Age | Commit message (Collapse) | Author |
|
Since aa_change_onexec return the error code in errno, and return
-1, the current code do not give any useful information when
something fail. This make apparmor easier to debug, as seen on
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760526
|
|
'ListQueuedOwners' method should return 'NameHasNoOwner' error
if chosen name is not available on bus.
|
|
This is also the only place where FTW_ACTIONRETVAL is used, so
this makes systemd compile without SELinux or SMACK support
when the standard library doesn't support this extension.
|
|
This allows to configure boot loader entries for systems where the
root and usr filesystems are in different subvolumes (or even on
different drives).
|
|
Commit 710fc9779b7c (kdbus repo) introduced attaching items[]
instead of name[] in kdbus_cmd_conn_info struct. Commit 581fe6c81
(systemd repo) caught up with this change, but item size was not
properly calculated.
|
|
documentation
|
|
|
|
descriptions for all entries
(also remove chroot from the list, we don't detect that anymore)
|
|
It's not sufficient to just copy the device node over, we need to update
the policy for it too.
|
|
They were left from an early review iteration, when hibernate-resume
functionality was intended to work also outside of initramfs.
Now this is not the case, and these dependencies became redundant
as systemd-fsck-root.service can never be part of initramfs, and
systemd-remount-fs.service makes little sense in it.
|
|
Otherwise we get useless warnings about journal code.
|
|
Our checks for -Wno-xxx switches do not work with gcc [1].
[1] https://gcc.gnu.org/wiki/FAQ#wnowarning
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1150477
|
|
|
|
|
|
sd_journal_enumerate_unique will lock its mmap window to prevent it
from being released by calling mmap_cache_get with keep_always=true.
This call may return windows that are wider, but compatible with the
parameters provided to it.
This can result in a mismatch where the window to be released cannot
properly be selected, because we have more than one window matching the
parameters of mmap_cache_release. Therefore, introduce a release_cookie
to be used when releasing the window.
https://bugs.freedesktop.org/show_bug.cgi?id=79380
|
|
As of 0f99f74a14 'sd-journal: verify that object start with the field
name' this condition should never happen.
|
|
systemctl would call sd_j_enumerate_unique() interleaved with
sd_j_next(). But the latter can remove a file if it detects an
error in it. In those circumstances sd_j_enumerate_unique would
restart with the first file in hashmap. With many corrupted files
sd_j_enumerate_unique might iterate over the list multiple times.
Avoid this by jumping to the next file in unique list if possible,
or setting a flag that tells sd_j_enumerate_unique that it is done
otherwise.
|
|
|
|
SERVICE_STOP would mean we're running the ExecStop command. That's not
the case with "STOPPING=1".
Instead we should enter the same state as if we just told the service
to stop, i.e. SERVICE_STOP_SIGTERM.
This fixes a bug where voluntarily exiting services would hang around in
deactivating state until timeout.
|
|
|
|
getpeersec() will fail for non-SELinux enabled machines, so don't make that
a hard error.
|
|
CID 1237543 (#1 of 1): Unchecked return value from library
(CHECKED_RETURN)
|
|
With this change the DHCP6_OPTION_IAADDR_LEN define can be removed in
favor of using sizeof(). Using the name of the struct and sizeof()
makes it clearer how much and what data is being copied from the
DHCPv6 message.
|
|
We need to figure out which of the possible names satisfied the policy,
so we cannot do the iteration in check_policy_item() but have to leave it
to the users.
Test cases amended accordingly.
|
|
|
|
|
|
Check for OOM conditions of asprintf() in bus_set_address_user().
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1150289
|
|
|
|
|
|
When a child event is disabled (in order to be freed) and there is no
SIGCHLD signal event, sd_event_source_set_enabled will disable SIGCHLD
even if there are other child events.
Also remove some unneeded signalfd updates.
https://bugs.freedesktop.org/show_bug.cgi?id=84659
Based-on-a-patch-by: Hristo Venev <mustrumr97@gmail.com>
|
|
|
|
We could end with a double close if we close the fd loop and flush_fd
fails. That would make us goto fail and there we close the fd once
again. This patch sets the fd to the return value for safe_close: -1
A fd with negative value will be ignored by the next call to
safe_close.
CID#996223
|
|
Also, let's try to make function names descriptive, instead of using
bools for flags.
|
|
Even though the 'emergency' and 'single' aliases come from sysvinit, the
lack of 'rescue' is still quite confusing (caught me by surprise for the
9th time yet) and inconsistent with `systemctl rescue` as well.
|
|
|
|
Sync kdbus.h once again. Two thing have changed:
a) KDBUS_CMD_EP_* was renamed to KDBUS_CMD_ENDPOINT_*
b) struct kdbus_cmd_hello and struct kdbus_cmd_make gained a
'features' bitfield (which is currently unused)
|
|
This enables tuntap support in the container (assumning the necessary capabilities are in place).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Just some cleanups around policy checks that came up during review.
The code is still not productive.
|
|
|
|
|
|
|