Age | Commit message (Collapse) | Author |
|
subhierarchies
For priviliged units this resource control property ensures that the
processes have all controllers systemd manages enabled.
For unpriviliged services (those with User= set) this ensures that
access rights to the service cgroup is granted to the user in question,
to create further subgroups. Note that this only applies to the
name=systemd hierarchy though, as access to other controllers is not
safe for unpriviliged processes.
Delegate=yes should be set for container scopes where a systemd instance
inside the container shall manage the hierarchies below its own cgroup
and have access to all controllers.
Delegate=yes should also be set for user@.service, so that systemd
--user can run, controlling its own cgroup tree.
This commit changes machined, systemd-nspawn@.service and user@.service
to set this boolean, in order to ensure that container management will
just work, and the user systemd instance can run fine.
|
|
The compiler will do this for us.
|
|
|
|
|
|
Check return value of hashmap_ensure_allocated().
CID#1250807.
|
|
Explicitly check the length of the read.
Fixes CID#1250803.
|
|
Explicitly ignore return value of ioctl to set window size.
Fixes CID#1250804 and CID#1250800.
|
|
This mirrors code in dbus.c when creating the private socket and
avoids error messages like:
systemd[1353]: bind(/run/user/603/systemd/notify) failed: No such file or directory
systemd[1353]: Failed to fully start up daemon: No such file or directory
|
|
The metadata logic in kdbus has seen a rework, and the only mandatory
change we have to follow for now is that attach_flags in kdbus_cmd_hello
is now split into two parts, attach_flags_send and attach_flags_recv.
|
|
Lets recognize the fact that startswith() returns a pointer to the tail on
success. Use it instead of hard-coding string-lengths as magic constants.
|
|
|
|
Let's be strict here, since its better to be safe than sorry.
|
|
In kdbus a "server id" is mostly a misnomer, as there isn't any "server"
involved anymore. Let's rename this to "owner" id hence, since it is an
ID that is picked by the owner of a bus or direct connection. This
matches nicely the sd_bus_get_owner_creds() call we already have.
|
|
a) When getting the description return ENXIO if none is set
b) Allow setting a description to NULL
c) return ECHILD on fork() like for other calls
|
|
|
|
|
|
|
|
To mirror the recent name change of the concept for sd_bus objects,
follow the same logic for sd_event_source objects, too.
|
|
|
|
kdbus recently renamed this concept, and so should we in what we expose
in userspace.
|
|
Catch up with some changes in kdbus.h:
* KDBUS_{ITEM,ATTACH}_CONN_NAME were renamed to
KDBUS_{ITEM,ATTACH}_CONN_DESCRIPTION, so the term 'name' is not
overloaded as much.
* The item types were re-ordered a little so they are lined up to the
order of the corresponding KDBUS_ATTACH flags
* A new item type KDBUS_ITEM_OWNED_NAME was introduced, designated to
store a struct kdbus_name in item->name. KDBUS_ITEM_NAME soley
stores data in item->str now
* Some kerneldoc fixes
|
|
The barrier implementation tracks remote states internally. There is no
need to check the return value of any barrier_*() function if the caller
is not interested in the result. The barrier helpers only return the state
of the remote side, which is usually not interesting as later calls to
barrier_sync() will catch this, anyway.
Shut up coverity by explicitly ignoring return values of barrier_place()
if we're not interested in it.
|
|
Imagine a constructor like this:
int object_new(void **out) {
void *my_object;
int r;
...
r = ioctl(...);
if (r < 0)
return -errno;
...
*out = my_object;
return 0;
}
We have a lot of those in systemd. If you now call those, gcc might inline
the call and optimize it. However, gcc cannot know that "errno" is
negative if "r" is. Therefore, a caller like this will produce warnings:
r = object_new(&obj);
if (r < 0)
return r;
obj->xyz = "foobar";
In case the ioctl in the constructor fails, gcc might assume "errno" is 0
and thus the error-handling is not triggered. Therefore, "obj" is
uninitialized, but accessed. Gcc will warn about that.
The new negative_errno() helper can be used to mitigate those warnings.
The helper is guaranteed to return a negative integer. Furthermore, it
spills out runtime warnings if "errno" is non-negative.
Instead of returning "-errno", you can use:
return negative_errno();
gcc will no longer assume that this can return >=0, thus, it will not warn
about it.
Use this new helper in libsystemd-terminal to fix some grdev-drm warnings.
|
|
This macro exists for MIPS since v3.17:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=42944521af97a3b25516f15f3149aec3779656dc
|
|
This complements the fix in:
commit cd4c6fb12598435fe24431f1dd616f9582f0e3bd
Author: Jan Synacek <jsynacek@redhat.com>
Date: Mon Oct 20 12:43:39 2014 +0200
man: fix localectl set-x11-keymap syntax description
|
|
|
|
|
|
always pass along comm, as documented by audit. Always set the correct
comm value.
|
|
have anyway
|
|
A small readability improvement...
|
|
Let's make the log output more readable, and the header can be
reconstructed in full from the other fields
|
|
|
|
Similar to auditd actually turn on auditing as we are starting. This way
we can operate entirely without auditd around.
|
|
audit doesn't support timestamps anyway
|
|
|
|
|
|
journal files based on a size/time limit
This is equivalent to the effect of SystemMaxUse= and RetentionSec=,
however can be invoked directly instead of implicitly.
|
|
|
|
And conditionalize journald audit support with it
|
|
|
|
|
|
|
|
On older kernels before this patch:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e8b671460410c8fd996c8a1c228b718c547cc236
ppp-ioctl.h did not pull in ppp_defs.h which results in build errors
|
|
|
|
This way they always show up together with 'Found ordering cycle...'.
Ordering cycles are a serious error and a major pain to debug. If
quiet is enabled, only the first and the last line of output are
shown:
systemd[1]: Found ordering cycle on basic.target/start
systemd[1]: Breaking ordering cycle by deleting job timers.target/start
systemd[1]: Job timers.target/start deleted to break ordering cycle starting with basic.target/start
which isn't particularly enlightening. So just show the whole message
at the same level.
https://bugzilla.redhat.com/show_bug.cgi?id=1158206
|
|
|
|
This library negotiates a PPPoE channel. It handles the discovery stage and
leaves the session stage to the kernel. A further PPP library is needed to
actually set up a PPP unit (negotatie LCP, IPCP and do authentication), so in
isolation this is not yet very useful.
The test program has two modes:
# ./test-pppoe
will create a veth tunnel in a new network namespace, start pppoe-server on one
end and this client library on the other. The pppd server will time out as no
LCP is performed, and the client will then shut down gracefully.
# ./test-pppoe eth0
will run the client on eth0 (or any other netdev), and requires a PPPoE server
to be reachable on the local link.
|
|
FILE * wants cleanup_fclose().
Spotted by udev hwdb segfaulting in gnome-continuous' buildroot
construction.
|
|
s/threat/treat/g
|
|
A recent commit (2f3a215) changed the parsing of /proc/cmdline to use a
shell array. Unfortunately, this introduced a bug: "read -ar line"
populates the shell variable $r, not $line. This breaks installation of
new loader entries:
# kernel-install add 3.17.1-304.fc21.x86_64 \
/boot/vmlinuz-3.17.1-304.fc21.x86_64
Could not determine the kernel command line parameters.
Please specify the kernel command line in /etc/kernel/cmdline!
This commit alters the read command to correctly populate the $line
array instead.
|