Pavel Hrdina [Mon, 12 Nov 2018 09:53:47 +0000 (10:53 +0100)]
bpf-devices: fix order of removing and adding BPF programs
The current code has multiple issues and it should never be done like
that. If someone updates list of allowed devices we should attach new
program before we remove the old one for two reasons:
1. It takes some time to attach new program so there is a period of time
when all devices are allowed.
2. BPF programs have limit for number of instructions (4096) and if user
adds a lot of devices we might hit the instruction limit and the new
program will not be accepted which will result in allow all devices
because the old program was already removed.
In order to attach the new program before we remove the old one we need
to use BPF_F_ALLOW_MULTI flag every time.
Frantisek Sumsal [Sun, 11 Nov 2018 11:13:48 +0000 (12:13 +0100)]
tests: dbus.service was renamed to dbus-daemon.service in Rawhide
Fedora Rawhide renamed dbus.service to dbus-daemon.service - that
breaks tests which require working DBus (e.g. TEST-03-JOBS)
Excerpt from the dbus.spec:
The 'dbus' package is only retained for compatibility purposes. It will
eventually be removed and then replaced by 'Provides: dbus' in the
dbus-daemon package. It will then exclusively be used for other packages to
describe their dependency on a system and user bus. It does not pull in any
particular dbus *implementation*, nor any libraries. These should be pulled
in, if required, via explicit dependencies.
units: lock down systemd-logind.service with various fs namespacing options
now that logind doesn't mount $XDG_RUNTIME_DIR anymore we can lock down
the service using fs namespacing (as we don't need the mount to
propagate to the host namespace anymore).
Thomas Haller [Thu, 1 Nov 2018 13:43:11 +0000 (14:43 +0100)]
dhcp: support endianness independent dhcp_identifier_set_iaid()
The previous code did htole64() followed by unaligned_write_be32() (the
XOR and shift in between is endianness agnostic). That means, on every
architeture there is always exactly one byte swap and the iaid is
dependent on endianness.
Since dhcp_identifier_set_iaid() is part of the DUID generation
algorithm, this cannot be fixed without changing the client-id.
In particular, as the client-id already depends on the machine-id (and
is thus inherrently host-specific), it is better to stick to the current
behavior.
However, add a parameter to switch between old and new behaviour.
Since the new behavior is unused, the only real purpose of this
change is to self-document the oddity of the function.
units: set NoNewPrivileges= for all long-running services
Previously, setting this option by default was problematic due to
SELinux (as this would also prohibit the transition from PID1's label to
the service's label). However, this restriction has since been lifted,
hence let's start making use of this universally in our services.
On SELinux system this change should be synchronized with a policy
update that ensures that NNP-ful transitions from init_t to service
labels is permitted.
An while we are at it: sort the settings in the unit files this touches.
This might increase the size of the change in this case, but hopefully
should result in stabler patches later on.
Tommi Rantala [Thu, 8 Nov 2018 12:15:25 +0000 (14:15 +0200)]
core: include unit name in emergency_action() reason message
Add unit name in StartLimitAction=, FailureAction= and SuccessAction=
emergency_action() reason messages, so that the problematic unit is
easily visible, for example:
Yu Watanabe [Mon, 29 Oct 2018 07:50:39 +0000 (16:50 +0900)]
udev: drop util_log_priority() and use log_level_from_string()
The function util_log_priority() is almost same as
log_level_from_string(). The difference between them is only that
util_log_priority() accepts such that '3 hogehoge'.
Yu Watanabe [Mon, 12 Nov 2018 05:57:04 +0000 (14:57 +0900)]
network: fixes related to NetworkConfigSection
- Do not allocate NetworkConfigSection when filename == NULL
- set .network element before calling hashmap_put()
- Always free NetworkConfigSection in each object.
Yu Watanabe [Sun, 11 Nov 2018 14:33:17 +0000 (23:33 +0900)]
libudev: conserve previous behavior
The commit dcfbde3a43d632ff6e286c77e1081087eca59d8e changes
sd_device_get_ifindex() returns -ENOENT instead of zero if the device
does not have ifindex.
Let's keep the original behavior of udev_device_get_ifindex().
There's a much stronger case for doing this kind of notification in
tmpfiles.d (since it helps relating lines to each other for the purpose
of merging them). Doing this for PIDFile= is mostly about being
systematic and copying tmpfiles.d/ behaviour here.
While we are at it, let's also support relative filenames in PIDFile=
now, and prefix them with /run, to make them absolute.
David Anderson [Fri, 9 Nov 2018 04:44:16 +0000 (20:44 -0800)]
Add a networkd test for 6rd interface creation.
Unfortunately we can't check the 6rd attribute, because it's not
exposed in /sys or anywhere other than netlink... But at least we
can check that networkd brings up an interface that looks right.
core: expose bus client names currently reffing a unit as property
This is useful for debugging client-side ref counting of units: for each
ref taken on a unit the client's sender name is listed. If a client has
multiple refs on the same unit it is listed multiple times.
projects / thirdparty / systemd.git / log
