Age | Commit message (Collapse) | Author |
|
|
|
From fd.o bug 88898:
systemd-resolved fails to start:
Failed to drop capabilities: Operation not permitted
Broken in f11943c53ec181829a821c6b27acf828bab71caa.
Drop all capabilities:
1. prctl(PR_SET_KEEPCAPS, keep_capabilities != 0) // 0 when we drop all
capabilities
2. setresuid() // bye bye capabilities
3. Add CAP_SETPCAP // fails because we have no capabilities
4. Reduce capability bounding set
5. Drop capabilities
6. prctl(PR_SET_KEEPCAPS, 0)
Capabilites should always be kept after setresuid() so that the capability
bounding set can be reduced.
Based-on-a-patch-by: mustrumr97@gmail.com
https://bugs.freedesktop.org/show_bug.cgi?id=88898
We must be careful not to leave PR_SET_KEEPCAPS on. We could use the
setresuid() call to drop capabilities, but the rules when capabilities
are dropped are fairly complex, since a transition to non-zero uid must
happen. Let's instead keep the capabilities during setresuid(), and drop
them later.
|
|
This was broken when the code was rearranged in "1e2fd62d70ff
core/load-fragment.c: correct argument sign and split up long lines"
|
|
If we scale our buffer to be wide enough for the format string, we
should expect that the calculation was correct.
char_array_0() invocations are removed, since snprintf nul-terminates
the output in any case.
A similar wrapper is used for strftime calls, but only in timedatectl.c.
|
|
|
|
In the test, p is a path to a directory, always absolute. dent->d_name
is a single path component, so they cannot be equal. The comparison
was wrong also for other reasons: D type supports globs, so direct
comparisons using streq are not enough.
|
|
https://github.com/docker/docker/issues/10280
|
|
|
|
We would otherwise wait for the interface to be completely configured, which
could take considerable time with IPv4LL. As a result nspawn was very slow
at obtaining IP addresses.
|
|
In addition to the loopback device, also explicitly configured devices to be ignored.
Suggested by Charles Devereaux <systemd@guylhem.net>.
|
|
As in sd-bus, simply log at debug level when a callback fails, but don't fail the event handler.
Otherwise any error returned by any callback will disable the rtnl event handler. We should
only do that on serious internal errors in sd-rtnl that we know cannot be recovered from.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=88284
|
|
entirety as gvariant objects"
This breaks booting with kdbus.
This reverts commit b381de4197157748ed96e469fcc372c23f842ae1.
|
|
This reverts commit df6e44c4affced590b0d19c594d9301ffd436591.
systemd --version segfaults.
Starting program: /usr/lib/systemd/systemd --version
Missing separate debuginfos, use: debuginfo-install systemd-216-16.fc21.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
systemd 218
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
Program received signal SIGSEGV, Segmentation fault.
0x000055555557c9be in main (argc=2, argv=0x7fffffffe4d8) at src/core/main.c:1832
1832 arg_shutdown_watchdog = m->shutdown_watchdog;
(gdb) bt
(gdb) bt full
m = 0x0
|
|
This might be fixed one day, but for now it's better to fail.
https://bugzilla.redhat.com/show_bug.cgi?id=1186952
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=87354
|
|
This reverts commit b914ea8d379b446c4c9fac4ba181771676ef38cd.
We really need to put a limit on all our resources, everywhere, and in
particular if we operate on external data.
Hence, let's reintroduce the limit, but bump it substantially, so that
it is guaranteed to be higher than any realistic RLIMIT_NOFILE setting.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=88284
|
|
|
|
It may happen that you have several sessions with the same VT:
- Open a session c1 which leaves some processes around, and log out. The
session will stay in State=closing and become Active=no.
- Log back in on the same VT, get a new session "c2" which is State=active and
Active=yes.
When restarting logind after that, the first session that matches the current
VT becomes Active=yes, which will be c1; c2 thus is Active=no and does not get
the usual polkit/device ACL privileges.
Restore the "closing" state in session_load(), to avoid treating all restored
sessions as State=active. In seat_active_vt_changed(), prefer active sessions
over closing ones if more than one session matches the current VT.
Finally, fix the confusing comment in session_load() and explain it a bit
better.
https://launchpad.net/bugs/1415104
|
|
|
|
|
|
Add unit dependencies for dynamic (i. e. not from fstab) mounts. With that,
mount units properly bind to their underlying device, and thus get
automatically stopped/unmounted when the underlying device goes away.
This cleans up stale mounts from unplugged devices.
Thanks to Lennart Poettering for pointing out the fix!
|
|
http://lists.freedesktop.org/archives/systemd-devel/2015-January/027594.html
|
|
changing unit state
Unit _start() and _stop() implementations can fail with -EAGAIN to delay
execution temporarily. Thus, we should not output status messages before
invoking these calls, but after, and only when we know that the
invocation actually made a change.
|
|
and start of list
|
|
|
|
|
|
Commit 4e48855534 caused the .sh suffix to be stripped from the original
"filename", which caused the generated units to call the wrong init.d script.
Only use the .sh stripped file name for comparing with Provides:, not for
generating the Exec*= lines.
Spotted by sysv-generator-test.
|
|
|
|
The help text, apart from being too long, did not describe what the options
really do.
|
|
on the console too
|
|
This should be useful for cases where clean rebooting doesn't work, and
the user wants to hurry up the reboot.
|
|
the same sysv script
It's sufficient to check once if something is a regular file, hence,
let's do that.
|
|
dispatch one of them at a time
If two start jobs for two seperate .swap device nodes are queued, which
then turns out to be referring to the same device node, refuse
dispatching more than one of them at the same time.
This should solve an issue when the same swap partition is found via GPT
auto-discovery and via /etc/fstab, where one uses a symlink path, and
the other the raw devce node. So far we might have ended up invoking
mkswap on the same node at the very same time with the two device node
names.
With this change only one mkswap should be executed at a time. THis
mkswap should have immediate effect on the other swap unit, due to the
state in /proc/swaps changing, and thus suppressing actual invocation of
the second mkswap.
http://lists.freedesktop.org/archives/systemd-devel/2015-January/027314.html
|
|
|
|
|
|
|
|
|
|
|
|
In containers without CAP_SYS_ADMIN, it is not possible to mount tmpfs
(or any filesystem for that matter) on top of /run/user/$UID.
Previously, logind just failed in such a situation.
Now, logind will resort to chown+chmod of the directory instead. This
allows logind still to work in those environments, although without the
guarantees it provides (i.e. users not being able to DOS /run or other
users' /run/user/$UID space) when CAP_SYS_ADMIN is available.
|
|
If setup of per-user runtime dir fails, clean up afterwards by removing
the directory before returning from the function, so we don't leave the
directory behind.
If this is not done, the second time the user logs in logind would
assume that the directory is already set up, even though it isn't.
|
|
Once IPv6 addresses have been acquired, assign these to the interface
with the prefix lengths taken from the ICMPv6 Router Advertisement
handling code. The preferred and valid IPv6 address lifetimes are
handed to the kernel which will clean up them if not renewed in time.
When a prefix announced via Router Advertisements expires, find all
addresses that match that prefix and update the address to have a
prefix length of 128 causing the prefix to be off-link.
|
|
Keep the expired prefix for the duration of the prefix expiration event
and remove it afterwards.
|
|
Add test cases that feeds an Router Advertisement to the ICMPv6 code
and verify that the correct prefix lengths are returned given an IPv6
address.
Enhance the prefix verification test by adding a shorter prefix and
check that the intended prefix lengths are now updated.
|
|
Save each new onlink IPv6 prefix and attach an expiry timer to it.
If the prefixes overlap, take the shorter prefix and write a debug
message about the event. Once the prefix is resent in a Router
Advertisement, update the timer. Add a new event for the expiring
prefix.
Add two helper functions, one for returning a prefix length given a
Router Advertisement and the other for generic prefix matching given
an IPv6 prefix and address.
|
|
|
|
Update MTU according to the latest value received.
|
|
Each ICMPv6 structure has an interface index and will therefore be
associated with an IPv6 link containing a list of of prefixes.
|
|
As the IPv6 prefixes are needed, update the ICMPv6 Router Advertisement
code to dynamically allocate a suitably sized buffer. Iterate through
the ICMPv6 options one by one returning error if the option length is
too big to fit the buffer.
|