Age | Commit message (Collapse) | Author |
|
The conf_files_list family accepts an alternate root path to prefix all
directories in the list but path_strv_canonicalize_uniq doesn't use it.
This results in the suspicious behavior of resolving directory symlinks
based on the contents of / instead of the alternate root.
This adds a prefix argument to path_strv_canonicalize which will now
prepend the prefix, if given, to every path in the list. To avoid
answering what a relative path means when called with a root prefix
path_strv_canonicalize is now path_strv_canonicalize_absolute and only
considers absolute paths. Fortunately all users of already call
path_strv_canonicalize with a list of absolute paths.
|
|
Currently if the user logs out, the GC may never call user_stop(),
this will not terminate the systemd user and (sd-pam) of that user.
To fix this, remove the USER_CLOSING state check that is blocking the
GC from calling user_stop(). Since if user_check_gc() returns false
this means that all the sessions of the user were removed which will
make user_get_state() return USER_CLOSING.
Conclusion: that test will never be statisfied.
So we remove the USER_CLOSING check and replace it with a check inside
user_stop() this way we know that user_stop() has already queued stop
jobs, no need to redo.
This ensures that the GC will get its two steps correctly as pointed out
by Lennart:
http://lists.freedesktop.org/archives/systemd-devel/2014-February/016825.html
Note: this also fixes another bug that prevents creating the user
private dbus socket which will break communications with the user
manager.
|
|
containers
The kernel still doesn't support audit in containers, so let's make use
of seccomp and simply turn it off entirely. We can get rid of this big
as soon as the kernel is fixed again.
|
|
|
|
|
|
This was inadvertantly disturbed in e3e0314b when glob support was
added.
|
|
|
|
|
|
|
|
one operation
|
|
|
|
sd_rtnl_xxx_new_yyy()
So far we followed the rule to always indicate the "flavour" of
constructors after the "_new_" or "_open_" in the function name, so
let's keep things in sync here for rtnl and do the same.
|
|
The "sd_" prefix is supposed to be used on exported symbols only, and
not in the middle of names. Let's drop it from the cleanup macros hence,
to make things simpler.
The bus cleanup macros don't carry the "sd_" either, so this brings the
APIs a bit nearer.
|
|
into the container
|
|
|
|
|
|
during their start job
https://bugzilla.redhat.com/show_bug.cgi?id=997031
|
|
This is useful to prohibit execution of non-native processes on systems,
for example 32bit binaries on 64bit systems, this lowering the attack
service on incorrect syscall and ioctl 32→64bit mappings.
|
|
|
|
architecture support for system calls
Also, turn system call filter bus properties into complex types instead
of concatenated strings.
|
|
|
|
- Allow configuration of an errno error to return from blacklisted
syscalls, instead of immediately terminating a process.
- Fix parsing logic when libseccomp support is turned off
- Only keep the actual syscall set in the ExecContext, and generate the
string version only on demand.
|
|
|
|
Some DHCP servers will not work correctly if secs == 0, so round up
to at least 1.
|
|
Udev does not run in containers, so instead of relying on it to tell us when a
network device is ready to be used by networkd, we simply assume that any
device was fully initialized before being added to the container.
|
|
This allows customization of the arguments used by less. The main
motivation is that some folks might not like having --no-init on every
invocation of less.
|
|
of this
|
|
Let's remove the tests for cg_path_get_machine_name(), since they no
longer operate solely on the cgroup path, but actually look up data in
/run. Since we have a test for cg_pid_get_machine_name() this shouldn't
be too much of a loss.
|
|
|
|
Otherwise we get a (harmless) message like:
systemd-logind[30845]: Failed to process message [type=signal sender=:1.36 path=/org/freedesktop/systemd1/job/4674 interface=org.freedesktop.DBus.Properties member=PropertiesChanged signature=sa{sv}as]: Invalid argument
|
|
KillUserProcesses=yes/no should be ignored when termination is
explicitly requested.
|
|
|
|
|
|
In function user_get_state() remove the session_is_active() check, just
count on the session_get_state() function to get the correct session
state.
session_is_active() may return true before starting the session scope
and user service, this means it will return true even before the creation
of the session fifo_fd which will produce incorrect states.
So be consistent and just use session_get_state().
|
|
disabled
|
|
or services) as machine with machined
|
|
|
|
|
|
the container with machined
|
|
|
|
The .sym file somehow lacks these declarations, so add these. You have to
run "make clean" to make sure the sym-test runs fine afterwards.
|
|
This fixes a regression introduced in 672682a6b
|
|
Also limit the range of vlan ids. Other implementations and
documentation use the ranges {0,1}-{4094,4095}, but we use
the one accepted by the kernel: 0-4094.
Reported-by: Oleksii Shevchuk <alxchk@gmail.com>
|
|
|
|
|
|
We are more likely to catch errors if we don't use '0' as test value.
|
|
|
|
namespacing
|
|
Let's always call the security labels the same way:
SMACK: "Smack Label"
SELINUX: "SELinux Security Context"
And the low-level encapsulation is called "seclabel". Now let's hope we
stick to this vocabulary in future, too, and don't mix "label"s and
"security contexts" and so on wildly.
|
|
-, like for others settings.
Also remove call to security_check_context, as this doesn't serve anything, since
setexeccon will fail anyway.
|