Age | Commit message (Collapse) | Author |
|
Even though systemd has its own smack label since
'--with-smack-run-label' configuration is set, the smack label of each
CGROUP root directory should have the star (i.e. *) label. This is
mainly because current Linux Kernel set the label in this way.
(Refer to smack_d_instantiate() in security/smack/smack_lsm.c)
However, if systemd has its own smack label and arg_join_controllers is
explicitly set or initialized by initialize_join_controllers() function,
current systemd creates the symlink in CGROUP root directory with its
own smack label as below.
lrwxrwxrwx. 1 root root System 11 Dec 31 16:00 cpu -> cpu,cpuacct
dr-xr-xr-x. 4 root root * 0 Dec 31 16:01 cpu,cpuacct
lrwxrwxrwx. 1 root root System 11 Dec 31 16:00 cpuacct -> cpu,cpuacct
This patch fixes that bug by copying the smack label from the origin.
|
|
This adds a new mac_smack_copy() function in order to read the smack
label from the source and apply it to the destination.
|
|
|
|
cgroup fix, nspawn fix, plus change to download .nspawn files in importd
|
|
Coccinelle fixes
|
|
|
|
analyze: add alias handling for --{from,to}-pattern options of the dot command
|
|
Patch via coccinelle.
|
|
Turns this:
r = -errno;
log_error_errno(errno, "foo");
into this:
r = log_error_errno(errno, "foo");
and this:
r = log_error_errno(errno, "foo");
return r;
into this:
return log_error_errno(errno, "foo");
|
|
Turn this:
if ((r = foo()) < 0) { ...
into this:
r = foo();
if (r < 0) { ...
|
|
Replace this:
if (fd >= 0)
safe_close(fd);
by this:
safe_close(fd);
|
|
Replace this:
close(fd);
fd = -1;
write this:
fd = safe_close(fd);
|
|
This replaces this:
free(p);
p = NULL;
by this:
p = mfree(p);
Change generated using coccinelle. Semantic patch is added to the
sources.
|
|
udev: build by-path identifiers for ATA devices.
|
|
/dev/disk/by-path
total 0
lrwxrwxrwx. 1 root root 9 Sep 4 10:02 pci-0000:00:1f.2-ata-2 -> ../../sr0
lrwxrwxrwx. 1 root root 9 Sep 4 10:02 pci-0000:00:1f.2-ata-3 -> ../../sdd
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:00:1f.2-ata-3-part1 -> ../../sdd1
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:00:1f.2-ata-3-part2 -> ../../sdd2
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:00:1f.2-ata-3-part3 -> ../../sdd3
lrwxrwxrwx. 1 root root 9 Sep 4 10:02 pci-0000:03:00.0-ata-4 -> ../../sda
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:03:00.0-ata-4-part1 -> ../../sda1
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:03:00.0-ata-4-part2 -> ../../sda2
lrwxrwxrwx. 1 root root 9 Sep 4 10:02 pci-0000:08:00.0-ata-1 -> ../../sdc
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:08:00.0-ata-1-part1 -> ../../sdc1
lrwxrwxrwx. 1 root root 10 Sep 4 10:02 pci-0000:08:00.0-ata-1-part2 -> ../../sdc2
|
|
Since 59512f21 the parameters were passed in the wrong order, causing the
options to be interpreted as the description.
Also, while "false" was supposed to be passed for "rw", the ESP should actually
be mounted read-write. It just happened to be "true" since the description char*
was passed for "rw".
|
|
|
|
the controller in the kernel
Follow-up to 5bf8002a3a6723ce50331c024122078552fb600a.
|
|
basic: rework virtualization detection API
|
|
This seems to be an oversight from:
707b66c66381c899d7ef640e158ffdd5bcff4deb
We have to return ENODATA instead of ENOENT if a requested entry is
non-present. Also fix the call-site in udev to check for these errors.
|
|
treewide: fix typos
|
|
sd-bus: pass container bus errors up to calling process
|
|
|
|
systemctl: add ConsistsOf as the inverse of PartOf
|
|
cgroup-util: fix devices controller
|
|
Commit efdb0237 accidentally changed the name of the "devices" cgroup
controller to "device".
|
|
|
|
We should really close all parent sides of our child/parent socket
pairs.
|
|
|
|
SOCK_DGRAM and SOCK_SEQPACKET have very similar semantics when used with
socketpair(). However, SOCK_SEQPACKET has the advantage of knowing a
hangup concept, since it is inherently connection-oriented.
Since we use socket pairs to communicate between the nspawn main process
and the nspawn child process, where the child might die abnormally it's
interesting to us to learn about this via hangups if the child side of
the pair is closed. Hence, let's switch to SOCK_SEQPACKET for these
internal communication sockets.
Fixes #956.
|
|
|
|
Now that we get useful error messages from sd-bus for container
connections, let's make use of this and report better errors back to
machined clients.
Fixes #685.
|
|
When forking of a child process for connecting to a container, pass
the preicse connection error to the calling process.
We already did this correctly for kdbus busses, let's do so for dbus1
busses, too.
|
|
Let's remove unnecessary inclusions, and order the list alphabetically
as suggested in CODING_STYLE now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Make sure we always check conditions before checking whether the unit
type is supported in unit_start(), since condition checks are "clean
errors", while "not supported" errors are fatal.
This cleans up the boot output of systemd in containers, where a lot of
NOTSUPP lines were shown befor this fix.
This partially reverts 8ff4d2ab0d4758e914aea6d86154d85f2b2c787f which
reorder the checks.
|
|
Introduce a proper enum, and don't pass around string ids anymore. This
simplifies things quite a bit, and makes virtualization detection more
similar to architecture detection.
|
|
handle LUKS root partitions better in gpt-auto, plus other fixes
|
|
systemd
Commit 5f4c5fef6 introduced this new test case, but this does not work in
build chroots where cgroupfs is not mounted. So skip the test if systemd is not
running.
|
|
sd-event: make sure to create a signal queue for the right signal
|
|
various fixes to the core, logind, machined, nspawn
|
|
`systemd-analyze dot --from-pattern default.target` works fine
|
|
We should never access the "signal" part of the event source unless the
event source is actually for a signal. In this case it's a child pid
handler however, hence make sure to use the right signal.
This is a fix for PR #1177, which in turn was a fix for
9da4cb2be260ed123f2676cb85cb350c527b1492.
|
|
|