Lennart Poettering
62aa29247c
units: turn on RestrictSUIDSGID= in most of our long-running daemons
2019-04-02 16:56:48 +02:00
Lennart Poettering
7445db6eb7
man: document the new RestrictSUIDSGID= setting
2019-04-02 16:56:48 +02:00
Lennart Poettering
9d880b70ba
analyze: check for RestrictSUIDSGID= in "systemd-analyze security"
...
And let's give it a heigh weight, since it pretty much can be used for
bad things only.
2019-04-02 16:56:48 +02:00
Lennart Poettering
f69567cbe2
core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID=
2019-04-02 16:56:48 +02:00
Lennart Poettering
167fc10cb3
test: add test case for restrict_suid_sgid()
2019-04-02 16:56:48 +02:00
Lennart Poettering
3c27973b13
seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files
2019-04-02 16:56:48 +02:00
Lennart Poettering
9e6e543c17
seccomp: add debug messages to seccomp_protect_hostname()
2019-04-02 16:56:48 +02:00
Lennart Poettering
42561fc99c
core: add a generic helper that forwards per-unit method calls from Manager
...
Quite often we have a method DoSomethingWithUnit() on the Manager object
that is the same as a function DoSomething() on a Unit object. Let's
shorten things by introducing a common function that forwards the
former to the latter, instead of writing this again and again.
2019-04-02 16:38:20 +02:00
Zbigniew Jędrzejewski-Szmek
237ebf61e2
Merge pull request #12013 from yuwata/fix-switchroot-11997
...
core: on switching root do not emit device state change based on enumeration results
2019-04-02 16:06:07 +02:00
Lennart Poettering
568ee8fc46
udev: use strempty() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
02dab76e93
json: use SYNTHETIC_ERRNO() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
bab4820ee2
sd-event: use DIV_ROUND_UP where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
39f2bc6e7e
sd-device: use xsprintf() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
c614711386
tree-wide: use SYNTHETIC_ERRNO() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
c1db999eb8
boot: use TAKE_PTR() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
a7798cd81b
tree-wide: use reallocarray() where appropriate
2019-04-02 14:54:42 +02:00
Lennart Poettering
0c21dafb54
util-lib: use FLAGS_SET() where appropriate
2019-04-02 14:54:38 +02:00
Lennart Poettering
d737b451fe
analyze: use empty_or_root() where appropriate
2019-04-02 14:53:25 +02:00
Zbigniew Jędrzejewski-Szmek
84ce204a93
Merge pull request #12185 from poettering/login-unstore-fd
...
logind: remove unused fds from fdstore
2019-04-02 14:27:27 +02:00
Zbigniew Jędrzejewski-Szmek
8a306989b3
Merge pull request #12186 from poettering/lgtm-updates
...
lgtm ruleset updates
2019-04-02 14:19:27 +02:00
Zbigniew Jędrzejewski-Szmek
2356d683f8
Merge pull request #12183 from poettering/askpwargv
...
tty-ask-password: let's copy argv[] before forking
2019-04-02 13:50:14 +02:00
Frantisek Sumsal
1a862e2151
journal: LGTM doesn't recognize suppressions in /* */
2019-04-02 12:47:14 +02:00
Lennart Poettering
f71611fed2
test: stop using dup() needlessly
2019-04-02 12:45:46 +02:00
Lennart Poettering
9b4805421e
lgtm: beef up list of dangerous/questionnable API calls not to make
2019-04-02 12:45:46 +02:00
Lennart Poettering
efc19ee485
logind: when we cannot attach a passed fd to a device, close it
...
Replaces: #8532
2019-04-02 11:52:58 +02:00
Lennart Poettering
883d1b01b0
logind: simplify removal of device fds
...
let's use sd_notifyf(). Let's also stop validating the session ID here.
This is the destructor. if it contains a dash, we are already too late
here anyway.
2019-04-02 11:51:50 +02:00
Chris Morin
924426a703
journal-remote: use source's boot-id
...
systemd-journal-remote always wrote the boot-id of the device it was running on
to the header of its journal files. When the source had a different boot-id
(because it was generated on a different boot, or a different device), the
boot-ids in the file were inconsistent. The _BOOT_ID field was that of the
source, but the journal file header and each entry object header were that of
the device systemd-journal-remote ran on. This breaks journalctl --list-boots
on any of these files.
Set the boot-id in the header to be that of the source. This also fixes the
entry object headers.
2019-04-02 10:32:21 +02:00
Yu Watanabe
52cf2b13a0
ipv4ll: do not reset seed generation counter on restart
...
Fixes #12145 .
2019-04-02 10:27:30 +02:00
Lennart Poettering
d9550542a8
Merge pull request #12007 from poettering/clock-change
...
.timer OnClockChange= and OnTimezoneChange= settings
2019-04-02 10:24:35 +02:00
Lennart Poettering
189b03779e
tty-ask-password: re-break comment
2019-04-02 10:19:23 +02:00
Lennart Poettering
d850296466
tty-ask-password: simplify signal handler installation
2019-04-02 10:19:22 +02:00
Lennart Poettering
7452917740
tty-ask-password: no need to initialize something already NUL initialized to NUL
2019-04-02 10:19:22 +02:00
Lennart Poettering
4bec7f09f8
tty-ask-password: drop redundant local variable
2019-04-02 10:19:22 +02:00
Lennart Poettering
ed179fd710
tty-ask-password: copy argv[] before forking child
...
Another fix in style of bd169c2be0
.
Let's also avoid strjoina() in a loop (i.e. stack allocation). While in
this specific caseone could get away with it (since we'd immediately
afterwards leave the loop) it's still ugly, and every static checker
would be totally within its rights to complain.
Also, let's simplify things by not relying on argc, since it's redundant
anyway, and it's nicer to just treat things as NULL terminated strv
array.
Fixes : #12180
2019-04-02 10:19:17 +02:00
Lennart Poettering
ee6bb34d4a
update TODO
2019-04-02 08:20:10 +02:00
Lennart Poettering
d9b8c2ef8b
man: document the two new .timer settings
2019-04-02 08:20:10 +02:00
Lennart Poettering
347da10194
test: add tests for new .timer units
2019-04-02 08:20:10 +02:00
Lennart Poettering
efebb613c7
core: optionally, trigger .timer units on timezone and clock changes
...
Fixes : #6228
2019-04-02 08:20:10 +02:00
Lennart Poettering
787be190a8
run: rename with_timer → arg_with_timer
...
The value is directly initialized from cmdline args, hence let's name it
so, following our usual naming style.
2019-04-02 08:19:35 +02:00
Lennart Poettering
7dd1e315b2
core: use more structured initialization
2019-04-02 08:19:35 +02:00
Topi Miettinen
509276f2b7
build: install /etc/systemd/{system,user}-generators
...
Manual page systemd.generators refers to /etc/systemd/{system,user}-generators,
but the paths do not exist, so let's install them.
2019-04-02 07:53:32 +02:00
Yu Watanabe
3f8f021541
Merge pull request #12030 from poettering/condition-memory
...
add ConditionCPUs= + ConditionMemory=
2019-04-02 08:01:42 +09:00
Yu Watanabe
1589231365
Merge pull request #12168 from poettering/man-fixes
...
three minor tweaks to the man pages
2019-04-02 07:32:40 +09:00
Lennart Poettering
ca006fc640
core: refactor transaction.c to use fewer gotos
...
In particular, let's not use gotos that jump up, i.e. are loops. gotos
that jump down for the purpose of clean-up are cool, but using them for
loops is evil.
No change in behaviour, just some refactoring.
2019-04-02 07:28:58 +09:00
Zbigniew Jędrzejewski-Szmek
a313424154
NEWS: document the change to installation
2019-04-02 06:11:13 +09:00
Yu Watanabe
dd09a9ec0f
Merge pull request #12160 from yuwata/wait-online-allow-configuring
...
wait-online: add --any option
2019-04-02 06:10:36 +09:00
Yu Watanabe
7a24df5ecc
Merge pull request #12155 from yuwata/network-fix-and-extend-foo-over-udp-support
...
network: fix and extend Foo over UDP
2019-04-02 06:10:07 +09:00
Lennart Poettering
d2e1b2fd67
systemctl: print a more accurate error message when we can
2019-04-02 05:44:12 +09:00
Lennart Poettering
c2f64c07c1
rm-rf: refuse combining REMOVE_ONLY_DIRECTORIES and REMOVE_SUBVOLUME for now
...
It's not easy to implement such a combined operation race-freely since
dropping a subvolume will drop all its contents, including any
non-directories.
Hence, let's just not support this combination for now. Which isn't much
of a loss, since we never combine these flags anyway.
2019-04-02 05:40:05 +09:00
Lennart Poettering
ebf8d79a58
core: export ReloadResult value on the bus
...
We keep track of it, but never exposed it. Let's fix that.
2019-04-02 05:39:05 +09:00