This avoid the use of the global variable.
Also rename cgroup_unified_update() to cgroup_unified_cached() and
cgroup_unified_flush() to cgroup_unified() to better reflect their new roles.
During the rework of unit file loading, commit e8630e6952 dropped the
initialization u->source_mtime. This had the bad side effect that generated
units always needed daemon reloading.
This function had two users (apart from tests), and both only used one
argument. And it seems likely that if we need to pass more directories,
either the _nulstr() or the _strv() form would be used. Let's simplify
the code.
Update logging a bit: drop logging of the pid, nowadays pid1 and journald
do a very good job of logging that. Always log about failure to open audit
fd, but at DEBUG_LEVEL if not important.
relabel_extra() relabels the descendants of directories listed in
relabel-extra.d, but doesn't relabel the files or directories
explicitly named there. This makes it impossible to use
relabel-extra.d to relabel the root of a filesystem. Fix by
relabeling the named items too.
When nspawn container with private network starts, networkd creates
the default route for the interface. The route may cause problem on
the host side, and it can be created with DefaultRouteOnDevice= now.
Hence, this makes networkd not create the route implicitly any more.
Closes#13418.
"reset" is more understandable. The verb is "revert", but it might actually be
better to have a description which uses different words instead of duplicating
the name of the command.
379158684a (commitcomment-34992552)
When the fuzz target was integrated, it was added as a stopgap
to get fuzz-json up and running. It served its purpose and can
safely be removed to prevent tools/oss-fuzz.sh from failing with
```
+wget -O /home/travis/build/systemd/systemd/out/fuzz-json_seed_corpus.zip https://storage.googleapis.com/skia-fuzzer/oss-fuzz/skjson_seed_corpus.zip
--2019-09-10 22:40:44-- https://storage.googleapis.com/skia-fuzzer/oss-fuzz/skjson_seed_corpus.zip
Resolving storage.googleapis.com (storage.googleapis.com)... 74.125.70.128, 2607:f8b0:4001:c05::80
Connecting to storage.googleapis.com (storage.googleapis.com)|74.125.70.128|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2019-09-10 22:40:44 ERROR 403: Forbidden.
```
Ideally we should put our seed corpus somewhere and download it from there
but I haven't got round to it.
I was informed that fuzzit-1.1 is going to be deprecated soon. Generally
the latest version isn't recommened because it's still in beta and theoretically
might be backwards incompatible but let's try rolling forward to avoid PRs
like this going forward. We can always roll it back :-)
Add a fido_id program meant to be run for devices in the hidraw
subsystem via an IMPORT directive. The program parses the HID report
descriptor and assigns the ID_SECURITY_TOKEN environment variable if a
declared usage matches the FIDO_CTAPHID_USAGE declared in the FIDO CTAP
specification. This replaces the previous approach of whitelisting all
known security token models manually.
This commit is accompanied by a test suite and a fuzzer target for the
descriptor parsing routine.
Fixes: #11996.