| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This removes the ability to configure which cgroup controllers to mount
together. Instead, we'll now hardcode that "cpu" and "cpuacct" are
mounted together as well as "net_cls" and "net_prio".
The concept of mounting controllers together has no future as it does
not exist to cgroupsv2. Moreover, the current logic is systematically
broken, as revealed by the discussions in #10507. Also, we surveyed Red
Hat customers and couldn't find a single user of the concept (which
isn't particularly surprising, as it is broken...)
This reduced the (already way too complex) cgroup handling for us, since
we now know whenever we make a change to a cgroup for one controller to
which other controllers it applies.
Change-Id: I0eadd5f685980bd006134991310c0688ba7a86c5
|
|
systemd 239
|
|
systemd 238
|
|
systemd 237
|
|
Change-Id: Id62f08b8ecf2a909a49e5f93b2f7594b3880ef44
|
|
This reverts commit 4bc5d27b942afa83cc3d95debd2ad48d42ac07a8.
There are people somewhere that need kdbus.
Change-Id: Ib2d05f88171718c07e7de06409a1c224230e7a8d
|
|
This reverts commit a132bef0239e6c3f04096eee3a00c7ecf24a4f5c.
There are people somewhere that need kdbus.
Change-Id: I5a1f09485c524d47ef8ae53712d5fb77949bc7fa
|
|
Change-Id: Iafcca23df73f2694eda50a97771acac4b7996f30
|
|
This patch adds safe_atoux16 for parsing an unsigned hexadecimal 16bit int, and
uses that for parsing USB device and vendor IDs.
This fixes a compile error with gcc-8 because while we know that USB IDs are 2 bytes,
the compiler does not know that.
../src/udev/udev-builtin-hwdb.c:80:38: error: '%04X' directive output may be
truncated writing between 4 and 8 bytes into a region of size between 2 and 6
[-Werror=format-truncation=]
Change-Id: I40b2eb8b424c57ba430b217ebead2fc5d67bbb14
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
|
Change-Id: If676fe909a40eadc60ee5ff023abe4ee2c64b44e
|
|
The new flag returns the O_PATH fd of the final component, which may be
converted into a proper fd by open()ing it again through the
/proc/self/fd/xyz path.
Together with O_SAFE this provides us with a somewhat safe way to open()
files in directories potentially owned by unprivileged code, where we
want to refuse operation if any symlink tricks are played pointing to
privileged files.
(cherry picked from commit 1ed34d75d4f21d2335c5625261954c848d176ae6)
Change-Id: I5e5ce0affec97e4d19483b4f534db99f4f950f89
Related: #1663143
|
|
When the flag is specified we won't transition to a privilege-owned
file or directory from an unprivileged-owned one. This is useful when
privileged code wants to load data from a file unprivileged users have
write access to, and validates the ownership, but want's to make sure
that no symlink games are played to read a root-owned system file
belonging to a different context.
(cherry picked from commit f14f1806e329fe92d01f15c22a384702f0cb4ae0)
Change-Id: I86dfede53114a23d708744a9c47abc9eaf05a8d1
Related: #1663143
|
|
Related: #1663143
Change-Id: I57d945a208ade174c89ea2736357d8bce541a46f
|
|
declaring unneeded variables
|
|
Also print out what we detect, for manual verification.
|
|
|
|
|
|
Fixes #9320.
for p in Shapovalov Chevalier Rozhkov Sievers Mack Herrmann Schmidt Rudenberg Sahani Landden Andersen Watanabe; do
git grep -e 'Copyright.*'$p -l|xargs perl -i -0pe 's|/([*][*])?[*]\s+([*#]\s+)?Copyright[^\n]*'$p'[^\n]*\s*[*]([*][*])?/\n*|\n|gms; s|\s+([*#]\s+)?Copyright[^\n]*'$p'[^\n]*\n*|\n|gms'
done
|
|
|
|
system services
Currently we employ mostly system call blacklisting for our system
services. Let's add a new system call filter group @system-service that
helps turning this around into a whitelist by default.
The new group is very similar to nspawn's default filter list, but in
some ways more restricted (as sethostname() and suchlike shouldn't be
available to most system services just like that) and in others more
relaxed (for example @keyring is blocked in nspawn since it's not
properly virtualized yet in the kernel, but is fine for regular system
services).
|
|
|
|
perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
|
|
drop "this file is part of systemd" and lennart's copyright from header
|
|
make copy_file_atomic() use O_TMPFILE to create the destination file
|
|
Let's unify an beautify our remaining copyright statements, with a
unicode ©. This means our copyright statements are now always formatted
the same way. Yay.
|
|
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
|
|
Let's use a proper unicode copyright symbol where we can, it's prettier.
This important patch is very important.
|
|
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
|
|
Coverity support for glibc-2.27
|
|
C++03: "An rvalue of arithmetic, enumeration, pointer, or pointer to member
type can be converted to an rvalue of type bool. A zero value, null pointer
value, or null member pointer value is converted to false; any other value is
converted to true"
C should behave the same because pointers are scalars in C, but let's verify
that.
|
|
Just in case ;)
There is no good place, test-alloc-util.c is as good as any, and it's quite
short so far, so let's add this there.
|
|
networkd: add support to configure CAN devices
|
|
Fix invalid memory reference in ellipsize_mem()
|
|
This makes two changes: first of all we will now explicitly check
whether a domain to test against an NSEC record is actually below the
signer's name. This is relevant for NSEC records that chain up the end
and the beginning of a zone: we shouldn't alow that NSEC record to match
against domains outside of the zone.
This also fixes how we handle NSEC checks for domains that are prefixes
of the NSEC RR domain itself, fixing #8164 which triggers this specific
case. The non-wildcard NSEC check is simplified for that, we can
directly make our between check, there's no need to find the "Next
Closer" first, as the between check should not be affected by additional
prefixes. For the wild card NSEC check we'll prepend the asterisk in
this case to the NSEC RR itself to make a correct check.
Fixes: #8164
|
|
|
|
|
|
possible
|
|
|
|
This shows a minor memleak:
==1883== 24 bytes in 1 blocks are definitely lost in loss record 1 of 1
==1883== at 0x4C2DBAB: malloc (vg_replace_malloc.c:299)
==1883== by 0x4E9D385: malloc_multiply (alloc-util.h:69)
==1883== by 0x4EA2959: bus_request_name_async_may_reload_dbus (bus-util.c:1841)
==1883== by ...
The exchange of messages is truncated at two different points: once right
after the first callback is requested, and the second time after the full
sequence has run (usually resulting in an error because of policy).
|
|
This doesn't really reduce the code size over all, but it does make main.c
shorter and more readable, and that's always a good thing.
|
|
|
|
This way all callers do not need to specify it.
Exhaustively tested by running test-log under valgrind ;)
|
|
Ellipsization fixes based on unit-testing and fuzzing
|
|
path-util: introduce path_simplify()
|
|
|
|
|
|
|
|
|
|
|
|
The function is similar to path_kill_slashes() but also removes
initial './', trailing '/.', and '/./' in the path.
When the second argument of path_simplify() is false, then it
behaves as the same as path_kill_slashes(). Hence, this also
replaces path_kill_slashes() with path_simplify().
|
