Age | Commit message (Collapse) | Author |
|
from unit names
Let's better be safe then sorry.
|
|
A variety of changes:
- Make sure all our calls distuingish OOM from other errors if OOM is
not the only error possible.
- Be much stricter when parsing escaped paths, do not accept trailing or
leading escaped slashes.
- Change unit validation to take a bit mask for allowing plain names,
instance names or template names or an combination thereof.
- Refuse manipulating invalid unit name
|
|
We should be more strict when verifying paths with path_is_safe() for
potentially dangerous constructs, and that includes lengths of
PATH_MAX-1 and larger. Be more accurate here.
|
|
|
|
This makes it obvious that those functions are only usable in the
initramfs.
Also, add a warning when noauto, nofail, or automount is used for the
root fs, instead of silently ignoring. Using those options would be a
sign of significant misconfiguration, and if we bother to check for
them, than let's go all the way and complain.
Other various small cleanups and reformattings elsewhere.
|
|
|
|
instance of a process
units are organized in slice trees, not only for the system instance,
but also for user systemd instances, expose this properly.
|
|
Various cleanups, be stricter when parsing unit paths.
Most importantly: return the root slice "-.slice" when asked for slice
of paths that contain no slice component.
|
|
A number of fields do not apply to all processes, including: there a
processes without a controlling tty, without parent process, without
service, user services or session. To distuingish these cases from the
case where we simply don't have the data, always return ENXIO for them,
while returning ENODATA for the case where we really lack the
information.
Also update the credentials dumping code to show this properly. Fields
that are known but do not apply are now shown as "n/a".
Note that this also changes some of the calls in process-util.c and
cgroup-util.c to return ENXIO for these cases.
|
|
status set membership
|
|
|
|
|
|
Instead of looking up the tty from STDIN, let utmp_wall() take an argument
to specify an origin tty for the wall message. Only if that argument is
NULL do the STDIN lookup.
Also add an void *userdata argument that is handed back to the callback
function.
|
|
test for mount points
It's a very recent kernel addition, but certainly makes sense to
support.
|
|
When parsing a unit with a trailing slash after an escaped line break, like
ExecStart=/bin/echo 'foo \
bar'
the split() function (through config_parse()) asserted and crashed pid 1:
Assertion 'current[*l + 1] == quotechars[0]' failed at ../src/shared/util.c:583, function split(). Aborting.
Fix this by returning an error in this case ("trailing garbage").
Add corresponding test case. Also fix the missing "unit" argument of
config_parse_exec() in the comment.
https://launchpad.net/bugs/1447243
|
|
- fix some memory leaks on error conditions
- handle all error cases properly, and log about failures
- move HAVE_ACL and no-HAVE_ACL code closer to each other
|
|
When deleting a read-only subsvolume with a sub-subvolume, we need to
mark it writable first, otherwise the removal will not work.
|
|
When creating recursive read-only snapshots we need to mark the snapshot
writable immediately before creating subsnapshots within it, otherwise
the operation for it will fail.
|
|
If we get passed an fd that does not refer to a regular file or
directory, we should not issue btrfs ioctls on it, since it might end up
in a device driver or similar (note that DRM for example uses the same
ioctl numbers as some file system ioctls).
Hence, let's make sure to always check if something is a regular file or
directory, or is on btrfs before invoking the respective ioctls. It's
better to be safe than sorry.
|
|
Let's unify the code that checks whether an fd is on btrfs a bit.
(Also, rename btrfs_is_snapshot() to btrfs_is_subvol(), since that's
usually how this is referred to in our code)
|
|
attributes
Before invoking file system ioctls we need to make sure that the
specified fd actually refers to a file system object, and not a device
node or similar. Otherwise we might by accident invoke unrelated device
driver ioctls. For example, DRM ioctls use the same ioctl numbers as the
various file system ioctls.
|
|
|
|
|
|
the other log functions
|
|
|
|
|
|
This should not be used for any new code, as we don't set errno in new code,
but there are several legacy users, so let's keep it in shared.
|
|
|
|
This is like bus_label_unescape() but takes a maximum length instead of
relying on NULL-terminated strings. This is highly useful to unescape
labels that are not at the end of a path.
|
|
We _always_ return NULL from destructors to allow direct assignments to
the variable holding the object. Especially on hashmaps, which treat NULL
as empty hashmap, this is pretty neat.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
No need to ifdef out efi code as the functions are always defined.
|
|
systemctl and logind were unconditionally using functions that were not compiled
on non-EFI systems. Add stubs returning -EOPNOTSUPP to fix compile again.
|
|
There was a bug where is_efi_*() could return a negative error value, which would be treated as 'true',
just make this a bool in the helper library to avoid the problem.
|
|
|
|
|
|
|
|
path was used for 2 purposes but it was not freed before being reused.
|
|
|
|
|
|
literals
We simply recode them in utf8.
|
|
|
|
|
|
inclusion
If necessary the passed string is enclosed in "", and all special
characters escapes.
This also ports over usage in bus-util.c and job.c to use this, instead
of a incorrect local implementation that forgets to properly escape.
|
|
|