Age | Commit message (Collapse) | Author |
|
Wrong smack label of the symlink in CGROUP root directory when enabling '--with-smack-run-label' (v3)
|
|
Even though systemd has its own smack label since
'--with-smack-run-label' configuration is set, the smack label of each
CGROUP root directory should have the star (i.e. *) label. This is
mainly because current Linux Kernel set the label in this way.
(Refer to smack_d_instantiate() in security/smack/smack_lsm.c)
However, if systemd has its own smack label and arg_join_controllers is
explicitly set or initialized by initialize_join_controllers() function,
current systemd creates the symlink in CGROUP root directory with its
own smack label as below.
lrwxrwxrwx. 1 root root System 11 Dec 31 16:00 cpu -> cpu,cpuacct
dr-xr-xr-x. 4 root root * 0 Dec 31 16:01 cpu,cpuacct
lrwxrwxrwx. 1 root root System 11 Dec 31 16:00 cpuacct -> cpu,cpuacct
This patch fixes that bug by copying the smack label from the origin.
|
|
This adds a new mac_smack_copy() function in order to read the smack
label from the source and apply it to the destination.
|
|
|
|
cgroup fix, nspawn fix, plus change to download .nspawn files in importd
|
|
Coccinelle fixes
|
|
|
|
analyze: add alias handling for --{from,to}-pattern options of the dot command
|
|
Patch via coccinelle.
|
|
Turns this:
r = -errno;
log_error_errno(errno, "foo");
into this:
r = log_error_errno(errno, "foo");
and this:
r = log_error_errno(errno, "foo");
return r;
into this:
return log_error_errno(errno, "foo");
|
|
Turn this:
if ((r = foo()) < 0) { ...
into this:
r = foo();
if (r < 0) { ...
|
|
Replace this:
if (fd >= 0)
safe_close(fd);
by this:
safe_close(fd);
|
|
Replace this:
close(fd);
fd = -1;
write this:
fd = safe_close(fd);
|
|
This replaces this:
free(p);
p = NULL;
by this:
p = mfree(p);
Change generated using coccinelle. Semantic patch is added to the
sources.
|
|
udev: build by-path identifiers for ATA devices.
|
|
/dev/disk/by-path
total 0
lrwxrwxrwx. 1 root root 9 Sep 4 10:02 pci-0000:00:1f.2-ata-2 -> ../../sr0
lrwxrwxrwx. 1 root root 9 Sep 4 10:02 pci-0000:00:1f.2-ata-3 -> ../../sdd
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:00:1f.2-ata-3-part1 -> ../../sdd1
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:00:1f.2-ata-3-part2 -> ../../sdd2
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:00:1f.2-ata-3-part3 -> ../../sdd3
lrwxrwxrwx. 1 root root 9 Sep 4 10:02 pci-0000:03:00.0-ata-4 -> ../../sda
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:03:00.0-ata-4-part1 -> ../../sda1
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:03:00.0-ata-4-part2 -> ../../sda2
lrwxrwxrwx. 1 root root 9 Sep 4 10:02 pci-0000:08:00.0-ata-1 -> ../../sdc
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:08:00.0-ata-1-part1 -> ../../sdc1
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:08:00.0-ata-1-part2 -> ../../sdc2
|
|
gpt-auto: fix ESP options and description
|
|
Since 59512f21 the parameters were passed in the wrong order, causing the
options to be interpreted as the description.
Also, while "false" was supposed to be passed for "rw", the ESP should actually
be mounted read-write. It just happened to be "true" since the description char*
was passed for "rw".
|
|
|
|
the controller in the kernel
Follow-up to 5bf8002a3a6723ce50331c024122078552fb600a.
|
|
basic: rework virtualization detection API
|
|
This seems to be an oversight from:
707b66c66381c899d7ef640e158ffdd5bcff4deb
We have to return ENODATA instead of ENOENT if a requested entry is
non-present. Also fix the call-site in udev to check for these errors.
|
|
Bump version info and update NEWS for the upcoming release.
|
|
treewide: fix typos
|
|
sd-bus: pass container bus errors up to calling process
|
|
|
|
systemctl: add ConsistsOf as the inverse of PartOf
|
|
cgroup-util: fix devices controller
|
|
Commit efdb0237 accidentally changed the name of the "devices" cgroup
controller to "device".
|
|
Various nspawn fixes
|
|
|
|
|
|
|
|
We should really close all parent sides of our child/parent socket
pairs.
|
|
|
|
SOCK_DGRAM and SOCK_SEQPACKET have very similar semantics when used with
socketpair(). However, SOCK_SEQPACKET has the advantage of knowing a
hangup concept, since it is inherently connection-oriented.
Since we use socket pairs to communicate between the nspawn main process
and the nspawn child process, where the child might die abnormally it's
interesting to us to learn about this via hangups if the child side of
the pair is closed. Hence, let's switch to SOCK_SEQPACKET for these
internal communication sockets.
Fixes #956.
|
|
|
|
man: typo fixes
|
|
|
|
Now that we get useful error messages from sd-bus for container
connections, let's make use of this and report better errors back to
machined clients.
Fixes #685.
|
|
When forking of a child process for connecting to a container, pass
the preicse connection error to the calling process.
We already did this correctly for kdbus busses, let's do so for dbus1
busses, too.
|
|
nspawn: split up nspawn.c into multiple smaller .c files
|
|
Let's remove unnecessary inclusions, and order the list alphabetically
as suggested in CODING_STYLE now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|