picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
24661 commits 2 branches 0 tags 166 MiB
Commit graph

24661 commits

This branch
This branch
All branches
Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek 75f32f047c Add memcpy_safe 
ISO/IEC 9899:1999 §7.21.1/2 says:
Where an argument declared as size_t n specifies the length of the array
for a function, n can have the value zero on a call to that
function. Unless explicitly stated otherwise in the description of a
particular function in this subclause, pointer arguments on such a call
shall still have valid values, as described in 7.1.4.

In base64_append_width memcpy was called as memcpy(x, NULL, 0).  GCC 4.9
started making use of this and assumes This worked fine under -O0, but
does something strange under -O3.

This patch fixes a bug in base64_append_width(), fixes a possible bug in
journal_file_append_entry_internal(), and makes use of the new function
to simplify the code in other places.
 2016-02-11 13:07:02 -05:00
Zbigniew Jędrzejewski-Szmek 8cd095cc27 shell-completion: fix header 2016-02-06 17:54:48 -05:00
Zbigniew Jędrzejewski-Szmek 89fc708c0a man: clarify that generators are run before /var 
Just a clarification. At least systemd-openqa-generator from
openqa gets this wrong.
 2016-02-06 17:54:48 -05:00
Zbigniew Jędrzejewski-Szmek 89a1675845 man/hostnamectl: refer to transient hostname as "fallback" 
Saying it is the "default" is misleading, because it is almost
never used.
 2016-02-06 17:54:48 -05:00
Zbigniew Jędrzejewski-Szmek 75f2310f21 man/hostname: remove obsolete text 
All distribution-specific code was removed ages ago.
 2016-02-06 17:54:48 -05:00
Zbigniew Jędrzejewski-Szmek 17163897d4 build-sys: simplify conditionals around shell completion files 
Repeating those conditionals for every program is
annoying. Use a helper variable to avoid conditionals.

Also always add generated completion files to CLEANFILES.
 2016-02-06 17:54:48 -05:00
Zbigniew Jędrzejewski-Szmek 4c32f2c96b build-sys: move CLEANFILES additions out from under HAVE_GNUEFI 
It's better to always include them in 'make clean'.
It is also easier to read Makefile.am when less stuff is conditional.
 2016-02-06 17:54:47 -05:00
Lennart Poettering b72190e90f Merge pull request #2505 from torstehu/fix-typo4 
Fix typos and a small build fix
 2016-02-01 22:09:54 +01:00
Torstein Husebø fa9e9f72b9 resolve: Silence build warning, when systemd is built without libidn 
HAVE_IDN is not defined when systemd is build without it
 2016-02-01 21:10:03 +01:00
Torstein Husebø e94968ba72 resolve: fix typos 2016-02-01 21:08:00 +01:00
Lennart Poettering fd04bba0e8 Merge pull request #2491 from martinpitt/master 
tmpfiles: drop /run/lock/lockdev
 2016-02-01 18:27:51 +01:00
Martin Pitt 61f32bff61 tmpfiles: drop /run/lock/lockdev 
Hardly any software uses that any more, and better locking mechanisms like
flock() have been available for many years.

Also drop the corresponding "lock" group from sysusers.d/basic.conf.in, as
nothing else is using this.
 2016-02-01 12:16:24 +01:00
Lennart Poettering f3ade27e68 Merge pull request #2497 from jsynacek/bootoffset-runtime-v4 
Expose additional booleans in sd_journal and improve error messages in journalctl
 2016-02-01 12:02:53 +01:00
Jan Synacek c34e939909 journalctl: improve error messages when the specified boot is not found 2016-02-01 11:59:33 +01:00
Jan Synacek 0f1a9a830c journalctl: show friendly info when using -b on runtime journal only 
Make it clear that specifing boot when there is actually only one has no
effect. This cosmetic patch improves user experience a bit.
 2016-02-01 11:59:33 +01:00
Jan Synacek 39fd5b08a7 sd-journal: introduce has_runtime_files and has_persistent_files 
Also introduce sd_journal_has_runtime_files() and
sd_journal_has_persistent_files() to the public API. These functions
can be used to easily find out if the open journal files are runtime
and/or persistent.
 2016-02-01 11:59:27 +01:00
Lennart Poettering c248c80dfd Merge pull request #2481 from xnox/pretty-ccw 
udev: net_id - for ccw bus, shorten the identifier and stip leading z…
 2016-02-01 11:39:11 +01:00
Lennart Poettering da21f8743a Merge pull request #2493 from evverx/fix-selinux-checks 
Fix selinux check for ReloadUnit
 2016-02-01 11:34:56 +01:00
Lennart Poettering a6c5361bb1 Merge pull request #2494 from michaelolbrich/resolved-without-gcrypt 
Resolved without gcrypt
 2016-02-01 11:05:45 +01:00
Zbigniew Jędrzejewski-Szmek c25bf528a1 Merge pull request #2496 from whot/hwdb-updates 
hwdb: add Samsung 305V4A axis resolutions
 2016-01-31 22:08:25 -05:00
Peter Hutterer d9a03677a5 hwdb: add Samsung 305V4A axis resolutions 
From https://bugzilla.redhat.com/show_bug.cgi?id=1294022
 2016-02-01 12:50:43 +10:00
Michael Olbrich 4709152273 resolved: allow building without libgcrypt 2016-01-31 23:54:12 +01:00
Michael Olbrich 421cc89d30 resolved: make dnssec_nsec_test_enclosed() static 
It's not used anywhere else.
 2016-01-31 23:54:12 +01:00
Michael Olbrich dbf0b8a281 resolved: reorder functions 
Preparation to make gcrypt optional.
 2016-01-31 23:54:12 +01:00
Evgeny Vereshchagin f596e00f32 core: let's check access before type modification 2016-01-31 14:23:46 +00:00
Evgeny Vereshchagin 94bd732348 core: refactoring: add job_type_to_access_method 
remove duplication
 2016-01-31 14:23:46 +00:00
Evgeny Vereshchagin 61ea63f1ab core: fix selinux check for reload 
Fixes:
-bash-4.3# echo 1 >/sys/fs/selinux/enforce
-bash-4.3# runcon -t systemd_test_start_t systemctl start hola

-bash-4.3# sesearch --allow -s systemd_test_reload_t -c service
Found 1 semantic av rules:
   allow systemd_test_reload_t systemd_unit_file_t : service reload ;

-bash-4.3# runcon -t systemd_test_reload_t systemctl reload hola
Failed to reload hola.service: Access denied
See system logs and 'systemctl status hola.service' for details.

-bash-4.3# journalctl -b | grep -i user_avc | grep reload
USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='
avc:  denied  { start } for auid=0 uid=0 gid=0 path="/etc/systemd/system/hola.service" cmdline="systemctl reload hola"
scontext=unconfined_u:unconfined_r:systemd_test_reload_t:s0-s0:c0.c1023
tcontext=system_u:object_r:systemd_unit_file_t:s0
tclass=service

See
https://fedoraproject.org/wiki/Features/SELinuxSystemdAccessControl#Documentation
 2016-01-31 14:19:15 +00:00
Lennart Poettering 09ce74e196 Merge pull request #2487 from msekletar/bootctl-foreach-dirent 
bootctl: replace readdir() loops with FOREACH_DIRENT
 2016-01-31 14:57:20 +01:00
Evgeny Vereshchagin 5c7290b195 tests: add test-selinux-checks 2016-01-31 09:02:51 +00:00
Michal Sekletar e41256dcec bootctl: replace readdir() loops with FOREACH_DIRENT 2016-01-31 09:44:53 +01:00
Lennart Poettering dcabda4155 Merge pull request #2469 from keszybz/resolved-2 
Resolved 2
 2016-01-30 15:04:56 +01:00
Zbigniew Jędrzejewski-Szmek 132bdb0cf8 Merge pull request #2478 from grawity/fix/touch-mode 
basic: fix touch() creating files with 07777 mode
 2016-01-29 21:19:21 -05:00
Mantas Mikulėnas 06eeacb6fe basic: fix touch() creating files with 07777 mode 
mode_t is unsigned, so MODE_INVALID < 0 can never be true.

This fixes a possible DoS where any user could fill /run by writing to
a world-writable /run/systemd/show-status.
 2016-01-29 23:41:09 +02:00
Zbigniew Jędrzejewski-Szmek c542f805dd man: reword sentence 2016-01-29 12:24:15 -05:00
Zbigniew Jędrzejewski-Szmek e3309036cd resolved: log server type when switching servers 
I'm not defining _DNS_SERVER_TYPE_MAX/INVALID as usual in the enum,
because it wouldn't be used, and then gcc would complain that
various enums don't test for _DNS_SERVER_TYPE_MAX. It seems better
to define the macro rather than add assert_not_reached() in multiple
places.
 2016-01-29 12:24:15 -05:00
Zbigniew Jędrzejewski-Szmek a43a068a30 resolved: add macro to compare sized fields 
For consistency, generic.size is renamed to generic.data_size.

nsec3.next_hashed_name comparison was missing a size check.
 2016-01-29 12:24:14 -05:00
Zbigniew Jędrzejewski-Szmek ba82da3bb5 resolve-host: add option to list protocols 2016-01-29 12:13:08 -05:00
Zbigniew Jędrzejewski-Szmek 869b3b67e3 resolve-host: allow specifying type as TYPEnn 
This mirrors the behaviour of host and makes the conversion to and from
string symmetrical.
 2016-01-29 12:13:08 -05:00
Zbigniew Jędrzejewski-Szmek f3367a64ca test-tables: ellide boring parts of sparse mappings 2016-01-29 12:13:08 -05:00
Zbigniew Jędrzejewski-Szmek c7472ce088 test-resolve-tables: new "test", useful to print mappings 2016-01-29 12:13:08 -05:00
Zbigniew Jędrzejewski-Szmek fc8eec10f6 resolved: calculate and print tags for DNSKEY records 2016-01-29 12:13:06 -05:00
Dimitri John Ledkov 0037a669ac udev: net_id - for ccw bus, shorten the identifier and stip leading zeros 
The commmon case default qeth link is enccw0.0.0600 is rather long.

Thus strip leading zeros (which doesn't make the bus_id unstable),
similar to the PCI domain case.

Also 'ccw' is redundant on S/390, as there aren't really other buses
available which could have qeth driver interfaces. Not sure why this
code is even compiled on non-s390[x] platforms. But to distinguish from
e.g. MAC stable names shorten the suffix to just 'c'.

Thus enccw0.0.0600 becomes enc600.
 2016-01-29 17:54:30 +01:00
Martin Pitt 7d82cd4d53 Merge pull request #2474 from poettering/doc-fix-2189 
man: document special considerations when mixing templated service un…
 2016-01-29 16:53:13 +01:00
Lennart Poettering ae0a5fb1e1 man: document special considerations when mixing templated service units and DefaultDependencies=no 
Fixes #2189.
 2016-01-29 16:50:50 +01:00
Daniel Mack 0e3a930a60 Merge pull request #2465 from poettering/systemctl-chroot 
Fix for #2015
 2016-01-29 16:04:03 +01:00
Daniel Mack e0d2df39b1 Merge pull request #2472 from poettering/mini-fixes 
Two mini fixes
 2016-01-29 15:51:16 +01:00
Lennart Poettering d152dd467a systemctl: actually honour the try-reload-or-restart verb aabf5d4243 promised 
The verb entry got lost in the ultimate commit.
 2016-01-29 15:49:05 +01:00
Lennart Poettering 1e726cc963 systemctl: make most systemctl commands NOPs in a chroot() environment 
Fixes #2015
 2016-01-29 15:49:05 +01:00
Lennart Poettering 040524b4a3 systemctl: consider a chroot() environment always offline 2016-01-29 15:16:56 +01:00
Lennart Poettering a16f96cd56 basic: when parsing verb command lines, optionally shortcut them in chroot() environments 
This adds some basic infrastructure in order to fix #2015.
 2016-01-29 15:16:56 +01:00