Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-03-10 | Merge pull request #2819 from bachradsusi/mac_selinux_bind-do-not-rely-on-errno | Daniel Mack | |
socket_address_listen - do not rely on errno | |||
2016-03-10 | socket_address_listen - do not rely on errno | Petr Lautrbach | |
Currently socket_address_listen() calls mac_selinux_bind() to bind a UNIX socket and checks its return value and errno for EADDRINUSE. This is not correct. When there's an SELinux context change made for the new socket, bind() is not the last function called in mac_selinux_bind(). In that case the last call is setfscreatecon() from libselinux which can change errno as it uses access() to check if /proc/thread-self is available. It fails on kernels before 3.17 and errno is set to ENOENT. It's safe to check only the return value at it's set to -errno. | |||
2016-03-09 | Merge pull request #2792 from ronnychevalier/rc/tests_movev2 | Zbigniew Jędrzejewski-Szmek | |
tests: move out unrelated tests from test-util to their own file | |||
2016-03-09 | Merge pull request #2816 from rhatdan/selinux | Zbigniew Jędrzejewski-Szmek | |
/dev/console must be labeled with SELinux label in containers | |||
2016-03-09 | Merge pull request #2793 from fbuihuu/fstab-generator-automount-option | Zbigniew Jędrzejewski-Szmek | |
fstab-generator: fix automounts to not mount automatically | |||
2016-03-09 | Merge pull request #2755 from keszybz/more-tests | Martin Pitt | |
Enable more tests by default, and even more with `--enable-tests=unsafe` | |||
2016-03-09 | /dev/console must be labeled with SELinux label | Dan Walsh | |
If the user specifies an selinux_apifs_context all content created in the container including /dev/console should use this label. Currently when this uses the default label it gets labeled user_devpts_t, which would require us to write a policy allowing container processes to manage user_devpts_t. This means that an escaped process would be allowed to attack all users terminals as well as other container terminals. Changing the label to match the apifs_context, means the processes would only be allowed to manage their specific tty. This change fixes a problem preventing RKT containers from working with systemd-nspawn. | |||
2016-03-07 | Merge pull request #2768 from benjarobin/fix-2718 | Daniel Mack | |
systemctl: Replace check_one_unit() by get_state_one_unit() | |||
2016-03-06 | Merge pull request #2803 from 0xAX/lacess-tree-wide | Ronny Chevalier | |
firstboot: use laccess macro instead of facessat() | |||
2016-03-06 | firstboot: use laccess macro instead of facessat() | Alexander Kuleshov | |
2016-03-05 | README: bump kernel version to 3.12 | Zbigniew Jędrzejewski-Szmek | |
It is required for %P is sysctl kernel.core_pattern. Fixes #2800. | |||
2016-03-05 | Merge pull request #2791 from 0xAX/clear-flag-macro | Zbigniew Jędrzejewski-Szmek | |
tree-wide: use SET_FLAG() macro to make code more clear | |||
2016-03-05 | Merge pull request #2795 from jhol/replace-irreversibly-on-failure | Zbigniew Jędrzejewski-Szmek | |
core/failure-action: set job-modes to replace-irreversibly | |||
2016-03-05 | Merge pull request #2801 from ronnychevalier/rc/systemctl_error_msg | Zbigniew Jędrzejewski-Szmek | |
systemctl: improve error message when starting a unit failed | |||
2016-03-05 | tree-wide: use SET_FLAG() macro to make code more clear | Alexander Kuleshov | |
2016-03-05 | systemctl: improve error message when starting a unit failed | Ronny Chevalier | |
Fixes #2798 | |||
2016-03-04 | test-compress-benchmark: skip loop iteration if size is 0 | Zbigniew Jędrzejewski-Szmek | |
Otherwise we would hit an assert in the compression code. | |||
2016-03-04 | test-selinux: use yes_no() and strnull() | Zbigniew Jędrzejewski-Szmek | |
2016-03-04 | networkctl: avoid reading past end of input buffer | Zbigniew Jędrzejewski-Szmek | |
name is IFNAMSIZ bytes, but we would copy sizeof(info->name) bytes, which is IFNAMSIZ + 1. In effect we would go outside of the source buffer and possibly leave a non-null terminated string in info->name. CID #1351754. | |||
2016-03-04 | networkctl: use ETHER_ADDR_NULL in one more place | Zbigniew Jędrzejewski-Szmek | |
2016-03-04 | lldp: fix memleak | Zbigniew Jędrzejewski-Szmek | |
in_addr_to_string returned 0, which was treated as error by the calling code, which expects 1 on success. CID #1351757, #1351758. | |||
2016-03-04 | test-journal-enum: enable by default | Zbigniew Jędrzejewski-Szmek | |
It will get at most ten values, I don't know why we wouldn't always run this test. | |||
2016-03-04 | test-libudev: disable monitor mode by default and add to automatic tests | Zbigniew Jędrzejewski-Szmek | |
2016-03-04 | test-libudev: modernization | Zbigniew Jędrzejewski-Szmek | |
2016-03-04 | build-sys: ignore Python 2 bytecode files | Zbigniew Jędrzejewski-Szmek | |
We ignored __pycache__ which works for Python 3, but the rule for Python 2 got lost somehow. | |||
2016-03-04 | Enable test-ipcrm, test-hostname in unsafe tests | Zbigniew Jędrzejewski-Szmek | |
2016-03-04 | Enable test-daemon, test-log, test-watchdog by default | Zbigniew Jędrzejewski-Szmek | |
Those should be safe to run, resulting in some messages in logs. | |||
2016-03-04 | shared/acpi-fpdt: use ENODATA for missing data and skip test | Zbigniew Jędrzejewski-Szmek | |
This data is simply missing on non-UEFI systems, and it is useful to distinguish that from corrupted data. | |||
2016-03-04 | Rename test-boot-timestamp to test-boot-timestamps and enable by default | Zbigniew Jędrzejewski-Szmek | |
The source file name and the binary name were mismatched. Rename binary to match. Make the test exit with TEST_SKIP if the data is missing or we have no permissions. Otherwise, the data will be printed, which should be safe to enable by default. | |||
2016-03-04 | Move test-loopback to normal tests | Zbigniew Jędrzejewski-Szmek | |
In the normal case lo should be already configured and this should be a noop, even when run under root. | |||
2016-03-04 | fstab-generator: fix automount option and don't start associated mount unit ↵ | Franck Bui | |
at boot Without this patch applied the mount unit with 'automount' option was still pulled by local-fs.target and thus was activated during the boot process which defeats the purpose of the 'automount' option: $ grep /mnt /etc/fstab /dev/vdb1 /mnt ext2 defaults,x-systemd.automount 0 0 $ reboot ... $ mount | grep mnt systemd-1 on /mnt type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct) /dev/vdb1 on /mnt type ext2 (rw,relatime) $ systemctl status mnt.mount | grep Active Active: active (mounted) since Thu 2016-03-03 21:36:22 CET; 42s ago With the patch applied: $ reboot ... $ mount | grep mnt systemd-1 on /mnt type autofs (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct) $ systemctl status mnt.mount | grep Active Active: inactive (dead) $ ls /mnt lost+found $ systemctl status mnt.mount | grep Active Active: active (mounted) since Thu 2016-03-03 21:47:32 CET; 4s ago | |||
2016-03-04 | core/failure-action: Set job-modes to replace-irreversibly | Joel Holdsworth | |
Up until now, the failure action has launched reboot.target and poweroff.target with a less aggressive job mode than "systemctl reboot" does. This has meant that the reboot and power- off operations can stall if there are any conflicts with the target during rebooting. | |||
2016-03-03 | test-util: remove now unused includes | Ronny Chevalier | |
2016-03-03 | tests: move xattr-util related tests to test-xattr-util.c | Ronny Chevalier | |
2016-03-03 | tests: move glob-util related tests to test-glob-util.c | Ronny Chevalier | |
2016-03-03 | tests: move io-util related tests to test-io-util | Ronny Chevalier | |
2016-03-03 | tests: move proc-cmdline related tests to test-proc-cmdline.c | Ronny Chevalier | |
2016-03-03 | tests: move fstab-util related tests to test-fstab-util.c | Ronny Chevalier | |
2016-03-03 | tests: move fs-util related tests to test-fs-util.c | Ronny Chevalier | |
2016-03-03 | tests: move conf-parser related tests to test-conf-parser.c | Ronny Chevalier | |
2016-03-03 | tests: move fd-util related tests to test-fd-util.c | Ronny Chevalier | |
2016-03-03 | tests: move user-util related tests to test-user-util.c | Ronny Chevalier | |
2016-03-03 | tests: move path-util related tests to test-path-util.c | Ronny Chevalier | |
2016-03-03 | tests: move fileio related tests to test-fileio.c | Ronny Chevalier | |
2016-03-03 | tests: move stat-util related tests to test-stat-util.c | Ronny Chevalier | |
2016-03-03 | tests: move signal-util related tests to test-signal-util.c | Ronny Chevalier | |
2016-03-03 | tests: move cpu-set-util related tests to test-cpu-set-util.c | Ronny Chevalier | |
2016-03-03 | tests: move web-util related tests to test-web-util.c | Ronny Chevalier | |
2016-03-03 | tests: move alloc related tests to test-alloc-util.c | Ronny Chevalier | |
2016-03-03 | tests: move escape related tests to test-escape.c | Ronny Chevalier | |