Age | Commit message (Collapse) | Author |
|
ima-setup: write policy one line at a time
|
|
|
|
IPForwarding=kernel v3
|
|
CID 996302: Error handling issues (CHECKED_RETURN)
|
|
In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced
to set forwarding flags on interfaces in .network files. networkd sets
forwarding options regardless of the previous setting, even if it was
set by e.g. sysctl. This commit creates a new option for IPForwarding,
"kernel", that preserves the sysctl settings rather than always setting
them.
See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial
bug report.
|
|
sd-rtnl: make joining broadcast groups implicit
|
|
|
|
networkd: bond - only set packets_per_slave on balance-rr mode
|
|
journald: do not strip leading whitespace from messages
|
|
-ENOSYS is returned from kmod_module_probe_insert_module() if a module isn't
available, not -ENOENT. Don't spit out a warning in that case unless the
warn_if_unavailable flag is set.
Also factor out the condition into an own variable for better readability.
|
|
Lets us simplify the function and drop SO_PASSCRED.
Thanks to Alexander Larsson and David Herrmann.
|
|
ima_write_policy() expects data to be written as one or more
rules, no more than PAGE_SIZE at a time. Easiest way to ensure
that we are not splitting rules is to read and write one line at
a time.
https://bugzilla.redhat.com/show_bug.cgi?id=1226948
|
|
(Also, downgrade message from LOG_ERROR to LOG_WARNING, after all we
don't care much and just proceed)
|
|
Without the boolean bus_name_good services as well as cgroup_realized
for units a unit of Type=dbus and ExecReload sending SIGHUP to $MAINPID
will be terminated if systemd will be daemon reloaded.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746151
https://bugs.freedesktop.org/show_bug.cgi?id=78311
https://bugzilla.opensuse.org/show_bug.cgi?id=934077
|
|
Net
|
|
build-sys: split internal basic/ library from shared/
|
|
journald: don't employ inner loop for reading from incoming sockets
|
|
basic/ can be used by everything
cannot use anything outside of basic/
libsystemd/ can use basic/
cannot use shared/
shared/ can use libsystemd/
|
|
|
|
Replace strerror() usage with log_netdev_error_errno()
|
|
Replace strerror() usage with log_netdev_error_errno()
|
|
Keep leading whitespace for compatibility with older syslog
implementations. Also useful when piping formatted output to the
`logger` command. Keep removing trailing whitespace.
Tested with `pstree | logger` and checking that the output of
`journalctl | tail` included aligned and formatted output.
Confirmed that all test cases still pass as expected.
|
|
cgtop enhancements for easier machine-readable output
|
|
since last tick
Emit "0" rather than "-" if no change in IO values are seen for a process since
last tick, so long as accounting has registered content at all.
|
|
shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
|
|
sd-network: allow the state dir to be created after the monitor
|
|
move dns code from resolve to shared v3
|
|
Our bloom-filters support root-path matching. Make sure we properly add
the path_namespace= tag.
|
|
DBus-spec defines two different pattern matchings:
1) Path and namespace prefix matching. In this case, A matches B either
if both are equal, or if B is fully included in the namespace of A.
In other words, A has to be a prefix of B, but end with a separator
character (or the following character in B must be one).
This is used for path_namespace= and arg0namespace=
2) The other pattern matching is used for arg0path= which does a two-way
matching. That is, A must be a prefix of B, or B a prefix of A.
Furthermore, the prefix must end with a separator.
Fix the sd-bus helpers to reflect that. The 'simple_' and 'complex_'
prefixes don't make any sense now, but.. eh..
|
|
Make sure we actually verify our match-rules are executed properly. Right
now all we test is the bloom-matches, which are non-reliable as they leave
through false-positives.
|
|
DBus spec clearly defines arg0path= to be a two-way matching. That is,
either the matcher or the matchee can be a prefix of the other to match.
This is not possible to implement with bloom-filters. Instead, we'd have
to add a separate filter for each prefix. This is non-trivial, though.
Hence, just skip the match for now and match locally.
|
|
Lets look at an example where we add arg0="/foo/bar/waldo" to a
bloom-filter. The following strings are added:
"arg0:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar"
"arg0-slash-prefix:/foo"
Two problems arise:
1) If we match on "arg0path=/foo/bar/waldo", the dbus-spec explicitly
states that equal strings are also considered prefixes. However, in the
bloom-match, we can only provide a single match-filter. Therefore, we have
to add "arg0-slash-prefix:/foo/bar/waldo" there, but this never occured in
the bloom-mask of the message.
Hence, this patch makes sure bloom_add_prefixes() adds the full path as
prefix, too.
2) If we match on "arg0path=/foo/", the dbus-spec states that arg0path
does prefix-matching with the trailing slash _included_, unlike
path_namespace= matches, which does *not* include them. This is
inconsistent, but we have to support the specs. Therefore, we must add
prefixes with _and_ without trailing separators.
Hence, this patch makes sure bloom_add_prefixes() adds all prefixes with
the trailing slash included.
The final set of strings added therefore is:
"arg0:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar/"
"arg0-slash-prefix:/foo/bar"
"arg0-slash-prefix:/foo/"
"arg0-slash-prefix:/foo"
"arg0-slash-prefix:/"
|
|
dhcp domain option
previously hostname_is_valid was used to validate domain names, which
would silently drop perfectly valid dns names that were longer than a
single dns label.
|
|
|
|
|
|
Otherwise, if the socket is constantly busy we will never return to the
event loop, but we really need to to dispatch other (possibly more
high-priority) events too. Hence, return after dispatching one message
to the event handler, and rely on the event loop calling us back
right-away.
Fixes #125
|
|
We now listen for new subdirs of /run/systemd, and /run/systemd/netif in case
/run/systemd/netif/links does not exist.
|
|
util: introduce CMSG_FOREACH() macro and make use of it everywhere
|
|
Otherwise the creation of the bond fails.
|
|
It's only marginally shorter then the usual for() loop, but certainly
more readable.
|
|
Follow up for 7c918141ed.
|
|
sd-network: allow NULL in sd_network_monitor_unref
|
|
Match rest of codebase, we always allow unref'ing NULL.
|
|
|
|
|
|
use it anymore
|
|
|
|
|
|
By using our homegrown function we can dispense with all the iffdefery.
|
|
This appears to be the right time to do it for SOCK_STREAM
unix sockets.
Also: condition bus_get_owner_creds_dbus1 was reversed. Split
it out to a separate variable for clarity and fix.
https://bugzilla.redhat.com/show_bug.cgi?id=1224211
|