]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: f0a43eb 707b3fb)
Merge pull request #10935 from poettering/rlimit-nofile-safe
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Thu, 6 Dec 2018 16:19:21 +0000 (17:19 +0100)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Thu, 6 Dec 2018 16:19:21 +0000 (17:19 +0100)
Merged by hand to resolve a trivial conflict in TODO.

1  2 
TODO patch | diff1 | diff2 | blob | history
src/basic/meson.build patch | diff1 | diff2 | blob | history
src/basic/process-util.c patch | diff1 | diff2 | blob | history
src/coredump/coredumpctl.c patch | diff1 | diff2 | blob | history
src/login/inhibit.c patch | diff1 | diff2 | blob | history
src/machine/image-dbus.c patch | diff1 | diff2 | blob | history
src/shared/exec-util.c patch | diff1 | diff2 | blob | history
src/shared/meson.build patch | diff1 | diff2 | blob | history
src/systemctl/systemctl.c patch | diff1 | diff2 | blob | history
src/udev/udev-event.c patch | diff1 | diff2 | blob | history
src/vconsole/vconsole-setup.c patch | diff1 | diff2 | blob | history

diff --cc TODO
index 41ad24d3bbd20fd493c3833542eb74708d941e0f,f5c5d6cc222985c1e7311dcd43f2e27699d223dc..3a4eac4b2c0b15abdb54841562cb7f5b8dbd9f4a
--- 1/TODO
--- 2/TODO
+++ b/TODO
@@@ -23,12 -23,10 +23,16 @@@ Janitorial Clean-ups
  
  Features:
  
 +* when importing an fs tree with machined, optionally apply userns-rec-chown
 +
 +* when importing an fs tree with machined, complain if image is not an OS
 +
 +* when we fork off generators and such, lower LIMIT_NOFILE soft limit to 1K
 +
+ * Maybe introduce a helper safe_exec() or so, which is to execve() which
+   safe_fork() is to fork(). And then make revert the RLIMIT_NOFILE soft limit
+   to 1K implicitly, unless explicitly opted-out.
  * rework seccomp/nnp logic that that even if User= is used in combination with
    a seccomp option we don't have to set NNP. For that, change uid first whil
    keeping CAP_SYS_ADMIN, then apply seccomp, the drop cap.
diff --cc src/basic/meson.build
index a59b8ac92868a7d7415f2c94ea7b30d655e57a4e,4cd6911da9fcc1143200742573c469467fd95291..78e69feb4df2652bf83082f413fabb2ae3fd849c
--- 1/src/basic/meson.build
--- 2/src/basic/meson.build
+++ b/src/basic/meson.build
@@@ -149,8 -120,11 +149,10 @@@ basic_sources = files(''
          refcnt.h
          replace-var.c
          replace-var.h
+         rlimit-util.c
+         rlimit-util.h
          rm-rf.c
          rm-rf.h
 -        securebits.h
          selinux-util.c
          selinux-util.h
          set.h
diff --cc src/basic/process-util.c
Simple merge
diff --cc src/coredump/coredumpctl.c
Simple merge
diff --cc src/login/inhibit.c
Simple merge
diff --cc src/machine/image-dbus.c
Simple merge
diff --cc src/shared/exec-util.c
Simple merge
diff --cc src/shared/meson.build
Simple merge
diff --cc src/systemctl/systemctl.c
Simple merge
diff --cc src/udev/udev-event.c
Simple merge
diff --cc src/vconsole/vconsole-setup.c
Simple merge
Unnamed repository; edit this file 'description' to name the repository.