| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Implicitly make all dirs set with RuntimeDirectory= writable, as the concept
otherwise makes no sense.
|
|
This adds a new call get_user_creds_clean(), which is just like
get_user_creds() but returns NULL in the home/shell parameters if they contain
no useful information. This code previously lived in execute.c, but by
generalizing this we can reuse it in run.c.
|
|
|
|
If a dir is marked to be inaccessible then everything below it should be masked
by it.
|
|
ProtectControlGroups=
If enabled, these will block write access to /sys, /proc/sys and
/proc/sys/fs/cgroup.
|
|
Let's make sure that all our rules apply to all archs the local kernel
supports.
|
|
Bug introduced in 1b4cd64683.
|
|
Show is documented to be program-parseable, and printing the warning about
about a non-existent unit, while useful for humans, broke a lot of scripts.
Restore previous behaviour of returning success and printing empty or useless
stuff for units which do not exist, and printing empty values for properties
which do not exists.
With SYSTEMD_LOG_LEVEL=debug, hints are printed, but the return value is
still 0.
This undoes parts of e33a06a and 3dced37b7 and fixes #3856.
We might consider adding an explicit switch to fail on missing units/properties
(e.g. --ensure-exists or similar), and make -P foobar equivalent to
--ensure-exists --property=foobar.
|
|
|
|
Also some trivial tests for STR_IN_SET and STRPTR_IN_SET.
|
|
|
|
|
|
While an interface is still being processed by udev, it is in state "pending",
instead of "unmanaged". We must not flush device configuration then.
Further fixes commit 3104883ddc24 after commit c436d55397.
Fixes #4186
|
|
Replaces #4103.
|
|
Fix journal hmac calculation.
|
|
configuration files (#4205)
Currently, systemd-sysctl command configures kernel parameters in each sysctl
configuration files in random order due to characteristics of iterator of
Hashmap.
However, kernel parameters need to be configured in the order they occur in
each sysctl configuration files.
- For example, consider fs.suid_coredump and kernel.core_pattern. If
fs.suid_coredump=2 is configured before kernel.core_pattern= whose default
value is "core", then kernel outputs the following message:
Unsafe core_pattern used with suid_dumpable=2. Pipe handler or fully qualified core dump path required.
Note that the security issue mentioned in this message has already been fixed
on recent kernels, so this is just a warning message on such kernels. But
it's still confusing to users that this message is output on some boot and
not output on another boot.
- I don't know but there could be other kernel parameters that are significant
in the order they are configured.
- The legacy sysctl command configures kernel parameters in the order they
occur in each sysctl configuration files. Although I didn't find any official
specification explaining this behavior of sysctl command, I don't think there
is any meaningful reason to change this behavior, in particular, to the
random one.
This commit does the change by simply using OrderedHashmap instead of Hashmap.
|
|
This commit is a minor tweak after the split of `--share-system`, decoupling the `--boot`
option from IPC namespacing.
Historically there has been a single `--share-system` option for sharing IPC/PID/UTS with the
host, which was incompatible with boot/pid1 mode. After the split, it is now possible to express
the requirements with better granularity.
For reference, this is a followup to #4023 which contains references to previous discussions.
I realized too late that CLONE_NEWIPC is not strictly needed for boot mode.
|
|
Since commit 5996c7c295e073ce21d41305169132c8aa993ad0 (v190 !), the
calculation of the HMAC is broken because the hash for a data object
including a field is done in the wrong order: the field object is
hashed before the data object is.
However during verification, the hash is done in the opposite order as
objects are scanned sequentially.
|
|
We shouldn't silently fail when appending the tag to a journal file
since FSS protection will simply be disabled in this case.
|
|
|
|
If we find duplicates in a property-lookup, make sure to order them by
their origin. That is, matches defined "later" take precedence over
earlier matches. The "later"-order is defined by file-name + line-number
combination. That is, if a match is defined below another one in the
same hwdb file, it takes precedence, same as if it is defined in a file
ordered after another one.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
|
|
Extend the hwdb to store the source file-name and file-number for each
property. We simply extend the stored value struct with the new
information. It is fully backwards compatible and old readers will
continue to work.
The libudev/sd-hwdb reader is updated in a followup.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
|
|
It is not legal to use hard-coded types to calculate offsets. We must
always use the offsets of the hwdb header to calculate those. Otherwise,
we will break horribly if run on hwdb files written by other
implementations or written with future extensions.
Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
|
|
|
|
|
|
|
|
|
|
Further discussion showed that this better gets addressed at the packaging
level.
This reverts commit 34210af7c63640fca1fd4a09fc23b01a8cd70bf3.
|
|
Network file dropins
|
|
|
|
If Kind is not specied, the message about "Invalid Kind" was misleading.
If Kind was specified in an invalid way, we get a message in the parsing
phase anyway. Reword the message to cover both cases better.
|
|
|
|
This way we don't have to create a nulstr just to unpack it in a moment.
|
|
In preparation for adding a version which takes a strv.
|
|
Fixes #3655.
[zj: Fix the tests.]
|
|
The key used to be jammed next to the local file path. Based on the format string on line 1675, I determined that the order of arguments was written incorrectly, and updated the function based on that assumption.
Before:
```
Please write down the following secret verification key. It should be stored
at a safe location and should not be saved locally on disk.
/var/log/journal/9b47c1a5b339412887a197b7654673a7/fss8f66d6-f0a998-f782d0-1fe522/18fdb8-35a4e900
The sealing key is automatically changed every 15min.
```
After:
```
Please write down the following secret verification key. It should be stored
at a safe location and should not be saved locally on disk.
d53ed4-cc43d6-284e10-8f0324/18fdb8-35a4e900
The sealing key is automatically changed every 15min.
```
|
|
condition: ignore nanoseconds in timestamps for ConditionNeedsUpdate=
Fixes #4130.
|
|
When a docker container is confined with AppArmor [1] and happens to run
on top of a kernel that supports mount mediation [2], e.g. any Ubuntu
kernel, mount(2) returns EACCES instead of EPERM. This then leads to:
systemd-logind[33]: Failed to mount per-user tmpfs directory /run/user/1000: Permission denied
login[42]: pam_systemd(login:session): Failed to create session: Access denied
and user sessions don't start.
This also applies to selinux that too returns EACCES on mount denial.
[1] https://github.com/docker/docker/blob/master/docs/security/apparmor.md#understand-the-policies
[2] http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/view/head:/kernel-patches/4.7/0025-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch
|
|
|
|
|
|
|
|
to prevent false-positives
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=90192 and #4130
for real. Also, remove timestamp check in update-done.c altogether since
the whole operation is idempotent.
|
|
|
|
1. add support for kind vcan
2. fixup indention netlink-types.c, networkd-netdev.c
|
|
Strerror removal and other janitorial cleanups
|
|
Will be used by rpm-ostree (and likely lorax) to suppress
RPM->kernel->%posttrans->dracut runs, and basically everything
else this script is doing.
I'll also likely change the `kernel.spec` to respect this as well.
|
|
We were already unconditionally using the unicode character when the
input string was not pure ASCII, leading to different behaviour in
depending on the input string.
systemd[1]: Starting printit.service.
python3[19962]: foooooooooooooooooooooooooooooooooooo…oooo
python3[19964]: fooąęoooooooooooooooooooooooooooooooo…oooo
python3[19966]: fooąęoooooooooooooooooooooooooooooooo…ąęąę
python3[19968]: fooąęoooooooooooooooooąęąęąęąęąęąęąęą…ąęąę
systemd[1]: Started printit.service.
|
|
|
|
sd_bus_error_set_errnof supports %m, so there's no need to call
strerror manually.
|
