Age | Commit message (Collapse) | Author |
|
Remove old temporary snapshots, but only at boot. Ideally we'd have
"self-destroying" btrfs snapshots that go away if the last last
reference to it does. To mimic a scheme like this at least remove the
old snapshots on fresh boots, where we know they cannot be referenced
anymore. Note that we actually remove all temporary files in
/var/lib/machines/ at boot, which should be safe since the directory has
defined semantics. In the root directory (where systemd-nspawn
--ephemeral places snapshots) we are more strict, to avoid removing
unrelated temporary files.
This also splits out nspawn/container related tmpfiles bits into a new
tmpfiles snippet to systemd-nspawn.conf
|
|
|
|
This adds a "char *extra" parameter to tempfn_xxxxxx(), tempfn_random(),
tempfn_ranomd_child(). If non-NULL this string is included in the middle
of the newly created file name. This is useful for being able to
distuingish the kind of temporary file when we see one.
This also adds tests for the three call.
For now, we don't make use of this at all, but port all users over.
|
|
just created
We already had a safety check in place that we don't end up descending
to the original subvolume again, but we also should avoid descending in
the newly created one.
This is particularly important if we make a snapshot below its source,
like we do in "systemd-nspawn --ephemeral -D /".
Closes https://bugs.freedesktop.org/show_bug.cgi?id=90803
|
|
The names fw-util.[ch] are too ambiguous, better rename the files to
firewall-util.[ch]. Also rename the test accordingly.
|
|
login: fix potential null pointer dereference
|
|
nspawn: make seccomp loading errors non-fatal
|
|
seccomp_load returns -EINVAL when seccomp support is not enabled in the
kernel [1]. This should be a debug log, not an error that interrupts nspawn.
If the seccomp filter can't be set and audit is enabled, the user will
get an error message anyway.
[1]: http://man7.org/linux/man-pages/man2/prctl.2.html
|
|
Fix CID 1304686: Dereference after null check (FORWARD_NULL)
However, this commit does not fix any bug in logind. It helps to keep
the elect_display_compare() function generic.
|
|
udevd: event - don't log about failures of spawn processes when this …
|
|
tree-wide: fix memory leaks in users of bus_map_all_properties()
|
|
If you use bus_map_all_properties(), you must be aware that it might
touch output variables even though it may fail. This is, because we parse
many different bus-properties and cannot tell how to clean them up, in
case we fail deep down in the parser.
Fix all callers of bus_map_all_properties() to correctly cleanup any
context structures at all times.
|
|
No functional change, but looked weird.
|
|
Improve tun/tap logging by using the new log_*errno*() functions that set 'errno' explicitly. Also fix a bunch of incorrect errno/r confusions.
|
|
Rename sd_rtnl to sd_netlink to prepare for further netlink-protocol support. Anything rtnl specific still uses the sd_rtnl prefix, but the generic parts (including the bus and message objects) are now called sd_netlink.
|
|
Replaces strerror() usage with log_netdev_error_errno()
|
|
|
|
Split netlink-socket.c and rtnl-message.c from netlink-message.c.
|
|
AF_NETLINK is not write-buffered, so this was actually never used.
|
|
|
|
ima-setup: write policy one line at a time
|
|
|
|
IPForwarding=kernel v3
|
|
CID 996302: Error handling issues (CHECKED_RETURN)
|
|
In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced
to set forwarding flags on interfaces in .network files. networkd sets
forwarding options regardless of the previous setting, even if it was
set by e.g. sysctl. This commit creates a new option for IPForwarding,
"kernel", that preserves the sysctl settings rather than always setting
them.
See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial
bug report.
|
|
sd-rtnl: make joining broadcast groups implicit
|
|
|
|
networkd: bond - only set packets_per_slave on balance-rr mode
|
|
journald: do not strip leading whitespace from messages
|
|
-ENOSYS is returned from kmod_module_probe_insert_module() if a module isn't
available, not -ENOENT. Don't spit out a warning in that case unless the
warn_if_unavailable flag is set.
Also factor out the condition into an own variable for better readability.
|
|
Lets us simplify the function and drop SO_PASSCRED.
Thanks to Alexander Larsson and David Herrmann.
|
|
ima_write_policy() expects data to be written as one or more
rules, no more than PAGE_SIZE at a time. Easiest way to ensure
that we are not splitting rules is to read and write one line at
a time.
https://bugzilla.redhat.com/show_bug.cgi?id=1226948
|
|
(Also, downgrade message from LOG_ERROR to LOG_WARNING, after all we
don't care much and just proceed)
|
|
Without the boolean bus_name_good services as well as cgroup_realized
for units a unit of Type=dbus and ExecReload sending SIGHUP to $MAINPID
will be terminated if systemd will be daemon reloaded.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746151
https://bugs.freedesktop.org/show_bug.cgi?id=78311
https://bugzilla.opensuse.org/show_bug.cgi?id=934077
|
|
Net
|
|
build-sys: split internal basic/ library from shared/
|
|
journald: don't employ inner loop for reading from incoming sockets
|
|
basic/ can be used by everything
cannot use anything outside of basic/
libsystemd/ can use basic/
cannot use shared/
shared/ can use libsystemd/
|
|
|
|
Replace strerror() usage with log_netdev_error_errno()
|
|
Replace strerror() usage with log_netdev_error_errno()
|
|
Keep leading whitespace for compatibility with older syslog
implementations. Also useful when piping formatted output to the
`logger` command. Keep removing trailing whitespace.
Tested with `pstree | logger` and checking that the output of
`journalctl | tail` included aligned and formatted output.
Confirmed that all test cases still pass as expected.
|
|
cgtop enhancements for easier machine-readable output
|
|
since last tick
Emit "0" rather than "-" if no change in IO values are seen for a process since
last tick, so long as accounting has registered content at all.
|
|
shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
|
|
sd-network: allow the state dir to be created after the monitor
|
|
move dns code from resolve to shared v3
|
|
Our bloom-filters support root-path matching. Make sure we properly add
the path_namespace= tag.
|
|
DBus-spec defines two different pattern matchings:
1) Path and namespace prefix matching. In this case, A matches B either
if both are equal, or if B is fully included in the namespace of A.
In other words, A has to be a prefix of B, but end with a separator
character (or the following character in B must be one).
This is used for path_namespace= and arg0namespace=
2) The other pattern matching is used for arg0path= which does a two-way
matching. That is, A must be a prefix of B, or B a prefix of A.
Furthermore, the prefix must end with a separator.
Fix the sd-bus helpers to reflect that. The 'simple_' and 'complex_'
prefixes don't make any sense now, but.. eh..
|
|
Make sure we actually verify our match-rules are executed properly. Right
now all we test is the bloom-matches, which are non-reliable as they leave
through false-positives.
|