Age | Commit message (Collapse) | Author |
|
mode_t is unsigned, so MODE_INVALID < 0 can never be true.
This fixes a possible DoS where any user could fill /run by writing to
a world-writable /run/systemd/show-status.
|
|
The verb entry got lost in the ultimate commit.
|
|
Fixes #2015
|
|
|
|
environments
This adds some basic infrastructure in order to fix #2015.
|
|
Two small nspawn fixes
|
|
Fixes #2186
This fixes fall-out from 574edc90066c3faeadcf4666928ed9b0ac409c75.
|
|
Fixes #2091
|
|
But also keep the old name as (undocumented) compatibility around.
The reload-or-try-restart was documented to be a NOP if the unit is not running, since the previous commits this is
also implemented. The old name suggests that the "try" logic only applies to restarting. Fix this, by moving the "try-"
to the front, to indicate that the whole option is a NOP if the service isn't running.
|
|
This result can only happen if the job was a reload job for an inactive unit. Make the error message actually say that.
|
|
Otherwise we might end up generating jobs that fail immediately.
This follows the same logic that restart propagation follows.
|
|
When we determine the current system state we check whether units like emergency.target are running or a job that
results in them being run is queued. However, this is not the case for JOB_TRY_RESTART, since that's a NOP if the unit
has not been running before. Hence, don't bother with checking for that job type.
|
|
unit is not running
This makes sure we follow the same basic logic for try-restart if we have a try-reload.
Fixes #688
|
|
Let's make sure we read it in a way compatible with non-aligned memory.
Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812928
|
|
When checking a unit's state, don't ignore errors too eagerly, but generate proper error messages. Also, don't
synthesize an "unknown" state on error, but let the operation file. If a unit file isn't loaded treat this as
"inactive" as that's effectively what it means.
|
|
As it turns out all callers of check_unit_generic() already mangle unit names, or get the unit names directly from PID
1 (and hence arein normalized form anyway), hence there's no point in mangling then...
|
|
Some minor simplifications. Shouldn't change codepaths.
|
|
transient service
Otherwise we might end resetting /dev/console all the time when a transient service starts or stops.
Fixes #2377
Fixes #2198
Fixes #2061
|
|
utf8.[ch] et al: use char32_t and char16_t instead of int, int32_t, i…
|
|
rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring
to unicode chars, to make things more expressive.
[
@zonque:
* rebased to current master
* use AC_CHECK_DECLS to detect availibility of char{16,32}_t
* make utf8_encoded_to_unichar() return int
]
|
|
Fixes #1692
|
|
Let's make sure our poll() calls don't get interrupted where they shouldn't (SIGALRM, ...), but allow them to be
interrupted where they should (SIGINT, ...).
Fixes #1965
|
|
When the user specifies "foo*" as unit name glob expression, we shouldn't turn this into "foo*.service". Hence: only
append a suffix if the specified string isn't a glob expression.
Fixes: #2397
|
|
If we have many entries to add to an strv we really should try to be smarter than constantly realloc()ing the strv
array. Instead, grow it exponentially.
|
|
THis is otherwise really hard to read...
|
|
|
|
loopback file
An unlimited quota makes a lot of sense, but we really should try to propagate this onto the loopback file size, since
an infinitely sized file makes no sense.
Fixes: #2314 #2253
|
|
networkd: Add support to configure VXLAN Port
|
|
Ask password unicode fix
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1301984
|
|
|
|
[v1] core: resolve specifier in config_parse_exec()
|
|
From dd0bc0f1
|
|
Fix the comparison to include the first alias, which will
otherwise be left as a bogus pointer.
|
|
journald: minor fixes
|
|
nineteenth dnssec patch
|
|
shutdown: complain if process excluded from killing spree runs of the same rootfs as PID1 (v3)
|
|
Whenever we include a log level or facility in a journal string field, make sure the compiler checks for us that that's
actually the right thing to do.
|
|
Fixes: #2304
|
|
This gets rid of the private DNSSEC TODO and moves it in the main TODO dump site, as the DNSSEC implementation is
pretty complete now, and the remaining bits are low-priority.
|
|
Lets make sure we always take notice of network changes before answering client requests.
This way, calls like SetLinkDNS() become race-free as the specified interface index is guarantee to have been processed
if it exists before we make changes to it.
|
|
DNS response
If we encounter NXDOMAIN, but find at least one matching RR in a response, then patch it to become SUCCESS. This should
clean up handling of CNAME/DNAMEs, and makes sure broken servers and those conforming to RFC 6604 are treated the same
way. The new behaviour opposes the logic suggested in RFC 6604, but given that some servers don't implement it
correctly, and given that in some ways the CNAME/DNAME chains will be incomplete anyway, and given that DNSSEC
generally only allows us to prove the first element of a CNAME/DNAME chain, this should simplify things for us.
|
|
|
|
Following the changes to expose the "routing" and "search" domain concepts in networkd, actually make resolved use
them. It will now use routing domains exclusively for making DNS routing decisions, and use search domains additionally
for extending single-label names.
|
|
The call combines outputing a string with prefixing it with a space, optionally. This is useful to shorten the logic
for outputing lists of strings, that are space separated.
|
|
This changes the UseDomains= setting of .network files to take an optional third value "route", in addition to the
boolean values. If set, the passed domain information is used for routing rules only, but not for the search path
logic.
|
|
configuration settings
All booleans called dhcp_xyz are now called ".dhcp_use_xyz", to match their respective configuration file settings. This
should clarify things a bit, in particular as there is a DHCP hostname that was previously called just ".hostname"
because ".dhcp_hostname" was already existing as a bool. Since this confusion is removed now because the bool is called
".dhcp_use_hostname", the string field is now renamed to ".dhcp_hostname".
|
|
Let's make sure the root domain is normalized to ".", rather than then empty string, so that there's actually something
to see on screen. Normally, we don't append a trailing dot to normalized domain names, but do so in the one exception
of the root domain, taking inspiration from UNIX file system paths.
|
|
Also don't permit host/domain names that reference the root domain, and unify the codepaths for this.
|
|
When we collect the domain names of the various links and other sources in one ordered set, make sure to use proper DNS
name comparison to filter out duplicates.
|