Age | Commit message (Collapse) | Author |
|
This new unit settings allows restricting which address families are
available to processes. This is an effective way to minimize the attack
surface of services, by turning off entire network stacks for them.
This is based on seccomp, and does not work on x86-32, since seccomp
cannot filter socketcall() syscalls on that platform.
|
|
|
|
for us
|
|
|
|
|
|
If we evict a session position, we open the position slot for future
sessions. However, there might already be another session on the same
position if both were started on the same VT. This is currently done if
gdm spawns the session on its own Xserver.
Hence, look for such a session on pos-eviction and claim the new slot
immediately.
|
|
GREEDY_REALLOC takes a pointer to the real size, not the array-width as
argument. Therefore, our array is currently way to small to keep the seat
positions.
Introduce GREEDY_REALLOC0_T() as typed version of GREEDY_REALLOC and store
the array-width instead of array-size.
|
|
container
|
|
As pointed-out by clang -Wunreachable-code.
No behaviour changes.
|
|
This way we make this more network/container transparent and also do not
require any client side privileges.
|
|
remotely
|
|
BlockIOAccounting= for all units at once
|
|
|
|
|
|
With loaded_policy set to true mount_setup() relabels /dev properly.
|
|
Systemd creates directories in /dev. These directories will
get the label of systemd, which is the label of the System
domain, which is not accessable to everyone. Relabel the
directories, files and symlinks created so that they can be
generally used.
Based on a patch by Casey Schaufler <casey@schaufler-ca.com>.
|
|
We are not parsing timezone data.
|
|
processing
This should make operation nicer with docking stations, but will not
cover anything that does not implement SW_DOCK.
|
|
This makes llvm happy when we assign an error code to the variable.
|
|
|
|
next_elapse_monotonic() should map to the "NextElapseUSecMonotonic"
property and next_elapse_realtime() to "NextElapseUSecRealtime" one.
This makes "systemctl list-timers" compute and show the correct times.
https://bugs.freedesktop.org/show_bug.cgi?id=75272
|
|
The ttyS[0-3] devices are weird. They may be enumerated, but when one
actually tries to open and use them they return EIO, because they don't
actually exist. Because they may be enumerated they may be specified on
the kernel command line as console=. And some people do that as default.
As response to that we'll spawn a getty on the tty that will quickly
fail, and we retry a couple of time before giving up. That is quite
noisy.
With this new change we will validate all serial terminals configured
with console= on the kernel cmdline before adding gettys on them, and
remove the invalid ones. THis should remove the noise later on.
This should make Eric Paris happy!
|
|
hence don't bother
|
|
|
|
We expose the control group of the units on the bus, so let's also
expose the root control group.
|
|
|
|
of the message
|
|
If an UDP packet has not passed through a hardware device, its checksum may not
have been computed. This is exposed through the TP_STATUS_CSUMNOTREADY sockopt.
When using raw sockets, skip checksum validation when TP_STATUS_CSUMNOTREADY
is set.
This is necessary for dhcp to work directly over a veth tunnel, e.g. as done
in systemd-nspawn.
|
|
|
|
|
|
The RFC does not specify that the packets from the DHCP server must come from
the DHCP server port, only that that's where they should be sent.
This fixes a problem when running networkd in VirtualBox.
Thanks to Sébastien Luttringer for reporting the bug and very patiently testing
various fixes.
|
|
This avoids the problem of broken DHCP servers sending us too big packets that don't fit in our buffer.
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1047148
|
|
Also be more explicit about why packages are ignored.
|
|
for sizes
According to Wikipedia it is customary to specify hardware metrics and
transfer speeds to the basis 1000 (SI decimal), while software metrics
and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary).
So far we specified everything in IEC, let's fix that and be more
true to what's otherwise customary. Since we don't want to parse "Mi"
instead of "M" we document each time what the context used is.
|
|
../src/shared/unit-name.c:462: error: undefined reference to 'sd_bus_label_escape'
../src/shared/unit-name.c:477: error: undefined reference to 'sd_bus_label_unescape'
collect2: error: ld returned 1 exit status
|
|
This may be a common problem, so let's make it simpler to debug,
at least for now.
|
|
sd_memfd_new is available twice. Remove the second one.
|
|
|
|
available ifunc wrapping
|
|
|
|
|
|
|
|
For gudev -> gudevdevice:
- Add support for get_sysfs_attr_keys()
- Add support for has_sysfs_attr()
|
|
This also changes the names to MTUBytes and BitsPerSecond, respectively. Notice
that the speed was mistakenly documented to be in bytes before this change.
|
|
particular devices nodes
|
|
Also fix a copy-paste error that broke matching on interface name.
|
|
|
|
Just two minor style fixes...
|
|
sleep immediately again
This is quite useful on laptops such as the Lenovo Yoga, where the power
button is placed on the front side of the laptop and can be pressed by
accident even if the lid is closed.
This reworks a bit of the logind logic to repeatedly try to suspend the
system as long as a lid is closed. We use the new "post" event source
for this, so that we don't keep things busy.
This also adds some code to check the lid status on boot, so that a
powered-off machine that is accidentaly powered on goes into suspend
immediately.
Yay! From now on I can put my Yoga safely in my backpack without fearing
that it might turn itself on and drain the battery.
|