Age | Commit message (Collapse) | Author |
|
This was introduced by commit be7d9ff730cb88d7c6a8 and breaks
StopWhenUnneeded=true in the presence of a Requisite dependency.
|
|
SMACK v02: support modify rules and add default executed process label
|
|
This fully synchronizes the content of a "make dist" and a "git archive"
tar ball.
http://lists.freedesktop.org/archives/systemd-devel/2015-June/033214.html
|
|
export sd_bus_object_added() / _removed()
|
|
This is expected on non-systemd systems, so just log it at debug level.
This fixes issue #309.
|
|
Similar to SmackProcessLabel=, if this configuration is set, systemd
executes processes with given SMACK label. If unit has
SmackProcessLabel=, this config is overwritten.
But, do NOT be confused with SMACK64EXEC of execute file. This default
execute process label(and also label which is set by
SmackProcessLabel=) is set fork-ed process SMACK subject label and
used to access the execute file.
If the execution file has also SMACK64EXEC, finally executed process
has SMACK64EXEC subject.
While if the execution file has no SMACK64EXEC, the executed process
has label of this config(or label which is set by
SmackProcessLabel=). Because if execution file has no SMACK64EXEC then
excuted process inherits label from caller process(in this case, the
caller is systemd).
|
|
Smack is also able to have modification rules of existing rules. In
this case, the rule has additional argument to modify previous
rule. /sys/fs/smackfs/load2 node can only take three arguments:
subject object access. So if modification rules are written to
/sys/fs/smackfs/load2, EINVAL error is happen. Those modification
rules have to be written to /sys/fs/smackfs/change-rule.
To distinguish access with operation of cipso2, split write_rules()
for each operation. And, in write access rules, parse the rule and if
the rule has four argument then write into
/sys/fs/smackfs/change-rule.
https://lwn.net/Articles/532340/
fwrite() or fputs() are fancy functions to write byte stream such like
regular file. But special files on linux such like proc, sysfs are not
stream of bytes. Those special files on linux have to be written with
specific size.
By this reason, in some of many case, fputs() was failed to write
buffer to smack load2 node.
The write operation for the smack nodes should be performed with
write().
|
|
Fixes #306.
|
|
This properly avoids setting DBUS_SESSION_BUS_ADDRESS if kdbus
is loaded (or built into the kernel) but not wanted.
|
|
Replaces strerror() usage with log_netdev_error_errno()
|
|
hashmap: debug - lock access to the global hashmap list
|
|
This may be used from multi-threaded programs (say through nss-resolve),
so we must protect the global list.
This is still only relevant for debug builds, so we do not try to handle
cases where the locking fail, but simply assert.
|
|
In such a case let's suppress the warning (downgrade to LOG_DEBUG),
under the assumption that the user has no config file to update in its
place, but a symlink that points to something like resolved's
automatically managed resolve.conf file.
While we are at it, also stop complaining if we cannot write /etc/resolv.conf
due to a read-only disk, given that there's little we could do about it.
|
|
cgroup-util: actually use the path callback
|
|
systemctl: fix edit when EDITOR contains arguments
|
|
a tiny hashmap cleanup
|
|
We allow to specify a callback but then ignore the result. Looks like a trivial typo.
From 7b3fd6313c4b07b6f822a9f979d0c22350a401d9#diff-f010fa21ba7b659b519c122743e55604
|
|
Correctly support cases when the EDITOR environment variable and friends
also contain arguments. For example, to run emacs in terminal only, one
can say:
EDITOR="emacs -nw" systemctl edit myservice
|
|
import/pull: fix for the name/reference overwrite
|
|
When pulling by image digest the identifiers that
were produced by parsing image digest were later
overwritten by code parsing image tag.
This resulted in invalid identifiers being used
when contacting the remote endpoint, resulting in 404.
Reported here:
http://lists.freedesktop.org/archives/systemd-devel/2015-June/033039.html
|
|
The test-barrier binary uses real-time alarms and timeouts to test for
races in the thread-barrier implementation. Hence, if your system is under
high load and your scheduler decides to not run test-barrier for
>BASE_TIME, then the tests are likely to fail.
Two options:
1) Increase BASE_TIME. This will make the test take significantly longer
for no real good. Furthermore, it is still not guaranteed that the
task is scheduled.
2) Don't rely on real-time timers, but use explicit synchronization. This
would basically test one barrier implementation with another.. kinda
ironic.. but maybe something worth looking into.
3) Disable test-barrier by default.
This patch chooses option 3) and makes sure test-barrier only runs if you
pass any argument.
Side note:
test-barrier is written in a way that if it fails under load, but
does not on idle systems, then it is very _unlikely_ that the
barrier implementation is the culprit. Hence, it makes little
sense to run it under load, anyway. It will not improve the test
coverage of barrier.c, but rather the coverage of the test itself.
|
|
Otherwise building fails with glibc 2.16. It works with glibc >= 2.17
because it is implicitly included via macro.h -> sys/param.h -> signal.h
|
|
nspawn: when exiting, flush all remaining bytes from the pty to stdout
|
|
bus-proxy: add new dbus policy search paths from /usr
|
|
journal: make sure the clock increases strict monotonic
|
|
udevd: remove dead code
|
|
Let's work around crappy clocks in test-journal-interleaving.c too. This
does the same as 98d2a5341788b49e82d628dfdc2e241af6d70dcd but for
test-journal-interlaving.c rather than test-journal-stream.c.
|
|
acl-util: various smaller fixes to parse_acl()
|
|
journal: ensure test-journal-stream doesn't get confused by crappy cl…
|
|
D-Bus upstream is working on extending the configuration/policy search
path, follow this.
See #274 for details.
|
|
- Make string parameter const
- Don't log some OOM errors, but not others
- Don't eat up errors generated by acl_from_text()
- Make sure check for success of every single strv_push() call
|
|
We were adding the attributes to the wrong list.
|
|
This is a simpler fix for #210, it simply uses copy_bytes() for the
copying.
|
|
Replace FOREACH_WORD_QUOTED with a loop using unquote_first_word in config_parse_exec()
|
|
This ensures that we write strictly monotonic timestamps into the
journal files, to ensure that we can properly interleave everything
correctly.
See #175 for details.
|
|
Leftover from 6af5e6a4c918a68b196a04346732e094e5373a36
|
|
|
|
This is consistent with how an empty string works in an ExecStart=
statement. We should not differentiate between an empty string and
whitespace only (since they look the same.)
Update the test case with whitespace only to reflect that the list is
reset.
Tested that `test-unit-file` passes and other test cases are not
affected. Installed the patched systemd binaries on a machine, booted
it, looked for out of the usual behavior but did not find any.
|
|
Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop
of unquote_first_word.
Loop through the arguments only once (the FOREACH_WORD_QUOTED
implementation did it twice, once to count them and another time to
process and store them.)
Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve
unrecognized escape sequences such as regexps matches such as "\w",
"\d", etc. (Valid escape sequences such as "\s" or "\b" still need an
extra backslash if literals are desired for regexps.)
Differences in behavior:
- Handle ; (command separator) in special, so that only ; on its own is
valid for that purpose, an quoted semicolon ";" or ';' will now behave
as a literal semicolon. This is probably what was initially intended.
- Handle \; (to introduce a literal semicolon) in special, so that only \;
is turned into a semicolon but not \\; or "\\;" or "\;" which are kept
as a literal \; in the output. This is probably what was initially
intended.
Known issues:
- Using an empty string (for example, ExecStartPre=<empty>) will empty
the list and remove the existing commands, but using whitespace only
(for example, ExecStartPre=<spaces>) will not. This is a pre-existing
issue and will be dealt with in a follow up commit.
Tested:
- Unit tests passing. Also `make distcheck` still works as expected.
- Installed it on a local machine and booted with it, checked console
output, systemctl and journalctl output, did not notice any issues
running the patched systemd binaries.
Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
|
|
These tests will be useful to check the cases regarding quoted and
escaped semicolon when we switch to using unquote_first_word.
Additionally, convert some of the tests that have semicolons so that the
argument after the semicolon looks like a path (starts with /) so that
we can see the change of behavior when making config_parse_exec more
strict about what it accepts as a command separator.
|
|
It will try to unquot_first_word, but if it runs into escaping problems
it will retry it adding UNQUOTE_CUNESCAPE_RELAX to the flags. If it
succeeds on the second try, it will log a warning about it. If it fails
both times, it will log an error.
Add test cases to confirm it behaves as expected.
|
|
The new flag UNQUOTE_UNESCAPE_RELAX preserves unrecognized escape
sequences verbatim in unquote_first_word, either when it's a trailing
backslash (similar to UNQUOTE_RELAX, but in this case keep the extra
backslash in the output) or in the middle of a sequence string.
Add unit test cases to ensure the new flag works as expected and to
prevent regressions from being introduced.
Tested with a follow up commit converting config_parse_exec() to start
using unquote_first_word, in which case this flags makes it possible to
preserve unrecognized escape sequences.
Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
|
|
|
|
sd-dhcp-client: readd deleted error check
|
|
logind: save /run/systemd/users/UID before starting user@.service
|
|
In kdbus we still have to support org.freedesktop.DBus matches even though
there is no real bus driver. The reason is that bus-control.c turns
NameOwnerChanged matches into proper kdbus matches. If we drop DRIVER
matches early, we will never match on name-changes for kdbus.
Two ways to fix this:
1) Install DRIVER matches on kdbus (which is the simple way our and which
is what this patch does).
2) Properly fix the scope-detection to let NameOwnerChanged matches
through (or better: block anything with Member!=NameOwnerChanged).
|
|
Seems to have been removed by mistake in:
9021bb9f935c93b516b10c88db2a212a9e3a8140
|
|
udevd: daemon - connect /dev/null to std{in,out,err} in debug mode
|
|
turn kdbus support into a runtime option
|
|
Not all watchdog drivers implement WDIOC_SETOPTIONS. Drivers which do
not implement it have their device always enabled. So it's fine to
report an error if WDIOS_DISABLECARD is passed and the ioctl is not
implemented, however failing when WDIOS_ENABLECARD is passed and the
ioctl is not implemented is not good: if the device was already
enabled then WDIOS_ENABLECARD was a no-op and wasn't needed in the
first place. So we can just ignore the error and continue.
|