Age | Commit message (Collapse) | Author |
|
|
|
The key used to be jammed next to the local file path. Based on the format string on line 1675, I determined that the order of arguments was written incorrectly, and updated the function based on that assumption.
Before:
```
Please write down the following secret verification key. It should be stored
at a safe location and should not be saved locally on disk.
/var/log/journal/9b47c1a5b339412887a197b7654673a7/fss8f66d6-f0a998-f782d0-1fe522/18fdb8-35a4e900
The sealing key is automatically changed every 15min.
```
After:
```
Please write down the following secret verification key. It should be stored
at a safe location and should not be saved locally on disk.
d53ed4-cc43d6-284e10-8f0324/18fdb8-35a4e900
The sealing key is automatically changed every 15min.
```
|
|
|
|
|
|
condition: ignore nanoseconds in timestamps for ConditionNeedsUpdate=
Fixes #4130.
|
|
When a docker container is confined with AppArmor [1] and happens to run
on top of a kernel that supports mount mediation [2], e.g. any Ubuntu
kernel, mount(2) returns EACCES instead of EPERM. This then leads to:
systemd-logind[33]: Failed to mount per-user tmpfs directory /run/user/1000: Permission denied
login[42]: pam_systemd(login:session): Failed to create session: Access denied
and user sessions don't start.
This also applies to selinux that too returns EACCES on mount denial.
[1] https://github.com/docker/docker/blob/master/docs/security/apparmor.md#understand-the-policies
[2] http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/kernel-patches/4.7/0025-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch
|
|
|
|
|
|
networkd: trivial fixes
|
|
|
|
|
|
|
|
|
|
|
|
to prevent false-positives
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=90192 and #4130
for real. Also, remove timestamp check in update-done.c altogether since
the whole operation is idempotent.
|
|
|
|
|
|
|
|
1. add support for kind vcan
2. fixup indention netlink-types.c, networkd-netdev.c
|
|
Strerror removal and other janitorial cleanups
|
|
Will be used by rpm-ostree (and likely lorax) to suppress
RPM->kernel->%posttrans->dracut runs, and basically everything
else this script is doing.
I'll also likely change the `kernel.spec` to respect this as well.
|
|
This does not include the description of the mixed v1/v2 mode, but
everything important apart from that should be covered.
|
|
|
|
We were already unconditionally using the unicode character when the
input string was not pure ASCII, leading to different behaviour in
depending on the input string.
systemd[1]: Starting printit.service.
python3[19962]: foooooooooooooooooooooooooooooooooooo…oooo
python3[19964]: fooąęoooooooooooooooooooooooooooooooo…oooo
python3[19966]: fooąęoooooooooooooooooooooooooooooooo…ąęąę
python3[19968]: fooąęoooooooooooooooooąęąęąęąęąęąęąęą…ąęąę
systemd[1]: Started printit.service.
|
|
I believe the remaining call sites are legitimate uses which cannot be
easily replaced with %m.
|
|
|
|
sd_bus_error_set_errnof supports %m, so there's no need to call
strerror manually.
|
|
|
|
It's prone to error and annoying to have to add it manually. It was
missing from a few places.
|
|
errno value is not protected (it is undefined after this function returns).
Various mhd_* functions are not documented to protect errno, so this could not
guaranteed anyway.
|
|
|
|
|
|
According to its manual page, flags given to mkostemp(3) shouldn't include
O_RDWR, O_CREAT or O_EXCL flags as these are always included. Beyond
those, the only flag that all callers (except a few tests where it
probably doesn't matter) use is O_CLOEXEC, so set that unconditionally.
|
|
This parser will also be used in libinput, which uses the MIT license, so
relicense this file to the more permissive license to make bidirectional code
flow easier. parse_hwdb.py is only useful during building of the project, and
is not part of the installation, so effectively both licenses are very similar.
In particular, the licensing of binary packages produced by systemd is not
influenced in any way, because the MIT licensed part is not installed.
|
|
Like many other recent thinkpads the factory default pointingstick
sensitivity on these devices is quite low, making the pointingstick
very slow in moving the cursor.
This extends the existing hwdb rules for tweaking the sensitivity to
also apply to the X1 Tablet models.
Signed-off-by: Dennis Wassenberg <dennis.wassenberg@secunet.com>
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1374371
When root was empty or equal to "/", chroot_symlinks_same was called with
root==NULL, and strjoina returned "", so the code thought both paths are equal
even if they were not. Fix that by always providing a non-null first argument
to strjoina.
|
|
A follow-up for #3818 (992e8f2).
|
|
Drop more kdbus functionality
|
|
Previous fix didn't consider handling multiple ExecStop commands.
|
|
One trailing dot is valid, but more than one isn't. This also fixes glibc's
posix/tst-getaddrinfo5 test.
Fixes #3978.
|
|
If the unit is in the dbus queue when it is removed then the last change
signal is never sent. Fix this by checking the dbus queue and explicitly
send the change signal before sending the remove signal.
|
|
|
|
|
|
|
|
ENOTCONN may be a legitimate return code if the endpoint disappeared,
but the service should still attempt to shutdown cleanly.
|
|
|
|
seccomp: also detect if seccomp filtering is available
|
|
|
|
Fail hard if SECCOMP was detected but could not be installed
|
|
In https://github.com/systemd/systemd/pull/4004 , a runtime detection
method for seccomp was added. However, it does not detect the case
where CONFIG_SECCOMP=y but CONFIG_SECCOMP_FILTER=n. This is possible
if the architecture does not support filtering yet.
Add a check for that case too.
While at it, change get_proc_field usage to use PR_GET_SECCOMP prctl,
as that should save a few system calls and (unnecessary) allocations.
Previously, reading of /proc/self/stat was done as recommended by
prctl(2) as safer. However, given that we need to do the prctl call
anyway, lets skip opening, reading and parsing the file.
Code for checking inspired by
https://outflux.net/teach-seccomp/autodetect.html
|