Age | Commit message (Collapse) | Author |
|
|
|
|
|
Currently, PrivateTmp=yes means that the service cannot see the /tmp
shared by rest of the system and is isolated from other services using
PrivateTmp, but users can access and modify /tmp as seen by the
service.
Move the private /tmp and /var/tmp directories into a 0077-mode
directory. This way unpriviledged users on the system cannot see (or
modify) /tmp as seen by the service.
|
|
|
|
All Execs within the service, will get mounted the same
/tmp and /var/tmp directories, if service is configured with
PrivateTmp=yes. Temporary directories are cleaned up by service
itself in addition to systemd-tmpfiles. Directory which is mounted
as inaccessible is created at runtime in /run/systemd.
|
|
Just like mempcpy() is almost identical to memcpy() except the useful
return value, so is the relation of mempset() to memset().
|
|
|
|
The "OK" status messages should not draw attention to themselves.
It's better if they're not printed in bright/bold. Leave that
to errors and warnings.
Use a plain inconspicuous enterprisey green.
|
|
Sometimes the boot gets stuck until a timeout hits. The usual timeouts
are on the order of minutes, so users may lose patience.
Print animated status messages telling the names of units with running
jobs to make it easy to see what systemd is waiting for.
The animation looks cooler with a shorter interval, but 1 s is OK and
should not be too hard on slow serial console users.
|
|
|
|
Ephemeral status lines do not end with a newline and they expect to be
overwritten by the next printed status line.
|
|
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
order in the efivars fs is probably not useful
This also introduces a new FOREACH_DIRENT macro and makes use of it.
|
|
|
|
that work on .d/ directories
This unifies much of the logic behind them:
- All four will now ofllow the rule that the earlier file and earlier
assignment in the .d/ directories wins. Before, sysctl was the only
outlier, where the later setting always won.
- All four now support getopt() and --help on the command line.
- All four can now handle specification of configuration file names on
the command line to apply. The tools will automatically find them, and
apply them. Previously only tmpfiles could do that. This is useful for
%post scripts in RPMs and suchlike.
- This fixes various error path issues in conf_files_list()
|
|
|
|
Now, actually check if the environment variable names and values used
are valid, before accepting them. With this in place are at some places
more rigid than POSIX, and less rigid at others. For example, this code
allows lower-case environment variables (which POSIX suggests not to
use), but it will not allow non-UTF8 variable values.
All in all this should be a good middle ground of what to allow and what
not to allow as environment variables.
(This also splits out all environment related calls into env-util.[ch])
|
|
Based-on-patch-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
cppcheck reported:
[src/bootchart/svg.c:791]: (error) Mismatching allocation and deallocation: f
|
|
|
|
|
|
systemctl list-dependencies lists all unit's dependecies and
recursively expands all subsidiary target units into a tree.
Primary purpose for this command is to show all units which are
enabled in specified target.
|
|
|
|
|
|
displaying them
|
|
|
|
|
|
5 is for weekday+comma+space, but week days in french have 4 digits
https://bugs.freedesktop.org/show_bug.cgi?id=57411
|
|
|
|
Draw trees more similar to pstree/findmnt/lsblk/...
|
|
|
|
When printing cgroup and sysfs hierarchies, avoid using UTF-8 box drawing
characters if the locale is not UTF-8.
https://bugzilla.redhat.com/show_bug.cgi?id=871153
|
|
journalctl and vconsole-setup both implement utf8 locale detection.
Let's have a common function for it.
The next patch will add another use.
|
|
|
|
The behaviour of the common name##_from_string conversion is surprising.
It accepts not only the strings from name##_table but also any number
that falls within the range of the table. The order of items in most of
our tables is an internal affair. It should not be visible to the user.
I know of a case where the surprising numeric conversion leads to a crash.
We will allow the direct numeric conversion only for the tables where the
mapping of strings to numeric values has an external meaning. This holds
for the following lookup tables:
- netlink_family, ioprio_class, ip_tos, sched_policy - their numeric
values are stable as they are defined by the Linux kernel interface.
- log_level, log_facility_unshifted - the well-known syslog interface.
We allow the user to use numeric values whose string names systemd does
not know. For instance, the user may want to test a new kernel featuring
a scheduling policy that did not exist when his systemd version was
released. A slightly unpleasant effect of this is that the
name##_to_string conversion cannot return pointers to constant strings
anymore. The strings have to be allocated on demand and freed by the
caller.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This requires a little bit of tip-toeing around to explicitly avoid
touching the environment from a sig handler. Instead, simply create a
function to reset the var to its "unset" state, allowing the next call
to columns() to recalculate and cache the new value.
|
|
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=858777
|
|
Make sure to allocate enough space for readdir_r().
https://bugzilla.redhat.com/show_bug.cgi?id=858754
|