a directory after
restoring from backup. We should just ignore that like we would treat a missing
directory, for general resiliency.
We should treat permission errors similarly. For example an unreadable
/usr/local/lib directory would prevent (user) instances of systemd from
loading any units. It seems better to continue.
|
|
executed services
This permits services to detect whether their stdout/stderr is connected to the
journal, and if so talk to the journal directly, thus permitting carrying of
metadata.
As requested by the gtk folks: #2473
|
|
|
|
When running systemctl from git on systemd from systemd-229-8.fc24.x86_64,
ListUnitsByPatterns results in org.freedesktop.DBus.Error.AccessDenied.
|
|
Second attempt had no effect anyway.
|
|
buffer (#3541)
Calling recv with a NULL buffer returns EFAULT instead of EOPNOTSUPP on
older kernels (3.14).
Fixes #3407
Signed-off-by: Kai Ruhnau <kai.ruhnau@target-sg.com>
|
|
three resolved fixes
|
|
Super-important change, yeah!
|
|
This reworks get_process_cmdline() quite substantially, fixing the following:
- Fixes:
https://github.com/systemd/systemd/pull/3512/commits/a4e3bf4d7ac2de51191ce136ee9361ba319e106c#r66837630
- The passed max_length is also applied to the "comm" name, if comm_fallback is
set.
- The right thing happens if max_length == 1 is specified
- when the cmdline "foobar" is abbreviated to 6 characters the result is not
"foobar" instead of "foo...".
- trailing whitespace are removed before the ... suffix is appended. The 7
character abbreviation of "foo barz" is hence "foo..." instead of "foo ...".
- leading whitespace are suppressed from the cmdline
- a comprehensive test case is added
|
|
Udevadm man fix
|
|
When we get a literal IP address as string that includes a zone suffix, process
this properly and return the parsed ifindex back to the client, and include it
in the canonical name in case of a link-local IP address.
|
|
Previously, after checking the local zone for a reply and finding one we'd not
initialize the answer ifindex from that. Let's fix that.
|
|
We can reuse some code here, so let's do it.
|
|
-x never worked, so let's just correct the man page.
Fixes #3524.
|
|
|
|
|
|
Fix-up for 2a9a6f8ac04a69ca36d645f9305a33645f22a22b
|
|
Apparently newer gcc versions are a bit more forgiving when assigning an
"unsigned char*" pointer to something of a different type. Let's add the
missing cast so that old gcc versions are fine, too.
|
|
The unit files already accept relative, percent-based memory limit
specification, let's make sure "systemctl set-property" support this too.
Since we want the physical memory size of the destination machine to apply we
pass the percentage in a new set of properties that only exist for this
purpose, and can only be set.
|
|
The various bits of code did the scaling all different, let's unify this,
given that the code is not trivial.
|
|
THe latter is a kernelism, we only understand "infinity".
|
|
When parsing unit files we already refuse unit memory limits of zero, let's
also refuse it when the value is set via the bus.
|
|
|
|
settings
If a percentage is used, it is taken relative to the installed RAM size. This
should make it easier to write generic unit files that adapt to the local system.
|
|
And port a couple of users over to it.
|
|
limit into account
When determining the amount of RAM in the system, let's make sure we also read
the root-level cgroup memory limit into account. This isn't particularly useful
on the host, but in containers it makes sure that whatever memory the container
got assigned is actually used for RAM size calculations.
|