fix spelling of privilege
This commit is contained in:
parent
8891f695c7
commit
f1721625e7
2
NEWS
2
NEWS
|
@ -166,7 +166,7 @@ CHANGES WITH 211:
|
||||||
directory's lifetime is bound to the daemon runtime and that
|
directory's lifetime is bound to the daemon runtime and that
|
||||||
the daemon starts up with an empty directory each time. This
|
the daemon starts up with an empty directory each time. This
|
||||||
is particularly useful when writing services that drop
|
is particularly useful when writing services that drop
|
||||||
priviliges using the User= or Group= setting.
|
privileges using the User= or Group= setting.
|
||||||
|
|
||||||
* The DeviceAllow= unit setting now supports globbing for
|
* The DeviceAllow= unit setting now supports globbing for
|
||||||
matching against device group names.
|
matching against device group names.
|
||||||
|
|
2
README
2
README
|
@ -185,7 +185,7 @@ USERS AND GROUPS:
|
||||||
|
|
||||||
The NTP daemon requires the "systemd-timesync" system user and
|
The NTP daemon requires the "systemd-timesync" system user and
|
||||||
group to exist. During execution this network facing service
|
group to exist. During execution this network facing service
|
||||||
will drop priviliges (with the exception of CAP_SYS_TIME) and
|
will drop privileges (with the exception of CAP_SYS_TIME) and
|
||||||
assume this uid/gid for security reasons.
|
assume this uid/gid for security reasons.
|
||||||
|
|
||||||
WARNINGS:
|
WARNINGS:
|
||||||
|
|
|
@ -1275,7 +1275,7 @@
|
||||||
<literal>/</literal>, i.e. must refer
|
<literal>/</literal>, i.e. must refer
|
||||||
to simple directories to create or
|
to simple directories to create or
|
||||||
remove. This is particularly useful
|
remove. This is particularly useful
|
||||||
for unpriviliges daemons that cannot
|
for unprivileged daemons that cannot
|
||||||
create runtime directories in
|
create runtime directories in
|
||||||
<filename>/run</filename> due to lack
|
<filename>/run</filename> due to lack
|
||||||
of privileges, and to make sure the
|
of privileges, and to make sure the
|
||||||
|
|
|
@ -48,7 +48,7 @@ $1.Capabilities, config_parse_exec_capabilities, 0,
|
||||||
$1.SecureBits, config_parse_exec_secure_bits, 0, offsetof($1, exec_context)
|
$1.SecureBits, config_parse_exec_secure_bits, 0, offsetof($1, exec_context)
|
||||||
$1.CapabilityBoundingSet, config_parse_bounding_set, 0, offsetof($1, exec_context.capability_bounding_set_drop)
|
$1.CapabilityBoundingSet, config_parse_bounding_set, 0, offsetof($1, exec_context.capability_bounding_set_drop)
|
||||||
$1.TimerSlackNSec, config_parse_nsec, 0, offsetof($1, exec_context.timer_slack_nsec)
|
$1.TimerSlackNSec, config_parse_nsec, 0, offsetof($1, exec_context.timer_slack_nsec)
|
||||||
$1.NoNewPrivileges, config_parse_no_new_priviliges, 0, offsetof($1, exec_context)
|
$1.NoNewPrivileges, config_parse_no_new_privileges, 0, offsetof($1, exec_context)
|
||||||
m4_ifdef(`HAVE_SECCOMP',
|
m4_ifdef(`HAVE_SECCOMP',
|
||||||
`$1.SystemCallFilter, config_parse_syscall_filter, 0, offsetof($1, exec_context)
|
`$1.SystemCallFilter, config_parse_syscall_filter, 0, offsetof($1, exec_context)
|
||||||
$1.SystemCallArchitectures, config_parse_syscall_archs, 0, offsetof($1, exec_context.syscall_archs)
|
$1.SystemCallArchitectures, config_parse_syscall_archs, 0, offsetof($1, exec_context.syscall_archs)
|
||||||
|
|
|
@ -3029,7 +3029,7 @@ int config_parse_namespace_path_strv(
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int config_parse_no_new_priviliges(
|
int config_parse_no_new_privileges(
|
||||||
const char* unit,
|
const char* unit,
|
||||||
const char *filename,
|
const char *filename,
|
||||||
unsigned line,
|
unsigned line,
|
||||||
|
|
|
@ -95,7 +95,7 @@ int config_parse_address_families(const char *unit, const char *filename, unsign
|
||||||
int config_parse_runtime_directory(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
int config_parse_runtime_directory(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||||
int config_parse_set_status(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
int config_parse_set_status(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||||
int config_parse_namespace_path_strv(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
int config_parse_namespace_path_strv(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||||
int config_parse_no_new_priviliges(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
int config_parse_no_new_privileges(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||||
int config_parse_cpu_quota(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
int config_parse_cpu_quota(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
|
||||||
|
|
||||||
/* gperf prototypes */
|
/* gperf prototypes */
|
||||||
|
|
|
@ -3057,7 +3057,7 @@ int main(int argc, char *argv[]) {
|
||||||
fds = NULL;
|
fds = NULL;
|
||||||
|
|
||||||
/* Wait until the child reported that it is ready with
|
/* Wait until the child reported that it is ready with
|
||||||
* all it needs to do with priviliges. After we got
|
* all it needs to do with privileges. After we got
|
||||||
* the notification we can make the process join its
|
* the notification we can make the process join its
|
||||||
* cgroup which might limit what it can do */
|
* cgroup which might limit what it can do */
|
||||||
eventfd_read(child_ready_fd, &x);
|
eventfd_read(child_ready_fd, &x);
|
||||||
|
|
|
@ -5923,7 +5923,7 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
|
||||||
|
|
||||||
case 'r':
|
case 'r':
|
||||||
if (geteuid() != 0) {
|
if (geteuid() != 0) {
|
||||||
log_error("--recursive requires root priviliges.");
|
log_error("--recursive requires root privileges.");
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1141,7 +1141,7 @@ static int manager_network_monitor_listen(Manager *m) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int drop_priviliges(void) {
|
static int drop_privileges(void) {
|
||||||
static const cap_value_t bits[] = {
|
static const cap_value_t bits[] = {
|
||||||
CAP_SYS_TIME,
|
CAP_SYS_TIME,
|
||||||
};
|
};
|
||||||
|
@ -1152,7 +1152,7 @@ static int drop_priviliges(void) {
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
/* Unfortunately we cannot leave privilige dropping to PID 1
|
/* Unfortunately we cannot leave privilege dropping to PID 1
|
||||||
* here, since we want to run as user but want to keep te
|
* here, since we want to run as user but want to keep te
|
||||||
* CAP_SYS_TIME capability. Since file capabilities have been
|
* CAP_SYS_TIME capability. Since file capabilities have been
|
||||||
* introduced this cannot be done across exec() anymore,
|
* introduced this cannot be done across exec() anymore,
|
||||||
|
@ -1231,7 +1231,7 @@ int main(int argc, char *argv[]) {
|
||||||
|
|
||||||
umask(0022);
|
umask(0022);
|
||||||
|
|
||||||
r = drop_priviliges();
|
r = drop_privileges();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue