Age | Commit message (Collapse) | Author |
|
The manpage of seccomp specify that using seccomp with
SECCOMP_SET_MODE_FILTER will return EACCES if the caller do not have
CAP_SYS_ADMIN set, or if the no_new_privileges bit is not set. Hence,
without NoNewPrivilege set, it is impossible to use a SystemCall*
directive with a User directive set in system mode.
Now, NoNewPrivileges is set if we are in user mode, or if we are in
system mode and we don't have CAP_SYS_ADMIN, and SystemCall*
directives are used.
|
|
tree-wide: merge pager_open_if_enabled() to the pager_open()
|
|
Many subsystems define own pager_open_if_enabled() function which
checks '--no-pager' command line argument and open pager depends
on its value. All implementations of pager_open_if_enabled() are
the same. Let's merger this function with pager_open() from the
shared/pager.c and remove pager_open_if_enabled() from all subsytems
to prevent code duplication.
|
|
RFC 2131 Section 4.1 says that
"If the ’giaddr’ field in a DHCP message from a client is non-zero,
the server sends any return messages to the ’DHCP server’ port on the
BOOTP relay agent whose address appears in ’giaddr’."
Fix this by adding a destination port when sending unicast UDP packets
and provide the server port when a BOOTP relay agent is being used.
|
|
|
|
tests: various fixes
|
|
|
|
tree-wide: minor formatting inconsistency cleanups
|
|
|
|
Bugfix set virt=none when running on XEN Dom0
|
|
When running in XEN Dom0 the virtualization check:
1) detect_xen returns HYPERVISOR_NONE so next checks are executed
2) /proc/sys/hypervisor detects a XEN hypervisor
it is lacking the special Dom0 detection as in detect_xen
With this patch, at the end of all virtualization checks we double-check if running in XEN Dom0 or DomU.
|
|
print out every single detection executed and its result.
|
|
|
|
|
|
|
|
Remove systemd-bootchart
|
|
|
|
journal: restore offline state on error
|
|
Networkctl prettification
|
|
|
|
|
|
|
|
This was only needed for bootchart, so it can go now.
|
|
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
|
|
tree-wide: make ++/-- usage consistent WRT spacing
|
|
Personality fixes
|
|
Throughout the tree there's spurious use of spaces separating ++ and --
operators from their respective operands. Make ++ and -- operator
consistent with the majority of existing uses; discard the spaces.
|
|
If we fail to create the thread, technically we should leave the
offline_state as OFFLINE_JOINED, not OFFLINE_SYNCING.
|
|
udev-rules cleanup fix
|
|
|
|
|
|
|
|
|
|
We have this ids, hence let's use them universally.
|
|
After all, it is pretty generic, has no external deps besides libc, and is very
similar to virt.[ch] which is also in basic/
|
|
faccessat returns 0 on success.
A cosmetic fix is also included: the slash was doubled unnecessarily.
|
|
lldp fixes, second iteration
|
|
calendarspec: fix find_next skipping times
|
|
networkd: tunnel fix tunnel address
|
|
missing.h: Explicitly check for IFLA_BRPORT_PROXYARP
|
|
reset usec when bumping hours/minutes
|
|
RHEL explicitly disables IFLA_BRPORT_PROXYARP by renaming the enum value.
In order to support unpatched builds, we have two options:
a) redefine the enum value through missing.h and ignore the fact that it
is really unsupported, or
b) omit that enum value on rtnl_prot_info_bridge_port_types[]
As we are not actually using this netlink type anywhere, and because it
is only hooked up for the sake of completeness, this patch opts for the
former.
|
|
networkd: make sure we allocate the NTA set before we add items to it
|
|
A fix for #2678
|
|
Make sure we propagate errors properly.
|
|
normalization success
After all, we verify that every calendar part is not out of bounds later on,
and it's fully OK if the normalization has no effect.
|
|
See: #2683
|
|
Perform journal offlines asynchronously when possible
|
|
Instead of just notifying about the fact that something changed in the
database, actually inform the callback what precisely changed. This is useful,
so that the LLDP tx logic can be put into "fast" mode as soon as a previously
unknown peer appears, as suggested by the LLDP spec.
|
|
|