Age | Commit message (Collapse) | Author |
|
|
|
|
|
PolicyKit
|
|
|
|
|
|
|
|
Macro DEFINE_STRING_TABLE_LOOKUP expands to a new function for each
of the almost 120 tables throghout the code.
Move the its implementation to a function (guaranteed to never be inlined),
and make the macro expand to an inlined function that calls this function.
This saves a few kilobytes from the systemd binary
(David: - fix coding-style
- use 'ssize_t' to fix 32bit to 64bit propagation
- use streq_ptr())
|
|
Add missing IFLA_INET6_ADDR_GEN_MODE definition so we can build with
kernel headers < 3.17
|
|
include-what-you-use automatically does this and it makes finding
unnecessary harder to spot. The only content of poll.h is a include
of sys/poll.h so should be harmless.
|
|
This fixes various issues found by globally reordering the include
sections of all .c files.
|
|
|
|
Also, document in adjacent comments and in CODING_STYLE why we do that.
|
|
|
|
http://lists.freedesktop.org/archives/systemd-devel/2015-February/027960.html
|
|
The assert added in 7d328b5446 was wrong. Also update the comments
and make sure we don't try to shift by type size.
|
|
|
|
We were dropping the most significant bit. Add an assert to make sure it does not happen again.
Fixes a bug introduced in 7d328b544621d4b1bec936dec612947ad8bfb65a.
|
|
It ran either skip_session() or skip_user_manager(), then ran skip_slices()
iff skip_session() ran. It needs to run skip_slices() in either case.
Included is a test case demonstrating why.
|
|
quiet should really just have an effect on the stuff we dump on the
console, not what we log elsewhere.
Hence:
debug on kernel cmdline → interpreted by every tool, turns up
log levels to "debug" everywhere.
quiet on kernel cmdline → interpreted only by PID 1 (and
obviously the kernel) no alteration of the max log level, but
turns off status output.
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026271.html
|
|
Check sysfs devicetree values in order to detect if we are running on a KVM
hypervisor on a powerpc architecture.
|
|
|
|
|
|
After all it is now much more like strjoin() than strappend(). At the
same time, add support for NULL sentinels, even if they are normally not
necessary.
|
|
a single user so far.
|
|
|
|
|
|
From fd.o bug 88898:
systemd-resolved fails to start:
Failed to drop capabilities: Operation not permitted
Broken in f11943c53ec181829a821c6b27acf828bab71caa.
Drop all capabilities:
1. prctl(PR_SET_KEEPCAPS, keep_capabilities != 0) // 0 when we drop all
capabilities
2. setresuid() // bye bye capabilities
3. Add CAP_SETPCAP // fails because we have no capabilities
4. Reduce capability bounding set
5. Drop capabilities
6. prctl(PR_SET_KEEPCAPS, 0)
Capabilites should always be kept after setresuid() so that the capability
bounding set can be reduced.
Based-on-a-patch-by: mustrumr97@gmail.com
https://bugs.freedesktop.org/show_bug.cgi?id=88898
We must be careful not to leave PR_SET_KEEPCAPS on. We could use the
setresuid() call to drop capabilities, but the rules when capabilities
are dropped are fairly complex, since a transition to non-zero uid must
happen. Let's instead keep the capabilities during setresuid(), and drop
them later.
|
|
If we scale our buffer to be wide enough for the format string, we
should expect that the calculation was correct.
char_array_0() invocations are removed, since snprintf nul-terminates
the output in any case.
A similar wrapper is used for strftime calls, but only in timedatectl.c.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=87354
|
|
|
|
|
|
|
|
on aarch64
|
|
Both plain opendir() and glob() will bump access time. Privileged
option O_NOATIME can be used to prevent the access time from being
updated. We already used it for subdirectories of the directories
which we were cleaning up. But for the directories specified directly
in the config files, we wouldn't do that. This means that,
paradoxically, our own temporary directories for PrivateTmp would stay
around forever, as long as one let systemd-tmpfiles-clean.service run
regularly, because they had their own glob patterns specified.
https://bugzilla.redhat.com/show_bug.cgi?id=1183684
|
|
|
|
Build would fail when assert was used on the same line in
different files #included together.
https://bugs.freedesktop.org/show_bug.cgi?id=87339
|
|
This is exposed the memory.usage_in_bytes cgroup property on the bus,
and makes "systemctl status" show it in its default output.
|
|
After 3637713a20 it is not necessary anymore.
|
|
With this change the pull protocol implementation processes will pass
progress data to importd which then passes this information on via the
bus. We use sd_notify() as generic transport for this communication,
making importd listen to them, while matching the incoming messages to
the right transfer.
|
|
|
|
shut up
|
|
This is how we call it internally, and also a bit more descriptive.
|
|
For ACLs to be valid, a set of entries for user, group, and other
must be always present. Always add those entries.
While at it, only add the mask ACL if it is actually required, i.e.
when at least on ACL for non-owner group or user exists.
|
|
This is much more useful in practice (equivalent to setfacl -m).
|
|
|
|
int[] should not be used as pid_t[], even if happens to be same thing.
Also deduplicating in a quadratic loop right before sorting is unnecessary.
Remove custom greedy_realloc implementation.
|
|
Types used for pids and uids in various interfaces are unpredictable.
Too bad.
|
|
|
|
gcc 5 started warning about this.
|
|
client to it
The old "systemd-import" binary is now an internal tool. We still use it
as asynchronous backend for systemd-importd. Since the import tool might
require some IO and CPU resources (due to qcow2 explosion, and
decompression), and because we might want to run it with more minimal
priviliges we still keep it around as the worker binary to execute as
child process of importd.
machinectl now has verbs for pulling down images, cancelling them and
listing them.
|