Age | Commit message (Collapse) | Author |
|
I'm assuming that it's fine if a _const_ or _pure_ function
calls assert. It is assumed that the assert won't trigger,
and even if it does, it can only trigger on the first call
with a given set of parameters, and we don't care if the
compiler moves the order of calls.
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=883043
|
|
==6129== Syscall param socketcall.getsockopt(optlen) points to uninitialised byte(s)
==6129== at 0x312D0F325A: getsockopt (syscall-template.S:81)
==6129== by 0x4615E6: get_audit_data (selinux-access.c:268)
==6129== by 0x461A81: selinux_access_check (selinux-access.c:394)
==6129== by 0x453B23: bus_manager_message_handler (dbus-manager.c:1395)
==6129== by 0x313581D9C4: _dbus_object_tree_dispatch_and_unlock (dbus-object-tree.c:862)
==6129== by 0x313580FC1F: dbus_connection_dispatch (dbus-connection.c:4672)
==6129== by 0x44CD4C: bus_dispatch (dbus.c:528)
==6129== by 0x41292F: manager_loop (manager.c:1573)
==6129== by 0x40CD8E: main (main.c:1735)
==6129== Address 0x7fefff2c0 is on thread 1's stack
|
|
|
|
I don't see why this should be logged at all, so let's delete it.
|
|
specified
New file output.h with output flags and modes.
--full parameter also for cgls and loginctl.
Include 'all' parameter in flags (show_cgroup_by_path, show_cgroup,
show_cgroup_and_extra, show_cgroup_and_extra_by_spec).
get_process_cmdline with max_length == 0 will not ellipsize output.
Replace LINE_MAX with 0 in some calls of get_process_cmdline.
[zj: Default to --full when under pager for clgs.
Drop '-f' since it wasn't documented and didn't actually work.
Reindent a bit.
]
|
|
Information which unit a log entry pertains to enables systemctl
status to display more log messages.
|
|
context.
This patch does the dbus calls correctly.
|
|
|
|
can reuse it in logind
|
|
As audit is pretty much just a special kind of logging we should treat
it similar, and manage the audit fd in a static variable.
This simplifies the audit fd sharing with the SELinux access checking
code quite a bit.
|
|
a) Instead of parsing the bus messages inside of selinux-access.c
simply pass everything pre-parsed in the functions
b) implement the access checking with a macro that resolves to nothing
on non-selinux builds
c) split out the selinux checks into their own sources
selinux-util.[ch]
d) this unifies the job creation code behind the D-Bus calls
Manager.StartUnit() and Unit.Start().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch adds the ability to look at the calling process that is trying to
do dbus calls into systemd, then it checks with the SELinux policy to see if
the calling process is allowed to do the activity.
The basic idea is we want to allow NetworkManager_t to be able to start and
stop ntpd.service, but not necessarly mysqld.service.
Similarly we want to allow a root admin webadm_t that can only manage the
apache environment. systemctl enable httpd.service, systemctl disable
iptables.service bad.
To make this code cleaner, we really need to refactor the dbus-manager.c code.
This has just become a huge if-then-else blob, which makes doing the correct
check difficult.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBJBi8ACgkQrlYvE4MpobOzTwCdEUikbvRWUCwOb83KlVF0Nuy5
lRAAnjZZNuc19Z+aNxm3k3nwD4p/JYco
=yops
-----END PGP SIGNATURE-----
|