Age | Commit message (Collapse) | Author |
|
and all that reset it to defaults mac_{selinux|smack}_fix()
Let's clean up the naming schemes a bit and use the same one for SMACK
and for SELINUX.
|
|
|
|
It cannot fail in the current hashmap implementation, but it may fail in
alternative implementations (unless a sufficiently large reservation has
been placed beforehand).
|
|
That hashmap_move_one() currently cannot fail with -ENOMEM is an
implementation detail, which is not possible to guarantee in general.
Hashmap implementations based on anything else than chaining of
individual entries may have to allocate.
hashmap_move_one will not fail with -ENOMEM if a proper reservation has
been made beforehand. Use reservations in install.c.
In cgtop.c simply propagate the error instead of asserting.
|
|
With the current hashmap implementation that uses chaining, placing a
reservation can serve two purposes:
- To optimize putting of entries if the number of entries to put is
known. The reservation allocates buckets, so later resizing can be
avoided.
- To avoid having very long bucket chains after using
hashmap_move(_one).
In an alternative hashmap implementation it will serve an additional
purpose:
- To guarantee a subsequent hashmap_move(_one) will not fail with
-ENOMEM (this never happens in the current implementation).
|
|
Return 0 if no resize was needed, 1 if successfully resized and
negative on error.
|
|
|
|
It appears order may matter here. Use OrderedHashmaps to be safe.
|
|
It's handled just fine by returning NULL.
|
|
-ENOENT is the same return value as if 'other' were an allocated hashmap
that does not contain the key. A NULL hashmap is a possible way of
expressing a hashmap that contains no key.
|
|
Few Hashmaps/Sets need to remember the insertion order. Most don't care
about the order when iterating. It would be possible to use more compact
hashmap storage in the latter cases.
Add OrderedHashmap as a distinct type from Hashmap, with functions
prefixed with "ordered_". For now, the functions are nothing more than
inline wrappers for plain Hashmap functions.
|
|
new mac_{smack,selinux,apparmor}_xyz() convention
|
|
|
|
move label apis to selinux-util.ch or smack-util.ch appropriately.
|
|
Repetetive messages can be annoying when running with
SYSTEMD_LOG_LEVEL=debug, but they are sometimes very useful
when debugging problems. Add log_trace which is like log_debug
but becomes a noop unless LOG_TRACE is defined during compilation.
This makes it easy to enable very verbose logging for a subset
of programs when compiling from source.
|
|
socknameinfo_pretty() would fail for addresses without reverse DNS,
but we do not want that to happen.
|
|
|
|
string_is_safe()
After all, we know have this as generic validator, so let's be correct
and use it wherver applicable.
|
|
We can simplify our code quite a bit if we explicitly check for the
ifindex being 1 on Linux as a loopback check. Apparently, this is
hardcoded on Linux on the kernel, and effectively exported to userspace
via rtnl and such, hence we should be able to rely on it.
|
|
This could overflow on 32bit, where size_t is the same as unsigned.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=76745
|
|
- mkdir_p_prefix: It has never been used
- mkdir_parents_prefix_label: Unused since 1434ae6fd49f8377b0ddbd4c675736e0d3226ea6
|
|
|
|
Leaving the old root around seems better than aborting the
switch.
|
|
|
|
It was only used in readahead.
|
|
Before returning from function we should reset ret to NULL, thus cleanup
function is nop.
Also context_str() returns pointer to a string containing context but not a
copy, hence we must make copy it explicitly.
|
|
We could end with a double close if we close the fd loop and flush_fd
fails. That would make us goto fail and there we close the fd once
again. This patch sets the fd to the return value for safe_close: -1
A fd with negative value will be ignored by the next call to
safe_close.
CID#996223
|
|
Also, let's try to make function names descriptive, instead of using
bools for flags.
|
|
|
|
|
|
|
|
linux/memfd.h was added linux 3.17, so it might not be widely
available for a while.
Also, check if memfd_create is defined, for the HAVE_LINUX_MEMFD_H
check to have a chance of succeeding.
Also, collapse all ifdefs for memfd-related stuff, because they
were all added together so there's no need to check separately.
|
|
Programs such as OpenVPN may use ask-password for not only retrieving
passwords, but also usernames. Masking usernames with * seems just silly.
v2 - Don't mess with termios flags, instead print the input
instead of an asterix. Resolves issues with backspace
and TAB input.
v3 - Renamed 'do_echo' variables and argument to 'echo'. Also
modified the ask_password_{tty,agent,auto} API instead of
additional wrapper functions.
[zj: undo changes to ask_password_auto, since no callers were using
the new argument.]
|
|
As it turns out, I can actually send data to the pty faster than the
terminal can read. Therefore, make sure we read as much data as possible
but bail out early enough to not cause starvation.
Kernel TTY buffers are 4k, so reduce the overall buffer size, but read
more than once if possible (up to 8 times sounds reasonable).
|
|
The status of actually writing the file was totally ignored.
|
|
The --utc option was introduced by commit
9fd290443f5f99fca0dcd4216b1de70f7d3b8db1.
Howerver, the implementation was incomplete.
|
|
|
|
Fixup for 718880ba0d 'add a transient user unit directory'.
|
|
This makes this function name similar to user_config_home() and makes
it match the name of the environment variable.
|
|
This patch adds a transient user unit directory under
`$XDG_RUNTIME_DIR/systemd/user/` and stores transient user-instance
units (such as those created by `systemd-run --user`) under there
instead of putting them in $XDG_CONFIG_HOME/systemd/user/.
Fixes https://bugs.freedesktop.org/show_bug.cgi?id=67331
|
|
Introduce option to display time in UTC.
|
|
We cannot rely on "errno" to be non-zero on failure, if we perform
multiple glibc calls. That is, if the first eventfd() call fails, but the
second succeeds, we cleanup the barrier but return 0.
Fix this by always testing the return value immediately. This should also
fix all the coverity warnings.
|
|
In pty.c there was both an include of our pty.h and the system installed pty.h.
The latter contains only two functions openpty and forkpty. We use neither so
I assume it was a typo and removed it. We still compile and pass all tests.
|
|
Change the other spot too.
|
|
Suggested by Zbigniew.
|
|
Make it clear in the code that ignoring a failed safe_ato?() is intentional.
|
|
systemctl would print 'CPUQuotaPerSecUSec=(null)' for no limit. This
does not look right.
Since USEC_INFINITY is one of the valid values, format_timespan()
could return NULL, and we should wrap every use of it in strna() or
similar. But most callers didn't do that, and it seems more robust to
return a string ("infinity") that makes sense most of the time, even
if in some places the result will not be grammatically correct.
|
|
This adds --disable-utmp option to configure. If it is used, all
utmp-related functionality, including querying runlevel support,
is removed.
|
|
We replace the idiom "X && !(*foo = 0)" with "X && ((*foo = 0), true)".
This is not a functional change, but should hopefully make it less
likely that people and static analyzers believe there is a typo here
(i.e., to make it clear that the intention was not "X && *foo != 0").
Thanks to David Herrmann for the suggestion.
|