Age | Commit message (Collapse) | Author |
|
new mac_{smack,selinux,apparmor}_xyz() convention
|
|
|
|
sd_bus_get_peer_creds()
Clean up the function namespace by renaming the following:
sd_bus_get_owner_uid() → sd_bus_get_name_creds_uid()
sd_bus_get_owner_machine_id() → sd_bus_get_name_machine_id()
sd_bus_get_peer_creds() → sd_bus_get_owner_creds()
|
|
|
|
Without the socket open we are going to crash and burn. If for
whatever reason we fail during deserialization we will fail when
trying to open the socket. In this case it is better to unlink the old
socket and maybe lose some messages, than to continue without the
notification socket.
Of course this situation should not happen, but we should handle
it as gracefully as possible anyway.
https://bugzilla.redhat.com/show_bug.cgi?id=1099299
|
|
If we failed to parse something that we wrote ourselves,
things are seriously off. This is also likely to lead to
problems futher on.
|
|
Leaving the old root around seems better than aborting the
switch.
|
|
|
|
Also, extend the printed warning a bit, explaining the situation more
verbosely.
|
|
|
|
If we don't have privileges to setup the namespaces then we are most likely
running inside some sort of unprivileged container, hence not being able to
create namespace is not a problem because spawned service can't access host
system anyway.
|
|
polkit policy
|
|
|
|
|
|
Since aa_change_onexec return the error code in errno, and return
-1, the current code do not give any useful information when
something fail. This make apparmor easier to debug, as seen on
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760526
|
|
This is also the only place where FTW_ACTIONRETVAL is used, so
this makes systemd compile without SELinux or SMACK support
when the standard library doesn't support this extension.
|
|
SERVICE_STOP would mean we're running the ExecStop command. That's not
the case with "STOPPING=1".
Instead we should enter the same state as if we just told the service
to stop, i.e. SERVICE_STOP_SIGTERM.
This fixes a bug where voluntarily exiting services would hang around in
deactivating state until timeout.
|
|
Even though the 'emergency' and 'single' aliases come from sysvinit, the
lack of 'rescue' is still quite confusing (caught me by surprise for the
9th time yet) and inconsistent with `systemctl rescue` as well.
|
|
|
|
|
|
dir cannot be NULL here, because it was allocated with alloca.
CID #1237768.
|
|
root cannot be NULL here, because it was allocated with alloca.
CID #1237769.
|
|
This reverts commit 141a1ceaa62578f1ed14f04cae2113dd0f49fd7f.
People should fix their libc's getopt(), instead of us using a weird
option ordering...
|
|
This makes this function name similar to user_config_home() and makes
it match the name of the environment variable.
|
|
This patch adds a transient user unit directory under
`$XDG_RUNTIME_DIR/systemd/user/` and stores transient user-instance
units (such as those created by `systemd-run --user`) under there
instead of putting them in $XDG_CONFIG_HOME/systemd/user/.
Fixes https://bugs.freedesktop.org/show_bug.cgi?id=67331
|
|
We used to make all .swap units either RequiredBy=swap.target or
WantedBy=swap.target. But swap.target should be the "configured swap
units", either through /etc/fstab or non-generated .swap units. It
is surprising when systemd starts treating a swap device that was
possibly temporarily enabled as a hard dependency for other units.
So do not add dependencies with swap.target for units gleaned from
/proc/swaps.
Similarly, we added dependencies for all aliases of the device name,
which clutters up the dependency graph but does not seem to bring any
value, since the status of those following units is consistent with
the main one anyway.
This should be a fix for [1], and it seems the right thing to do
anyway.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1114786
|
|
Anything below .1 s is meaningless anyway.
|
|
|
|
systemctl would print 'CPUQuotaPerSecUSec=(null)' for no limit. This
does not look right.
Since USEC_INFINITY is one of the valid values, format_timespan()
could return NULL, and we should wrap every use of it in strna() or
similar. But most callers didn't do that, and it seems more robust to
return a string ("infinity") that makes sense most of the time, even
if in some places the result will not be grammatically correct.
|
|
No functional change intended.
|
|
|
|
Phenomenon: parameters configured in /etc/fstab for swap units are
ignored. E.g. pri= settings have no effect when systemd starts swap
units. What is even more confusing, .swap units for the name used in
/etc/fstab initially show proper values for Priority=, but after
starting them, they are re-initalized from /proc/swaps and show the -1
value from /proc/swaps.
Change swap units to follow the original configured unit. This way
proper settings are used when starting the swap.
|
|
Previous code would only return correct results when discard
was the last option.
While at it, avoid incorrect behaviour for (invalid) 'pri' option
not followed by '=...', and also do not return -1 as the error code.
|
|
Process possible "discard" values from /etc/fstab.
|
|
This adds --disable-utmp option to configure. If it is used, all
utmp-related functionality, including querying runlevel support,
is removed.
|
|
|
|
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_mls_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
|
|
Gcc is spewing some warnings about uninitialized variables.
Let's get rid of the noise.
|
|
|
|
Second error path must free the (potentially) allocated memory in the
first code chunk before returning.
Found by coverity. Fixes: CID#1237750
|
|
It is redundant to store 'hash' and 'compare' function pointers in
struct Hashmap separately. The functions always comprise a pair.
Store a single pointer to struct hash_ops instead.
systemd keeps hundreds of hashmaps, so this saves a little bit of
memory.
|
|
|
|
Found with Coverity. Fixes: CID#996438
|
|
The line under the last switch statement *loaded_policy = true;
would never be executed. As all switch cases return 0. Thus the
policy would never be marked as loaded.
Found with Coverity. Fixes: CID#1237785
|
|
Close the dir instead of attempt to free it.
Introduced in 874310b7b68c4c0d36ff07397db30a959bb7dae5
Found with coverity. Fixes: CID#996368
|
|
Mark two function parameters as const
|
|
|
|
If BusPolicy= was passed, the parser function will have created
an ExecContext->bus_endpoint object, along with policy information.
In that case, create a kdbus endpoint, and pass its path name to the
namespace logic, to it will be mounted over the actual 'bus' node.
At endpoint creation time, no policy is updloaded. That is done after
fork(), through a separate call. This is necessary because we don't
know the real uid of the process earlier than that.
|
|
If a path to a previously created custom kdbus endpoint is passed in,
bind-mount a new devtmpfs that contains a 'bus' node, which in turn in
bind-mounted with the custom endpoint. This tmpfs then mounted over the
kdbus subtree that refers to the current bus.
This way, we can fake the bus node in order to lock down services with
a kdbus custom endpoint policy.
|
|
Add a new directive called BusPolicy to define custom endpoint policies. If
one such directive is given, an endpoint object in the service's ExecContext is
created and the given policy is added to it.
|