| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
resolved: remove unneeded braces
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
See the section 10.2 of RFC6762 for details.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
This way other hosts can resolve our hostname to its address
using mDNS.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
Otherwise we fail an assertion down the path since t->timeout_event_source is NULL
and it's the "other" transaction that's supposed to have the event source.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
By default all sent multicast packets are looped back to the
sending host. And since the code that adds the mDNS socket to
the mDNS multicast group is the same as for LLMNR I decided
that for now it'd be safer to filter looped back packets in the
application than to switch loopback off. Because I don't know
what would be the implications for LLMNR with loopback switched off.
I suspect that loopback can be disabled for LLMNR safely too and the
function manager_our_packet() is not really needed. But I'd
prefer to do it in another patchset.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
Currently resolving mDNS requests doesn't work because in
dns_transaction_process_reply() no answer gets installed into
mDNS transactions.
When receiving a mDNS reply we should not check for query section
equivalence of the request and its corresponsing response. But still
we need to install answers to mDNS transactions to make it possible
to actually resolve mDNS requests.
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
|
|
nspawn: change owner/group of /run/systemd/nspawn/notify to userns-root
|
|
|
|
Fixes #5000.
|
|
|
|
This substantially reworks the seccomp code, to ensure better
compatibility with some architectures, including i386.
So far we relied on libseccomp's internal handling of the multiple
syscall ABIs supported on Linux. This is problematic however, as it does
not define clear semantics if an ABI is not able to support specific
seccomp rules we install.
This rework hence changes a couple of things:
- We no longer use seccomp_rule_add(), but only
seccomp_rule_add_exact(), and fail the installation of a filter if the
architecture doesn't support it.
- We no longer rely on adding multiple syscall architectures to a single filter,
but instead install a separate filter for each syscall architecture
supported. This way, we can install a strict filter for x86-64, while
permitting a less strict filter for i386.
- All high-level filter additions are now moved from execute.c to
seccomp-util.c, so that we can test them independently of the service
execution logic.
- Tests have been added for all types of our seccomp filters.
- SystemCallFilters= and SystemCallArchitectures= are now implemented in
independent filters and installation logic, as they semantically are
very much independent of each other.
Fixes: #4575
|
|
|
|
See https://github.com/systemd/systemd/issues/4944
|
|
Fixes #4944
|
|
When a new entry appears in /proc/self/mountinfo, mount_setup_unit()
allocated a new mount unit for it and starts initializing it.
mount_setup_unit() is also used to update a mount unit when a change happens in
/proc/self/mountinfo, for example a mountpoint can be remounted with additional
mount options.
This patch introduces 2 separate functions to deal with those 2 cases instead
of mount_setup_unit() dealing with both of them. The common code is small and
doing the split makes the code easier to read and less error prone if extended
later.
It also makes sure to initialize in both functions the mount parameters of the
mount unit before calling mount_is_extrinsic() since this function relies on
them.
Fixes: #4902
|
|
RDNSS and DNSLL options received in RA are always used, possibly breaking the resolution of private domains hosted on a local DNS server. When setting UseDNS=no in a [IPv6AcceptRA] section of a .network file, both RDNSS and DNSLL options in received RA should be ignored.
Fixes: #5040
|
|
The parameters were calculated on my X1 Yoga using touchpad-edge-detector; As as the device name indicates, the Touchpad is exactly the same as the X1 Carbon 4th gen.
|
|
Fixes for gcc and coverity warnings
|
|
Without this the trackpoint is very difficult to manoeuvre until
manually correcting the sysfs serio1/sensitivity entry.
|
|
|
|
CID #1368262: fn is allocated with new, so it should be freed.
|
|
instance might be "", and that string would be leaked.
CID #1368264.
|
|
A fixed value (6 and later 5) was added back in 4deb3b93911, and
not updated when load_len was added later on.
Also the other 5 with 1 + 1 + 1 + 1 + 1 to make it easier to see
that this is about the column separators.
|
|
CID #1368270.
Easily reproduced with COLUMNS=50 ./systemctl --no-pager.
|
|
Add a comment about the return value and rename r to ans. r is
nowadays reserved for the integer return value, and char *r is confusing.
|
|
This is harmless, it would only happen if --verify-key is used multiple times.
But let's fix it for correctness.
CID ##1368415.
|
|
CID #1368416.
Coverity web interface is back, yay!
|
|
gcc doesn't like &, even though &sbuf and buf are the same things afaiu.
Follow-up for e20a917105b.
|
|
After parsing the --verify-key argument, overwrite it with null bytes.
This minimizes (but does not completely eliminate) the time frame within
which another process on the system can extract the verification key
from the journalctl command line.
|
|
|
|
- Show example of all `systemctl status` output and documents what possible
"Loaded:", "Active" and "Enabled" values mean.
- Documents what different colors of the dot mean.
- Documents "gotcha" with load-on-demand behavior which will report units as
"loaded" even if they are only loaded to show their status.
(From @poettering: https://github.com/systemd/systemd/issues/5063#issuecomment-272115024 )
|
|
Small fixes and enhancements to docs and code
|
|
kernel-install: avoid process substitution
|
|
If we are running in a chroot/container/..., we would print a useless warning about
not being able to communicate with systemd. Trying to do daemon-reload is pointless
in those cases, so let's just skip all actions in that case.
The check uses /run/system/system, as recommended by sd_booted(3).
https://bugzilla.redhat.com/show_bug.cgi?id=1411299
|
|
When a unit is part of several dependency constraints of another
unit, list-dependencies repeats the name of the dependency for each
dep constraint the unit is encountered.
For example:
$ systemctl cat test-main.target
# /etc/systemd/system/test-main.target
[Unit]
Description=Main Target
$ systemctl cat test.target
[Unit]
Description=Sub target
PartOf=test-main.target
[Install]
WantedBy=test-main.target
$ systemctl enable test.target
Created symlink from /etc/systemd/system/test-main.target.wants/test.target to /etc/systemd/system/test.target.
$ systemctl show test-main.target | grep test.target
Wants=test.target
ConsistsOf=test.target
[...]
$ systemctl list-dependencies test-main.target
test-main.target
● ├─test.target
● └─test.target
With this patch applied, dependencies are shown only once.
|
|
Replace spaces in expanded fields in SYMLINK properties by default.
|
|
|
|
Completion scripts should not generate errors, ever.
https://bugzilla.redhat.com/show_bug.cgi?id=1409649
|
|
If it writes to memory, it's not pure, by definition.
Fixup for 882ac6e769c5c.
|
|
For consistency. Also drop "e.g." because it's somewhat redundant with the
ellipsis and the message is pretty long already.
Follow-up for 4d1fe20a585ca.
|
|
In eb64b435ebb2a7cb1274d5 ActiveSlave/PrimarySlave were inserted in between
IPv6AcceptRA and IPv6AcceptRouterAdvertisements and the comment then didn't
make sense. It turns out that gperf does not understand C-style comments, and
that there's no comment syntax in the keywords section. The following was
generated:
{"/* legacy alias for the above */"},
{"Network.IPv6AcceptRA", config_parse_tristate, 0, offsetof(Network, ipv6_accept_ra)},
In practice this wouldn't lead to problems because this fake pattern would be
hard to match, but it seems better to remove the comments altogether.
Readers of the .gperf file will have to look for the repeated output field to
notice legacy options. To make this easier, let's always keep the legacy option
second.
|
|
bash implements process substitution using /dev/fd/N (this is documented
in man bash). We'd like kernel-install to work in chrooted RPM
scriptlets without /dev.
We can use here-strings instead. bash uses temporary files to implement
those.
|
|
|
