| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
| |
We provide an independent reimplementation in macro.h, and that's the one
we want to use. Including the system header is unnecessary and confusing.
|
| |
|
|
|
|
|
|
| |
All those uses were correct, but I think it's better to be explicit.
Using implicit errno is too error prone, and with this change we can require
(in the sense of a style guideline) that the code is always specified.
Helpful query: git grep -n -P 'log_[^s][a-z]+\(.*%m'
|
| |
|
|
| |
There should be no functional change.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6355e75610a8d47fc3ba5ab8bd442172a2cfe574.
The previously mentioned commit inadvertently broke a lot of SELinux related
functionality for both unprivileged users and elogind instances running as
MANAGER_USER. In particular, setting the correct SELinux context after a User=
directive is used would fail to work since we attempt to set the security
context after changing UID. Additionally, it causes activated socket units to
be mislabeled for elogind --user processes since setsockcreatecon() would never
be called.
Reverting this fixes the issues with labeling outlined above, and reinstates
SELinux access checks on unprivileged user services.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This filters out "." and ".." from glob results. Fixes #5655 and #5644.
Any judgements on whether the path is "safe" are removed. We will not remove
"/" under any name (including "/../" and such), but we will remove stuff that
is specified using paths that include "//", "/./" and "/../". Such paths can be
created when joining strings automatically, or for other reasons, and people
generally know what ".." and "." is.
Tests are added to make sure that the helper functions behave as expected.
|
| |
|
|
|
|
| |
safe_glob filters out "." and "..".
This converts all users of glob_extend() and glob_exists() to safe_glob.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
../src/basic/extract-word.c:255:22: warning: passing an object that undergoes default argument promotion to 'va_start' has undefined behavior [-Wvarargs]
va_start(ap, flags);
^
../src/basic/extract-word.c:244:77: note: parameter of type 'ExtractFlags' (aka 'enum ExtractFlags') is declared here
int extract_many_words(const char **p, const char *separators, ExtractFlags flags, ...) {
^
../src/basic/extract-word.c:286:22: warning: passing an object that undergoes default argument promotion to 'va_start' has undefined behavior [-Wvarargs]
va_start(ap, flags);
^
../src/basic/extract-word.c:244:77: note: parameter of type 'ExtractFlags' (aka 'enum ExtractFlags') is declared here
int extract_many_words(const char **p, const char *separators, ExtractFlags flags, ...) {
^
2 warnings generated.
I think the relevant part of C99 is 6.7.2.2 Enumeration specifiers:
Each enumerated type shall be compatible with char, a signed integer type, or
an unsigned integer type. The choice of type is implementation-defined, but
shall be capable of representing the values of all the members of the
enumeration.
and 7.16.1.4:
The parameter parmN is the identifier of the rightmost parameter in the
variable parameter list in the function definition (the one just before the
...). If the parameter parmN is declared with the register storage class, with
a function or array type, or with a type that is not compatible with the type
that results after application of the default argument promotions, the behavior
is undefined.
This might cause a real issue if the compiler chooses something that is not an
integer for ExtractFlags. Rework the code to avoid the warning, but add an
assert_cc in a large-valued ExtractFlags element is ever defined and the type
is bumped to something wider than an int.
|
| |
|
|
|
|
|
|
|
|
| |
This is useful when we want to avoid printf formatting on the message.
It's nicer than using log_struct with "%s" as the format, because printf
is slow and with a large message (like from a backtrace) this would require
extra unnecessary memory.
I'm not exposing all the fields in the wrapper: only level and errno.
Those are the most likely to be useful.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
log_struct takes multiple format strings, each one followed by arguments.
The _printf_ annotation is not sufficiently flexible to express this,
but we can still annotate the first format string, though not its
arguments (because their number is unknown).
With the annotation, the places which specified the message id or similar
as the first pattern cause a warning from -Wformat-nonliteral. This can
be trivially fixed by putting the MESSAGE= first.
This change will help find issues where a non-literal is erroneously used
as the pattern.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixup for 4b58153dd22172d817055d2a09a0cdf3f4bd9db3.
I saw this because of a clang warning. With gcc the -Wformat-nonliteral warning
doesn't seem to work as expected.
In two places, a string constructed with strjoina is used as the pattern. This
is safe, because we're taking a pattern which was already marked with _printf_
and prepending a known value to it. Those places are marked with #pragma to
silence the warning.
|
| |
|
|
|
|
|
| |
There's some confusion: older man pages specify that linux/random.h
contains getrandom, but newer glibc has it in sys/random.h. Detect if
the newer header is available and include it. We still need the older
header for the flags.
|
| |
|
|
| |
It's not necessary for anything.
|
| |
|
|
|
| |
We already provide a definition through the configuration system, this
one is duplicate.
|
| |
|
|
| |
Fixes: #5644
|
| |
|
|
|
|
|
| |
linux/sockios.h is needed for the SIOCGSTAMPNS macro
xlocale.h is included indirectly in glibc and doesn't even exist in
other libcs
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The single log level is split into an array of log levels. Which index in the
array is used can be determined for each compilation unit separately by setting
a macro before including log.h. All compilation units use the same index
(LOG_REALM_SYSTEMD), so there should be no functional change.
v2:
- the "realm" is squished into the level (upper bits that are not used by
priority or facility), and unsquished later in functions in log.c.
v3:
- rename REALM_PLUS_LEVEL to LOG_REALM_PLUS_LEVEL and REALM to LOG_REALM_REMOVE_LEVEL.
|
| | |
|
| | |
|
| |
|
|
|
| |
These functions, although not used by elogind itself, are mostly tiny
and crucial for important tests to work.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some functionality has been exported to the following files:
- src/basic/env-util.[hc]
- src/basic/exec-util.[hc]
- src/shared/nsflags.[hc]
The content of these files is now needed in elogind, and the files have been
added as-is. Cleanup is done later.
Further the header
src/basic/formats-util.h
has been renamed to
src/basic/format-util.h
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 295ee9845c801300298d01256eb5a9e3ff117ae0.
Let'd revert this for now, see #5446 for discussions.
We want elogind-detect-virt --chroot to return true for all chroot-like stuff, for
example mock environments which have use a mount namespace. The downside
of this revert that systemctl will not work from our own namespaced services, anything
with RootDirectory=/RootImage= set.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Container managers frequently block name_to_handle_at(), returning
EACCES or EPERM when this is issued. Accept that, and simply fall back
to to fdinfo-based checks.
Note that we accept either EACCES or EPERM here, as container managers
can choose the error code and aren't very good on agreeing on just one.
(note that this is a non-issue with nspawn, as we permit
name_to_handle_at() there, only block open_by_handle_at(), which should
be sufficiently safe).
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Let's just check the unified level, directly. There's really no value in
wrapping cg_unified_controllers() with this, i.e. potentially do string
comparison when there's no reason to.
Also, this makes the clal more alike cg_hybrid_unified().
|
| |
|
|
|
| |
We usually put the noun first, the verb (i.e. method) secont, for
example in cg_unified_flush(), let's follow the logic here...
|
| |
|
|
|
| |
cg_unified() is a bit generic a name, let's make clear that it checks
whether a specified controller is in unified mode.
|
| |
|
|
|
|
|
|
|
| |
We use our cgroup APIs in various contexts, including from our libraries
sd-login, sd-bus. As we don#t control those environments we can't rely
that the unified cgroup setup logic succeeds, and hence really shouldn't
assert on it.
This more or less reverts 415fc41ceaeada2e32639f24f134b1c248b9e43f.
|
| |
|
|
| |
Just a minor optimization.
|
| |
|
|
|
| |
We should mount the hybrid hierarchy if the user disabled the unified
hierarchy on the kernel command line.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
/sys/fs/cgroups/unified on unified
If we encounter an error in proc cmdline parsing, just treat that as permanent,
i.e. the same as if the option was not specified. Realistically, it is better
to use the same condition for all related mounts, then to have e.g.
/sys/fs/cgroup mounted and /sys/fs/cgroup/unified not. If we find something is
mounted and base our answer on that, cache that result too.
Fix the conditions so that if "unified" is used, make sure any "hybrid" mounts
are not mounted.
|
| |
|
|
|
|
|
| |
IN_SET(SIGCONT, SIGKILL) will always evaluate to false.
The signal needs to be included as the first argument.
Fixup for 26f417d3e8dd2522adfdc4c8fed4c36fa40f48fc.
|
| |
|
|
|
|
|
|
| |
This reverts commit 18f71a3c8174774c5386c4aba94d54f3b5c36a84.
According to @keszybz we don't need this anymore, hence drop it:
https://github.com/elogind/elogind/pull/5131/commits/18f71a3c8174774c5386c4aba94d54f3b5c36a84#r102232368
|
| |
|
|
| |
Fixes: #5401
|
| |
|
|
|
|
|
|
|
| |
If the snippet aleady exists, don't do anything, as the file was already
installed then.
(This also reworks the code to create the file atomically)
Fixes: #5396
|
| | |
|
| |
|
|
| |
Fixes #5405.
|
| | |
|
| |
|
|
|
|
|
|
| |
cg_is_unified_elogind_contoller_wanted
1d84ad944520fc3e062ef518c4db4e1 reversed the meaning of the option.
The kernel command line option has the opposite meaning to the function,
i.e. specifying "legacy=yes" means "unifed elogind controller=no".
|
| |
|
|
|
|
|
|
|
|
|
| |
We need this to gracefully support older or strangely configured kernels.
v2:
- do not install a callback handler, just embed the right conditions into
cg_is_*_wanted()
v3:
- fix bug in cg_is_legacy_wanted()
|
| |
|
|
| |
Less typing and doesn't make the table so incredibly wide.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is pretty important, and we print this string during startup, so putting
the default hierarchy information might help with diagnosis if things go awry.
$ ./systemctl --version
elogind 232
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN default-hierarchy=legacy
v2: make the message nicer by including the ./configure option argument
directly in output
|
