Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
align --help texts
Negative switches are a bad un-normalized thing. We alerady have some,
but we should try harder to avoid intrdoucing new ones.
Hence, instead of adding two switches:
--foobar
--no-foobar
Let's instead use the syntax
--foobar
--foobar=yes
--foobar=no
Where the first two are equivalent. The boolean argument is parsed
following the usual rules.
Change all new negative switches this way.
This patch also properly aligns the --help table, so that single char
switches always get a column separate of the long switches.
|
|
|
|
|
|
|
|
|
|
Needed for the stdin case where it could otherwise end up being used
uninitialized.
|
|
|
|
|
|
|
|
else is proper UTF8
|
|
|
|
If a name was passed in as function argument, trust it, and don't do utf-8
encoding for them. Callers are obliged to check the names themselves, and
escape them in case they use anything they got from the outside world.
|
|
This is what we have done so far for all other time values, and hence we
should do this here. This indicates the default unit of time values
specified here, if they don't contain a unit.
|
|
|
|
|
|
As memfds are now created by proper kernel API, and not by our functions, we
can't rely on names being escaped/unescaped according to our current logic.
Thus, the only safe way is to remove the escaping and when reading names,
just escape names that are not properly encoded in UTF-8.
Also, remove assert(name) lines from the memfd creation functions, as we
explictly allow name to be NULL.
|
|
Now, that the memfd stuff is not exported anymore, we can simplify a few
things:
Use assert() instead of assert_return(), since this is used internally
only, and we should be less permissive then.
No need to pass an allocated fd back by call-by-reference, we can just
directly return it.
|
|
|
|
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec.
Needs more discussion on the mailing list.
|
|
UIDs/GIDs from
This way we can guarantee a limited amount of compatibility with
login.defs, by generate an appopriate "r" line out of it, on package
installation.
|
|
operstate
https://bugs.freedesktop.org/show_bug.cgi?id=81287
|
|
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
|
|
As the comment says, the passed in callback must always be invoked, or the underlying link
will hang. This was missed when reworking the code, so add it back in.
|
|
We are only guaranteed to stay in ENSLAVING state whilst enslaving by bridges/bonds, not
when adding stacked devices (as then the underlying device can be IFF_UP'ed and configured
in parallel), so drop these asserts.
|
|
|
|
|
|
|
|
|
|
|
|
Elements must be removed from the hashtable before they are freed.
|
|
|
|
in via stdin
This allows encoding users to create directly in %pre, which is
necessary so that files owned by the RPM can be assigned to the right
users/groups.
This new macro does create a redundancy, as user definitions for all
users that shall own files need to to be listed twice, once with this
new macro, and then secondly, in the sysusers file shipped with the
package. But there's little way around that, as the users of this type
need to exist before we install the first file, but we actually want to
ship the user information in a file.
|
|
|
|
|
|
users
This should resolve problems with tools like "grpck" and suchlike.
|
|
|
|
Mapping files as MAP_SHARED is handled by the kernel as 'writable'
mapping. Always! Even with PROT_READ. Reason for that is,
mprotect(PROT_WRITE) could change the mapping underneath and currently
there is no kernel infrastructure to add protection there. This might
change in the future, but until then, map sealed files as MAP_PRIVATE so
we don't get EPERM.
|
|
|
|
writable
https://bugs.freedesktop.org/show_bug.cgi?id=81169
|
|
|
|
Start jobs for Type=oneshot units are successful when the unit state
transition activating → inactive took place. In such a case all units
that BindsTo= on it previously would continue to run, even though the unit
they dependet on was actually already gone.
|
|
|
|
|
|
On systems without properly setup systemd, cg_get_root_path returns
-ENOENT. This means that busctl doesn't display much information.
busctl monitor also fails whenever it intercepts messages.
This fix fakes creates a fake "/" root cgroup which lets busctl work
on such systems.
|
|
Also, provide an example for -u.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=82721
|
|
|