Age | Commit message (Collapse) | Author |
|
DHCP DUID and IAID configurability
|
|
test-ipcrm: fix log message
|
|
socket_address_listen - do not rely on errno
|
|
|
|
Currently socket_address_listen() calls mac_selinux_bind() to bind a UNIX
socket and checks its return value and errno for EADDRINUSE. This is not
correct. When there's an SELinux context change made for the new socket,
bind() is not the last function called in mac_selinux_bind(). In that
case the last call is setfscreatecon() from libselinux which can change
errno as it uses access() to check if /proc/thread-self is available.
It fails on kernels before 3.17 and errno is set to ENOENT.
It's safe to check only the return value at it's set to -errno.
|
|
|
|
tests: move out unrelated tests from test-util to their own file
|
|
/dev/console must be labeled with SELinux label in containers
|
|
fstab-generator: fix automounts to not mount automatically
|
|
Enable more tests by default, and even more with `--enable-tests=unsafe`
|
|
If the user specifies an selinux_apifs_context all content created in
the container including /dev/console should use this label.
Currently when this uses the default label it gets labeled user_devpts_t,
which would require us to write a policy allowing container processes to
manage user_devpts_t. This means that an escaped process would be allowed
to attack all users terminals as well as other container terminals. Changing
the label to match the apifs_context, means the processes would only be allowed
to manage their specific tty.
This change fixes a problem preventing RKT containers from working with systemd-nspawn.
|
|
systemctl: Replace check_one_unit() by get_state_one_unit()
|
|
firstboot: use laccess macro instead of facessat()
|
|
|
|
It is required for %P is sysctl kernel.core_pattern.
Fixes #2800.
|
|
tree-wide: use SET_FLAG() macro to make code more clear
|
|
core/failure-action: set job-modes to replace-irreversibly
|
|
systemctl: improve error message when starting a unit failed
|
|
|
|
Fixes #2798
|
|
Otherwise we would hit an assert in the compression code.
|
|
|
|
name is IFNAMSIZ bytes, but we would copy sizeof(info->name) bytes,
which is IFNAMSIZ + 1. In effect we would go outside of the source
buffer and possibly leave a non-null terminated string in info->name.
CID #1351754.
|
|
|
|
in_addr_to_string returned 0, which was treated as error by the calling
code, which expects 1 on success.
CID #1351757, #1351758.
|
|
It will get at most ten values, I don't know why we wouldn't
always run this test.
|
|
|
|
|
|
We ignored __pycache__ which works for Python 3, but the rule
for Python 2 got lost somehow.
|
|
|
|
Those should be safe to run, resulting in some messages in logs.
|
|
This data is simply missing on non-UEFI systems, and it is useful
to distinguish that from corrupted data.
|
|
The source file name and the binary name were mismatched.
Rename binary to match.
Make the test exit with TEST_SKIP if the data is missing or we
have no permissions. Otherwise, the data will be printed, which
should be safe to enable by default.
|
|
In the normal case lo should be already configured and this should be
a noop, even when run under root.
|
|
at boot
Without this patch applied the mount unit with 'automount' option was still
pulled by local-fs.target and thus was activated during the boot process which
defeats the purpose of the 'automount' option:
$ grep /mnt /etc/fstab
/dev/vdb1 /mnt ext2 defaults,x-systemd.automount 0 0
$ reboot
...
$ mount | grep mnt
systemd-1 on /mnt type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
/dev/vdb1 on /mnt type ext2 (rw,relatime)
$ systemctl status mnt.mount | grep Active
Active: active (mounted) since Thu 2016-03-03 21:36:22 CET; 42s ago
With the patch applied:
$ reboot
...
$ mount | grep mnt
systemd-1 on /mnt type autofs (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
$ systemctl status mnt.mount | grep Active
Active: inactive (dead)
$ ls /mnt
lost+found
$ systemctl status mnt.mount | grep Active
Active: active (mounted) since Thu 2016-03-03 21:47:32 CET; 4s ago
|
|
Up until now, the failure action has launched reboot.target and
poweroff.target with a less aggressive job mode than
"systemctl reboot" does. This has meant that the reboot and power-
off operations can stall if there are any conflicts with the target
during rebooting.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|