| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
sd_bus_open/sd_bus_open_system/sd_bus_open_user are convenient, but
don't allow the description to be set. After they return, the bus is
is already started, and sd_bus_set_description() fails with -EBUSY.
It would be possible to allow sd_bus_set_description() to update the
description "live", but messages are already emitted from sd_bus_open
functions, so it's better to allow the description to be set in
sd_bus_open/sd_bus_open_system/sd_bus_open_user.
Fixes message like:
Bus n/a: changing state UNSET → OPENING
|
| | |
|
| |
|
|
|
| |
Per some discussion with Gnome folks, they would prefer this name
as it's more descriptive of what's happening.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This adds flags BUS_MAP_STRDUP and BUS_MAP_BOOLEAN_AS_BOOL.
If BUS_MAP_STRDUP is set, then each "s" message is duplicated.
If BUS_MAP_BOOLEAN_AS_BOOL is set, then each "b" message is
written to a bool pointer.
Follow-up for #8488.
See https://github.com/systemd/systemd/pull/8488#discussion_r175816270.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial fix for relabelling the cgroup filesystem for
SELinux delivered in commit 8739f23e3 was based on the assumption that
the cgroup filesystem is already populated once mount_setup() is
executed, which was true for my system. What I wasn't aware is that this
is the case only when another instance of systemd was running before
this one, which can happen if systemd is used in the initrd (for ex. by
dracut).
In case of a clean systemd start-up the cgroup filesystem is actually
being populated after mount_setup() and does not need relabelling as at
that moment the SELinux policy is already loaded. Since however the root
cgroup filesystem was remounted read-only in the meantime this operation
will now fail.
To fix this check for the filesystem mount flags before relabelling and
only remount ro->rw->ro if necessary and leave the filesystem read-write
otherwise.
Fixes #7901.
|
| | |
|
| |
|
|
| |
Should fix #8557.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://clang.llvm.org/docs/MemorySanitizer.html#id5 documents this
check as the way to detect MemorySanitizer at compilation time. We
only need to skip the test if MemorySanitizer is used.
Also, use this condition in cg_slice_to_path(). There, the code that is
conditionalized is not harmful in any way (it's just unnecessary), so remove
the FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION condition.
Fixes #8482.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reworks the SELinux and SMACK label fixing calls in a number of
ways:
1. The two separate boolean arguments of these functions are converted
into a flags type LabelFixFlags.
2. The operations are now implemented based on O_PATH. This should
resolve TTOCTTOU races between determining the label for the file
system object and applying it, as it it allows to pin the object
while we are operating on it.
3. When changing a label fails we'll query the label previously set, and
if matches what we want to set anyway we'll suppress the error.
Also, all calls to label_fix() are now (void)ified, when we ignore the
return values.
Fixes: #8566
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This rearranges chase_symlinks() a bit: if no special flags are
specified it will now revert to behaviour before
b12d25a8d631af00b200e7aa9dbba6ba4a4a59ff. However, if the new
CHASE_TRAIL_SLASH flag is specified it will follow the behaviour
introduced by that commit.
I wasn't sure which one to make the beaviour that requires specification
of a flag to enable. I opted to make the "append trailing slash"
behaviour the one to enable by a flag, following the thinking that the
function should primarily be used to generate a normalized path, and I
am pretty sure a path without trailing slash is the more "normalized"
one, as the trailing slash is not really a part of it, but merely a
"decorator" that tells various system calls to generate ENOTDIR if the
path doesn't refer to a path.
Or to say this differently: if the slash was part of normalization then
we really should add it in all cases when the final path is a directory,
not just when the user originally specified it.
Fixes: #8544
Replaces: #8545
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we are attempting to create directory somewhere in the bowels of /var/lib
and get an error that it already exists, it can be quite hard to diagnose what
is wrong (especially for a user who is not aware that the directory must have
the specified owner, and permissions not looser than what was requested). Let's
print a warning in most cases. A warning is appropriate, because such state is
usually a sign of borked installation and needs to be resolved by the adminstrator.
$ build/test-fs-util
Path "/tmp/test-readlink_and_make_absolute" already exists and is not a directory, refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but has mode 0775 that is too permissive (0755 was requested), refusing.
(or)
Directory "/tmp/test-readlink_and_make_absolute" already exists, but is owned by 1001:1000 (1000:1000 was requested), refusing.
Assertion 'mkdir_safe(tempdir, 0755, getuid(), getgid(), MKDIR_WARN_MODE) >= 0' failed at ../src/test/test-fs-util.c:320, function test_readlink_and_make_absolute(). Aborting.
No functional change except for the new log lines.
|
| |
|
|
| |
In preparation for subsequent changes...
|
| | |
|
| |
|
|
|
|
| |
The code matching this comment was removed in
a50df72b37ce2a7caf7775c70d18c3f9504b9e80 in 2014, let's drop the comment
too.
|
| |
|
|
|
| |
The current code reimplemented something like the
manager_get_user_by_pid() logic on its own, manually. Let's unify this.
|
| |
|
|
|
|
|
|
| |
Let's make sure we always initialize the return value if we return
non-negative.
Just a matter of coding style: we should always initialize our return
values when we return >= 0, and leave them unclobbered if we return < 0.
|
| |
|
|
|
|
| |
Let's use first_word() instead of startswith(), it's more explanatory
and a bit more correct. Also, let's use the return value instead of
adding +9 when looking for the second part of the directive.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
.include lines are already deprecated somewhat, and for example
explicitly not mentioned in the documentation for this reason. Let's get
one step further and generatea warning when we encounter them (but still
process them).
Why are they deprecated? Because they are semantically awful — they
complicate stat() based mtime checks for configuration files and they
allow arbitrary loops we currently have zero protection against and
really shouldn't have to have.
|
| |
|
|
|
|
| |
What's good for uint16_t is also good for unsigned.
This is preparation for: #8140
|
| |
|
|
|
|
|
| |
safe_atou16_full() is like safe_atou16() but also takes a base
parameter. safe_atou16() is then implemented as inline function on top
of it, passing 0 as base. Similar safe_atoux16() is reworked as inline
function too, with 16 as base.
|
| |
|
|
|
|
|
| |
This is similar to TAKE_PTR() but operates on file descriptors, and thus
assigns -1 to the fd parameter after returning it.
Removes 60 lines from our codebase. Pretty good too I think.
|
| |
|
|
|
| |
let's use the new generic macor instead of the locally defined, specific
one.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This macro will read a pointer of any type, return it, and set the
pointer to NULL. This is useful as an explicit concept of passing
ownership of a memory area between pointers.
This takes inspiration from Rust:
https://doc.rust-lang.org/std/option/enum.Option.html#method.take
and was suggested by Alan Jenkins (@sourcejedi).
It drops ~160 lines of code from our codebase, which makes me like it.
Also, I think it clarifies passing of ownership, and thus helps
readability a bit (at least for the initiated who know the new macro)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The warning is not emitted for absolute paths like /dev/sda or /home, which are
converted to .device and .mount unit names without any fuss.
Most of the time it's unlikely that users use invalid unit names on purpose,
so let's warn them. Warnings are silenced when --quiet is used.
$ build/systemctl show -p Id hello@foo-bar/baz
Invalid unit name "hello@foo-bar/baz" was escaped as "hello@foo-bar-baz" (maybe you should use systemd-escape?)
Id=hello@foo-bar-baz.service
$ build/systemd-run --user --slice foo-bar/baz --unit foo-bar/foo true
Invalid unit name "foo-bar/foo" was escaped as "foo-bar-foo" (maybe you should use systemd-escape?)
Invalid unit name "foo-bar/baz" was escaped as "foo-bar-baz" (maybe you should use systemd-escape?)
Running as unit: foo-bar-foo.service
Fixes #8302.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
database files (#8521)
The API povided by the glibc is too error-prone as one has to deal directly
with errno in order to detect if errors occured.
Suggested by Zbigniew.
|
| |
|
|
| |
Let's avoid fds 0…2 for safety reasons.
|
| |
|
|
| |
Let's use our macros where we can
|
| |
|
|
|
| |
Allow a user to set a number of bytes as Compress to use as the compression
threshold.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A little misunderstanding has been fixed, and elogind now mounts the following
directories, if (and only if) it has to act as its own cgroups controller.
* -Ddefault-hierarchy=legacy : /sys/fs/cgroup as tmpfs
/sys/fs/cgroup/elogind as cgroup
* -Ddefault-hierarchy=hybrid : The same as with 'legacy', plus
/sys/fs/cgroup/unified as cgroup2
* -Ddefault-hierarchy=unified : /sys/fs/cgroup2 as cgroup2
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When updating utmp on reboot and poweroff, the managers dbus
connection was copied and then closed and invalidated.
As the utmp update in elogind does not need a dbus connection at all,
the copying and the closing was removed.
This fixes elogind to become unresponsive when calling for poweroff,
halt or reboot.
Closes: #50
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When switched from autotools to meson, config.h changed fundamentally.
Although enabled values are still
#define HAVE_FOO 1
the disabled values are nolonger undef, but now
#define HAVE_FOO 0
Therefore all instances of
#ifdef ENABLE_DEBUG_ELOGIND
have been changed to
#if ENABLE_DEBUG_ELOGIND
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
* manager_scheduled_shutdown_handler()
|
| |
|
|
|
|
|
|
|
| |
* check_inhibitors() => logind_check_inhibitors()
* elogind_reboot() => logind_reboot()
* elogind_schedule_shutdown() => logind_schedule_shutdown()
* elogind_set_wall_message() => logind_set_wall_message()
Further introduce both -q/--quiet and --dry-run.
|
| | |
|
