| Age | Commit message (Collapse) | Author |
|---|
|
When deciding whether the provided name equals the file name in
sysv_translate_facility(), also consider them equal if the file name has a
".sh" suffix.
This was uncovered by commit b7e7184 which then created a symlink
"<name>.service" to itself for ".sh" suffixed init.d scripts.
For additional robustness, refuse to create symlinks to itself in add_alias().
Add test case which reproduces the bug.
https://bugs.debian.org/775889
|
|
This way, we can import CoreOS images unmodified.
|
|
In case CAP_SYS_ADMIN is missing (like in containers), one cannot fake pid in
struct ucred (uid/gid are fine if CAP_SETUID/CAP_SETGID are present).
Ensure that journald will try again to forward the messages to syslog without
faking the SCM_CREDENTIALS pid (which isn't guaranteed to succeed anyway, since
it also does the same thing if the process has already exited).
With this patch, journald will no longer silently discard messages
that are supposed to be sent to syslog in these situations.
https://bugs.debian.org/775067
|
|
|
|
|
|
|
|
|
|
This also adds an initial keyring for the verification, that contains
Ubuntu's and Fedora's key. We should probably add more entries sooner or
later.
|
|
When we set up a loopback device with partition probing, the udev
"change" event about the configured device is first passed on to
userspace, only the the in-kernel partition prober is started. Since
partition probing fails with EBUSY when somebody has the device open,
the probing frequently fails since udev starts probing/opening the
device as soon as it gets the notification about it, and it might do so
earlier than the kernel probing.
This patch adds a (hopefully temporary) work-around for this, that
compares the number of probed partitions of the kernel with those of
blkid and synchronously asks for reprobing until the numebrs are in
sync.
This really deserves a proper kernel fix.
|
|
|
|
|
|
|
|
files
|
|
|
|
|
|
This allows us to reuse a lot more code, and simplify pull-raw
drastically.
|
|
Ubuntu provides their cloud images optionally as tarball, hence also
support downloading those.
|
|
|
|
subscibe->subscribe
|
|
|
|
|
|
|
|
Plain implies a ... "plain" output.
Also do not say "No jobs" with --no-legend. We skip
reporting the number of jobs with --no-legend if there
are any, and 0 is also a number, and should be skipped.
|
|
linux partition
This should allow running Ubuntu UEFI GPT Images with nspawn,
unmodified.
|
|
|
|
|
|
|
|
than "size"
After all, it's closer to the "du"-reported value than to the file
sizes...
|
|
to target
|
|
|
|
|
|
|
|
|
|
|
|
Terminals tend to be 80 columns wide by default, and the help
text is only supposed to be a terse reminder anyway.
https://bugzilla.redhat.com/show_bug.cgi?id=1183771
|
|
|
|
This remove the need for various header files to include the
(relatively heavyweight) util.h.
|
|
|
|
There is no reason to provide our own attach_flags_mask. We can simply
rely on kdbus.attach_flags_mask= which is read by the kernel *and* kmod.
If it's set, we assume the user wants to override our setting, so we
simply skip setting it.
|
|
The kernel module system is not namespaced, so no container should ever
modify global options. Make sure we set the kdbus attach_flags_mask only
on a real boot as PID1.
|
|
Don't use recvmsg(2) return value to check for too long packets
(it doesn't work) but MSG_TRUNC flag.
(David: add parantheses around condition)
|
|
There were two callers, one can use strtod_l() and the other strptime_l().
(David: fix up commit-msg and coding-style)
|
|
If the received NTP message from server didn't fit to our buffer, either
it is doing something nasty or we don't know the protocol. Consider the
packet as invalid.
(David: add parantheses around conditional)
|
|
While it's a lovely scenario, it's probably not really useful. Fix our
GetConnectionUnixUser() to return the actual 'euid' which we asked for,
not the possible uninitialized 'uid'.
|
|
This reverts commit 68e68ca8106e7cd874682ae425843b48579c6539. We *need*
root access to create cgroups. The only exception is if it is run from
within a cgroup with "Delegate=yes". However, this is not always true and
we really shouldn't rely on this.
If your terminal runs from within a systemd --user instance, you're fine.
Everyone else is not (like running from ssh, VTs, and so on..).
|
|
If we set SD_BUS_CREDS_AUGMENT, we *need* the PID from the kernel so we
can lookup further information from /proc. However, we *must* set
SD_BUS_CREDS_PIDS in "mask", otherwise, our creds-collector will never
actually copy the pid into "sd_bus_creds". Fix this, so
SD_BUS_CREDS_AUGMENT works even if SD_BUS_CREDS_PID is not specified by
the caller.
|
|
Fix comment typo and clarify that this is not about privileges but can
have rather arbitrary reasons.
|
|
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
|
|
Make sure we tell the kernel to fake all UIDs/GIDs. Otherwise, the remote
side has no chance of querying our effective UID (which is usually what
they're interested in).
|
|
We need to implicitly allow HELLO from users with the same uid as the bus.
Fix the bus-uid tracking to use the original uid, not the uid after
privilege-dropping.
|
