| Age | Commit message (Collapse) | Author |
|---|
|
/dev/console must be labeled with SELinux label in containers
|
|
fstab-generator: fix automounts to not mount automatically
|
|
Enable more tests by default, and even more with `--enable-tests=unsafe`
|
|
If the user specifies an selinux_apifs_context all content created in
the container including /dev/console should use this label.
Currently when this uses the default label it gets labeled user_devpts_t,
which would require us to write a policy allowing container processes to
manage user_devpts_t. This means that an escaped process would be allowed
to attack all users terminals as well as other container terminals. Changing
the label to match the apifs_context, means the processes would only be allowed
to manage their specific tty.
This change fixes a problem preventing RKT containers from working with systemd-nspawn.
|
|
systemctl: Replace check_one_unit() by get_state_one_unit()
|
|
firstboot: use laccess macro instead of facessat()
|
|
|
|
It is required for %P is sysctl kernel.core_pattern.
Fixes #2800.
|
|
tree-wide: use SET_FLAG() macro to make code more clear
|
|
core/failure-action: set job-modes to replace-irreversibly
|
|
systemctl: improve error message when starting a unit failed
|
|
|
|
Fixes #2798
|
|
Otherwise we would hit an assert in the compression code.
|
|
|
|
name is IFNAMSIZ bytes, but we would copy sizeof(info->name) bytes,
which is IFNAMSIZ + 1. In effect we would go outside of the source
buffer and possibly leave a non-null terminated string in info->name.
CID #1351754.
|
|
|
|
in_addr_to_string returned 0, which was treated as error by the calling
code, which expects 1 on success.
CID #1351757, #1351758.
|
|
It will get at most ten values, I don't know why we wouldn't
always run this test.
|
|
|
|
|
|
We ignored __pycache__ which works for Python 3, but the rule
for Python 2 got lost somehow.
|
|
|
|
Those should be safe to run, resulting in some messages in logs.
|
|
This data is simply missing on non-UEFI systems, and it is useful
to distinguish that from corrupted data.
|
|
The source file name and the binary name were mismatched.
Rename binary to match.
Make the test exit with TEST_SKIP if the data is missing or we
have no permissions. Otherwise, the data will be printed, which
should be safe to enable by default.
|
|
In the normal case lo should be already configured and this should be
a noop, even when run under root.
|
|
at boot
Without this patch applied the mount unit with 'automount' option was still
pulled by local-fs.target and thus was activated during the boot process which
defeats the purpose of the 'automount' option:
$ grep /mnt /etc/fstab
/dev/vdb1 /mnt ext2 defaults,x-systemd.automount 0 0
$ reboot
...
$ mount | grep mnt
systemd-1 on /mnt type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
/dev/vdb1 on /mnt type ext2 (rw,relatime)
$ systemctl status mnt.mount | grep Active
Active: active (mounted) since Thu 2016-03-03 21:36:22 CET; 42s ago
With the patch applied:
$ reboot
...
$ mount | grep mnt
systemd-1 on /mnt type autofs (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
$ systemctl status mnt.mount | grep Active
Active: inactive (dead)
$ ls /mnt
lost+found
$ systemctl status mnt.mount | grep Active
Active: active (mounted) since Thu 2016-03-03 21:47:32 CET; 4s ago
|
|
Up until now, the failure action has launched reboot.target and
poweroff.target with a less aggressive job mode than
"systemctl reboot" does. This has meant that the reboot and power-
off operations can stall if there are any conflicts with the target
during rebooting.
|
|
systemctl: add missing OOM check
|
|
|
|
Selinux loading fix and warning cleanups
|
|
ronnychevalier/rc/systemctl_edit_rm_empty_dropin_dirs
systemctl: rm empty dropin dirs after cancelled edit
|
|
Fixes #2734
|
|
It seems that it is signed both on i386 and arm.
Avoids a stupid gcc warning on arm:
src/udev/udevadm-monitor.c: In function ‘print_device’:
src/udev/udevadm-monitor.c:44:16: warning: format ‘%u’ expects argument of type ‘unsigned int’, but argument 3 has type ‘__time_t {aka long int}’ [-Wformat=]
printf("%-6s[%"PRI_TIME".%06ld] %-8s %s (%s)\n",
^
|
|
This helps to understand misleading gcc warnings about type mismatches.
|
|
results and timings
|
|
As suggested by Evgeny Vereshchagin as a follow up for
https://github.com/systemd/systemd/pull/2781#issuecomment-191043402.
|
|
tree-wide: no need to pass excess flags to open()/openat() if O_PATH …
|
|
po/zh_CN: attempt to refresh zh_CN translation
|
|
|
|
https://github.com/systemd/systemd/pull/2508#issuecomment-190901170
Maybe fixes https://bugzilla.redhat.com/show_bug.cgi?id=1308771.
|
|
ask-password: do no print password when storing in keyring
|
|
keymap fixes
|
|
As described in the documentation:
When O_PATH is specified in flags, flag bits other than O_CLOEXEC,
O_DIRECTORY, and O_NOFOLLOW are ignored.
So, we can remove unnecessary flags in a case when O_PATH is passed
to the open() or openat().
|
|
systemd-ask-password can store passwords in kernel keyring. However it
uses to print the passwords to standard output nevertheless. Depending
on where systemd-ask-password is called passwords may end on display
or in log, leaking sensitive information.
This allows to make systemd-ask-password quiet, effectively disabling
printing passwords to standard output.
|
|
Apparently the vendor string for newer models now uses "svnHP" instead of
"svnHewlett-Packard", so add this alternative match to the global HP map.
Generalize matches for micmute key on ProBook 4xx.
Silence two hardwired keys on the ProBook 440 G3 that should not produce evdev
events. Thanks to Hermann Kraus for those! (See PR #2679)
|
|
https://launchpad.net/bugs/1535219
|
|
Use `PRIu64` to print `uint64_t` in log msgs
|
|
resolved iteration fix
|
