| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
Files which are installed as-is (any .service and other unit files, .conf
files, .policy files, etc), are left as is. My assumption is that SPDX
identifiers are not yet that well known, so it's better to retain the
extended header to avoid any doubt.
I also kept any copyright lines. We can probably remove them, but it'd nice to
obtain explicit acks from all involved authors before doing that.
|
|
|
|
|
|
|
|
|
| |
database files (#8521)
The API povided by the glibc is too error-prone as one has to deal directly
with errno in order to detect if errors occured.
Suggested by Zbigniew.
|
|
|
|
|
| |
This is necessary for some system users where the "login shell" is
set to a specific binary.
|
|
|
|
|
|
| |
This is the first error message when running unprivileged, and the message is
unspecific, so let's at least add some logging at debug level to make this less
confusing.
|
|
|
|
|
|
|
|
|
|
|
| |
This is quite ugly, but provides us with an avenue for moving
distributions to define the "nobody" user properly without breaking legacy
systems that us the name for other stuff.
The idea is basically, that the distribution adopts the new definition
of "nobody" (and thus recompiles systemd with it) and then touches
/etc/systemd/dont-synthesize-nobody on legacy systems to turn off
possibly conflicting synthesizing of the nobody name by systemd.
|
| |
|
| |
|
|
|
|
|
| |
We use it all over the place, let's add a #define for it. Makes things
easier greppable, and more explanatory I think.
|
|
|
|
|
|
| |
Instead of contacting PID 1 for dynamic UID/GID lookups for all
UIDs/GIDs that do not qualify as "system" do the more precise check
instead: check if they actually qualify for the "dynamic" range.
|
|
|
|
|
|
|
| |
This adds uid_is_system() and gid_is_system(), similar in style to
uid_is_dynamic(). That a helper like this is useful is illustrated by
the fact that test-condition.c didn't get the check right so far, which
this patch fixes.
|
|
|
|
| |
Also, export these ranges in our pkg-config files.
|
| |
|
|
|
|
| |
It might be blocked through /proc/PID/setgroups
|
|
|
|
|
|
|
| |
This adds a new call get_user_creds_clean(), which is just like
get_user_creds() but returns NULL in the home/shell parameters if they contain
no useful information. This code previously lived in execute.c, but by
generalizing this we can reuse it in run.c.
|
|
|
|
|
| |
Dynamic users should be treated like system users, and their logs
should end up in the main system journal.
|
|
|
|
|
|
|
| |
This way we can reuse them for validating User=/Group= settings in unit files
(to be added in a later commit).
Also, add some tests for them.
|
| |
|
|
|
|
|
| |
With this change -U will turn on user namespacing only if the kernel actually
supports it and otherwise gracefully degrade to non-userns mode.
|
| |
|
|
|
|
|
| |
This should be handled fine now by .dir-locals.el, so need to carry that
stuff in every file.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- src/basic/capability-util.[hc]
- src/basic/cgroup-util.[hc]
- src/basic/fd-util.[hc]
- src/basic/fs-util.[hc]
- src/basic/memfd-util.[hc]
- src/basic/path-util.[hc]
- src/basic/socket-util.[hc]
- src/basic/terminal-util.[hc]
- src/basic/user-util.[hc]
- src/basic/xattr-util.[hc]
|
|
The util.[hc] files have been stripped of a lot of functions, that
got sorted into various new files representing the type of
utility.
This commit adds the missing files.
|