Age | Commit message (Collapse) | Author |
|
it seems to be a typo introduced by ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602
- _r = selinux_access_check(_b, _m, _u->source_path ?:_u->fragment_path, (permission), &_error); \
+ ({ Unit *_unit = (unit); selinux_generic_access_check(bus,message, _unit->fragment_path ?: _unit->fragment_path, permission,error); })
|
|
|
|
|
|
--link-journal={host,guest} fail if the host does not have persistent
journalling enabled and /var/log/journal/ does not exist. Even worse, as there
is no stdout/err any more, there is no error message to point that out.
Introduce two new modes "try-host" and "try-guest" which don't fail in this
case, and instead just silently skip the guest journal setup.
Change -j to mean "try-guest" instead of "guest", and fix the wrong --help
output for it (it said "host" before).
Change systemd-nspawn@.service.in to use "try-guest" so that this unit works
with both persistent and non-persistent journals on the host without failing.
https://bugs.debian.org/770275
|
|
command, and support both a terse and a verbose output format
|
|
|
|
|
|
signature is passed in
|
|
|
|
/proc/[pid]/cwd and /proc/[pid]/root are symliks to corresponding
directories
The added functions returns values of that symlinks.
|
|
|
|
for all objects
This is a ton more useful when some services fail, since we continue
crawling then and output everything to a pager.
|
|
|
|
|
|
same time
|
|
|
|
|
|
already is in the set
|
|
it for a future "busctl introspect" command
|
|
The lease is usually tied to the client ID, so users of the
lease may want to know what client ID it was acquired with.
|
|
The client identifier can be in many different formats, not just
the one that systemd creates from the Ethernet MAC address. Non-
ethernet interfaces may have different client IDs formats. Users
may also have custom client IDs that the wish to use to preserve
lease options delivered by servers configured with the existing
client ID.
|
|
Based on patch by Dan Williams.
|
|
client->secs wasn't getting set in the REBOOT state, causing
an assertion. REBOOT should work the same way as INIT, per
RFC 2131:
secs 2 Filled in by client, seconds elapsed since client
began address acquisition or renewal process.
REBOOT is necessary because some DHCP servers (eg on
home routers) do not hand back the same IP address unless the
'ciaddr' field is filled with that address, which DISCOVER
cannot do per the RFCs. This leads to multiple leases
on machine reboot or DHCP client restart.
|
|
fix:
CID 1237553 (#1 of 6): Unchecked return value from library
(CHECKED_RETURN
CID 1237553 (#3 of 6): Unchecked return value from library
(CHECKED_RETURN)
CID 1237553 (#4 of 6): Unchecked return value from library
(CHECKED_RETURN)
CID 1237553 (#5 of 6): Unchecked return value from library
(CHECKED_RETURN
CID 1237553 (#6 of 6): Unchecked return value from library
(CHECKED_RETURN)
|
|
|
|
|
|
fix 1237557 Unchecked return value from library
|
|
CID#979416. There is no real race here to fix, but lets make coverity
happy and rework the code.
Note that we still fail if the directory is removed _after_ we ran
mkdir(), so the same race is still there. Coverity is complaining, though.
Rewrite the code to make it happy.
(David: rewrote the commit-message to note that this is not a race. If I'm
wrong, blame me, not Ronny!)
|
|
username was already checked with isempty() and cannot be null at
this point.
CID#1237766
|
|
Our API calls check the validity of bus names anyway, hence we don't
have to do this before calling them...
|
|
|
|
The access check call was broken (as it tried to read a service name
from the UpdateActivationEnvironment() method call which doesn't carry
any). Also, it's unnecessary to make any access checks here, as we just
forward the call to PID 1 which should do the access checks necessary.
|
|
We really shouldn't check for words with "strstr()"...
|
|
|
|
object properties
|
|
Turns out we can just do kmod_setup() earlier, before we do mount_setup(),
so there's no need for mount_setup_late() anymore. Instead, put kdbusfs in
mount_table[].
|
|
|
|
|
|
any body
|
|
kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:
* Each time a file system of this type is mounted, a new kdbus
domain is created.
* The layout inside each mount point is the same as before, except
that domains are not hierarchically nested anymore.
* Domains are therefore also unnamed now.
* Unmounting a kdbusfs will automatically also detroy the
associated domain.
* Hence, the action of creating a kdbus domain is now as
privileged as mounting a filesystem.
* This way, we can get around creating dev nodes for everything,
which is last but not least something that is not limited by
20-bit minor numbers.
The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.
A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().
|
|
There are issues to investigate on with policies shipped by some
packages, which we'll address later. Move that topic out of the
way for now to bring sd-bus in sync with upstream kdbus.
|
|
|
|
|
|
|
|
|
|
add tests for the following directives:
- WorkingDirectory
- Personality
- IgnoreSIGPIPE
- PrivateTmp
- SystemCallFilter: It makes test/TEST-04-SECCOMP obsolete, so it has
been removed.
- SystemCallErrorNumber
- User
- Group
- Environment
|
|
Otherwise we cannot know when a service exited
|
|
|
|
|
|
kdbus learned parsing the attach flags for the KDBUS_CMD_BUS_CREATOR_INFO
ioctl. Bits not set in this mask will not be exported. Set that field to
_KDBUS_ATTACH_ALL for now.
Signed-off-by: Daniel Mack <daniel@zonque.org>
|