Age | Commit message (Collapse) | Author |
|
Also, when we do permissions checks using creds, verify that we don't do
so based on augmented creds, as extra safety check.
|
|
The key was parsed properly, but the warning was still generated.
|
|
When selinux calls our callback with a log message, it specifies the
type as AVC or INFO/WARNING/ERROR. The question is how to map this to
audit types and/or log priorities. SELINUX_AVC maps to AUDIT_USER_AVC
reasonably, but for the other messages we have no idea, hence we use
AUDIT_USER_AVC for everything. When not using audit logging, we can
map those selinux levels to LOG_INFO/WARNING/ERROR etc.
Also update comment which was not valid anymore in light of journald
sucking in audit logs, and was actually wrong from the beginning —
libselinux uses the callback for everything, not just avcs.
This stemmed out of https://bugzilla.redhat.com/show_bug.cgi?id=1195330,
but does not solve it.
|
|
|
|
|
|
|
|
|
|
When the value is already there it returns 0.
Also add a test to ensure this
|
|
inclusion
If necessary the passed string is enclosed in "", and all special
characters escapes.
This also ports over usage in bus-util.c and job.c to use this, instead
of a incorrect local implementation that forgets to properly escape.
|
|
|
|
This should not happen... but when it does more information is nice.
|
|
We dereference the variable right before the null check. We never reach
this point with a null value anyway so let's just remove it.
|
|
|
|
|
|
Change cunescape() to return a normal error code, so that we can
distuingish OOM errors from parse errors.
This also adds a flags parameter to control whether "relaxed" or normal
parsing shall be done. If set no parse failures are generated, and the
only reason why cunescape() can fail is OOM.
|
|
We must not fail on ENOENT. We properly create the mount-point in
mount-setup, so there's really no reason to skip the mount. Make sure we
just skip the mount on unexpected failures or if it's already mounted.
|
|
Commit e792e890f ("path-util: don't eat up ENOENT in
path_is_mount_point()") changed path_is_mount_point() so it doesn't hide
-ENOENT from its caller. This causes all boots to fail early in case
any of the mount points does not exist (for instance, when kdbus isn't
loaded, /sys/fs/kdbus is missing).
Fix this by returning 0 from mount_one() if path_is_mount_point()
returned -ENOENT.
|
|
- Move to its own file rm-rf.c
- Change parameters into a single flags parameter
- Remove "honour sticky" logic, it's unused these days
|
|
|
|
|
|
If you have for example ext4 on iscsi devices it is possible to setup
qoutas there. Unfortunately, because such fstab entry contains _netdev,
systemd will not add dependency to quotaon.service.
|
|
Try to keep syscalls as minimal as possible.
|
|
We'd use the generic check for disable, and a unit-file-specific one for enable.
Use the more specific one both ways.
systemd[1]: SELinux access check scon=system_u:system_r:systemd_timedated_t:s0 tcon=system_u:system_r:init_t:s0 tclass=system perm=disable path=(null) cmdline=/usr/lib/systemd/systemd-timedated: -13
systemd[1]: SELinux access check scon=system_u:system_r:systemd_timedated_t:s0 tcon=system_u:object_r:systemd_unit_file_t:s0 tclass=service perm=enable path=/usr/lib/systemd/system/systemd-timesyncd.service cmdline=/usr/lib/systemd/systemd-timedated: -13
https://bugzilla.redhat.com/show_bug.cgi?id=1014315
|
|
The comparison function we use for qsorting paths is overly indifferent.
Consider these 3 paths for sorting:
/foo
/bar
/foo/foo
qsort() may compare:
"/foo" with "/bar" => 0, indifference
"/bar" with "/foo/foo" => 0, indifference
and assume transitively that "/foo" and "/foo/foo" are also indifferent.
But this is wrong, we want "/foo" sorted before "/foo/foo".
The comparison function must be transitive.
Use path_compare(), which behaves properly.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1184016
|
|
Even if plymouth is running, it might have not displayed the splash yet,
so we'll see a few lines on fbcon when we should have otherwise had
nothing.
Plymouth integration was added to systemd in commit
6faa11140bf776cdaeb8d22d01816e6e48296971. That same day, Plymouth got
systemd integration [0]. As such, the Plymouth integration has always
been obsolete, and was probably only for older Plymouth's. But I can't
imagine anybody running a Plymouth from 2011 with a systemd from 2015.
Remove the Plymouth/systemd integration, and let Plymouth's code tell
systemd to print the details.
[0] http://cgit.freedesktop.org/plymouth/commit/?id=537c16422cd49f1beeaab1ad39846a00018faec1
Signed-off-by: Jasper St. Pierre <jstpierre@mecheye.net>
Cc: Daniel Drake <dsd@endlessm.com>
Cc: Ray Strode <rstrode@redhat.com>
|
|
Commit 628c89c introduced the "tentative" device state, which caused
devices to go from "plugged" to "tentative" on a remove uevent. This
breaks the cleanup of stale mounts (see commit 3b48ce4), as that only
applies to "dead" devices.
The "tentative" state only really makes sense on adding a device when
we don't know where it was coming from (i. e. not from udev). But when
we get a device removal from udev we definitively know that it's gone,
so change the device state back to "dead" as before 628c89c.
|
|
|
|
Mar 13 19:48:28 adam.happyassassin.net systemd[1]: Collecting (null)
Mar 13 19:48:28 adam.happyassassin.net systemd[1]: Collecting (null)
Mar 13 19:48:28 adam.happyassassin.net systemd[1]: Collecting (null)
Mar 13 19:48:28 adam.happyassassin.net systemd[1]: Collecting (null)
Mar 13 19:48:28 adam.happyassassin.net systemd[1]: Collecting (null)
Mar 13 19:48:28 adam.happyassassin.net systemd[1]: Collecting (null)
Mar 13 19:48:28 adam.happyassassin.net systemd[1]: Collecting (null)
|
|
Quotes are useful when the string can contain spaces or be otherwise
confusing. Not possible with those two.
|
|
|
|
disabled
|
|
CID #1261729.
|
|
CID #1264371.
|
|
CID #996308.
|
|
CID #1237550.
|
|
This shouldn't really happen, but it's seems cleaner to
continue on error.
CID #1237552.
|
|
/dev/pts/ptmx is as important as /dev/pts, so error out if that
fails. Others seem less important, since the namespace is usable
without them, so ignore failures.
CID #123755, #123754.
|
|
We were using a space more often than not, and this way is
codified in CODING_STYLE.
|
|
CID #1237559.
|
|
CID #1287142.
|
|
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
|
|
|
|
On kdbus, we get cgroups-agent messages via the system bus, not the
private systemd socket. Therefore, we must install the match properly or
we will never receive cgroup notifications.
|
|
Forwarding messages that are not rewinded will drop data. Fix this for
cgroups-agent messages that we might remarshal before forwarding to the
system bus.
|
|
|
|
|
|
|
|
Usually when using loop_read(), we want to read the full buffer.
Add a helper that mirrors loop_write(), and returns 0 when full buffer
was read, and an error otherwise.
Use -ENODATA for the short read, to distinguish it from a read error.
|
|
|
|
CID #1257766.
|