Merge pull request #11441 from poettering/foreach-string-rework

FOREACH_STRING() rework

diff --git a/NEWS b/NEWS
index c64ef5871b46bc755b4ed13dd2c456f8698d23cd..c76b571d2baf10a942a5459991b3e7b554331571 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,10 @@ CHANGES WITH 241 in spe:
         * kernel-install script now optionally takes a path to an initrd file,
           and passes it to all plugins.
 
+        * The mincore() system call has been dropped from the @system-service
+          system call filter group, as it is pretty exotic and may potentially
+          used for side-channel attacks.
+
         * -fPIE is dropped from compiler and linker options. Please specify
           -Db_pie=true option to meson to build position-independent
           executables. Note that the meson option is supported since meson-0.49.

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 46aa473ce100e70f94537898fabf19e43bfef030..bd0091e3f1fb1d8277689f3e39746dc1d607f557 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -820,7 +820,7 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
         names must be relative, and may not include <literal>..</literal>. If set, one or more
         directories by the specified names will be created (including their parents) below the locations
         defined in the following table, when the unit is started. Also, the corresponding environment variable
-        is defined with the full path of directories. If multiple directories are set, then int the environment variable
+        is defined with the full path of directories. If multiple directories are set, then in the environment variable
         the paths are concatenated with colon (<literal>:</literal>).</para>
         <table>
           <title>Automatic directory creation and environment variables</title>

diff --git a/src/core/job.c b/src/core/job.c
index f635b7e933af2a8be903db35df7f15a0d4711a43..5210ac1ea0bc7c3cf8233c8fcd7d8cf6bf1a3f41 100644 (file)
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -206,8 +206,9 @@ Job* job_install(Job *j) {
                             (job_type_allows_late_merge(j->type) && job_type_is_superset(uj->type, j->type))) {
                                 job_merge_into_installed(uj, j);
                                 log_unit_debug(uj->unit,
-                                               "Merged into installed job %s/%s as %u",
-                                               uj->unit->id, job_type_to_string(uj->type), (unsigned) uj->id);
+                                               "Merged %s/%s into installed job %s/%s as %"PRIu32,
+                                               j->unit->id, job_type_to_string(j->type), uj->unit->id, 
+                                               job_type_to_string(uj->type), uj->id);
                                 return uj;
                         } else {
                                 /* already running and not safe to merge into */
@@ -216,8 +217,8 @@ Job* job_install(Job *j) {
                                  * not currently possible to have more than one installed job per unit. */
                                 job_merge_into_installed(uj, j);
                                 log_unit_debug(uj->unit,
-                                               "Merged into running job, re-running: %s/%s as %u",
-                                               uj->unit->id, job_type_to_string(uj->type), (unsigned) uj->id);
+                                               "Merged into running job, re-running: %s/%s as %"PRIu32,
+                                               uj->unit->id, job_type_to_string(uj->type), uj->id);
 
                                 job_set_state(uj, JOB_WAITING);
                                 return uj;

diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 42d6dd2a94342ba4d7f7cb17e568cea2bda39f85..cc58b3c07879d4bb0d7fd143e239c4bbd49bd96e 100644 (file)
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -793,7 +793,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
                 "ioprio_get\0"
                 "kcmp\0"
                 "madvise\0"
-                "mincore\0"
                 "mprotect\0"
                 "mremap\0"
                 "name_to_handle_at\0"