Otherwise copying full directory trees between container and host won't
work, as we cannot access some fiels and cannot adjust the ownership
properly on the destination.
Of course, adding these many caps to the daemon kinda defeats the
purpose of the caps lock-down... but well...
Daniel Mack [Mon, 27 Jul 2015 13:41:53 +0000 (15:41 +0200)]
bus-proxy: augment debug message for dropped broadcasts a bit
Add the PID we are proxying for, as well as the message's sender and
destination string, to the debug message that is printed when the proxy
drops unmatched broadcasts.
This should clear up some confusion in
https://github.com/systemd/systemd/issues/717.
This basically copies the description from systemd.unit to this
man page. Masking can happen also in /run, so strike the part
about /etc, and also add the magic work "mask".
Justification is similar to BPDUGuard rename. "Positive" values
are easier. This is a rather uncommon option, so using a slightly
longer name should not be a problem, and may in fact may make it
easier to guess what the option does without reading the
documentation.
Looking at the kernel commit, "on" seems to be the default value:
commit 867a59436fc35593ae0e0efcd56cc6d2f8506586
Author: Vlad Yasevich <vyasevic@redhat.com>
Date: Wed Jun 5 10:08:01 2013 -0400
bridge: Add a flag to control unicast packet flood.
Add a flag to control flood of unicast traffic. By default, flood is
on and the bridge will flood unicast traffic if it doesn't know
the destination. When the flag is turned off, unicast traffic
without an FDB will not be forwarded to the specified port.
... and it seems to be the reasonable thing to do by default.
Rename to follow the follow the style of other options.
In general "positive" options are preferred to "negative" ones,
because they are easier to describe and easier for humans to
parse (c.f. the shortening on the man page entry).
Old name was slightly misleading, because this flag does not determine
whether DSCP is used overall, but only if it is copied to the
decapsulated packet. Rename to better reflect that.
"Copy" does not imply direction. This is on purpose, because we might
later on enhance the setting to allow/disallow copying in the other
direction, to the encapsulated packet. If that is implemented,
CopyDSCP could understand additional values. This is nicer than
having two separate settings and follows the example of DHCP=.
Also, we try to avoid abbreviations, but we allow acronyms
like MTU, in DiscoverPathMTU=.
This setting was recently added, so it's fine to rename it without
backwards compat.
Michael Olbrich [Fri, 24 Jul 2015 20:25:28 +0000 (22:25 +0200)]
automount: handle state changes of the corresponding mount unit correctly
The expire timeout must be started/stopped if the corresponding mount unit
changes its state, e.g. it is started via local-fs.target or stopped by a
manual umount.
Michael Olbrich [Fri, 24 Jul 2015 20:21:59 +0000 (22:21 +0200)]
automount: don't try to umount if it already happened
Return the token immediately instead. Otherwise the token is never returned
to the kernel, because the umount job is a noop and will not trigger a
state change.
Daniel Mack [Fri, 24 Jul 2015 11:49:11 +0000 (13:49 +0200)]
tree-wide: do not use _cleanup_free_ on const pointers
free() cannot be used with const pointers. However, our _cleanup_free_
handler features cast logic that hides that qualifier, so we don't get a
warning.
David Herrmann [Fri, 24 Jul 2015 10:37:12 +0000 (12:37 +0200)]
sd-bus: don't treat KDBUS_ITEM_TIMESTAMP as unknown item
In bus_kernel_translate_message(), we print a DEBUG message on unknown
items. But right now, we also print this message for KDBUS_ITEM_TIMESTAMP
despite parsing it properly. Fix this!
journal: uppercase first character in verify error messages
In the english language the first character of a sentence is supposed to
be uppercase. Let's make sure this also applies to the journal
verification error messages.
journal: avoid mapping empty data and field hash tables
When a new journal file is created we write the header first, then sync
and only then create the data and field hash tables in them. That means
to other processes it might appear that the files have a valid header
but not data and field hash tables. Our reader code should be able to
deal with this.
With this change we'll not map the two hash tables right-away after
opening a file for reading anymore (because that will of course fail if
the objects are missing), but delay this until the first time we access
them. On top of that, when we want to look something up in the hash
tables and we notice they aren't initialized yet, we consider them
empty.
This improves handling of some journal files reported in #487.
process: return ESRCH when a PID is not valid anymore
so far, when we read something from /proc/$PID we would pass on the
ENOENT from the kernel as error, if the process was missing. With this
change we systematically convert this to ESRCH, which is the more
appropriate error code, and what all the other glibc/syscalls like
kill() use.
All code that calls these functions should be fine with this change. In
fact, one invocation of get_process_exe() in bus-creds.c already assumed
ESRCH would be returned if a process is missing, and this assumption is
now validated after the change.
Christian Hesse [Thu, 23 Jul 2015 19:18:36 +0000 (21:18 +0200)]
virt: handle Virtualbox 5.0 with kvm hypervisor
Virtualbox 5.0 now supports kvm hypervisor. In this case cpuid
identidies as "kvm", which breaks units depending on
ConditionVirtualization=oracle.
So return "oracle" even with kvm hypervisor.
Tom Gundersen [Thu, 23 Jul 2015 11:13:43 +0000 (13:13 +0200)]
resolved: rr - don't read past end of RR when parsing NSEC(3)
We can never read past the end of the packet, so this seems impossible
to exploit, but let's error out early as reading past the end of the
current RR is clearly an error.
Tom Gundersen [Thu, 23 Jul 2015 10:57:58 +0000 (12:57 +0200)]
resolved: packet - fail on invalid zero-length data
Most blobs (keys, signatures, ...) should have a specific size given by
the relevant algorithm. However, as we don't use/verify the algorithms
yet, let's just ensure that we don't read out zero-length data in cases
where this does not make sense.
The only exceptions, where zero-length data is allowed are in the NSEC3
salt field, and the generic data (which we don't know anything about,
so better not make any assumptions).
No need to actually reset the bitmap, we can just truncate it back zero
size. That not only makes bitmap_clear() quicker, but also subsequent
bitmap_isclear().
Let's make dns_packet_read_public_key() more generic by renaming it to
dns_packet_read_memdup() (which more accurately describes what it
does...). Then, patch all cases where we memdup() RR data to use this
new call.
This specifically checks for zero-length objects, and handles them
gracefully. It will set zero length payload fields as a result.
Special care should be taken to ensure that any code using this call
can handle the returned allocated field to be NULL if the size is
specified as 0!
Mike Gilbert [Thu, 23 Jul 2015 02:34:57 +0000 (22:34 -0400)]
nspawn: Don't pass uid mount option for devpts
Mounting devpts with a uid breaks pty allocation with recent glibc
versions, which expect that the kernel will set the correct owner for
user-allocated ptys.
The kernel seems to be smart enough to use the correct uid for root when
we switch to a user namespace.