Age | Commit message (Collapse) | Author |
|
UIDs/GIDs from
This way we can guarantee a limited amount of compatibility with
login.defs, by generate an appopriate "r" line out of it, on package
installation.
|
|
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
|
|
|
|
|
|
|
|
writable
https://bugs.freedesktop.org/show_bug.cgi?id=81169
|
|
Remove the sd_ prefix from internal functions and get rid of the sd_memfd
type. As a memfd is now just a native file descriptor, we can get rid of our
own wrapper type, and also use close() and dup() on them directly.
|
|
We now have a sd_memfd_freep helper, use it if applicable.
|
|
We need to map sealed files as MAP_PRIVATE so far as the kernel treats
MAP_SHARED as writable mapping (you can run mprotect(PROT_WRITE) at any
time on those). However, unsealed files must be mapped as MAP_SHARED.
Otherwise, we never end up writing to the real file.
|
|
We use memfds for sealing. Lets not bother with memfds created without
MFD_ALLOW_SEALING for now. They're equivalent to random shmem files, so
don't bother treating them as sealable memfds.
|
|
No reason to open /dev/kdbus/control if we want memfds. memfd_create() is
always available.
|
|
Fix the memfd.h header to use handy features like #pragma, cleanup-funcs
and util.h. Also drop the EXTERN-C macros.
|
|
Unlike earlier versions, the syscall only takes 2 arguments in its
final version, not 3.
|
|
Don't expose generic kernel API via libsystemd, but keep the code internal
for our own usage.
|
|
|
|
|
|
only, and for all tools
Previously, we ended up parsing some of them three times: in main.c when
processing the kernel cmdline, in main.c when processing the process
cmdline (only for containers), and in log.c again.
Let's streamline this, and only parse them in log.c
In PID 1 also make sure we parse "quiet" first, and then override this
with the more specific checks in log.c
|
|
|
|
The CONST_MAX() macro is similar to MAX(), but verifies that both
arguments have the same type and are constant expressions. Furthermore,
the result of CONST_MAX() is again a constant-expression.
CONST_MAX() avoids any statement-expressions and other non-trivial
expression-types. This avoids rather arbitrary restrictions in both GCC
and LLVM, which both either fail with statement-expressions inside
type-declarations or statement-expressions inside static-const
initializations.
If anybody knows how to circumvent this, please feel free to unify
CONST_MAX() and MAX().
|
|
We must add 'const' to local variables in statement-expressions to
guarantee that the macros can produce constant-expressions if given such.
GCC seems to ignore this, but LLVM/clang requires it (understandably).
|
|
for both validating domains and host names
|
|
makes ethernet addresses look funny
|
|
This should have the benefit that cg_set_attribute() returns ENOENT
instead of EACCESS when we use it for non-existing attributes.
|
|
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-July/021591.html
|
|
This makes strappenda3 redundant, so we remove its usage and
definition. Add a few tests along the way for sanity.
|
|
Avoids triggering timers prematurely on systems with significantly inaccurate
clocks, or some embedded platforms that lack one entirely.
|
|
|
|
|
|
|
|
In the long run this should become a full fledged client to networkd
(but not before networkd learns bus support). For now, just pull
interesting data out of networkd, udev, and rtnl and present it to the
user, in a simple but useful output.
|
|
Primarily, this means we get rid of net_parse_inaddr(), and replace it
everywhere with in_addr_from_string() and in_addr_from_string_auto().
These functions do not clobber the callers arguments on failure, which
is more close to our usual coding style.
|
|
We don't support journal-less systems anyway, so let's avoid the
confusion.
|
|
Fix should strictly follow the rule to return negative errno-style
error codes from functions, hence let's fix more "return -1"-style
lazinesses.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=82453
|
|
|
|
Thanks to Brent Baude <bbaude@redhat.com>, who checked with the debian
guys, that this is correct and provided the patch.
|
|
Newer kernels export meta-information about the origin of an ifname. Respect this
from the ifname rename logic. We do not rename any interfaces that was originally
named by userspace, nor once which have already been renamed from userspace.
Moreover, we optionally do not (the default) rename interfaces which the kernel
claims to have named in a predictable way.
|
|
|
|
|
|
|
|
This breaks udev-builtin-btrfs.c, which reinvents some of missing.h,
so use missing.h there too.
[zj: removed #include "config.h" and wrapped #include <linux/btrfs.h>
in ifdef HAVE_LINUX_BTRFS_H as discussed on the mailing list.]
|
|
|
|
This way we integrate nicely with foreign network management stacks,
such as NM.
|
|
|
|
In practice this shouldn't make much difference, but
sometimes our headers might be newer, and we want to
test them.
|
|
With everything on one line they are just harder to read.
|
|
$ systemd-analyze verify trailing-g.service
[./trailing-g.service:2] Trailing garbage, ignoring.
trailing-g.service lacks ExecStart setting. Refusing.
Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument.
Failed to create trailing-g.service/start: Invalid argument
|
|
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.
Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.
_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.
Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.
mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint
mbiebl_> which is pretty weird
|
|
addresses are link-local or not
|