Age | Commit message (Collapse) | Author |
|
nspawn containers currently block module loading in all cases, with
no option to disable it. This allows an admin, specifically setting
capability=CAP_SYS_MODULE or capability=all to load modules.
|
|
We were dropping the most significant bit. Add an assert to make sure it does not happen again.
Fixes a bug introduced in 7d328b544621d4b1bec936dec612947ad8bfb65a.
|
|
|
|
It ran either skip_session() or skip_user_manager(), then ran skip_slices()
iff skip_session() ran. It needs to run skip_slices() in either case.
Included is a test case demonstrating why.
|
|
quiet should really just have an effect on the stuff we dump on the
console, not what we log elsewhere.
Hence:
debug on kernel cmdline → interpreted by every tool, turns up
log levels to "debug" everywhere.
quiet on kernel cmdline → interpreted only by PID 1 (and
obviously the kernel) no alteration of the max log level, but
turns off status output.
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026271.html
|
|
Check sysfs devicetree values in order to detect if we are running on a KVM
hypervisor on a powerpc architecture.
|
|
|
|
|
|
|
|
This one was acutally used to free xattr
|
|
|
|
Add the missing "static" to actually make this a cache.
|
|
|
|
|
|
|
|
missing.h
|
|
|
|
|
|
|
|
./test-dhcp-client would attempt to operate fd 0, i.e. stdin.
For example, './test-dhcp-client </dev/null' would fail with EPERM
because /dev/null cannot be used with epoll.
https://bugzilla.redhat.com/show_bug.cgi?id=1076119
|
|
After all it is now much more like strjoin() than strappend(). At the
same time, add support for NULL sentinels, even if they are normally not
necessary.
|
|
Let's return the fd we found as return value in systemd_netlink_fd(),
instead of using call-by-reference.
|
|
|
|
instead of defining our own string tables
|
|
a single user so far.
|
|
|
|
When booting with systemd-bootchart, default to call the systemd binary
rather than the init binary on disk, which might be another init system.
Collecting data only works with booting systemd.
|
|
On my computer, the minimum brightness enforced by clamping in
backlight is too bright.
Let udev property ID_BACKLIGHT_CLAMP control whether the brightness
is clamped or not.
|
|
Simplify the check from commit 05f73ad to only apply the warning to regular
files instead of enumerating device nodes.
|
|
Using /dev/urandom as a key is valid for swap, do not
warn if this devices are world readable.
|
|
Still keep the non-socket activation code around for starting from the commandline, but
will likely drop that too in the future.
|
|
|
|
Default to timing out after 120 seconds without a network connection. Setting a
timeout of 0 disables the timeout.
|
|
In both cases exit the event loop.
|
|
|
|
|
|
From fd.o bug 88898:
systemd-resolved fails to start:
Failed to drop capabilities: Operation not permitted
Broken in f11943c53ec181829a821c6b27acf828bab71caa.
Drop all capabilities:
1. prctl(PR_SET_KEEPCAPS, keep_capabilities != 0) // 0 when we drop all
capabilities
2. setresuid() // bye bye capabilities
3. Add CAP_SETPCAP // fails because we have no capabilities
4. Reduce capability bounding set
5. Drop capabilities
6. prctl(PR_SET_KEEPCAPS, 0)
Capabilites should always be kept after setresuid() so that the capability
bounding set can be reduced.
Based-on-a-patch-by: mustrumr97@gmail.com
https://bugs.freedesktop.org/show_bug.cgi?id=88898
We must be careful not to leave PR_SET_KEEPCAPS on. We could use the
setresuid() call to drop capabilities, but the rules when capabilities
are dropped are fairly complex, since a transition to non-zero uid must
happen. Let's instead keep the capabilities during setresuid(), and drop
them later.
|
|
This was broken when the code was rearranged in "1e2fd62d70ff
core/load-fragment.c: correct argument sign and split up long lines"
|
|
If we scale our buffer to be wide enough for the format string, we
should expect that the calculation was correct.
char_array_0() invocations are removed, since snprintf nul-terminates
the output in any case.
A similar wrapper is used for strftime calls, but only in timedatectl.c.
|
|
|
|
In the test, p is a path to a directory, always absolute. dent->d_name
is a single path component, so they cannot be equal. The comparison
was wrong also for other reasons: D type supports globs, so direct
comparisons using streq are not enough.
|
|
https://github.com/docker/docker/issues/10280
|
|
|
|
We would otherwise wait for the interface to be completely configured, which
could take considerable time with IPv4LL. As a result nspawn was very slow
at obtaining IP addresses.
|
|
In addition to the loopback device, also explicitly configured devices to be ignored.
Suggested by Charles Devereaux <systemd@guylhem.net>.
|
|
As in sd-bus, simply log at debug level when a callback fails, but don't fail the event handler.
Otherwise any error returned by any callback will disable the rtnl event handler. We should
only do that on serious internal errors in sd-rtnl that we know cannot be recovered from.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=88284
|
|
entirety as gvariant objects"
This breaks booting with kdbus.
This reverts commit b381de4197157748ed96e469fcc372c23f842ae1.
|
|
This reverts commit df6e44c4affced590b0d19c594d9301ffd436591.
systemd --version segfaults.
Starting program: /usr/lib/systemd/systemd --version
Missing separate debuginfos, use: debuginfo-install systemd-216-16.fc21.x86_64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
systemd 218
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
Program received signal SIGSEGV, Segmentation fault.
0x000055555557c9be in main (argc=2, argv=0x7fffffffe4d8) at src/core/main.c:1832
1832 arg_shutdown_watchdog = m->shutdown_watchdog;
(gdb) bt
(gdb) bt full
m = 0x0
|
|
This might be fixed one day, but for now it's better to fail.
https://bugzilla.redhat.com/show_bug.cgi?id=1186952
|