Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
provides us with
|
|
This reverts commit b0f84d4d7832659f2216bda7a7cdf51f5e79c6eb.
get_creds_by_name() already translate the error nicely, we just need to
make use of it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Quoting from Jon Corbet's report of Stephen Hemminger's talk at Linux
Plumbers Conference 2014 (https://lwn.net/Articles/616241/):
[...] So Stephen encouraged everybody to run a command like:
sysctl -w net.core.default_qdisc=fq_codel
That will cause fq_codel to be used for all future connections
[Qdiscs apply to interfaces, not connections. Pointed out by TomH
in the article comments. -- mschmidt] (up to the next reboot).
Unfortunately, the default queuing discipline cannot be changed,
since it will certainly disturb some user's workload somewhere.
Let's have the recommended default in systemd.
Thanks to Dave Täht for advice and the summary at
https://lists.bufferbloat.net/pipermail/cerowrt-devel/2014-October/003701.html
|
|
kdbus.h now has KDBUS_ATTACH_COMM split into KDBUS_ATTACH_TID_COMM and
KDBUS_ATTACH_PID_COMM. The items were split already, so the change in
systemd is easy.
|
|
|
|
In kdbus.h, the 'features' field has been dropped again. Instead of
negotiating features that way, we decided to make the kernel return the
set of supported flags in each ioctl struct's .flags field, in both the
success and error cases.
|
|
Without the socket open we are going to crash and burn. If for
whatever reason we fail during deserialization we will fail when
trying to open the socket. In this case it is better to unlink the old
socket and maybe lose some messages, than to continue without the
notification socket.
Of course this situation should not happen, but we should handle
it as gracefully as possible anyway.
https://bugzilla.redhat.com/show_bug.cgi?id=1099299
|
|
If we failed to parse something that we wrote ourselves,
things are seriously off. This is also likely to lead to
problems futher on.
|
|
Leaving the old root around seems better than aborting the
switch.
|
|
Commit 864e17068 ("nspawn: actually allow access to /dev/net/tun in the
container") added "/dev/net/tun" to the list of allowed devices but forgot
to tweak the array length, which caused "/dev/kdbus/*" to be missed.
|
|
|
|
It was only used in readahead.
|
|
Also, extend the printed warning a bit, explaining the situation more
verbosely.
|
|
|
|
|
|
Also, allow using --no-ask-password to turn off ineractive polkit
authorization.
|
|
If we don't have privileges to setup the namespaces then we are most likely
running inside some sort of unprivileged container, hence not being able to
create namespace is not a problem because spawned service can't access host
system anyway.
|
|
This reverts commit 1a2409e262da65a4b0ca8ab18fcf5eabd2d404ca.
Support from the kdbus interface was removed. We require
memfds to be supported by all clients.
|
|
Change-Id: I64f7c6b446f6d92057c35cc3d4e29bd2bad8f75b
|
|
|
|
|
|
|
|
|
|
Before returning from function we should reset ret to NULL, thus cleanup
function is nop.
Also context_str() returns pointer to a string containing context but not a
copy, hence we must make copy it explicitly.
|
|
|
|
|
|
Templates can be [re]enabled, on their own if the have DefaultInstance set,
and with an instance suffix in all cases. Propose just the template name
ending in @, to underline the instance suffix may have to be appended.
Likewise for start/restart.
This means that sometimes superflous units that one will not really
want to operate on will be proposed, but this seems better than
proposing a very incomplete set of names.
https://bugs.freedesktop.org/show_bug.cgi?id=66912
|
|
Units which not loaded were not proposed properly. OTOH, we should
filter units from get-unit-files by their state if they are currently
loaded. Bring zsh completions in line with bash completion, the same
logic should be used in both implementations.
https://bugzilla.redhat.com/show_bug.cgi?id=1024379
https://bugzilla.redhat.com/show_bug.cgi?id=790768
https://bugs.freedesktop.org/show_bug.cgi?id=84720
|
|
|
|
kdbus learned KDBUS_HELLO_ACCEPT_MEMFD as new connection negotiation
flag. Set it by default in systemd for now.
|
|
'GetConnectionUnixProcessID', 'GetConnectionUnixUser' and
'GetConnectionSELinuxSecurityContext' methods should return
'NameHasNoOwner' error (if chosen name is not available on bus)
with more detailed description - like dbus-1:
Could not get PID of name 'org.freedesktop.test': no such name.
Could not get UID of name 'org.freedesktop.test': no such name.
Could not get security context of name 'org.freedesktop.test': no such name.
Otherwise we have only laconic message without proper dbus error:
Error System.Error.ENXIO: No such device or address
|
|
Reader_close() asserts that 'args' is always NULL, but the __exit__
function forwards a non-NULL args.
|
|
Under an SELinux system, we want the file that is created to
have a proper context, different from the default for files in /run.
This is so that the policy can give access to almost everyone to
this file.
|
|
manager_write_resolv_conf() is quite long anyway.
|
|
|
|
|
|
polkit policy
|
|
|
|
rather than ".service" by default
After all, we set AllowIsolate exclusively for target units so far, and
this is more or less the only thing tht makes sense, hence also use
".target" as completion suffix by default.
|
|
All other static tables we placed next to the functions that access
them, so let's do this for the unit action table too.
|