Age | Commit message (Collapse) | Author |
|
disabled
|
|
or services) as machine with machined
|
|
|
|
|
|
This permit to let system administrators decide of the domain of a service.
This can be used with templated units to have each service in a différent
domain ( for example, a per customer database, using MLS or anything ),
or can be used to force a non selinux enabled system (jvm, erlang, etc)
to start in a different domain for each service.
|
|
|
|
In the parse_env_file_push() and load_env_file_push() functions, there
are two assert() call to check if the key or value parameters are utf8 valid.
If the strings aren't utf8 valid, assert does abort.
These function are used early by systemd to parse some files. For
example '/etc/locale.conf'. In my case this file contained a not utf8
sequence, which is bad, but systemd crashed during the boot, which
is even worse!
The enclosed patch removes the assert and return -EINVAL if the
sequence is invalid. This is possible because the caller of these
function [1] checks the errors.
So the check of an invalid utf8 sequence is still performed, but
systemd doesn't crash anymore and logs the error.
[1] parse_env_file_internal(), invoked by load_env_file() and
parse_env_file()
|
|
|
|
that's requested
|
|
|
|
In trying to track down a stupid linker bug, I noticed a bunch of
memset() calls that should be using memzero() to make it more "obvious"
that the options are correct (i.e. 0 is not the length, but the data to
set). So fix up all current calls to memset(foo, 0, length) to
memzero(foo, length).
|
|
|
|
|
|
This was originally included in the dhcp-client at my request, but it is not
really dhcp-specific and useful outside of it, so let's pull it out.
|
|
Error out if the address family is already set to something incompatible with the
address being parsed.
|
|
(Also, only send the audit msg once, too)
|
|
It is nice to wrap umask handling and return convention,
but glibc's mkostemp is async-signal-safe already.
|
|
Current glibc implementation is safe. Kernel does this atomically,
and write is actually implemented through writev. So if write is
async-signal-safe, than writev pretty much must be too.
|
|
Let's unify our code here, and also always specifiy O_CLOEXEC.
|
|
|
|
On other archs we'll not define it so that open_tmpfile() falls back to
unguessable name + unlink.
|
|
|
|
Make it use dev_urandom() and endswith().
|
|
doesn't fall back to PRNG
|
|
Let's make use of fd_wait_for_event() here, instead of rolling our own.
|
|
When set to auto, status will shown when the first ephemeral message
is shown (a job has been running for five seconds). Then until the
boot or shutdown ends, status messages will be shown.
No indication about the switch is done: I think it should be clear
for the user that first the cylon eye and the ephemeral messages appear,
and afterwards messages are displayed.
The initial arming of the event source was still wrong, but now should
really be fixed.
|
|
signal(7) provides a list of functions which may be called from a
signal handler. Other functions, which only call those functions and
don't access global memory and are reentrant are also safe.
sd_j_sendv was mostly OK, but would call mkostemp and writev in a
fallback path, which are unsafe.
Being able to call sd_j_sendv in a async-signal-safe way is important
because it allows it be used in signal handlers.
Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an
open-coded writev replacement which uses write. Unfortunately,
O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is
unavailable, an open-coded mkostemp is used.
https://bugzilla.gnome.org/show_bug.cgi?id=722889
|
|
This will only work on Linux >= 3.11, and probably not on all
filesystems. Fallback code is provided.
|
|
Add new calls sd_bus_open() and sd_bus_default() for connecting to the
starter bus a service was invoked for, or -- if the process is not a
bus-activated service -- the appropriate bus for the scope the process
has been started in.
|
|
|
|
|
|
Similar to PrivateNetwork=, PrivateTmp= introduce PrivateDevices= that
sets up a private /dev with only the API pseudo-devices like /dev/null,
/dev/zero, /dev/random, but not any physical devices in them.
|
|
|
|
Before, journald would remove journal files until both MaxUse= and
KeepFree= settings would be satisfied. The first one depends (if set
automatically) on the size of the file system and is constant. But
the second one depends on current use of the file system, and a spike
in disk usage would cause journald to delete journal files, trying to
reach usage which would leave 15% of the disk free. This behaviour is
surprising for the user who doesn't expect his logs to be purged when
disk usage goes above 85%, which on a large disk could be some
gigabytes from being full. In addition attempting to keep 15% free
provides an attack vector where filling the disk sufficiently disposes
of almost all logs.
Instead, obey KeepFree= only as a limit on adding additional files.
When replacing old files with new, ignore KeepFree=. This means that
if journal disk usage reached some high point that at some later point
start to violate the KeepFree= constraint, journald will not add files
to go above this point, but it will stay (slightly) below it. When
journald is restarted, it forgets the previous maximum usage value,
and sets the limit based on the current usage, so if disk remains to
be filled, journald might use one journal-file-size less on each
restart, if restarts happen just after rotation. This seems like a
reasonable compromise between implementation complexity and robustness.
|
|
|
|
|
|
- turn strv_merge into strv_extend_strv.
appending strv b to the end of strv a instead of creating a new strv
- strv_append: remove in favor of strv_extend and strv_push.
- strv_remove: write slightly more elegant
- strv_remove_prefix: remove unused function
- strv_overlap: use strv_contains
- strv_printf: STRV_FOREACH handles NULL correctly
|
|
|
|
|
|
when pid is set to 0 use /proc/self
|
|
This reverts commit 4cd1214db6cf4b262e8ce6381bc710091b375c96.
This may still be fixed in the kernel, revert this for now until
we see how it all shakes out.
|
|
When DEVTYPE is not set for a nic, it means it is a wired/ethernet
device.
|
|
Unfortunately a different cleanup function is necessary per type,
because cap_t** and char** are incompatible with void**.
|
|
It is nicer to predefine patterns using configure time check instead of
using casts everywhere.
Since we do not need to use any flags, include "%" in the format instead
of excluding it like PRI* macros.
|
|
|
|
Remove redundant messages, add some debugging ones and make wording more uniform.
|
|
Before 34a3baa4d 'sleep-config: Dereference pointer before check for NULL'
oom conditions would not be detected properly. After that commit, a double
free was performed.
Rework the whole function to be easier to understand, and also replace
strv_split_nulstr with strv_new, since we know the strings anyway.
|
|
This fixes a bug pointed out by http://css.csail.mit.edu/stack/
(Optimization-unstable code)
It is a similar fix as f146f5e159 (2013-12-30, core:
Forgot to dereference pointer when checking for NULL)
To explain this bug consider the following similar, but simpler code:
if (!p)
free(*p)
Assume the if condition evaluates to true, then we will access *p,
which means the compiler can assume p is a valid pointer, so it could
dereference p and use the value *p.
Assuming p as a valid pointer, !p will be false.
But initally we assumed the condition evaluates to true.
By this reasoning the optimizing compiler can deduce, we have dead code.
("The if will never be taken, as *p must be valid, because otherwise
accessing *p inside the if would segfault")
This led to an error message of the static code checker, so I checked the
code in question.
As we access *modes and *states before the check in the changed line of
this patch, I assume the line to be wrong and we actually wanted to check
for *modes and *states being both non null.
|
|
compat parser
|
|
Suggested-by: Russ Allbery <rra@debian.org>
|