Behaviour is prett ymuch the same, but there's some additional type
checking done on the input parameters.
(In the case of UNIT_WRITE_FLAGS_NOOP() the C compiler won't actually do
the type checking necessarily, but static chckers at least could)
The test is currently failing when run under ASan in a docker container:
```
--- command ---
SYSTEMD_KBD_MODEL_MAP='/build/src/locale/kbd-model-map' PATH='/build/build:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' SYSTEMD_LANGUAGE_FALLBACK_MAP='/build/src/locale/language-fallback-map' /build/build/test-capability
--- stderr ---
have ambient caps: yes
Capabilities:= cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read+eip
Capabilities:= cap_dac_override,cap_net_raw+ep
==7021==LeakSanitizer has encountered a fatal error.
==7021==HINT: For debugging, try setting environment variable LSAN_OPTIONS=verbosity=1:log_threads=1
==7021==HINT: LeakSanitizer does not work under ptrace (strace, gdb, etc)
Assertion 'WIFEXITED(status) && WEXITSTATUS(status) == 0' failed at ../src/test/test-capability.c:71, function fork_test(). Aborting.
-------
```
https://api.travis-ci.org/v3/job/452349948/log.txt
Docker's default capability set has the inherited flag already
set - that breaks tests which expect otherwise. Let's just
drop the check and run the test anyway.
Fixes#10663
We only use this when we don't require the best randomness. The primary
usecase for this is UUID generation, as this means we don't drain
randomness from the kernel pool for them. Since UUIDs are usually not
secrets RDRAND should be goot enough for them to avoid real-life
collisions.
Originally, the high_quality_required boolean argument controlled two
things: whether to extend any random data we successfully read with
pseudo-random data, and whether to return -ENODATA if we couldn't read
any data at all.
The boolean got replaced by RANDOM_EXTEND_WITH_PSEUDO, but this name
doesn't really cover the second part nicely. Moreover hiding both
changes of behaviour under a single flag is confusing. Hence, let's
split this part off under a new flag, and use it from random_bytes().
This should normally not happen, but given that the man page suggests
something about this in the context of interruption, let's handle this
and propagate an I/O error.
It's more descriptive, since we also have a function random_bytes()
which sounds very similar.
Also rename pseudorandom_bytes() to pseudo_random_bytes(). This way the
two functions are nicely systematic, one returning genuine random bytes
and the other pseudo random ones.
This reorganizes the systemd.timer man page so that it doesn't claim
there are no implicit dependencies right after specifying the implicit
dependencies, and so that it matches the other man pages for units. This
fixes a mistake introduced by commit aed5cb03db.
When inotify_add_watch() fails because of the inotify limit, errno is
set to ENOSPC and then gets shown to users as "No space left on device".
That is very confusing and requires in-depth knowledge of the C library.
Therefore, show user-friendly message when inotify limit is reached.
Fixes#6030.
Yu Watanabe