Age | Commit message (Collapse) | Author |
|
seccomp_load returns -EINVAL when seccomp support is not enabled in the
kernel [1]. This should be a debug log, not an error that interrupts nspawn.
If the seccomp filter can't be set and audit is enabled, the user will
get an error message anyway.
[1]: http://man7.org/linux/man-pages/man2/prctl.2.html
|
|
po: fix zh_TW mailing list.
|
|
|
|
Add zh_TW translation.
|
|
|
|
|
|
rules: re-add cciss rules
|
|
IPForwarding=kernel v3
|
|
core: fix CID 996302
|
|
CID 996302: Error handling issues (CHECKED_RETURN)
|
|
|
|
In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced
to set forwarding flags on interfaces in .network files. networkd sets
forwarding options regardless of the previous setting, even if it was
set by e.g. sysctl. This commit creates a new option for IPForwarding,
"kernel", that preserves the sysctl settings rather than always setting
them.
See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial
bug report.
|
|
sd-rtnl: make joining broadcast groups implicit
|
|
|
|
networkd: bond - only set packets_per_slave on balance-rr mode
|
|
journald: do not strip leading whitespace from messages
|
|
kmod-setup: don't print warning on -ENOSYS
|
|
-ENOSYS is returned from kmod_module_probe_insert_module() if a module isn't
available, not -ENOENT. Don't spit out a warning in that case unless the
warn_if_unavailable flag is set.
Also factor out the condition into an own variable for better readability.
|
|
sd-rtnl: use netlink header rather than ucred in socket_recv_message()
|
|
Lets us simplify the function and drop SO_PASSCRED.
Thanks to Alexander Larsson and David Herrmann.
|
|
zsh-completion: optimize _filter_units_by_property
|
|
(Also, downgrade message from LOG_ERROR to LOG_WARNING, after all we
don't care much and just proceed)
|
|
Without the boolean bus_name_good services as well as cgroup_realized
for units a unit of Type=dbus and ExecReload sending SIGHUP to $MAINPID
will be terminated if systemd will be daemon reloaded.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746151
https://bugs.freedesktop.org/show_bug.cgi?id=78311
https://bugzilla.opensuse.org/show_bug.cgi?id=934077
|
|
Net
|
|
build-sys: suppress warnings of unused results
|
|
build-sys: split internal basic/ library from shared/
|
|
journald: don't employ inner loop for reading from incoming sockets
|
|
basic/ can be used by everything
cannot use anything outside of basic/
libsystemd/ can use basic/
cannot use shared/
shared/ can use libsystemd/
|
|
|
|
Replace strerror() usage with log_netdev_error_errno()
|
|
Replace strerror() usage with log_netdev_error_errno()
|
|
Unfortunately, gcc keeps warning about those even when we use an
explicit (void) cast to indicate we are not interested in the result.
LLVM's clang does not have that issue and works fine with the casts.
GCC bug being tracked at:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425
Until that GCC bug is fixed (and the version with the fix is in
many/most distributions) or we switch to LLVM as the default compiler,
it looks like we'll have to disable this warning by default...
Tested by building files known to present warnings about unused results
without the suppression, confirmed that the warnings were no longer
present with this patch applied.
This partially reverts commit 00c11bc53a1d37 ("build-sys: don't suppress irrelevant warnings").
|
|
Keep leading whitespace for compatibility with older syslog
implementations. Also useful when piping formatted output to the
`logger` command. Keep removing trailing whitespace.
Tested with `pstree | logger` and checking that the output of
`journalctl | tail` included aligned and formatted output.
Confirmed that all test cases still pass as expected.
|
|
cgtop enhancements for easier machine-readable output
|
|
since last tick
Emit "0" rather than "-" if no change in IO values are seen for a process since
last tick, so long as accounting has registered content at all.
|
|
shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
|
|
The original commit (1aff206) doesn't explain why these were removed.
This adds them back since they are in fact needed.
|
|
build-sys: make man/systemd.directives.xml depend on man/custom-entit…
|
|
sd-network: allow the state dir to be created after the monitor
|
|
move dns code from resolve to shared v3
|
|
Currently, the following command sequence fails:
make distclean
./autogen.sh c
make distcheck
That's because the command invoked to build man/systemd.directives.xml needs
man/custom-entities.ent to function, which itself isn't a dependency.
The $(filter-out $<,$^) logic used to filter out everything from the
prerequisites except for the first word, which doesn't work anymore
now. Use $(SOURCE_XML_FILES) instead.
|
|
This prevents a build failure when /usr/share/fonts/unifont/unifont.hex
is newer than unifont-glyph-array.bin.
|
|
Our bloom-filters support root-path matching. Make sure we properly add
the path_namespace= tag.
|
|
DBus-spec defines two different pattern matchings:
1) Path and namespace prefix matching. In this case, A matches B either
if both are equal, or if B is fully included in the namespace of A.
In other words, A has to be a prefix of B, but end with a separator
character (or the following character in B must be one).
This is used for path_namespace= and arg0namespace=
2) The other pattern matching is used for arg0path= which does a two-way
matching. That is, A must be a prefix of B, or B a prefix of A.
Furthermore, the prefix must end with a separator.
Fix the sd-bus helpers to reflect that. The 'simple_' and 'complex_'
prefixes don't make any sense now, but.. eh..
|
|
Make sure we actually verify our match-rules are executed properly. Right
now all we test is the bloom-matches, which are non-reliable as they leave
through false-positives.
|
|
DBus spec clearly defines arg0path= to be a two-way matching. That is,
either the matcher or the matchee can be a prefix of the other to match.
This is not possible to implement with bloom-filters. Instead, we'd have
to add a separate filter for each prefix. This is non-trivial, though.
Hence, just skip the match for now and match locally.
|
|
Lets look at an example where we add arg0="/foo/bar/waldo" to a
bloom-filter. The following strings are added:
"arg0:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar"
"arg0-slash-prefix:/foo"
Two problems arise:
1) If we match on "arg0path=/foo/bar/waldo", the dbus-spec explicitly
states that equal strings are also considered prefixes. However, in the
bloom-match, we can only provide a single match-filter. Therefore, we have
to add "arg0-slash-prefix:/foo/bar/waldo" there, but this never occured in
the bloom-mask of the message.
Hence, this patch makes sure bloom_add_prefixes() adds the full path as
prefix, too.
2) If we match on "arg0path=/foo/", the dbus-spec states that arg0path
does prefix-matching with the trailing slash _included_, unlike
path_namespace= matches, which does *not* include them. This is
inconsistent, but we have to support the specs. Therefore, we must add
prefixes with _and_ without trailing separators.
Hence, this patch makes sure bloom_add_prefixes() adds all prefixes with
the trailing slash included.
The final set of strings added therefore is:
"arg0:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar/"
"arg0-slash-prefix:/foo/bar"
"arg0-slash-prefix:/foo/"
"arg0-slash-prefix:/foo"
"arg0-slash-prefix:/"
|
|
dhcp domain option
previously hostname_is_valid was used to validate domain names, which
would silently drop perfectly valid dns names that were longer than a
single dns label.
|
|
|
|
|