| Age | Commit message (Collapse) | Author |
|---|
|
ima_write_policy() expects data to be written as one or more
rules, no more than PAGE_SIZE at a time. Easiest way to ensure
that we are not splitting rules is to read and write one line at
a time.
https://bugzilla.redhat.com/show_bug.cgi?id=1226948
|
|
(Also, downgrade message from LOG_ERROR to LOG_WARNING, after all we
don't care much and just proceed)
|
|
Without the boolean bus_name_good services as well as cgroup_realized
for units a unit of Type=dbus and ExecReload sending SIGHUP to $MAINPID
will be terminated if systemd will be daemon reloaded.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746151
https://bugs.freedesktop.org/show_bug.cgi?id=78311
https://bugzilla.opensuse.org/show_bug.cgi?id=934077
|
|
It's only marginally shorter then the usual for() loop, but certainly
more readable.
|
|
|
|
mask/handlers
Also, when the child is potentially long-running make sure to set a
death signal.
Also, ignore the result of the reset operations explicitly by casting
them to (void).
|
|
but don't do anything else. We still want to kill as much as
possible.
Coverity CID#996306
|
|
Also reorder the code a bit to be easier to parse.
|
|
|
|
Traditionally, we used to warn about ipv6 being a module or being
unavailable. This was changed in b4aa82f16 ("kmod-setup: don't warn
when ipv6 can't be loaded") in a way that neither of the two conditions
will cause a log message.
Now, while running a setup without any IPv6 is completely fine and
shouldn't cause any warning, we should still warn about ipv6 being a
module instead of built-in.
To achieve this, split the boolean warn flag into two: one for a
feature not being built-in but shipped as a module, and one to
print an error when a module is entirely unavailable.
We will, however, still warn if kmod returns anything else than
-ENOENT in the attempt of loading the module, and at the very least,
turn the message into a debug log.
|
|
kmod-setup: don't warn when ipv6 can't be loaded (FDO bug #87475)
|
|
Not having IPv6 is a valid setup. Let's not print a warning in that
case.
Addresses:
https://bugs.freedesktop.org/show_bug.cgi?id=87475
|
|
This made sense when systemd ran on older kernels, nowdays not so much.
|
|
core/mount: skip incomplete mountinfo entries
|
|
Skip /proc/mountinfo entries for which libmount returns a NULL pointer
for 'source' or 'target'. This happened on Semaphore CI's build servers
when the test suite is run.
|
|
copy_bytes() tries to do the write in chunks, but ima kernel code
needs every rule to be written in one write. Writing the whole file
at once avoids the issue.
http://lists.freedesktop.org/archives/systemd-devel/2015-June/032623.html
http://sourceforge.net/p/linux-ima/mailman/message/34145236/
https://bugzilla.redhat.com/show_bug.cgi?id=1226948
|
|
|
|
The cunescape() helper function used to handle unknown escaping sequences
gracefully by copying them over verbatim.
Commit 527b7a42 ("util: rework cunescape(), improve error handling") added
a flag to make that behavior optional, and changed to default to error out
with -EINVAL otherwise.
However, config_parse_exec(), which is used to parse the
Exec{Start,Stop}{Post,Pre,} directives of unit files, was not changed along
with that commit, which means that directives with improperly escaped
command line strings are no longer parsed.
Relevant bugreports include:
https://bugs.freedesktop.org/show_bug.cgi?id=90794
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787256
Fix this by passing UNESCAPE_RELAX to config_parse_exec() in order to
restore the original behavior.
|
|
A small typo in ee818b8 caused /home to be put in read-only instead of
/usr when ProtectSystem was enabled (ie: not set to "no").
|
|
No functional changes.
|
|
This makes path_is_mount_point() consistent with fd_is_mount_point() wrt.
flags.
|
|
|
|
This patch simplify swapon usage in systemd. The command swapon(8)
since util-linux v2.26 supports "-o <list>". The idea is exactly the
same like for mount(8). The -o specifies options in fstab-compatible
way. For systemd it means that it does not have to care about things
like "discard" or another swapon specific options.
swapon -o <options-from-fstab>
For backward compatibility the code cares about "Priority:" swap unit
field (for a case when Priority: is set, but pri= in the Options: is
missing).
References: http://lists.freedesktop.org/archives/systemd-devel/2014-October/023576.html
|
|
http://lists.freedesktop.org/archives/systemd-devel/2015-May/032100.html
|
|
|
|
restarts
|
|
|
|
|
|
|
|
http://lists.freedesktop.org/archives/systemd-devel/2015-May/032025.html
|
|
try-restart
Previously, if a service A depended on a service B via Requires=, and A
was not running and B restarted this would trigger a start of A as well,
since the restart was propagated as restart independently of the state
of A.
This patch ensures that a restart of B would be propagated as a
try-restart to A, thus not changing its state if it isn't up.
http://lists.freedesktop.org/archives/systemd-devel/2015-May/032061.html
|
|
|
|
This reverts the primary effect of be7d9ff730cb88d7c6a869dd5c47754c78ceaef2.
After all Requisite= should be close to Requires=, without the one
exception that it doesn't pull in dependencies on start. However,
reverse deps on stop/restart should be treated the same way as for
Restart=, and this is already documented in the man page, hence stick to
it.
http://lists.freedesktop.org/archives/systemd-devel/2015-May/032049.html
|
|
http://lists.freedesktop.org/archives/systemd-devel/2015-May/032059.html
|
|
No distro ships that old systemd versions anyway, hence let's drop
support for live-upgrades for them. Offline updates are still supported.
And live-upgrades will only lose the job queue, hence basically still
work...
|
|
This extends on bea355dac94e82697aa98e25d80ee4248263bf92, and extends
the ratelimiter to not only be used for StopWhenUnneeded=1 units but
also for units that have BindsTo= on a unit that is dead.
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030224.html
|
|
|
|
Otherwise we might end up in an endless stop loop.
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030224.html
|
|
Fixes a regression introduced in be7d9ff730cb88d7c6a869dd5c47754c78ceaef2.
|
|
gone from *all* lines
Devices might be referenced by multiple mount points in
/proc/self/mountinfo, hence we should consider them unmounted only after
they disappeared from all lines, not just from one.
http://lists.freedesktop.org/archives/systemd-devel/2015-May/032026.html
|
|
Change device_found_node() to also create a .device unit if a device is not
known by udev; this is the case for "tentative" devices picked up by mountinfo
(DEVICE_FOUND_MOUNT). With that we can record the "found" attribute on the
unit.
Change device_setup_unit() to also accept a NULL udev_device, and don't
add the extra udev information in that case.
Previously device_found_node() would not create a .device unit, and
unit_add_node_link() would then create a "dead" stub one via
manager_load_unit(), so we lost the "found" attribute and unmounted everything
from that device.
https://launchpad.net/bugs/1444402
http://lists.freedesktop.org/archives/systemd-devel/2015-May/031658.html
|
|
The hostname(1) tool allows comments in /etc/hostname. Introduce a new
read_hostname_config() in hostname-util which reads a hostname configuration
file like /etc/hostname, strips out comments, whitespace, and cleans the
hostname. Use it in hostname-setup.c and hostnamed and remove duplicated code.
Update hostname manpage. Add tests.
https://launchpad.net/bugs/1053048
|
|
CID#1299014
|
|
This allows us to ensure that Requisite= dependencies never cause
propagation between units, while Requires= dependencies might.
http://lists.freedesktop.org/archives/systemd-devel/2015-May/031742.html
|
|
When a service is chrooted with the option RootDirectory=/opt/..., then
the options PrivateDevices, PrivateTmp, ProtectHome, ProtectSystem must
mount the directories under $RootDirectory/{dev,tmp,home,usr,boot}.
The test-ns tool can test setup_namespace() with and without chroot:
$ sudo TEST_NS_PROJECTS=/home/lennart/projects ./test-ns
$ sudo TEST_NS_CHROOT=/home/alban/debian-tree TEST_NS_PROJECTS=/home/alban/debian-tree/home/alban/Documents ./test-ns
|
|
Load kdbus.ko only if we are built with kdbus, and load ip_tables.ko
only if we are built with iptables support.
|
|
|
|
|
|
Given that socket_address_parse() is mostly a "library" call it
shouldn't log on its own, but leave that to its caller.
This patch removes logging from the call in case IPv6 is not available
but and IPv6 address shall be parsed. Instead a new call
socket_address_parse_and_warn() is introduced which first invokes
socket_address_parse() and then logs if necessary.
This should fix "make check" on ipv6-less kernels:
http://lists.freedesktop.org/archives/systemd-devel/2015-April/031385.html
|
|
An Exec*= line with whitespace after modifiers, like
ExecStart=- /bin/true
is considered to have an empty command path. This is as specified, but causes
systemd to crash with
Assertion 'skip < l' failed at ../src/core/load-fragment.c:607, function config_parse_exec(). Aborting.
Aborted (core dumped)
Fix this by logging an error instead and ignoring the invalid line.
Add corresponding test cases. Also add a test case for a completely empty value
which resets the command list.
https://launchpad.net/bugs/1454173
|
