Age | Commit message (Collapse) | Author |
|
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.
Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.
_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.
Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.
mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint
mbiebl_> which is pretty weird
|
|
addresses are link-local or not
|
|
connection by default
|
|
Name defending is still missing.
|
|
|
|
Require exact matches in all cases instead of treating strings
starting with 't' ('f') as true (false).
This is required for config_parse_protect_system to parse ProtectSystem=full
correctly: it uses parse_boolean and only tries a more specific parsing
function if that did not return a valid result. Thus "full" was treated as
"false" before.
|
|
We can not reliably manage any notion of local time. Every daylight
saving time change or time zone change by traveling will make the
time jump, and the local time might jump backwards which creates
unsolvable problems with file timestamps.
We will no longer tell the kernel our local time zone and leave
everything set to UTC. This will effectively turn FAT timestamps
into UTC timestamps.
If and only if the machine is configured to read the RTC in local
time mode, the kernel's time zone will be configured, but
systemd-timesysnc will disable the kernel's system time to RTC
syncing. In this mode, the RTC will not be managed, and external
tools like Windows bootups are expected to manage the RTC's time.
https://bugs.freedesktop.org/show_bug.cgi?id=81538
|
|
|
|
There is a small number of the places in sources where we don't check
asprintf() return code and assume that after error the function
returns NULL pointer via the first argument. That's wrong, after
error the content of pointer is undefined.
|
|
CLOCK_BOOTTIME is not supported by timerfd on older kernels, so for the time beeing,
use this helper instead which will fallback to CLOCK_MONOTONIC if CLOCK_BOOTTIME is
not supported.
|
|
|
|
|
|
Also, fix fopen_temporary_label to set proper context. By chance,
all users so far used the same context, so the error didn't matter.
Also, check return value from label_init().
https://bugzilla.redhat.com/show_bug.cgi?id=1121806
|
|
|
|
It can now contain more than one directory, and can be used
to only prepend, not totally override, the normal load path.
|
|
The message for SYSTEMD_LOG_LEVEL= looked a bit strange.
|
|
They are unused and unlikely to ever be.
|
|
If poll() returns, one of both revents must be set, thus "buf" is set by
either clause. This is non-obvious for code-checkers so add an "else
continue;" clause to suppress "uninitialized variable" warnings.
|
|
Also be more verbose in devnode_acl_all().
|
|
Explicitly initalize descriptors using explicit assignment like
bus_error. This makes barriers follow the same conventions as
everything else and makes things a bit simpler too.
Rename barier_init to barier_create so it is obvious that it is
not about initialization.
Remove some parens, etc.
|
|
we already have a more complete one with af_to_name(), that is generated
from the header files, no need to duplicate this.
|
|
Let's settle on a single type for all address family values, even if
UNIX is very inconsitent on the precise type otherwise. Given that
socket() is the primary entrypoint for the sockets API, and that uses
"int", and "int" is relatively simple and generic, we settle on "int"
for this.
|
|
A system that is running on a logical partition (LPAR) provided by
PR/SM has access to physical hardware (except CPU). It is true that
PR/SM abstracts the hardware, but only for sharing purposes.
Details are statet at:
http://publib.boulder.ibm.com/infocenter/eserver/v1r2/topic/eicaz/eicazzlpar.htm
-->--
In other words, PR/SM transforms physical resources into virtual resources so
that many logical partitions can share the same physical resources.
--<--
Still, from the OS point of view, the shared virtual resource is real
hardware. ConditionVirtualization must be set to false if the OS runs
directly on PR/SM (e.g. in an LPAR).
[zj: reorder code so that variables are not allocated when #if-def is
false. Add commit message.]
|
|
|
|
We mostly use "family" to refer to AF_INET, AF_INET6, etc, let's use
this terminology here, too
|
|
regarding IPv6
Check for RES_USE_INET6 before we prefer IPv6 over IPv4, for all our NSS
modules. (Not that the DNS resolver that is configured with this matters
to us, but hey, let's try to be compatible).
|
|
The conditional for detection xen virtualization contained a little mistake.
It is checking for i to be empty: 'if (!i) {', but it must check for cap instead,
because: 'cap = strsep(&i, ",")' will set cap to the discovered value and i to
the next value after the separator.
Hence, i would be empty, if there is only control_d in domcap, leading to a wrong
domU detection.
https://bugs.freedesktop.org/show_bug.cgi?id=77271
|
|
This Pty API wraps the ugliness that is POSIX PTY. It takes care of:
- edge-triggered HUP handling (avoid heavy CPU-usage on vhangup)
- HUP vs. input-queue draining (handle HUP _after_ draining the whole
input queue)
- SIGCHLD vs. HUP (HUP is no reliable way to catch PTY deaths, always
use SIGCHLD. Otherwise, vhangup() and friends will break.)
- Output queue buffering (async EPOLLOUT handling)
- synchronous setup (via Barrier API)
At the same time, the PTY API does not execve(). It simply fork()s and
leaves everything else to the caller. Usually, they execve() but we
support other setups, too.
This will be needed by multiple UI binaries (systemd-console, systemd-er,
...) so it's placed in src/shared/. It's not strictly related to
libsystemd-terminal, so it's not included there.
|
|
The Barrier-API simplifies cross-fork() synchronization a lot. Replace the
hard-coded eventfd-util implementation and drop it.
Compared to the old API, Barriers also handle exit() of the remote side as
abortion. This way, segfaults will not cause the parent to deadlock.
EINTR handling is currently ignored for any barrier-waits. This can easily
be added, but it isn't needed so far so I dropped it. EINTR handling in
general is ugly, anyway. You need to deal with pselect/ppoll/... variants
and make sure not to unblock signals at the wrong times. So genrally,
there's little use in adding it.
|
|
The "Barrier" object is a simple inter-process barrier implementation. It
allows placing synchronization points and waiting for the other side to
reach it. Additionally, it has an abortion-mechanism as second-layer
synchronization to send abortion-events asynchronously to the other side.
The API is usually used to synchronize processes during fork(). However,
it can be extended to pass state through execve() so you could synchronize
beyond execve().
Usually, it's used like this (error-handling replaced by assert() for
simplicity):
Barrier b;
r = barrier_init(&b);
assert_se(r >= 0);
pid = fork();
assert_se(pid >= 0);
if (pid == 0) {
barrier_set_role(&b, BARRIER_CHILD);
...do child post-setup...
if (CHILD_SETUP_FAILED)
exit(1);
...child setup done...
barrier_place(&b);
if (!barrier_sync(&b)) {
/* parent setup failed */
exit(1);
}
barrier_destroy(&b); /* redundant as execve() and exit() imply this */
/* parent & child setup successful */
execve(...);
}
barrier_set_role(&b, BARRIER_PARENT);
...do parent post-setup...
if (PARENT_SETUP_FAILED) {
barrier_abort(&b); /* send abortion event */
barrier_wait_abortion(&b); /* wait for child to abort (exit() implies abortion) */
barrier_destroy(&b);
...bail out...
}
...parent setup done...
barrier_place(&b);
if (!barrier_sync(&b)) {
...child setup failed... ;
barrier_destroy(&b);
...bail out...
}
barrier_destroy(&b);
...child setup successfull...
This is the most basic API. Using barrier_place() to place barriers and
barrier_sync() to perform a full synchronization between both processes.
barrier_abort() places an abortion barrier which superceeds any other
barriers, exit() (or barrier_destroy()) places an abortion-barrier that
queues behind existing barriers (thus *not* replacing existing barriers
unlike barrier_abort()).
This example uses hard-synchronization with wait_abortion(), sync() and
friends. These are all optional. Barriers are highly dynamic and can be
used for one-way synchronization or even no synchronization at all
(postponing it for later). The sync() call performs a full two-way
synchronization.
The API is documented and should be fairly self-explanatory. A test-suite
shows some special semantics regarding abortion, wait_next() and exit().
Internally, barriers use two eventfds and a pipe. The pipe is used to
detect exit()s of the remote side as eventfds do not allow that. The
eventfds are used to place barriers, one for each side. Barriers itself
are numbered, but the numbers are reused once both sides reached the same
barrier, thus you cannot address barriers by the index. Moreover, the
numbering is implicit and we only store a counter. This makes the
implementation itself very lightweight, which is probably negligible
considering that we need 3 FDs for a barrier..
Last but not least: This barrier implementation is quite heavy. It's
definitely not meant for fast IPC synchronization. However, it's very easy
to use. And given the *HUGE* overhead of fork(), the barrier-overhead
should be negligible.
|
|
One missing string found.
A few things had to be moved around to make it possible to test them.
|
|
If we want to avoid reading a totally empty file, it seems better
to check after we have opened the file, not before.
|
|
Special care is needed so that we get an error message if the
file failed to parse, but not when it is missing. To avoid duplicating
the same error check in every caller, add an additional 'warn' boolean
to tell config_parse whether a message should be issued.
This makes things both shorter and more robust wrt. to error reporting.
|
|
|
|
Now we are getting into kernel < 3.4 territory...
https://bugs.freedesktop.org/show_bug.cgi?id=80095
|
|
|
|
|
|
|
|
Was: Failed to listen on [::]:2000: Success
|
|
|
|
records
|
|
Let's turn resolved into a something truly useful: a fully asynchronous
DNS stub resolver that subscribes to network changes.
(More to come: caching, LLMNR, mDNS/DNS-SD, DNSSEC, IDN, NSS module)
|
|
Turns out, making strings shell-proof is harder than expected:
# machinectl set-hostname "foo|poweroff" && . /etc/machine-info
(This could be simplified by quoting *and* escaping all characters,
which is harmless in shell but unnecessary.)
|
|
We already encourage upstreams to keep the default configuration
separate from user customizations for software that is installed in
the system location. Let's allow that separation also for software
that is installed in the home directory.
Some discussion:
http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/19627
|
|
|
|
We use "typedef struct Ring Ring" with camel-case for internal objects.
So rename "struct ring" to "Ring".
|
|
This is like MIN but evaluates 3 arguments. We already have MAX3, so add
the equivalent for MIN.
|
|
|
|
Let's always stick to glibc's way to determine byte order, and not mix
autoconf-specific checks with gcc checks.
|
|
|