Age | Commit message (Collapse) | Author |
|
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_mls_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
|
|
Also modernize a few other things and add comments to explain CID #1237503
and CID #1237504.
|
|
Found by coverity. Fixes: CID#1237512
|
|
|
|
|
|
TIOCSIG is linux specific, so include the linux ioctl header to make sure
it's defined. We currently rely on some rather non-obvious recursive
includes. Make sure its always defined regardless of the system headers.
|
|
c > 0 is already guaranteed from earlier checks.
We go from
ms = ALIGN(l+1) +
sizeof(char*) +
(c > 0 ? c : 1) * ALIGN(alen) +
(c > 0 ? c+1 : 2) * sizeof(char*);
to
ms = ALIGN(l+1) +
sizeof(char*) +
c * ALIGN(alen) +
(c+1) * sizeof(char*);
to
ms = ALIGN(l+1) + c * ALIGN(alen) + (c+2) * sizeof(char*);
Found by coverity. Fixes: CID#1237570 and CID#1237610
|
|
Fonud by Coverity. Fixes CID #1237534.
|
|
|
|
Spotted by Andreas Henriksson.
|
|
No functional change.
Found by Coverity. Fixes CID #1237533.
|
|
No functional change, just log the warning.
Fonud by Coverity. Fixes CID #1237544.
|
|
Fonud by Coverity. Fixes CID #996255.
|
|
One reported by Coverity. Fixes CID #996252.
|
|
Found by Coverity. Fixes CID #1238780.
|
|
Handle sd_event_default returning error and bail out properly
as done in every other caller of this function.
Found by coverity. Fixes: CID#1238957
|
|
Gcc is spewing some warnings about uninitialized variables.
Let's get rid of the noise.
|
|
Gcc is spewing some warnings about uninitialized variables.
Let's get rid of the noise.
|
|
When compiling we see this curl warning popping up:
src/journal-remote/journal-upload.c:194:17: warning: call to
‘_curl_easy_setopt_err_error_buffer’ declared with attribute
warning: curl_easy_setopt expects a char buffer of CURL_ERROR_SIZE
as argument for this option [enabled by default]
This patch removes the warning (which occurs twice).
|
|
|
|
|
|
|
|
|
|
There is a very unlikely case where this can happen since gcc usually
does the sane thing. But let's make sure found_last is initialized anyway.
Fixes: CID#996386
|
|
This sentence can be misread to mean that "\x20" is the escape code for
"-" which is the only character explicitly mentioned. This lead to at
least one user loosing hair over why a mount unit for "/foo/bar-baz"
didn't work. The example escape is arbitrary so lets prevent hair loss.
|
|
If a device does not have a major/minor number attached, we use different
database names than if it does. On "change" events, we didn't copy the
devnum over, therefore, we used different paths than on 'add' or 'remove'
events (where devnum was properly copied).
Fix this by always copying the devnum into the udev-device.
(David: added commit-log from email)
|
|
We always use "int" if we retrieve boolean values from sd-bus, as "bool"
is only a single byte, but full int on va-args.
Thanks to Werner Fink for the report!
|
|
Found by Coverity. Fixes CID #1237746.
|
|
The function still succeeds, so there is no functional change. This fixes CID #996288.
|
|
|
|
(no API/ABI break this time)
|
|
..by simply moving the declaration of "unit" into the STRV_FOREACH
loop as suggested by Andreas.
|
|
|
|
Just test if hashmap_get returns null. hashmap_contains does exactly
same thing internally so this is slightly more efficient for the true
case.
Silences a coverity warning too. CID#1237648
|
|
|
|
Check memory allocation. Found by Coverity.
Fixes CID #1237644.
|
|
|
|
This fixes CID #1237641.
|
|
|
|
ifindex < 0 was already checked before entering the loop
Found by coverity. Fixes: CID#1237609
|
|
If the file is found to be empty, we exit early without closing the file first.
Found by coverity. Fixes CID #1237759.
|
|
Otherwise we would get a nullptr dereference later on.
Found by coverity. Fixes CID #1237655.
|
|
Found by coverity. CID #1237529 and #1237528.
|
|
If we call into user callbacks, we must always propagate possible errors.
Fix bus_node_exists() to do that and adjust the callers (which already
partially propagated the error).
Also speed up that function by first checking for registered enumerators
and/or object-managers.
|
|
The dbus-spec clearly specifies that GetManagedObjects() should only work
on the root-path of an object-tree. But on that path, it works regardless
whether there are any objects available or not.
We could, technically, define all sub-paths as a root-path of its own
sub-tree. However, if we do that, we enter undefined territory:
Imagine only a fallback vtable is registered. We want
GetManagedObjects() to *NOT* fail with UNKNOWN_METHOD if it is called
on a valid sub-tree of the fallback. On the other hand, we don't want
it to work on arbitrary sub-tree. Something like:
/path/to/fallback/foobar/foobar/foobar/invalid/foobar
should not work.
However, there is no way to know which paths on a fallback are valid
without looking at there registered objects. If no objects are
registered, we have no way to figure it out.
Therefore, we now try to follow the dbus spec by only returning valid data
on registered root-paths. We treat each path as root which was registered
an object-manager on via add_object_manager(). So applications can now
directly control which paths to place an object-manager on.
We also fix the introspection to not return object-manager interfaces on
non-root paths.
Also fixes some dead-code paths initially reported by Philippe De Swert.
|
|
Currently, we save arguments passed as --prefix directly and compare them
later to absolute sysctl file-system paths. That is, you are required to
specify arguments to --prefix with leading /proc/sys/. This is kinda
uselesss. Furthermore, we replace dots by slashes in the name, which makes
it impossible to match on specific sysfs paths that have dots in their
name (like netdev names). The intention of this argument is clear, but it
never worked as expected.
This patch modifies --prefix to accept any kind of sysctl paths. It
supports paths prefixed with /proc/sys for compatibility (but drops the
erroneous dot->slash conversion), but instead applies normalize_sysctl()
which turns any name or path into a proper path. It then appends
/proc/sys/ so we can properly use it in matches.
Thanks to Jan Synacek <jsynacek@redhat.com> for catching this!
|
|
We only break out of the previous loop if fd >= 0 so there is no
use in checking it again.
Found by coverity. Fixes: CID#1237577
|
|
We only reject evdev FDs that are O_WRONLY as they're currently pretty
useless. The following check for O_WRONLY is thus never excercised so drop
it.
Thanks to Thomas Andersen (via coverity)!
|
|
We check the actual contents of the file on the line after but we
might as well also check the number of bytes read here.
Found by coverity. Fixes: CID#1237521
|
|
The recently allocated "printed" is not freed on error path.
Found by coverity. Fixes: CID#1237745
|