Age | Commit message (Collapse) | Author |
|
Suggested-by: Russ Allbery <rra@debian.org>
|
|
|
|
Also properly free memory if list-unit-files --root=... is used.
|
|
|
|
|
|
gdm relies on the policy to deny its own requests to not deadlock. Given
that we currently do not enforce any policy in the dbus1 compat proxy
service this means that gdm will necessarily deadlock on our systems.
To work around this, enforce a fixed policy teomporarily, until we
interpret the legacy XML policy in full.
Booh, gdm, booh, for requring this and making me waste two days on
tracking this brokenness down.
|
|
|
|
Also s/filesystem/file system/ in a few places.
|
|
|
|
This is a recurring submission and includes corrections to:
- missing words, preposition choice.
- change of /lib to /usr/lib, because that is what most distros are
using as the system-wide location for systemd/udev files.
|
|
This is a recurring submission and includes corrections to:
comma placement.
|
|
This is a recurring submission and includes corrections to:
word omissions and word class choice.
|
|
|
|
|
|
|
|
|
|
This reverts commit c756a6d57cdb678b702c68913dae3e11ff0427ae.
|
|
This reverts commit cf5bccc2bb9569030cb04debbc4208aaca0fe5b4.
We should fix thinks properly if they aren't perfect, not just break
other things...
|
|
|
|
but let's make it available via "autogen.sh a"
|
|
Since this is a shortopt with an optional argument, assume the user
knows what they're doing. The longopts --boot and --this-boot will
continue to offer boot IDs as completions.
|
|
This flag shouldn't try and consume the following argument. It should
behave like every other flag which takes an optional argument when
parsed by getopt_long.
|
|
|
|
|
|
|
|
Even if the lower-leveld dbus1 protocol calls it "serial", let's expose
the word "cookie" for this instead, as this is what kdbus uses and since
it doesn't imply monotonicity the same way "serial" does.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
socket-activated services
|
|
Since 0c6f1f4ea49 the check was useless, because the kernel will
ever only write "partition" or "file" there.
OTOH, it is possible that "\\040(deleted)" (escaped " (deleted)")
will be added for removed files. This should not happen, so add
a warning to detect those cases.
|
|
Various operations done by systemd-tmpfiles may only be safely done at
boot (e.g. removal of X lockfiles in /tmp, creation of /run/nologin).
Other operations may be done at any point in time (e.g. setting the
ownership on /{run,var}/log/journal). This distinction is largely
orthogonal to the type of operation.
A new switch --unsafe is added, and operations which should only be
executed during bootup are marked with an exclamation mark in the
configuration files. systemd-tmpfiles.service is modified to use this
switch, and guards are added so it is hard to re-start it by mistake.
If we install a new version of systemd, we actually want to enforce
some changes to tmpfiles configuration immediately. This should now be
possible to do safely, so distribution packages can be modified to
execute the "safe" subset at package installation time.
/run/nologin creation is split out into a separate service, to make it
easy to override.
https://bugzilla.redhat.com/show_bug.cgi?id=1043212
https://bugzilla.redhat.com/show_bug.cgi?id=1045849
|
|
Condition for /lib (necessary for split /usr) was missing from the unit.
Some changes which were done in tmpfiles.d(5) were not carried over to
systemd-tmpfiles(1).
Also use markup where possible.
|
|
before parsing
|
|
to non-existing service
|
|
Also, don't show machine name by default as this might cause timeouts on
non-responding peers.
|
|
including it in the log strings
|
|
|
|
This allows userspace to fake kdbus creds via struct ucred in the proxy,
without making the recieving side choke on the missing fields of the
kdbus struct, more precisel pid_starttime and tid
|
|
Introduce new call getpeercred() which internally just uses SO_PEERCRED
but checks if the returned data is actually useful due to namespace
quirks.
|
|
|
|
|
|
|
|
|
|
Previously we invalidated the peeked signature as soon as the caller
would recurse into a container, making stack based handling difficult.
With this change we will keep the peeked signature around until the user
advances to the next field.
|
|
|
|
|