Age | Commit message (Collapse) | Author |
|
If SMACK is enabled, 'smackfsroot=*' option should be specified when
/tmp is mounted since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.
In order to do that, 'SmackFileSystemRoot=*' is newly added into
tmp.mount.
|
|
This option specifies the label to assign the root of the file system if
it lacks the Smack extended attribute. Note that this option will be
ignored if kernel does not support the Smack feature by runtime
checking.
|
|
tmpfiles: simplify mountpoint detection
|
|
journal: s/Envalid/Invalid/
|
|
|
|
No functional change. Just a simplification. A || (!A && B) is
the same as A || B
Introduced in 78a92a5a2306709e4587e332728a76901323ade9
|
|
Limit test-compress-benchmark to approx. 12 s of runtime
|
|
We were compressing unitialized memory, which should not result in
any problems, but is inelegant.
|
|
If both lz4 and xz are enabled, this results in a limit of
2×3×2 s ~= 12 s runtime.
Previous implementation started with really small buffer sizes. When
combined with a short time limit this resulteded in abysmal results for xz.
It seems that the initialization overead is really significant for small
buffers. Since xz will not be used by default anymore, this does not
seem worth fixing. Instead buffer sizes are changed to run a
pseudo-random non-repeating pattern. This should allow reasonable testing
for all buffer sizes. For testing, both runtime and the buffer size seed
can be specified on the command line. Sufficiently large runtime allows
all buffer sizes up to 1MB to be tested.
|
|
util: Replace state with separate booleans in extract_first_word
|
|
core: use extract_first_word for namespace parsing
|
|
journalctl: clarify -q option
|
|
btrfs quota beef up and various other unrelated changes
|
|
This simplifies the logic and uniformizes the way single and double
quotes are handled. In the end, the code is about 40 lines shorter.
Tested by running the excellent test cases from test-util. Also
installed the systemd binaries including this patch and booted a
system with it, everything looked normal.
|
|
-q suppresses info messages too
|
|
see https://github.com/systemd/systemd/pull/1632#issuecomment-149903791
We should port this loop over to extract_first_word(), too.
|
|
dnf install command update
|
|
Without the updates repo, we are installing packages from the time
that that version of Fedora was released. Normally, during the
lifetime of the release most packages are updated, so most of the
packages installed would be outdated, and the first update after
installation would update a massive set of packages. Avoid all this
by installing from the updates repo from the start.
|
|
sd-ndisc: Rename (from sd-icmp6-nd) and prepare for handling SLAAC and router discovery
|
|
Keys for previous and future Fedora distributions were added
for the fedora-repos package recently:
https://bugzilla.redhat.com/show_bug.cgi?id=1246701.
There is no need to skip signature checking.
Also, update to the latest and greatest and remove unnecessary quotes.
|
|
Only callback on error when the statemachine is in a truly broken state. This
is now only the case when we fail to rearm a timer.
|
|
This is unused, and in the future we will pass prefixes and prefixlengths directly
to the callbacks when needed rather than having to search for them.
|
|
This is no longer used.
|
|
The caller of the library is no longer notified, so triggering a timer
just to clean up is not necessary. Instead check for and clean up
invalid prefixes lazily.
|
|
This follows the coding style, and allows some simplification to the rest of the code.
|
|
The caller should push any lifetime information into the kernel and let the kernel handle
prefix expiration.
|
|
There is no need to assign valuse to the states. Also add _INVALID and _MAX,
even though these are not used, it keeps it consistent.
|
|
This ressurects 47d45d3cde45d6545367570264e4e3636bc9e345. We now always use /128 prefixes,
so there is no need for the DHCPv6 code to know about prefixes expiring.
|
|
The routing information should be configured separately by ND, there is no need to
indicate the prefix again in the DHCPv6 addresses.
See discussion and related links at issue #1520.
|
|
|
|
Refer to Router Discovery rather than ICMPv6.
|
|
|
|
|
|
|
|
|
|
The actual code rename will follow. The reason for the change of name is to make it
simpler and more uniform with how we name other libraries (we don't include the
underlying protocol). The new name also matches the naming in the kernel (which
is particularly relevent here as we expect to let the kernel do some parts of
the protocol and we do others).
|
|
networkd-manager: fix swapped arguments
|
|
util: allow unbalanced double quote in EXTRACT_QUOTES|EXTRACT_RELAX mode
|
|
fixes Coverity #1328493
|
|
extract_first_word understands "\'string" but doesn't understand "\"string"
fixed this inconsistency.
|
|
|
|
Othewise we might follow the symlinks on the host, instead of the
container.
Fixes #1400
|
|
Make sure we acquire CAP_NET_ADMIN if we require virtual networking.
Make sure we imply virtual ethernet correctly when bridge is request.
Fixes: #1511
Fixes: #1554
Fixes: #1590
|
|
/dev/loop*p* block devices are of the "blkext" subsystem, not of loop,
hence whitelist this too.
Fixes #1446
|
|
|
|
|
|
using "machinectl set-limit"
Previously, we already accepted "-" as special value for dropping
limits. Add "infinity", as that's what we support for RLIMITs and hence
should support here to. Also add "none" as that's what the btrfs tools
use.
|
|
|
|
Let's make sure the subvolumes we create fit into a sensible definition
of a quota tree.
|
|
This allows us to set up the quota group hierarchy in a reasonable way
on btrfs file systems.
|