Age | Commit message (Collapse) | Author |
|
|
|
|
|
If for whatever reason the file system is "corrupted", we want
to be resilient and ignore the error, as long as we can load the units
from a different place.
Arch bug https://bugs.archlinux.org/task/49547.
A user had an ntfs symlink (essentially a file) instead of a directory after
restoring from backup. We should just ignore that like we would treat a missing
directory, for general resiliency.
We should treat permission errors similarly. For example an unreadable
/usr/local/lib directory would prevent (user) instances of systemd from
loading any units. It seems better to continue.
|
|
buffer (#3541)
Calling recv with a NULL buffer returns EFAULT instead of EOPNOTSUPP on
older kernels (3.14).
Fixes #3407
Signed-off-by: Kai Ruhnau <kai.ruhnau@target-sg.com>
|
|
three resolved fixes
|
|
Super-important change, yeah!
|
|
This reworks get_process_cmdline() quite substantially, fixing the following:
- Fixes:
https://github.com/systemd/systemd/pull/3512/commits/a4e3bf4d7ac2de51191ce136ee9361ba319e106c#r66837630
- The passed max_length is also applied to the "comm" name, if comm_fallback is
set.
- The right thing happens if max_length == 1 is specified
- when the cmdline "foobar" is abbreviated to 6 characters the result is not
"foobar" instead of "foo...".
- trailing whitespace are removed before the ... suffix is appended. The 7
character abbreviation of "foo barz" is hence "foo..." instead of "foo ...".
- leading whitespace are suppressed from the cmdline
- a comprehensive test case is added
|
|
Udevadm man fix
|
|
When we get a literal IP address as string that includes a zone suffix, process
this properly and return the parsed ifindex back to the client, and include it
in the canonical name in case of a link-local IP address.
|
|
Previously, after checking the local zone for a reply and finding one we'd not
initialize the answer ifindex from that. Let's fix that.
|
|
We can reuse some code here, so let's do it.
|
|
-x never worked, so let's just correct the man page.
Fixes #3524.
|
|
|
|
fixes #3298
|
|
Systemctl fixes
|
|
When unit is marked as UNSURE, we are trying to find if it state was
changed over and over again. So lets not go through the UNSURE states
again. Also when we find a GOOD unit lets propagate the GOOD state to
all units that this unit reference.
This is a problem on machines with a lot of initscripts with different
starting priority, since those units will reference each other and the
original algorithm might get to n! complexity.
Thanks HATAYAMA Daisuke for the expand_good_state code.
|
|
notifications (#3531)
Fixes: #3483
|
|
Fix issue where IN6_ADDR_GEN_MODE_STABLE_PRIVACY is undefined but
IFLA_INET6_ADDR_GEN_MODE is defined and thus the former does not get
fixed in missing.h. This occurs with kernel headers new enough to have
the IFLA_INET6_ADDR_GEN_MODE but old enough to not yet have
IN6_ADDR_GEN_MODE_STABLE_PRIVACY (e.g. 3.18).
|
|
This reworks "systemctl status" and "systemctl show" a bit. It removes the
definition of the `property_info` structure, because we can simply reuse the
existing UnitStatusInfo type for that.
The "could not be found" message is now printed by show_one() itself (and not
its caller), so that it is shown regardless by who the function is called.
(This makes it necessary to pass the unit name to the function.)
This also adds all properties found to a set, and then checks if any of the
properties passed via "--property=" is mising in it, if so, a proper error is
generated.
Support for checking the PID file of a unit is removed, as this cannot be done
reasonably client side (since the systemd instance we are talking to might sit
on another host)
Replaces: #3411
Fixes: #3425
Also see: #3504
|
|
|
|
|
|
hwdb: update UEFI/ACPI/PNP/EISA/EDID database from UEFI web site
|
|
Syscall filter fixes, tighter nspawn seccomp sandbox by default
|
|
Typing `rd.rescue` is easier than `rd.systemd.unit=rescue.target`.
|
|
More verbose logging in localed, unit tests, and a few tweaks to keymap conversions
|
|
Let's block access to the kernel keyring and a number of obsolete system calls.
Also, update list of syscalls that may alter the system clock, and do raw IO
access. Filter ptrace() if CAP_SYS_PTRACE is not passed to the container and
acct() if CAP_SYS_PACCT is not passed.
This also changes things so that kexec(), some profiling calls, the swap calls
and quotactl() is never available to containers, not even if CAP_SYS_ADMIN is
passed. After all we currently permit CAP_SYS_ADMIN to containers by default,
but these calls should not be available, even then.
|
|
Take away kernel keyring access, CPU emulation system calls and various debug
system calls from the various daemons we have.
|
|
This adds three new seccomp syscall groups: @keyring for kernel keyring access,
@cpu-emulation for CPU emulation features, for exampe vm86() for dosemu and
suchlike, and @debug for ptrace() and related calls.
Also, the @clock group is updated with more syscalls that alter the system
clock. capset() is added to @privileged, and pciconfig_iobase() is added to
@raw-io.
Finally, @obsolete is a cleaned up. A number of syscalls that never existed on
Linux and have no number assigned on any architecture are removed, as they only
exist in the man pages and other operating sytems, but not in code at all.
create_module() is moved from @module to @obsolete, as it is an obsolete system
call. mem_getpolicy() is removed from the @obsolete list, as it is not
obsolete, but simply a NUMA API.
|
|
|
|
|
|
Follow-up for #3502.
|
|
Add RELEASE.md
|
|
Enhance test-process-util to take the PID to look at
|
|
Not every link has kind associated with it.
(gdb) r
Starting program: /home/sus/tt/systemd/systemd-networkd
Missing separate debuginfos, use: dnf debuginfo-install
glibc-2.23.1-7.fc24.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
vboxnet0: Gained IPv6LL
wlp3s0: Gained IPv6LL
enp0s25: Gained IPv6LL
Enumeration completed
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6e27ade in __strcmp_sse2_unaligned () from /lib64/libc.so.6
(gdb) bt
src/network/networkd-link.c:2008
src/network/networkd-link.c:2059
src/network/networkd-link.c:2442
m=0x555555704a30, userdata=0x55555570bfe0) at src/network/networkd-link.c:2497
at src/libsystemd/sd-netlink/sd-netlink.c:347
src/libsystemd/sd-netlink/sd-netlink.c:402
src/libsystemd/sd-netlink/sd-netlink.c:432
userdata=0x5555556f7470) at src/libsystemd/sd-netlink/sd-netlink.c:739
src/libsystemd/sd-event/sd-event.c:2275
src/libsystemd/sd-event/sd-event.c:2626
timeout=18446744073709551615) at src/libsystemd/sd-event/sd-event.c:2685
bus=0x5555556f9af0, name=0x555555692315 "org.freedesktop.network1",
timeout=30000000,
check_idle=0x55555556ac84 <manager_check_idle>, userdata=0x5555556f6b20) at
src/shared/bus-util.c:134
src/network/networkd-manager.c:1128
src/network/networkd.c:127
(gdb) f 1
src/network/networkd-link.c:2008
2008 if (link->network->bridge || streq("bridge", link->kind)) {
(gdb) p link->kind
$1 = 0x0
|
|
safe_atou32 (#3522)
|
|
Move the merger of environment variables before setting up the PAM
session and pass the aggregate environment to PAM setup. This allows
control over the PAM session hooks through environment variables.
PAM session initiation may update the environment. On successful
initiation of a PAM session, we adopt the environment of the
PAM context.
|
|
... as well as halt/poweroff/kexec/suspend/hibernate/hybrid-sleep.
Running those commands will fail in user mode, but we try to set the wall
message first, which might even succeed for privileged users. Best to nip
the whole sequence in the bud.
https://github.com/systemd/systemd/pull/3453#issuecomment-225455156
|
|
I put it in .github, so it doesn't stand out too much; after all
it's not interesting to most people.
|
|
|
|
GitHub displays this file poorly, because it preserves the newlines.
Let's try how things look without any wrapping.
|
|
Our functions that query /proc/pid/ support using pid==0 to mean
self. get_process_id also seemed to support that, but it was not implemented
correctly: the result should be in *uid, not returned, and also it gave
completely bogus result when called from get_process_gid(). But afaict,
get_process_{uid,gid} were never called with pid==0, so it's not an actual
bug. Remove the broken code to avoid confusion.
|
|
This makes it easy to test the query code on "ssh localhost"
and similar.
|
|
This fixes a bunch of copy&paste errors in the output.
|
|
If max_length is equal or greater than cmdline length all trailing non-printable
characters are dropped. If max_length is 0 it should do the same.
This should also fix cmdline truncation if the last character is not '\0'.
Fixes #3469.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=96225
and specifically the tech specs here:
http://support.logitech.com/en_us/product/corded-mouse-m500
|
|
resolved: allow clients request cache flushes
|
|
Fixes #3353.
|
|
use config_parse_vlanid to parse vlan for BridgeFDB entries
|
|
cleanup minor nitpicks mentioned in #3428
|
|
|