Features:
-* block setrlimit(RLIMIT_NOPROC) (and other per-user limits) in nspawn when userns is not on
+* add proper dbus APIs for the various sd_notify() commands, such as MAINPID=1
+ and so on, which would mean we could report errors and such.
* nss-systemd: implement enumeration, that shows all dynamic users plus the
synthesized ones if necessary, so that "getent passwd" shows useful data.
* maybe rework get_user_creds() to query the user database if $SHELL is used
for root, but only then.
-* there should be path_hash_ops and we should use it in tmpfiles' hashmap object to deal with identical but differently spelt paths
-
* be stricter with fds we receive for the fdstore: close them asynchronously
* calenderspec: add support for week numbers and day numbers within a
year. This would allow us to define "bi-weekly" triggers safely.
-* add support for recursive bpf firewalling as supported by the newest kernel
-
-* add bpf-based implementation of devices cgroup controller logic for compat with cgroupsv2 as supported by newest kernel
+* add bpf-based implementation of devices cgroup controller logic for compat
+ with cgroupsv2 as supported by newest kernel
* introduce sd_id128_get_boot_app_specific() which is like
sd_id128_get_machine_app_specific(). After all on long-running systems both
* sd-bus: add vtable flag, that may be used to request client creds implicitly
and asynchronously before dispatching the operation
-* implement transient socket unit.
-
* make use of ethtool veth peer info in machined, for automatically finding out
host-side interface pointing to the container.
systemd-journald writes to /var/log/journal, which could be useful when we
doing disk usage calculations and so on.
-* taint systemd if there are fewer than 65536 users assigned to the system.
+* taint systemd if there are fewer than 65536 users assigned (userns) to the system.
* deprecate PermissionsStartOnly= and RootDirectoryStartOnly= in favour of the ExecStart= prefix chars
--- /dev/null
+@@
+expression q, n, m;
+@@
+- q = malloc((n)*(m))
++ q = malloc_multiply(n, m)
+@@
+expression q, n, m;
+@@
+- q = malloc(n*(m))
++ q = malloc_multiply(n, m)
+@@
+expression q, n, m;
+@@
+- q = malloc((n)*m)
++ q = malloc_multiply(n, m)
+@@
+expression q, n, m;
+@@
+- q = malloc(n*m)
++ q = malloc_multiply(n, m)
--- /dev/null
+@@
+expression q, p, n, m;
+@@
+- q = realloc(p, (n)*(m))
++ q = reallocarray(p, n, m)
+@@
+expression q, p, n, m;
+@@
+- q = realloc(p, n*(m))
++ q = reallocarray(p, n, m)
+@@
+expression q, p, n, m;
+@@
+- q = realloc(p, (n)*m)
++ q = reallocarray(p, n, m)
+@@
+expression q, p, n, m;
+@@
+- q = realloc(p, n*m)
++ q = reallocarray(p, n, m)
EVDEV_ABS_35=::38
EVDEV_ABS_36=::28
+# Lenovo ThinkPad Edge 13 (02173BG)
+evdev:name:SynPS/2 Synaptics TouchPad:dmi:*svnLENOVO*:pn*02173BG*:*pvrThinkPadEdge*
+ EVDEV_ABS_00=916:6077:55
+ EVDEV_ABS_01=653:5395:116
+ EVDEV_ABS_35=916:6077:55
+ EVDEV_ABS_36=653:5395:116
+
#########################################
# Samsung
#########################################
sensor:modalias:acpi:SMO8500*:dmi:*svn*ASUSTeK*:*pn*TP500LB*
ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
+sensor:modalias:acpi:SMO8500*:dmi:*svn*ASUSTeK*:*pn*TP300LD*
+ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
+
#########################################
# Axxo
#########################################
#########################################
sensor:modalias:acpi:*KIOX000A*:dmi:*svn*CytrixTechnology:*pn*Complex11t*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
+
+#########################################
+# iOTA 360
+#########################################
+sensor:modalias:acpi:KIOX000A*:dmi:*svn*iOTA*:*pn*IOTA2210*
+ ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
+
<command> --reset-statistics</command>
</cmdsynopsis>
+ <cmdsynopsis>
+ <command>systemd-resolve</command>
+ <arg choice="opt" rep="repeat">OPTIONS</arg>
+ <command> --flush-caches</command>
+ </cmdsynopsis>
+
+ <cmdsynopsis>
+ <command>systemd-resolve</command>
+ <arg choice="opt" rep="repeat">OPTIONS</arg>
+ <command> --reset-server-features</command>
+ </cmdsynopsis>
+
+ <cmdsynopsis>
+ <command>systemd-resolve</command>
+ <arg choice="opt" rep="repeat">OPTIONS</arg>
+ <command> --status</command>
+ </cmdsynopsis>
+
+ <cmdsynopsis>
+ <command>systemd-resolve</command>
+ <arg choice="opt" rep="repeat">OPTIONS</arg>
+ <command> --set-dns=<replaceable>SERVER</replaceable></command> <command> --set-domain=<replaceable>DOMAIN</replaceable> --set-llmnr=<replaceable>MODE</replaceable> --set-mdns=<replaceable>MODE</replaceable> --set-dnssec=<replaceable>MODE</replaceable> --set-nta=<replaceable>DOMAIN</replaceable></command>
+ </cmdsynopsis>
+
+ <cmdsynopsis>
+ <command>systemd-resolve</command>
+ <arg choice="opt" rep="repeat">OPTIONS</arg>
+ <command> --revert</command>
+ </cmdsynopsis>
+
</refsynopsisdiv>
<refsect1>
<term><varname>SuccessAction=</varname></term>
<listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
state. Takes the same values as the setting <varname>StartLimitAction=</varname> setting and executes the same
- actions (see
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>). Both options
- default to <option>none</option>.</para></listitem>
+ actions. Both options default to <option>none</option>.</para></listitem>
</varlistentry>
<varlistentry>
match the owners of pre-existing files (such as SUID or SGID
binaries).
The syntax <literal><replaceable>uid</replaceable>:<replaceable>gid</replaceable></literal> is also supported to
- allow creating user and group pairs with different numeric UID and GID values. The group with the indicated GID must get created explicitly before or it must already exist.
+ allow creating user and group pairs with different numeric UID and GID values. The group with the indicated GID must get created explicitly before or it must already exist. Specifying <literal>-</literal> for the UID in this syntax
+ is also supported.
</para>
<para>For <varname>m</varname> lines, this field should contain
conf.set_quoted('SYSTEM_SYSVRCND_PATH', sysvrcnd_path)
conf.set_quoted('RC_LOCAL_SCRIPT_PATH_START', get_option('rc-local'))
conf.set_quoted('RC_LOCAL_SCRIPT_PATH_STOP', get_option('halt-local'))
+
+conf.set('ANSI_OK_COLOR', 'ANSI_' + get_option('ok-color').underscorify().to_upper())
+
conf.set_quoted('USER_CONFIG_UNIT_PATH', join_paths(pkgsysconfdir, 'user'))
conf.set_quoted('USER_DATA_UNIT_PATH', userunitdir)
conf.set_quoted('CERTIFICATE_ROOT', get_option('certificate-root'))
option('install-tests', type : 'boolean', value : 'false',
description : 'install test executables')
+option('ok-color', type: 'combo',
+ choices : ['black', 'red', 'green', 'yellow', 'blue', 'magenta', 'cyan',
+ 'white', 'highlight-black', 'highlight-red', 'highlight-green',
+ 'highlight-yellow', 'highlight-blue', 'highlight-magenta',
+ 'highlight-cyan', 'highlight-white'],
+ value : 'green',
+ description: 'color of the "OK" status message')
+
option('oss-fuzz', type : 'boolean', value : 'false',
description : 'build against oss-fuzz')
option('llvm-fuzz', type : 'boolean', value : 'false',
# as out-of-tree build dir. Otherwise, let's make up our own builddir.
[ -z "$BUILDDIR" ] && BUILDDIR=build
-export LC_CTYPE=en_US.UTF-8
+# Meson uses Python 3 and requires a locale with an UTF-8 character map.
+# Not running under UTF-8 makes the `ninja test` step break with a CodecError.
+# So let's ensure we're running under UTF-8.
+#
+# If our current locale already is UTF-8, then we don't need to do anything:
+if [ "$(locale charmap)" != "UTF-8" ] ; then
+ # Try using C.UTF-8 locale, if available. This locale is not shipped
+ # by upstream glibc, so it's not available in all distros.
+ # (In particular, it's not available in Arch Linux.)
+ export LC_CTYPE=C.UTF-8
+ if [ "$(locale charmap)" != "UTF-8" ] ; then
+ # Finally, try something like en_US.UTF-8, which should be
+ # available in Arch Linux, but is not present in Debian's
+ # minimal image in our mkosi config.
+ export LC_CTYPE=en_US.UTF-8
+ if [ "$(locale charmap)" != "UTF-8" ] ; then
+ # If nothing works, fail early.
+ echo "*** Could not find a valid locale that supports UTF-8. ***" >&2
+ exit 1
+ fi
+ fi
+fi
if [ ! -f "$BUILDDIR"/build.ninja ] ; then
sysvinit_path=`realpath /etc/init.d`
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: https://github.com/systemd/systemd/issues\n"
-"POT-Creation-Date: 2016-04-23 02:33+0000\n"
-"PO-Revision-Date: 2016-06-28 13:18+0700\n"
-"Last-Translator: Andika Triwidada <andika@gmail.com>\n"
+"POT-Creation-Date: 2018-03-04 11:09+0700\n"
+"PO-Revision-Date: 2018-03-04 11:12+0700\n"
+"Last-Translator: Andika Triwidada <atriwidada@gnome.org>\n"
"Language-Team: Indonesian <gnome-l10n-id@googlegroups.com>\n"
"Language: id\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Poedit 1.8.8\n"
+"X-Generator: Poedit 1.8.11\n"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:1
+#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
msgstr "Kirim frasa sandi kembali ke sistem"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:2
+#: src/core/org.freedesktop.systemd1.policy.in:23
msgid ""
"Authentication is required to send the entered passphrase back to the system."
msgstr ""
"Otentikasi diperlukan untuk mengirim frasa sandi yang dimasukkan kembali ke "
"sistem."
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:3
+#: src/core/org.freedesktop.systemd1.policy.in:33
msgid "Manage system services or other units"
msgstr "Kelola layanan sistem atau unit lainnya"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:4
+#: src/core/org.freedesktop.systemd1.policy.in:34
msgid "Authentication is required to manage system services or other units."
msgstr ""
"Otentikasi diperlukan untuk mengelola layanan sistem atau unit lainnya."
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:5
+#: src/core/org.freedesktop.systemd1.policy.in:43
msgid "Manage system service or unit files"
msgstr "Kelola layanan sistem atau berkas unit"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:6
+#: src/core/org.freedesktop.systemd1.policy.in:44
msgid "Authentication is required to manage system service or unit files."
msgstr "Otentikasi diperlukan untuk mengelola layanan sistem atau berkas unit."
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:7
+#: src/core/org.freedesktop.systemd1.policy.in:53
msgid "Set or unset system and service manager environment variables"
msgstr "Atur atau hapus variabel lingkungan manajer layanan dan sistem"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:8
+#: src/core/org.freedesktop.systemd1.policy.in:54
msgid ""
"Authentication is required to set or unset system and service manager "
"environment variables."
"Otentikasi diperlukan untuk menata atau menghapus variabel lingkungan "
"manajer layanan dan sistem."
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:9
+#: src/core/org.freedesktop.systemd1.policy.in:63
msgid "Reload the systemd state"
msgstr "Muat ulang keadaan systemd"
-#: ../src/core/org.freedesktop.systemd1.policy.in.in.h:10
+#: src/core/org.freedesktop.systemd1.policy.in:64
msgid "Authentication is required to reload the systemd state."
msgstr "Otentikasi diperlukan untuk memuat ulang keadaan systemd."
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:1
+#: src/hostname/org.freedesktop.hostname1.policy:22
msgid "Set host name"
msgstr "Setel nama host"
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:2
+#: src/hostname/org.freedesktop.hostname1.policy:23
msgid "Authentication is required to set the local host name."
msgstr "Otentikasi diperlukan untuk menata nama host lokal."
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:3
+#: src/hostname/org.freedesktop.hostname1.policy:32
msgid "Set static host name"
msgstr "Setel nama host statik"
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:4
+#: src/hostname/org.freedesktop.hostname1.policy:33
msgid ""
"Authentication is required to set the statically configured local host name, "
"as well as the pretty host name."
"Otentikasi diperlukan untuk menata nama host lokal yang dikonfigurasi "
"statik, maupun nama host cantik."
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:5
+#: src/hostname/org.freedesktop.hostname1.policy:43
msgid "Set machine information"
msgstr "Setel informasi mesin"
-#: ../src/hostname/org.freedesktop.hostname1.policy.in.h:6
+#: src/hostname/org.freedesktop.hostname1.policy:44
msgid "Authentication is required to set local machine information."
msgstr "Otentikasi diperlukan untuk menata informasi mesin lokal."
-#: ../src/import/org.freedesktop.import1.policy.in.h:1
+#: src/import/org.freedesktop.import1.policy:22
msgid "Import a VM or container image"
msgstr "Impor sebuah image kontainer atau VM"
-#: ../src/import/org.freedesktop.import1.policy.in.h:2
+#: src/import/org.freedesktop.import1.policy:23
msgid "Authentication is required to import a VM or container image"
msgstr "Otentikasi diperlukan untuk mengimpor suatu image kontainer atau VM"
-#: ../src/import/org.freedesktop.import1.policy.in.h:3
+#: src/import/org.freedesktop.import1.policy:32
msgid "Export a VM or container image"
msgstr "Ekspor sebuah image kontainer atau VM"
-#: ../src/import/org.freedesktop.import1.policy.in.h:4
+#: src/import/org.freedesktop.import1.policy:33
msgid "Authentication is required to export a VM or container image"
msgstr "Otentikasi diperlukan untuk mengekspor suatu image kontainer atau VM"
-#: ../src/import/org.freedesktop.import1.policy.in.h:5
+#: src/import/org.freedesktop.import1.policy:42
msgid "Download a VM or container image"
msgstr "Unduh sebuah image kontainer atau VM"
-#: ../src/import/org.freedesktop.import1.policy.in.h:6
+#: src/import/org.freedesktop.import1.policy:43
msgid "Authentication is required to download a VM or container image"
msgstr "Otentikasi diperlukan untuk mengunduh suatu image kontainer atau VM"
-#: ../src/locale/org.freedesktop.locale1.policy.in.h:1
+#: src/locale/org.freedesktop.locale1.policy:22
msgid "Set system locale"
msgstr "Setel locale sistem"
-#: ../src/locale/org.freedesktop.locale1.policy.in.h:2
+#: src/locale/org.freedesktop.locale1.policy:23
msgid "Authentication is required to set the system locale."
msgstr "Otentikasi diperlukan untuk menyetel locale sistem."
-#: ../src/locale/org.freedesktop.locale1.policy.in.h:3
+#: src/locale/org.freedesktop.locale1.policy:33
msgid "Set system keyboard settings"
msgstr "Setel pengaturan papan tik sistem"
-#: ../src/locale/org.freedesktop.locale1.policy.in.h:4
+#: src/locale/org.freedesktop.locale1.policy:34
msgid "Authentication is required to set the system keyboard settings."
msgstr "Otentikasi diperlukan untuk menyetel pengaturan papan tik sistem."
-#: ../src/login/org.freedesktop.login1.policy.in.h:1
+#: src/login/org.freedesktop.login1.policy:22
msgid "Allow applications to inhibit system shutdown"
msgstr "Ijinkan aplikasi untuk mencegah shutdown sistem"
-#: ../src/login/org.freedesktop.login1.policy.in.h:2
+#: src/login/org.freedesktop.login1.policy:23
msgid ""
"Authentication is required for an application to inhibit system shutdown."
msgstr ""
"Otentikasi diperlukan bagi suatu aplikasi untuk mencegah shutdown sistem."
-#: ../src/login/org.freedesktop.login1.policy.in.h:3
+#: src/login/org.freedesktop.login1.policy:33
msgid "Allow applications to delay system shutdown"
msgstr "Ijinkan aplikasi untuk menunda shutdown sistem"
-#: ../src/login/org.freedesktop.login1.policy.in.h:4
+#: src/login/org.freedesktop.login1.policy:34
msgid "Authentication is required for an application to delay system shutdown."
msgstr ""
"Otentikasi diperlukan bagi suatu aplikasi untuk menunda shutdown sistem."
-#: ../src/login/org.freedesktop.login1.policy.in.h:5
+#: src/login/org.freedesktop.login1.policy:44
msgid "Allow applications to inhibit system sleep"
msgstr "Ijinkan aplikasi untuk mencegah tidur sistem"
-#: ../src/login/org.freedesktop.login1.policy.in.h:6
+#: src/login/org.freedesktop.login1.policy:45
msgid "Authentication is required for an application to inhibit system sleep."
msgstr "Otentikasi diperlukan bagi suatu aplikasi untuk menunda tidur sistem."
-#: ../src/login/org.freedesktop.login1.policy.in.h:7
+#: src/login/org.freedesktop.login1.policy:55
msgid "Allow applications to delay system sleep"
msgstr "Ijinkan aplikasi untuk menunda tidur sistem"
-#: ../src/login/org.freedesktop.login1.policy.in.h:8
+#: src/login/org.freedesktop.login1.policy:56
msgid "Authentication is required for an application to delay system sleep."
msgstr "Otentikasi diperlukan bagi suatu aplikasi untuk menunda tidur sistem."
-#: ../src/login/org.freedesktop.login1.policy.in.h:9
+#: src/login/org.freedesktop.login1.policy:65
msgid "Allow applications to inhibit automatic system suspend"
msgstr "Ijinkan aplikasi mencegah suspensi sistem otomatis"
-#: ../src/login/org.freedesktop.login1.policy.in.h:10
+#: src/login/org.freedesktop.login1.policy:66
msgid ""
"Authentication is required for an application to inhibit automatic system "
"suspend."
msgstr ""
"Otentikasi diperlukan bagi suatu aplikasi untuk mencegah suspensi sistem."
-#: ../src/login/org.freedesktop.login1.policy.in.h:11
+#: src/login/org.freedesktop.login1.policy:75
msgid "Allow applications to inhibit system handling of the power key"
msgstr "Ijinkan aplikasi mencegah penanganan sistem atas tombol daya"
-#: ../src/login/org.freedesktop.login1.policy.in.h:12
+#: src/login/org.freedesktop.login1.policy:76
msgid ""
"Authentication is required for an application to inhibit system handling of "
"the power key."
"Otentikasi diperlukan bagi suatu aplikasi untuk mencegah penanganan sistem "
"atas tombol daya."
-#: ../src/login/org.freedesktop.login1.policy.in.h:13
+#: src/login/org.freedesktop.login1.policy:86
msgid "Allow applications to inhibit system handling of the suspend key"
msgstr "Ijinkan aplikasi mencegah penanganan sistem atas tombol suspensi"
-#: ../src/login/org.freedesktop.login1.policy.in.h:14
+#: src/login/org.freedesktop.login1.policy:87
msgid ""
"Authentication is required for an application to inhibit system handling of "
"the suspend key."
"Otentikasi diperlukan bagi suatu aplikasi untuk mencegah penanganan sistem "
"atas tombol suspensi."
-#: ../src/login/org.freedesktop.login1.policy.in.h:15
+#: src/login/org.freedesktop.login1.policy:97
msgid "Allow applications to inhibit system handling of the hibernate key"
msgstr "Ijinkan aplikasi mencegah penanganan sistem atas tombol hibernasi"
-#: ../src/login/org.freedesktop.login1.policy.in.h:16
+#: src/login/org.freedesktop.login1.policy:98
msgid ""
"Authentication is required for an application to inhibit system handling of "
"the hibernate key."
"Otentikasi diperlukan bagi suatu aplikasi untuk mencegah penanganan sistem "
"dari tombol hibernasi."
-#: ../src/login/org.freedesktop.login1.policy.in.h:17
+#: src/login/org.freedesktop.login1.policy:107
msgid "Allow applications to inhibit system handling of the lid switch"
msgstr "Ijinkan aplikasi mencegah penanganan sistem atas saklar lid"
-#: ../src/login/org.freedesktop.login1.policy.in.h:18
+#: src/login/org.freedesktop.login1.policy:108
msgid ""
"Authentication is required for an application to inhibit system handling of "
"the lid switch."
"Otentikasi diperlukan bagi suatu aplikasi untuk mencegah penanganan sistem "
"atas saklar lid."
-#: ../src/login/org.freedesktop.login1.policy.in.h:19
+#: src/login/org.freedesktop.login1.policy:117
msgid "Allow non-logged-in user to run programs"
msgstr "Ijinkan pengguna yang tidak log masuk menjalankan program"
-#: ../src/login/org.freedesktop.login1.policy.in.h:20
+#: src/login/org.freedesktop.login1.policy:118
msgid "Explicit request is required to run programs as a non-logged-in user."
msgstr ""
"Permintaan eksplisit diperlukan untuk menjalankan program sebagai pengguna "
"yang tidak log masuk."
-#: ../src/login/org.freedesktop.login1.policy.in.h:21
+#: src/login/org.freedesktop.login1.policy:127
msgid "Allow non-logged-in users to run programs"
msgstr "Ijinkan pengguna yang tidak log masuk menjalankan program"
-#: ../src/login/org.freedesktop.login1.policy.in.h:22
+#: src/login/org.freedesktop.login1.policy:128
msgid "Authentication is required to run programs as a non-logged-in user."
msgstr ""
"Otentikasi diperlukan untuk menjalankan program sebagai pengguna yang tidak "
"log masuk."
-#: ../src/login/org.freedesktop.login1.policy.in.h:23
+#: src/login/org.freedesktop.login1.policy:137
msgid "Allow attaching devices to seats"
msgstr "Ijinkan mencantolkan perangkat ke seat"
-#: ../src/login/org.freedesktop.login1.policy.in.h:24
+#: src/login/org.freedesktop.login1.policy:138
msgid "Authentication is required for attaching a device to a seat."
msgstr "Otentikasi diperlukan untuk mencantol suatu perangkat ke sebuah seat."
-#: ../src/login/org.freedesktop.login1.policy.in.h:25
+#: src/login/org.freedesktop.login1.policy:148
msgid "Flush device to seat attachments"
msgstr "Siram perangkat untuk mendudukkan lampiran"
-#: ../src/login/org.freedesktop.login1.policy.in.h:26
+#: src/login/org.freedesktop.login1.policy:149
msgid ""
"Authentication is required for resetting how devices are attached to seats."
msgstr ""
"Otentikasi diperlukan untuk me-reset bagaimana perangkat dicantolkan ke seat."
-#: ../src/login/org.freedesktop.login1.policy.in.h:27
+#: src/login/org.freedesktop.login1.policy:158
msgid "Power off the system"
msgstr "Matikan daya sistem"
-#: ../src/login/org.freedesktop.login1.policy.in.h:28
+#: src/login/org.freedesktop.login1.policy:159
msgid "Authentication is required for powering off the system."
msgstr "Otentikasi diperlukan untuk mematikan daya sistem."
-#: ../src/login/org.freedesktop.login1.policy.in.h:29
+#: src/login/org.freedesktop.login1.policy:169
msgid "Power off the system while other users are logged in"
msgstr "Matikan daya sistem ketika pengguna lain sedang log masuk"
-#: ../src/login/org.freedesktop.login1.policy.in.h:30
+#: src/login/org.freedesktop.login1.policy:170
msgid ""
"Authentication is required for powering off the system while other users are "
"logged in."
"Otentikasi diperlukan untuk mematikan daya sistem ketika pengguna lain "
"sedang log masuk."
-#: ../src/login/org.freedesktop.login1.policy.in.h:31
+#: src/login/org.freedesktop.login1.policy:180
msgid "Power off the system while an application asked to inhibit it"
msgstr "Matikan daya sistem ketika sebuah aplikasi meminta untuk mencegahnya"
-#: ../src/login/org.freedesktop.login1.policy.in.h:32
+#: src/login/org.freedesktop.login1.policy:181
msgid ""
"Authentication is required for powering off the system while an application "
"asked to inhibit it."
"Otentikasi diperlukan untuk mematikan daya sistem ketika sebuah aplikasi "
"meminta untuk mencegahnya."
-#: ../src/login/org.freedesktop.login1.policy.in.h:33
+#: src/login/org.freedesktop.login1.policy:191
msgid "Reboot the system"
msgstr "Boot ulang sistem"
-#: ../src/login/org.freedesktop.login1.policy.in.h:34
+#: src/login/org.freedesktop.login1.policy:192
msgid "Authentication is required for rebooting the system."
msgstr "Otentikasi diperlukan untuk mem-boot ulang sistem."
-#: ../src/login/org.freedesktop.login1.policy.in.h:35
+#: src/login/org.freedesktop.login1.policy:202
msgid "Reboot the system while other users are logged in"
msgstr "Boot ulang sistem ketika pengguna lain sedang log masuk"
-#: ../src/login/org.freedesktop.login1.policy.in.h:36
+#: src/login/org.freedesktop.login1.policy:203
msgid ""
"Authentication is required for rebooting the system while other users are "
"logged in."
"Otentikasi diperlukan untuk mem-boot ulang sistem ketika pengguna lain "
"sedang log masuk."
-#: ../src/login/org.freedesktop.login1.policy.in.h:37
+#: src/login/org.freedesktop.login1.policy:213
msgid "Reboot the system while an application asked to inhibit it"
msgstr "Boot ulang sistem ketika sebuah aplikasi meminta untuk mencegahnya"
-#: ../src/login/org.freedesktop.login1.policy.in.h:38
+#: src/login/org.freedesktop.login1.policy:214
msgid ""
"Authentication is required for rebooting the system while an application "
"asked to inhibit it."
"Otentikasi diperlukan untuk mem-boot ulang sistem ketika sebuah aplikasi "
"meminta untuk mencegahnya."
-#: ../src/login/org.freedesktop.login1.policy.in.h:39
+#: src/login/org.freedesktop.login1.policy:224
+msgid "Halt the system"
+msgstr "Halt sistem"
+
+#: src/login/org.freedesktop.login1.policy:225
+msgid "Authentication is required for halting the system."
+msgstr "Otentikasi diperlukan untuk meng-halt sistem."
+
+#: src/login/org.freedesktop.login1.policy:235
+msgid "Halt the system while other users are logged in"
+msgstr "Halt sistem ketika pengguna lain sedang log masuk"
+
+#: src/login/org.freedesktop.login1.policy:236
+msgid ""
+"Authentication is required for halting the system while other users are "
+"logged in."
+msgstr ""
+"Otentikasi diperlukan untuk meng-halt sistem ketika pengguna lain sedang log "
+"masuk."
+
+#: src/login/org.freedesktop.login1.policy:246
+msgid "Halt the system while an application asked to inhibit it"
+msgstr "Halt sistem ketika sebuah aplikasi meminta untuk mencegahnya"
+
+#: src/login/org.freedesktop.login1.policy:247
+msgid ""
+"Authentication is required for halting the system while an application asked "
+"to inhibit it."
+msgstr ""
+"Otentikasi diperlukan untuk meng-halt sistem ketika sebuah aplikasi meminta "
+"untuk mencegahnya."
+
+#: src/login/org.freedesktop.login1.policy:257
msgid "Suspend the system"
msgstr "Suspensikan sistem"
-#: ../src/login/org.freedesktop.login1.policy.in.h:40
+#: src/login/org.freedesktop.login1.policy:258
msgid "Authentication is required for suspending the system."
msgstr "Otentikasi diperlukan untuk mensuspensi sistem."
-#: ../src/login/org.freedesktop.login1.policy.in.h:41
+#: src/login/org.freedesktop.login1.policy:267
msgid "Suspend the system while other users are logged in"
msgstr "Suspensikan sistem ketika pengguna lain sedang log masuk"
-#: ../src/login/org.freedesktop.login1.policy.in.h:42
+#: src/login/org.freedesktop.login1.policy:268
msgid ""
"Authentication is required for suspending the system while other users are "
"logged in."
"Otentikasi diperlukan untuk mensuspensi sistem ketika pengguna lain sedang "
"log masuk."
-#: ../src/login/org.freedesktop.login1.policy.in.h:43
+#: src/login/org.freedesktop.login1.policy:278
msgid "Suspend the system while an application asked to inhibit it"
msgstr "Suspensikan sistem ketika sebuah aplikasi meminta untuk mencegahnya"
-#: ../src/login/org.freedesktop.login1.policy.in.h:44
+#: src/login/org.freedesktop.login1.policy:279
msgid ""
"Authentication is required for suspending the system while an application "
"asked to inhibit it."
"Otentikasi diperlukan untuk mensuspensi sistem ketika suatu aplikasi meminta "
"untuk mencegahnya."
-#: ../src/login/org.freedesktop.login1.policy.in.h:45
+#: src/login/org.freedesktop.login1.policy:289
msgid "Hibernate the system"
msgstr "Hibernasikan sistem"
-#: ../src/login/org.freedesktop.login1.policy.in.h:46
+#: src/login/org.freedesktop.login1.policy:290
msgid "Authentication is required for hibernating the system."
msgstr "Otentikasi diperlukan untuk menghibernasi sistem."
-#: ../src/login/org.freedesktop.login1.policy.in.h:47
+#: src/login/org.freedesktop.login1.policy:299
msgid "Hibernate the system while other users are logged in"
msgstr "Hibernasikan sistem ketika pengguna lain sedang log masuk."
-#: ../src/login/org.freedesktop.login1.policy.in.h:48
+#: src/login/org.freedesktop.login1.policy:300
msgid ""
"Authentication is required for hibernating the system while other users are "
"logged in."
"Otentikasi diperlukan untuk menghibernasi sistem ketika pengguna lain sedang "
"log masuk."
-#: ../src/login/org.freedesktop.login1.policy.in.h:49
+#: src/login/org.freedesktop.login1.policy:310
msgid "Hibernate the system while an application asked to inhibit it"
msgstr "Hibernasikan sistem ketika sebuah aplikasi meminta untuk mencegahnya."
-#: ../src/login/org.freedesktop.login1.policy.in.h:50
+#: src/login/org.freedesktop.login1.policy:311
msgid ""
"Authentication is required for hibernating the system while an application "
"asked to inhibit it."
"Otentikasi diperlukan untuk menghibernasi sistem ketika sebuah aplikasi "
"meminta mencegahnya."
-#: ../src/login/org.freedesktop.login1.policy.in.h:51
+#: src/login/org.freedesktop.login1.policy:321
msgid "Manage active sessions, users and seats"
msgstr "Kelola seat, pengguna, dan sesi aktif"
-#: ../src/login/org.freedesktop.login1.policy.in.h:52
+#: src/login/org.freedesktop.login1.policy:322
msgid ""
"Authentication is required for managing active sessions, users and seats."
msgstr "Otentikasi diperlukan untuk mengelola seat, pengguna, dan sesi aktif."
-#: ../src/login/org.freedesktop.login1.policy.in.h:53
+#: src/login/org.freedesktop.login1.policy:331
msgid "Lock or unlock active sessions"
msgstr "Kunci/buka kunci sesi aktif"
-#: ../src/login/org.freedesktop.login1.policy.in.h:54
+#: src/login/org.freedesktop.login1.policy:332
msgid "Authentication is required to lock or unlock active sessions."
msgstr "Otentikasi diperlukan untuk mengunci atau membuka kunci sesi aktif."
-#: ../src/login/org.freedesktop.login1.policy.in.h:55
+#: src/login/org.freedesktop.login1.policy:341
msgid "Allow indication to the firmware to boot to setup interface"
msgstr "Ijinkan indikasi ke firmware untuk boot ke antar muka penyiapan"
-#: ../src/login/org.freedesktop.login1.policy.in.h:56
+#: src/login/org.freedesktop.login1.policy:342
msgid ""
"Authentication is required to indicate to the firmware to boot to setup "
"interface."
"Otentikasi diperlukan untuk mengindikasikan ke firmware agar boot ke "
"antarmuka penyiapan."
-#: ../src/login/org.freedesktop.login1.policy.in.h:57
+#: src/login/org.freedesktop.login1.policy:351
msgid "Set a wall message"
msgstr "Setel suatu pesan wall"
-#: ../src/login/org.freedesktop.login1.policy.in.h:58
+#: src/login/org.freedesktop.login1.policy:352
msgid "Authentication is required to set a wall message"
msgstr "Otentikasi diperlukan untuk menyetel pesan wall"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:1
+#: src/machine/org.freedesktop.machine1.policy:22
msgid "Log into a local container"
msgstr "Log masuk ke dalam suatu kontainer lokal"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:2
+#: src/machine/org.freedesktop.machine1.policy:23
msgid "Authentication is required to log into a local container."
msgstr "Otentikasi diperlukan untuk log masuk ke dalam suatu kontainer lokal."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:3
+#: src/machine/org.freedesktop.machine1.policy:32
msgid "Log into the local host"
msgstr "Log masuk ke dalam host lokal"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:4
+#: src/machine/org.freedesktop.machine1.policy:33
msgid "Authentication is required to log into the local host."
msgstr "Otentikasi diperlukan untuk log masuk ke dalam host lokal."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:5
+#: src/machine/org.freedesktop.machine1.policy:42
msgid "Acquire a shell in a local container"
msgstr "Dapatkan sebuah shell dalam kontainer lokal"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:6
+#: src/machine/org.freedesktop.machine1.policy:43
msgid "Authentication is required to acquire a shell in a local container."
msgstr ""
"Otentikasi diperlukan untuk mendapatkan suatu shell dalam sebuah kontainer "
"lokal."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:7
+#: src/machine/org.freedesktop.machine1.policy:53
msgid "Acquire a shell on the local host"
msgstr "Dapatkan sebuah shell pada host lokal"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:8
+#: src/machine/org.freedesktop.machine1.policy:54
msgid "Authentication is required to acquire a shell on the local host."
msgstr "Otentikasi diperlukan untuk mendapatkan suatu shell pada host lokal."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:9
+#: src/machine/org.freedesktop.machine1.policy:64
msgid "Acquire a pseudo TTY in a local container"
msgstr "Dapatkan sebuah TTY semu dalam suatu kontainer lokal"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:10
+#: src/machine/org.freedesktop.machine1.policy:65
msgid ""
"Authentication is required to acquire a pseudo TTY in a local container."
msgstr ""
"Otentikasi diperlukan untuk mendapatkan suatu TTY semu dalam sebuah "
"kontainer lokal."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:11
+#: src/machine/org.freedesktop.machine1.policy:74
msgid "Acquire a pseudo TTY on the local host"
msgstr "Dapatkan sebuah TTY semu pada host lokal"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:12
+#: src/machine/org.freedesktop.machine1.policy:75
msgid "Authentication is required to acquire a pseudo TTY on the local host."
msgstr ""
"Otentikasi diperlukan untuk mendapatkan suatu TTY semu pada host lokal."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:13
+#: src/machine/org.freedesktop.machine1.policy:84
msgid "Manage local virtual machines and containers"
msgstr "Kelola mesin virtual lokal dan kontainer"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:14
+#: src/machine/org.freedesktop.machine1.policy:85
msgid ""
"Authentication is required to manage local virtual machines and containers."
msgstr ""
"Otentikasi diperlukan untuk mengelola mesin virtual lokal dan kontainer."
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:15
+#: src/machine/org.freedesktop.machine1.policy:95
msgid "Manage local virtual machine and container images"
msgstr "Kelola mesin virtual lokal dan image kontainer"
-#: ../src/machine/org.freedesktop.machine1.policy.in.h:16
+#: src/machine/org.freedesktop.machine1.policy:96
msgid ""
"Authentication is required to manage local virtual machine and container "
"images."
"Otentikasi diperlukan untuk mengelola mesin virtual lokal dan image "
"kontainer."
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:1
+#: src/resolve/org.freedesktop.resolve1.policy:22
+msgid "Register a DNS-SD service"
+msgstr "Daftarkan suatu layanan DNS-SD"
+
+#: src/resolve/org.freedesktop.resolve1.policy:23
+msgid "Authentication is required to register a DNS-SD service"
+msgstr "Otentikasi diperlukan untuk mendaftarkan suatu layanan DNS-SD"
+
+#: src/resolve/org.freedesktop.resolve1.policy:33
+msgid "Unregister a DNS-SD service"
+msgstr "Cabut pendaftaran suatu layanan DNS-SD"
+
+#: src/resolve/org.freedesktop.resolve1.policy:34
+msgid "Authentication is required to unregister a DNS-SD service"
+msgstr "Otentikasi diperlukan untuk mencabut pendaftaran suatu layanan DNS-SD"
+
+#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Setel waktu sistem"
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:2
+#: src/timedate/org.freedesktop.timedate1.policy:23
msgid "Authentication is required to set the system time."
msgstr "Otentikasi diperlukan untuk menyetel waktu sistem."
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:3
+#: src/timedate/org.freedesktop.timedate1.policy:33
msgid "Set system timezone"
msgstr "Setel zona waktu sistem"
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:4
+#: src/timedate/org.freedesktop.timedate1.policy:34
msgid "Authentication is required to set the system timezone."
msgstr "Otentikasi diperlukan untuk menyetel zona waktu sistem."
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:5
+#: src/timedate/org.freedesktop.timedate1.policy:43
msgid "Set RTC to local timezone or UTC"
msgstr "Atur RTC ke zona waktu lokal atau UTC"
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:6
+#: src/timedate/org.freedesktop.timedate1.policy:44
msgid ""
"Authentication is required to control whether the RTC stores the local or "
"UTC time."
"Otentikasi diperlukan untuk mengendalikan apakah RTC menyimpan waktu UTC "
"atau lokal."
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:7
+#: src/timedate/org.freedesktop.timedate1.policy:54
msgid "Turn network time synchronization on or off"
msgstr "Nyalakan atau matikan penyelarasan waktu jaringan"
-#: ../src/timedate/org.freedesktop.timedate1.policy.in.h:8
+#: src/timedate/org.freedesktop.timedate1.policy:55
msgid ""
"Authentication is required to control whether network time synchronization "
"shall be enabled."
"Otentikasi diperlukan untuk mengendalikan apakah sinkronisasi waktu jaringan "
"mesti difungsikan."
-#: ../src/core/dbus-unit.c:450
+#: src/core/dbus-unit.c:496
msgid "Authentication is required to start '$(unit)'."
msgstr "Otentikasi diperlukan untuk memulai '$(unit)'."
-#: ../src/core/dbus-unit.c:451
+#: src/core/dbus-unit.c:497
msgid "Authentication is required to stop '$(unit)'."
msgstr "Otentikasi diperlukan untuk menghentikan '$(unit)'."
-#: ../src/core/dbus-unit.c:452
+#: src/core/dbus-unit.c:498
msgid "Authentication is required to reload '$(unit)'."
msgstr "Otentikasi diperlukan untuk memuat ulang '$(unit)'."
-#: ../src/core/dbus-unit.c:453 ../src/core/dbus-unit.c:454
+#: src/core/dbus-unit.c:499 src/core/dbus-unit.c:500
msgid "Authentication is required to restart '$(unit)'."
msgstr "Otentikasi diperlukan untuk memulai ulang '$(unit)'."
-#: ../src/core/dbus-unit.c:560
+#: src/core/dbus-unit.c:607
msgid "Authentication is required to kill '$(unit)'."
msgstr "Otentikasi diperlukan untuk mematikan '$(unit)'."
-#: ../src/core/dbus-unit.c:590
+#: src/core/dbus-unit.c:638
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
"Otentikasi diperlukan untuk me-reset keadaan \"failed\" dari '$(unit)'."
-#: ../src/core/dbus-unit.c:622
+#: src/core/dbus-unit.c:671
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "Otentikasi diperlukan untuk menata properti pada '$(unit)'."
if (arg_inetd) {
assert(n_fds == 1);
- r = dup2(start_fd, STDIN_FILENO);
+ r = rearrange_stdio(start_fd, start_fd, STDERR_FILENO); /* invalidates start_fd on success + error */
if (r < 0)
- return log_error_errno(errno, "Failed to dup connection to stdin: %m");
+ return log_error_errno(errno, "Failed to move fd to stdin+stdout: %m");
- r = dup2(start_fd, STDOUT_FILENO);
- if (r < 0)
- return log_error_errno(errno, "Failed to dup connection to stdout: %m");
-
- start_fd = safe_close(start_fd);
} else {
if (start_fd != SD_LISTEN_FDS_START) {
assert(n_fds == 1);
q = strv_length(m);
l = l + q - 1;
- w = realloc(ret, sizeof(char*) * (l+1));
+ w = reallocarray(ret, l + 1, sizeof(char *));
if (!w) {
ret[k] = NULL;
strv_free(ret);
char *_argv[2];
if (stdout_fd >= 0) {
- /* If the fd happens to be in the right place, go along with that */
- if (stdout_fd != STDOUT_FILENO &&
- dup2(stdout_fd, STDOUT_FILENO) < 0)
+ r = rearrange_stdio(STDIN_FILENO, stdout_fd, STDERR_FILENO);
+ if (r < 0)
_exit(EXIT_FAILURE);
-
- (void) fd_cloexec(STDOUT_FILENO, false);
}
if (!argv) {
return 0;
}
-void stdio_unset_cloexec(void) {
- (void) fd_cloexec(STDIN_FILENO, false);
- (void) fd_cloexec(STDOUT_FILENO, false);
- (void) fd_cloexec(STDERR_FILENO, false);
-}
-
_pure_ static bool fd_in_set(int fd, const int fdset[], unsigned n_fdset) {
unsigned i;
(void) close(fd);
return copy;
}
+
+int rearrange_stdio(int original_input_fd, int original_output_fd, int original_error_fd) {
+
+ int fd[3] = { /* Put together an array of fds we work on */
+ original_input_fd,
+ original_output_fd,
+ original_error_fd
+ };
+
+ int r, i,
+ null_fd = -1, /* if we open /dev/null, we store the fd to it here */
+ copy_fd[3] = { -1, -1, -1 }; /* This contains all fds we duplicate here temporarily, and hence need to close at the end */
+ bool null_readable, null_writable;
+
+ /* Sets up stdin, stdout, stderr with the three file descriptors passed in. If any of the descriptors is
+ * specified as -1 it will be connected with /dev/null instead. If any of the file descriptors is passed as
+ * itself (e.g. stdin as STDIN_FILENO) it is left unmodified, but the O_CLOEXEC bit is turned off should it be
+ * on.
+ *
+ * Note that if any of the passed file descriptors are > 2 they will be closed — both on success and on
+ * failure! Thus, callers should assume that when this function returns the input fds are invalidated.
+ *
+ * Note that when this function fails stdin/stdout/stderr might remain half set up!
+ *
+ * O_CLOEXEC is turned off for all three file descriptors (which is how it should be for
+ * stdin/stdout/stderr). */
+
+ null_readable = original_input_fd < 0;
+ null_writable = original_output_fd < 0 || original_error_fd < 0;
+
+ /* First step, open /dev/null once, if we need it */
+ if (null_readable || null_writable) {
+
+ /* Let's open this with O_CLOEXEC first, and convert it to non-O_CLOEXEC when we move the fd to the final position. */
+ null_fd = open("/dev/null", (null_readable && null_writable ? O_RDWR :
+ null_readable ? O_RDONLY : O_WRONLY) | O_CLOEXEC);
+ if (null_fd < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ /* If this fd is in the 0…2 range, let's move it out of it */
+ if (null_fd < 3) {
+ int copy;
+
+ copy = fcntl(null_fd, F_DUPFD_CLOEXEC, 3); /* Duplicate this with O_CLOEXEC set */
+ if (copy < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ safe_close(null_fd);
+ null_fd = copy;
+ }
+ }
+
+ /* Let's assemble fd[] with the fds to install in place of stdin/stdout/stderr */
+ for (i = 0; i < 3; i++) {
+
+ if (fd[i] < 0)
+ fd[i] = null_fd; /* A negative parameter means: connect this one to /dev/null */
+ else if (fd[i] != i && fd[i] < 3) {
+ /* This fd is in the 0…2 territory, but not at its intended place, move it out of there, so that we can work there. */
+ copy_fd[i] = fcntl(fd[i], F_DUPFD_CLOEXEC, 3); /* Duplicate this with O_CLOEXEC set */
+ if (copy_fd[i] < 0) {
+ r = -errno;
+ goto finish;
+ }
+
+ fd[i] = copy_fd[i];
+ }
+ }
+
+ /* At this point we now have the fds to use in fd[], and they are all above the stdio range, so that we
+ * have freedom to move them around. If the fds already were at the right places then the specific fds are
+ * -1. Let's now move them to the right places. This is the point of no return. */
+ for (i = 0; i < 3; i++) {
+
+ if (fd[i] == i) {
+
+ /* fd is already in place, but let's make sure O_CLOEXEC is off */
+ r = fd_cloexec(i, false);
+ if (r < 0)
+ goto finish;
+
+ } else {
+ assert(fd[i] > 2);
+
+ if (dup2(fd[i], i) < 0) { /* Turns off O_CLOEXEC on the new fd. */
+ r = -errno;
+ goto finish;
+ }
+ }
+ }
+
+ r = 0;
+
+finish:
+ /* Close the original fds, but only if they were outside of the stdio range. Also, properly check for the same
+ * fd passed in multiple times. */
+ safe_close_above_stdio(original_input_fd);
+ if (original_output_fd != original_input_fd)
+ safe_close_above_stdio(original_output_fd);
+ if (original_error_fd != original_input_fd && original_error_fd != original_output_fd)
+ safe_close_above_stdio(original_error_fd);
+
+ /* Close the copies we moved > 2 */
+ for (i = 0; i < 3; i++)
+ safe_close(copy_fd[i]);
+
+ /* Close our null fd, if it's > 2 */
+ safe_close_above_stdio(null_fd);
+
+ return r;
+}
int fd_nonblock(int fd, bool nonblock);
int fd_cloexec(int fd, bool cloexec);
-void stdio_unset_cloexec(void);
int close_all_fds(const int except[], unsigned n_except);
IN_SET(r, ENOTCONN, ECONNRESET, ECONNREFUSED, ECONNABORTED, EPIPE, ENETUNREACH)
int fd_move_above_stdio(int fd);
+
+int rearrange_stdio(int original_input_fd, int original_output_fd, int original_error_fd);
+
+static inline int make_null_stdio(void) {
+ return rearrange_stdio(-1, -1, -1);
+}
struct prioq_item *j;
n = MAX((q->n_items+1) * 2, 16u);
- j = realloc(q->items, sizeof(struct prioq_item) * n);
+ j = reallocarray(q->items, n, sizeof(struct prioq_item));
if (!j)
return -ENOMEM;
node_child->value_len = len;
/* extend array, add new entry, sort for bisection */
- child = realloc(node->children, (node->children_count + 1) * sizeof(struct strbuf_child_entry));
+ child = reallocarray(node->children, node->children_count + 1, sizeof(struct strbuf_child_entry));
if (!child) {
free(node_child);
return -ENOMEM;
p = strv_length(*a);
q = strv_length(b);
- t = realloc(*a, sizeof(char*) * (p + q + 1));
+ t = reallocarray(*a, p + q + 1, sizeof(char *));
if (!t)
return -ENOMEM;
k = strv_length(*l);
- nl = realloc(*l, sizeof(char*) * (k + n + 1));
+ nl = reallocarray(*l, k + n + 1, sizeof(char *));
if (!nl)
return -ENOMEM;
if (r < 0)
log_warning_errno(r, "Failed to reset terminal, ignoring: %m");
- r = make_stdio(fd);
+ r = rearrange_stdio(fd, fd, fd); /* This invalidates 'fd' both on success and on failure. */
if (r < 0)
- return log_error_errno(r, "Failed to duplicate terminal fd: %m");
+ return log_error_errno(r, "Failed to make terminal stdin/stdout/stderr: %m");
reset_terminal_feature_caches();
return cached_on_tty;
}
-int make_stdio(int fd) {
- int r = 0;
-
- assert(fd >= 0);
-
- if (dup2(fd, STDIN_FILENO) < 0)
- r = -errno;
- if (dup2(fd, STDOUT_FILENO) < 0 && r >= 0)
- r = -errno;
- if (dup2(fd, STDERR_FILENO) < 0 && r >= 0)
- r = -errno;
-
- safe_close_above_stdio(fd);
-
- /* Explicitly unset O_CLOEXEC, since if fd was < 3, then dup2() was a NOP and the bit hence possibly set. */
- stdio_unset_cloexec();
-
- return r;
-}
-
-int make_null_stdio(void) {
- int null_fd, r;
-
- null_fd = open("/dev/null", O_RDWR|O_NOCTTY|O_CLOEXEC);
- if (null_fd < 0)
- return -errno;
-
- r = make_stdio(null_fd);
-
- reset_terminal_feature_caches();
-
- return r;
-}
-
int getttyname_malloc(int fd, char **ret) {
size_t l = 100;
int r;
#include "macro.h"
#include "time-util.h"
-#define ANSI_RED "\x1B[0;31m"
-#define ANSI_GREEN "\x1B[0;32m"
+/* Regular colors */
+#define ANSI_BLACK "\x1B[0;30m"
+#define ANSI_RED "\x1B[0;31m"
+#define ANSI_GREEN "\x1B[0;32m"
+#define ANSI_YELLOW "\x1B[0;33m"
+#define ANSI_BLUE "\x1B[0;34m"
+#define ANSI_MAGENTA "\x1B[0;35m"
+#define ANSI_CYAN "\x1B[0;36m"
+#define ANSI_WHITE "\x1B[0;37m"
+
+/* Bold/highlighted */
+#define ANSI_HIGHLIGHT_BLACK "\x1B[0;1;30m"
+#define ANSI_HIGHLIGHT_RED "\x1B[0;1;31m"
+#define ANSI_HIGHLIGHT_GREEN "\x1B[0;1;32m"
+#define ANSI_HIGHLIGHT_YELLOW "\x1B[0;1;33m"
+#define ANSI_HIGHLIGHT_BLUE "\x1B[0;1;34m"
+#define ANSI_HIGHLIGHT_MAGENTA "\x1B[0;1;35m"
+#define ANSI_HIGHLIGHT_CYAN "\x1B[0;1;36m"
+#define ANSI_HIGHLIGHT_WHITE "\x1B[0;1;37m"
+
+/* Underlined */
+#define ANSI_HIGHLIGHT_BLACK_UNDERLINE "\x1B[0;1;4;30m"
+#define ANSI_HIGHLIGHT_RED_UNDERLINE "\x1B[0;1;4;31m"
+#define ANSI_HIGHLIGHT_GREEN_UNDERLINE "\x1B[0;1;4;32m"
+#define ANSI_HIGHLIGHT_YELLOW_UNDERLINE "\x1B[0;1;4;33m"
+#define ANSI_HIGHLIGHT_BLUE_UNDERLINE "\x1B[0;1;4;34m"
+#define ANSI_HIGHLIGHT_MAGENTA_UNDERLINE "\x1B[0;1;4;35m"
+#define ANSI_HIGHLIGHT_CYAN_UNDERLINE "\x1B[0;1;4;36m"
+#define ANSI_HIGHLIGHT_WHITE_UNDERLINE "\x1B[0;1;4;37m"
+
+/* Other ANSI codes */
#define ANSI_UNDERLINE "\x1B[0;4m"
#define ANSI_HIGHLIGHT "\x1B[0;1;39m"
-#define ANSI_HIGHLIGHT_RED "\x1B[0;1;31m"
-#define ANSI_HIGHLIGHT_GREEN "\x1B[0;1;32m"
-#define ANSI_HIGHLIGHT_YELLOW "\x1B[0;1;33m"
-#define ANSI_HIGHLIGHT_BLUE "\x1B[0;1;34m"
#define ANSI_HIGHLIGHT_UNDERLINE "\x1B[0;1;4m"
-#define ANSI_HIGHLIGHT_RED_UNDERLINE "\x1B[0;1;4;31m"
-#define ANSI_HIGHLIGHT_GREEN_UNDERLINE "\x1B[0;1;4;32m"
-#define ANSI_HIGHLIGHT_YELLOW_UNDERLINE "\x1B[0;1;4;33m"
-#define ANSI_HIGHLIGHT_BLUE_UNDERLINE "\x1B[0;1;4;34m"
+
+/* Reset/clear ANSI styles */
#define ANSI_NORMAL "\x1B[0m"
+/* Erase characters until the end of the line */
#define ANSI_ERASE_TO_END_OF_LINE "\x1B[K"
/* Set cursor to top left corner and clear screen */
int vtnr_from_tty(const char *tty);
const char *default_term_for_tty(const char *tty);
-int make_stdio(int fd);
-int make_null_stdio(void);
int make_console_stdio(void);
int fd_columns(int fd);
if (r < 0)
return r;
- if (dup2(fd, STDIN_FILENO) < 0)
- return -errno;
-
- if (dup2(fd, STDOUT_FILENO) < 0)
- return -errno;
-
- if (fd >= 2)
- safe_close(fd);
+ r = rearrange_stdio(fd, fd, STDERR_FILENO);
fd = -1;
+ if (r < 0)
+ return r;
*_saved_stdin = saved_stdin;
*_saved_stdout = saved_stdout;
static const struct {
const char *color, *word;
} job_print_status_messages [_JOB_RESULT_MAX] = {
- [JOB_DONE] = { ANSI_GREEN, " OK " },
+ [JOB_DONE] = { ANSI_OK_COLOR, " OK " },
[JOB_TIMEOUT] = { ANSI_HIGHLIGHT_RED, " TIME " },
[JOB_FAILED] = { ANSI_HIGHLIGHT_RED, "FAILED" },
[JOB_DEPENDENCY] = { ANSI_HIGHLIGHT_YELLOW, "DEPEND" },
{ "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
is_efi_boot, MNT_NONE },
#endif
- { "bpf", "/sys/fs/bpf", "bpf", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ { "bpf", "/sys/fs/bpf", "bpf", "mode=700", MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_NONE, },
};
} else {
int *t;
- t = realloc(rfds, (rn_socket_fds + cn_fds) * sizeof(int));
+ t = reallocarray(rfds, rn_socket_fds + cn_fds, sizeof(int));
if (!t)
return -ENOMEM;
char **nl;
int *t;
- t = realloc(rfds, (rn_socket_fds + s->n_fd_store) * sizeof(int));
+ t = reallocarray(rfds, rn_socket_fds + s->n_fd_store, sizeof(int));
if (!t)
return -ENOMEM;
rfds = t;
- nl = realloc(rfd_names, (rn_socket_fds + s->n_fd_store + 1) * sizeof(char*));
+ nl = reallocarray(rfd_names, rn_socket_fds + s->n_fd_store + 1, sizeof(char *));
if (!nl)
return -ENOMEM;
bool found_monotonic = false, found_realtime = false;
bool leave_around = false;
triple_timestamp ts;
- usec_t base = 0;
TimerValue *v;
Unit *trigger;
int r;
t->next_elapse_monotonic_or_boottime = t->next_elapse_realtime = 0;
LIST_FOREACH(value, v, t->values) {
-
if (v->disabled)
continue;
/* If we know the last time this was
* triggered, schedule the job based relative
- * to that. If we don't just start from
- * now. */
+ * to that. If we don't, just start from
+ * the activation time. */
- b = t->last_trigger.realtime > 0 ? t->last_trigger.realtime : ts.realtime;
+ if (t->last_trigger.realtime > 0)
+ b = t->last_trigger.realtime;
+ else {
+ if (state_translation_table[t->state] == UNIT_ACTIVE)
+ b = UNIT(t)->inactive_exit_timestamp.realtime;
+ else
+ b = ts.realtime;
+ }
r = calendar_spec_next_usec(v->calendar_spec, b, &v->next_elapse);
if (r < 0)
found_realtime = true;
- } else {
+ } else {
+ usec_t base;
switch (v->base) {
static void timer_time_change(Unit *u) {
Timer *t = TIMER(u);
+ usec_t ts;
assert(u);
if (t->state != TIMER_WAITING)
return;
+ /* If we appear to have triggered in the future, the system clock must
+ * have been set backwards. So let's rewind our own clock and allow
+ * the future trigger(s) to happen again :). Exactly the same as when
+ * you start a timer unit with Persistent=yes. */
+ ts = now(CLOCK_REALTIME);
+ if (t->last_trigger.realtime > ts)
+ t->last_trigger.realtime = ts;
+
log_unit_debug(u, "Time change, recalculating next elapse.");
timer_enter_waiting(t, false);
}
else
prefix = "COREDUMP_COMM=";
- pattern = strjoin(prefix, match);
- if (!pattern)
- return log_oom();
-
+ pattern = strjoina(prefix, match);
log_debug("Adding match: %s", pattern);
r = sd_journal_add_match(j, pattern, 0);
if (r < 0)
struct trie_child_entry *child;
/* extend array, add new entry, sort for bisection */
- child = realloc(node->children, (node->children_count + 1) * sizeof(struct trie_child_entry));
+ child = reallocarray(node->children, node->children_count + 1, sizeof(struct trie_child_entry));
if (!child)
return -ENOMEM;
}
/* extend array, add new entry, sort for bisection */
- val = realloc(node->values, (node->values_count + 1) * sizeof(struct trie_value_entry));
+ val = reallocarray(node->values, node->values_count + 1, sizeof(struct trie_value_entry));
if (!val)
return -ENOMEM;
trie->values_count++;
if (r < 0)
return r;
if (r == 0) {
- int null_fd;
uint64_t retain =
(1ULL << CAP_CHOWN) |
(1ULL << CAP_FOWNER) |
pipefd[1] = safe_close(pipefd[1]);
- r = move_fd(pipefd[0], STDIN_FILENO, false);
+ r = rearrange_stdio(pipefd[0], -1, STDERR_FILENO);
if (r < 0) {
- log_error_errno(r, "Failed to move fd: %m");
+ log_error_errno(r, "Failed to rearrange stdin/stdout: %m");
_exit(EXIT_FAILURE);
}
- null_fd = open("/dev/null", O_WRONLY|O_NOCTTY);
- if (null_fd < 0) {
- log_error_errno(errno, "Failed to open /dev/null: %m");
- _exit(EXIT_FAILURE);
- }
-
- r = move_fd(null_fd, STDOUT_FILENO, false);
- if (r < 0) {
- log_error_errno(r, "Failed to move fd: %m");
- _exit(EXIT_FAILURE);
- }
-
- stdio_unset_cloexec();
-
if (unshare(CLONE_NEWNET) < 0)
log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
if (r < 0)
return r;
if (r == 0) {
- int null_fd;
uint64_t retain = (1ULL << CAP_DAC_OVERRIDE);
/* Child */
pipefd[0] = safe_close(pipefd[0]);
- r = move_fd(pipefd[1], STDOUT_FILENO, false);
+ r = rearrange_stdio(-1, pipefd[1], STDERR_FILENO);
if (r < 0) {
- log_error_errno(r, "Failed to move fd: %m");
+ log_error_errno(r, "Failed to rearrange stdin/stdout: %m");
_exit(EXIT_FAILURE);
}
- null_fd = open("/dev/null", O_RDONLY|O_NOCTTY);
- if (null_fd < 0) {
- log_error_errno(errno, "Failed to open /dev/null: %m");
- _exit(EXIT_FAILURE);
- }
-
- r = move_fd(null_fd, STDIN_FILENO, false);
- if (r < 0) {
- log_error_errno(errno, "Failed to move fd: %m");
- _exit(EXIT_FAILURE);
- }
-
- stdio_unset_cloexec();
-
if (unshare(CLONE_NEWNET) < 0)
log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
pipefd[0] = safe_close(pipefd[0]);
- if (dup2(pipefd[1], STDERR_FILENO) != STDERR_FILENO) {
- log_error_errno(errno, "Failed to dup2() fd: %m");
+ r = rearrange_stdio(t->stdin_fd,
+ t->stdout_fd < 0 ? pipefd[1] : t->stdout_fd,
+ pipefd[1]);
+ if (r < 0) {
+ log_error_errno(r, "Failed to set stdin/stdout/stderr: %m");
_exit(EXIT_FAILURE);
}
- if (t->stdout_fd >= 0) {
- if (dup2(t->stdout_fd, STDOUT_FILENO) != STDOUT_FILENO) {
- log_error_errno(errno, "Failed to dup2() fd: %m");
- _exit(EXIT_FAILURE);
- }
-
- if (t->stdout_fd != STDOUT_FILENO)
- safe_close(t->stdout_fd);
- } else {
- if (dup2(pipefd[1], STDOUT_FILENO) != STDOUT_FILENO) {
- log_error_errno(errno, "Failed to dup2() fd: %m");
- _exit(EXIT_FAILURE);
- }
- }
-
- if (!IN_SET(pipefd[1], STDOUT_FILENO, STDERR_FILENO))
- pipefd[1] = safe_close(pipefd[1]);
-
- if (t->stdin_fd >= 0) {
- if (dup2(t->stdin_fd, STDIN_FILENO) != STDIN_FILENO) {
- log_error_errno(errno, "Failed to dup2() fd: %m");
- _exit(EXIT_FAILURE);
- }
-
- if (t->stdin_fd != STDIN_FILENO)
- safe_close(t->stdin_fd);
- } else {
- int null_fd;
-
- null_fd = open("/dev/null", O_RDONLY|O_NOCTTY);
- if (null_fd < 0) {
- log_error_errno(errno, "Failed to open /dev/null: %m");
- _exit(EXIT_FAILURE);
- }
-
- if (dup2(null_fd, STDIN_FILENO) != STDIN_FILENO) {
- log_error_errno(errno, "Failed to dup2() fd: %m");
- _exit(EXIT_FAILURE);
- }
-
- if (null_fd != STDIN_FILENO)
- safe_close(null_fd);
- }
-
- stdio_unset_cloexec();
-
if (setenv("SYSTEMD_LOG_TARGET", "console-prefixed", 1) < 0 ||
setenv("NOTIFY_SOCKET", "/run/systemd/import/notify", 1) < 0) {
log_error_errno(errno, "setenv() failed: %m");
NULL /* trailing NULL */
};
unsigned k = ELEMENTSOF(cmd) - 6;
- int null_fd;
/* Child */
gpg_pipe[1] = safe_close(gpg_pipe[1]);
- r = move_fd(gpg_pipe[0], STDIN_FILENO, false);
+ r = rearrange_stdio(gpg_pipe[0], -1, STDERR_FILENO);
if (r < 0) {
- log_error_errno(errno, "Failed to move fd: %m");
- _exit(EXIT_FAILURE);
- }
-
- null_fd = open("/dev/null", O_WRONLY|O_NOCTTY);
- if (null_fd < 0) {
- log_error_errno(errno, "Failed to open /dev/null: %m");
- _exit(EXIT_FAILURE);
- }
-
- r = move_fd(null_fd, STDOUT_FILENO, false);
- if (r < 0) {
- log_error_errno(errno, "Failed to move fd: %m");
+ log_error_errno(r, "Failed to rearrange stdin/stdout: %m");
_exit(EXIT_FAILURE);
}
cmd[k++] = NULL;
}
- stdio_unset_cloexec();
-
execvp("gpg2", (char * const *) cmd);
execvp("gpg", (char * const *) cmd);
log_error_errno(errno, "Failed to execute gpg: %m");
/* In the child */
if (r == 0) {
+ safe_close(fd[0]);
- r = dup2(fd[1], STDOUT_FILENO);
+ r = rearrange_stdio(STDIN_FILENO, fd[1], STDERR_FILENO);
if (r < 0) {
- log_error_errno(errno, "Failed to dup pipe to stdout: %m");
+ log_error_errno(r, "Failed to dup pipe to stdout: %m");
_exit(EXIT_FAILURE);
}
- safe_close_pair(fd);
-
execvp(child, argv);
log_error_errno(errno, "Failed to exec child %s: %m", child);
_exit(EXIT_FAILURE);
}
- r = close(fd[1]);
- if (r < 0)
- log_warning_errno(errno, "Failed to close write end of pipe: %m");
+ safe_close(fd[1]);
r = fd_nonblock(fd[0], true);
if (r < 0)
saved_stderr = fcntl(STDERR_FILENO, F_DUPFD_CLOEXEC, 3);
- if (dup3(fd, STDOUT_FILENO, 0) < 0 ||
- dup3(fd, STDERR_FILENO, 0) < 0) {
- r = log_error_errno(errno, "Failed to duplicate fd: %m");
+ r = rearrange_stdio(STDIN_FILENO, fd, fd); /* Invalidates fd on succcess + error! */
+ fd = -1;
+ if (r < 0) {
+ log_error_errno(r, "Failed to rearrange stdout/stderr: %m");
goto finish;
}
- fd = safe_close_above_stdio(fd);
-
if (argc <= optind)
(void) execl("/bin/cat", "/bin/cat", NULL);
else
if (r == 0)
break;
- new_addresses = realloc(addresses, (size + 1) * sizeof(struct in_addr));
+ new_addresses = reallocarray(addresses, size + 1, sizeof(struct in_addr));
if (!new_addresses)
return -ENOMEM;
else
if (r == 0)
break;
- new_addresses = realloc(addresses, (size + 1) * sizeof(struct in6_addr));
+ new_addresses = reallocarray(addresses, size + 1, sizeof(struct in6_addr));
if (!new_addresses)
return -ENOMEM;
else
if (copy < 0)
return -errno;
- f = realloc(m->fds, sizeof(int) * (m->n_fds + 1));
+ f = reallocarray(m->fds, sizeof(int), m->n_fds + 1);
if (!f) {
m->poisoned = true;
safe_close(copy);
if (r < 0)
return r;
- copy_fd = dup(memfd);
+ copy_fd = fcntl(memfd, F_DUPFD_CLOEXEC, 3);
if (copy_fd < 0)
return copy_fd;
if (r < 0)
return r;
- copy_fd = dup(memfd);
+ copy_fd = fcntl(memfd, FD_CLOEXEC, 3);
if (copy_fd < 0)
return copy_fd;
if (r == 0) {
/* Child */
- assert_se(dup3(s[1], STDIN_FILENO, 0) == STDIN_FILENO);
- assert_se(dup3(s[1], STDOUT_FILENO, 0) == STDOUT_FILENO);
+ safe_close(s[0]);
- if (!IN_SET(s[1], STDIN_FILENO, STDOUT_FILENO))
- safe_close(s[1]);
+ if (rearrange_stdio(s[1], s[1], STDERR_FILENO) < 0)
+ _exit(EXIT_FAILURE);
- (void) fd_cloexec(STDIN_FILENO, false);
- (void) fd_cloexec(STDOUT_FILENO, false);
(void) fd_nonblock(STDIN_FILENO, false);
(void) fd_nonblock(STDOUT_FILENO, false);
return -EIO;
}
- f = realloc(bus->fds, sizeof(int) * (bus->n_fds + n));
+ f = reallocarray(bus->fds, bus->n_fds + n, sizeof(int));
if (!f) {
close_many((int*) CMSG_DATA(cmsg), n);
return -ENOMEM;
return -(first+1);
}
-struct udev_list_entry *udev_list_entry_add(struct udev_list *list, const char *name, const char *value)
-{
+struct udev_list_entry *udev_list_entry_add(struct udev_list *list, const char *name, const char *value) {
struct udev_list_entry *entry;
int i = 0;
entry = list->entries[i];
free(entry->value);
- if (value == NULL) {
+ if (!value) {
entry->value = NULL;
return entry;
}
entry->value = strdup(value);
- if (entry->value == NULL)
+ if (!entry->value)
return NULL;
return entry;
}
/* add new name */
entry = new0(struct udev_list_entry, 1);
- if (entry == NULL)
+ if (!entry)
return NULL;
entry->name = strdup(name);
- if (entry->name == NULL)
+ if (!entry->name)
return mfree(entry);
- if (value != NULL) {
+ if (value) {
entry->value = strdup(value);
- if (entry->value == NULL) {
+ if (!entry->value) {
free(entry->name);
return mfree(entry);
}
add = list->entries_max;
if (add < 1)
add = 64;
- entries = realloc(list->entries, (list->entries_max + add) * sizeof(struct udev_list_entry *));
- if (entries == NULL) {
+ entries = reallocarray(list->entries, list->entries_max + add, sizeof(struct udev_list_entry *));
+ if (!entries) {
free(entry->name);
free(entry->value);
return mfree(entry);
(list->entries_cur - i) * sizeof(struct udev_list_entry *));
list->entries[i] = entry;
list->entries_cur++;
- } else {
+ } else
udev_list_entry_append(entry, list);
- }
return entry;
}
return sd_bus_send(sd->session->manager->bus, m, NULL);
}
-static int sd_eviocrevoke(int fd) {
+static void sd_eviocrevoke(int fd) {
static bool warned = false;
assert(fd >= 0);
warned = true;
}
}
-
- return 0;
}
static int sd_drmsetmaster(int fd) {
} else
/* DRM-Master is granted to the first user who opens a device automatically (ughh,
* racy!). Hence, we just drop DRM-Master in case we were the first. */
- sd_drmdropmaster(fd);
+ (void) sd_drmdropmaster(fd);
break;
case DEVICE_TYPE_EVDEV:
switch (sd->type) {
case DEVICE_TYPE_DRM:
- /* Device is kept open. Simply call drmSetMaster() and hope there is no-one else. In case it fails, we
- * keep the device paused. Maybe at some point we have a drmStealMaster(). */
- r = sd_drmsetmaster(sd->fd);
- if (r < 0)
- return r;
+
+ if (sd->fd < 0) {
+ /* Open device if it isn't open yet */
+ sd->fd = session_device_open(sd, true);
+ if (sd->fd < 0)
+ return sd->fd;
+ } else {
+ /* Device is kept open. Simply call drmSetMaster() and hope there is no-one else. In case it fails, we
+ * keep the device paused. Maybe at some point we have a drmStealMaster(). */
+ r = sd_drmsetmaster(sd->fd);
+ if (r < 0)
+ return r;
+ }
break;
case DEVICE_TYPE_EVDEV:
case DEVICE_TYPE_UNKNOWN:
default:
- /* fallback for devices wihout synchronizations */
+ /* fallback for devices without synchronizations */
break;
}
return;
switch (sd->type) {
+
case DEVICE_TYPE_DRM:
/* On DRM devices we simply drop DRM-Master but keep it open.
* This allows the user to keep resources allocated. The
* circumventing this. */
sd_drmdropmaster(sd->fd);
break;
+
case DEVICE_TYPE_EVDEV:
/* Revoke access on evdev file-descriptors during deactivation.
* This will basically prevent any operations on the fd and
* protection this way. */
sd_eviocrevoke(sd->fd);
break;
+
case DEVICE_TYPE_UNKNOWN:
default:
/* fallback for devices without synchronization */
continue;
if (session_device_save(sd) < 0)
continue;
+
session_device_notify(sd, SESSION_DEVICE_RESUME);
}
}
containerfd = open(container_dirname, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_DIRECTORY);
if (containerfd < 0) {
- r = log_error_errno(errno, "Failed top open destination directory: %m");
+ r = log_error_errno(errno, "Failed to open destination directory: %m");
goto child_fail;
}
xsprintf(p, "/proc/" UID_FMT "/uid_map", machine->leader);
f = fopen(p, "re");
if (!f) {
- log_warning_errno(errno, "Failed top open %s, ignoring,", p);
+ log_warning_errno(errno, "Failed to open %s, ignoring,", p);
continue;
}
xsprintf(p, "/proc/" GID_FMT "/gid_map", machine->leader);
f = fopen(p, "re");
if (!f) {
- log_warning_errno(errno, "Failed top open %s, ignoring,", p);
+ log_warning_errno(errno, "Failed to open %s, ignoring,", p);
continue;
}
continue;
}
- m = realloc(n->dhcp_server_dns, (n->n_dhcp_server_dns + 1) * sizeof(struct in_addr));
+ m = reallocarray(n->dhcp_server_dns, n->n_dhcp_server_dns + 1, sizeof(struct in_addr));
if (!m)
return log_oom();
if (in_addr_from_string(AF_INET6, w, &a) >= 0) {
struct in6_addr *m;
- m = realloc(n->router_dns, (n->n_router_dns + 1) * sizeof(struct in6_addr));
+ m = reallocarray(n->router_dns, n->n_router_dns + 1, sizeof(struct in6_addr));
if (!m)
return log_oom();
continue;
}
- m = realloc(n->dhcp_server_ntp, (n->n_dhcp_server_ntp + 1) * sizeof(struct in_addr));
+ m = reallocarray(n->dhcp_server_ntp, n->n_dhcp_server_ntp + 1, sizeof(struct in_addr));
if (!m)
return log_oom();
continue;
}
- m = realloc(n->dns, (n->n_dns + 1) * sizeof(struct in_addr_data));
+ m = reallocarray(n->dns, n->n_dns + 1, sizeof(struct in_addr_data));
if (!m)
return log_oom();
}
if (r == 0) {
char *empty_env = NULL;
- int nullfd;
- if (dup3(pipe_fds[1], STDOUT_FILENO, 0) < 0)
- _exit(EXIT_FAILURE);
-
- safe_close_above_stdio(pipe_fds[0]);
- safe_close_above_stdio(pipe_fds[1]);
-
- nullfd = open("/dev/null", O_RDWR);
- if (nullfd < 0)
- _exit(EXIT_FAILURE);
+ safe_close(pipe_fds[0]);
- if (dup3(nullfd, STDIN_FILENO, 0) < 0)
+ if (rearrange_stdio(-1, pipe_fds[1], -1) < 0)
_exit(EXIT_FAILURE);
- if (dup3(nullfd, STDERR_FILENO, 0) < 0)
- _exit(EXIT_FAILURE);
-
- safe_close_above_stdio(nullfd);
-
close_all_fds(NULL, 0);
execle("/usr/bin/getent", "getent", database, key, NULL, &empty_env);
return log_error_errno(errno, "PR_SET_PDEATHSIG failed: %m");
if (interactive) {
- close_nointr(STDIN_FILENO);
- close_nointr(STDOUT_FILENO);
- close_nointr(STDERR_FILENO);
-
- r = open_terminal(console, O_RDWR);
- if (r != STDIN_FILENO) {
- if (r >= 0) {
- safe_close(r);
- r = -EINVAL;
- }
+ int terminal;
- return log_error_errno(r, "Failed to open console: %m");
- }
+ terminal = open_terminal(console, O_RDWR);
+ if (terminal < 0)
+ return log_error_errno(terminal, "Failed to open console: %m");
- if (dup2(STDIN_FILENO, STDOUT_FILENO) != STDOUT_FILENO ||
- dup2(STDIN_FILENO, STDERR_FILENO) != STDERR_FILENO)
- return log_error_errno(errno, "Failed to duplicate console: %m");
+ r = rearrange_stdio(terminal, terminal, terminal); /* invalidates 'terminal' on success and failure */
+ if (r < 0)
+ return log_error_errno(r, "Failed to move console to stdin/stdout/stderr: %m");
}
r = reset_audit_loginuid();
static char **arg_set_nta = NULL;
static ServiceFamily service_family_from_string(const char *s) {
- if (s == NULL || streq(s, "tcp"))
+ if (!s || streq(s, "tcp"))
return SERVICE_FAMILY_TCP;
if (streq(s, "udp"))
return SERVICE_FAMILY_UDP;
arg_family = AF_INET6;
break;
- case 'i': {
- int ifi;
+ case 'i':
+ if (parse_ifindex(optarg, &arg_ifindex) < 0) {
+ int ifi;
- if (parse_ifindex(optarg, &ifi) >= 0)
- arg_ifindex = ifi;
- else {
ifi = if_nametoindex(optarg);
if (ifi <= 0)
return log_error_errno(errno, "Unknown interface %s: %m", optarg);
}
break;
- }
case 't':
if (streq(optarg, "help")) {
if (r < 0)
return log_error_errno(r, "Failed to parse DNS server address: %s", optarg);
- n = realloc(arg_set_dns, sizeof(struct in_addr_data) * (arg_n_set_dns + 1));
+ n = reallocarray(arg_set_dns, arg_n_set_dns + 1, sizeof(struct in_addr_data));
if (!n)
return log_oom();
arg_set_dns = n;
r = dns_name_is_valid(p);
if (r < 0)
return log_error_errno(r, "Failed to validate specified domain %s: %m", p);
- if (r == 0)
- return log_error_errno(r, "Domain not valid: %s", p);
+ if (r == 0) {
+ log_error("Domain not valid: %s", p);
+ return -EINVAL;
+ }
r = strv_extend(&arg_set_domain, optarg);
if (r < 0)
r = dns_name_is_valid(optarg);
if (r < 0)
return log_error_errno(r, "Failed to validate specified domain %s: %m", optarg);
- if (r == 0)
- return log_error_errno(r, "Domain not valid: %s", optarg);
+ if (r == 0) {
+ log_error("Domain not valid: %s", optarg);
+ return -EINVAL;
+ }
r = strv_extend(&arg_set_nta, optarg);
if (r < 0)
break;
-
case MODE_SET_LINK:
if (argc > optind) {
log_error("Too many arguments.");
_cleanup_fclose_ FILE *f = NULL;
struct stat st;
char line[LINE_MAX];
+ unsigned n = 0;
int r;
assert(m);
const char *a;
char *l;
+ n++;
+
l = strstrip(line);
- if (IN_SET(*l, '#', ';'))
+ if (IN_SET(*l, '#', ';', 0))
continue;
a = first_word(l, "nameserver");
if (r < 0)
log_warning_errno(r, "Failed to parse search domain string '%s', ignoring.", a);
}
+
+ log_syntax(NULL, LOG_DEBUG, "/etc/resolv.conf", n, 0, "Ignoring resolv.conf line: %s", l);
}
m->resolv_conf_mtime = timespec_load(&st.st_mtim);
if (!changes)
return 0;
- c = realloc(*changes, (*n_changes + 1) * sizeof(UnitFileChange));
+ c = reallocarray(*changes, *n_changes + 1, sizeof(UnitFileChange));
if (!c)
return -ENOMEM;
*changes = c;
#include <stdlib.h>
#include <string.h>
+#include "alloc-util.h"
#include "macro.h"
#include "uid-range.h"
#include "user-util.h"
} else {
UidRange *t;
- t = realloc(*p, sizeof(UidRange) * (*n + 1));
+ t = reallocarray(*p, *n + 1, sizeof(UidRange));
if (!t)
return -ENOMEM;
if (strstr(program_invocation_short_name, "halt")) {
arg_action = ACTION_HALT;
return halt_parse_argv(argc, argv);
+
} else if (strstr(program_invocation_short_name, "poweroff")) {
arg_action = ACTION_POWEROFF;
return halt_parse_argv(argc, argv);
+
} else if (strstr(program_invocation_short_name, "reboot")) {
if (kexec_loaded())
arg_action = ACTION_KEXEC;
else
arg_action = ACTION_REBOOT;
return halt_parse_argv(argc, argv);
+
} else if (strstr(program_invocation_short_name, "shutdown")) {
arg_action = ACTION_POWEROFF;
return shutdown_parse_argv(argc, argv);
+
} else if (strstr(program_invocation_short_name, "init")) {
+ /* Matches invocations as "init" as well as "telinit", which are synonymous when run as PID !=
+ * 1 on SysV.
+ *
+ * On SysV "telinit" was the official command to communicate with PID 1, but "init" would
+ * redirect itself to "telinit" if called with PID != 1. We follow the same logic here still,
+ * though we add one level of indirection, as we implement "telinit" in "systemctl". Hence, for
+ * us if you invoke "init" you get "systemd", but it will execve() "systemctl" immediately with
+ * argv[] unmodified if PID is != 1. If you invoke "telinit" you directly get "systemctl". In
+ * both cases we shall do the same thing, which is why we do strstr(p_i_s_n, "init") here, as a
+ * quick way to match both.
+ *
+ * Also see redirect_telinit() in src/core/main.c. */
+
if (sd_booted() > 0) {
arg_action = _ACTION_INVALID;
return telinit_parse_argv(argc, argv);
} else {
- /* Hmm, so some other init system is
- * running, we need to forward this
- * request to it. For now we simply
- * guess that it is Upstart. */
+ /* Hmm, so some other init system is running, we need to forward this request to
+ * it. For now we simply guess that it is Upstart. */
execv(TELINIT, argv);
i->id_set_strict = true;
free_and_replace(resolved_id, uid);
}
- r = parse_uid(resolved_id, &i->uid);
- if (r < 0)
- return log_error_errno(r, "Failed to parse UID: '%s': %m", id);
-
- i->uid_set = true;
+ if (!streq(resolved_id, "-")) {
+ r = parse_uid(resolved_id, &i->uid);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse UID: '%s': %m", id);
+ i->uid_set = true;
+ }
}
}
#include "test-helper.h"
#include "tests.h"
#include "unit.h"
+#include "user-util.h"
#include "util.h"
#include "virt.h"
assert_se(service->main_exec_status.code == code_expected);
}
+static bool check_nobody_user_and_group(void) {
+ static int cache = -1;
+ struct passwd *p;
+ struct group *g;
+
+ if (cache >= 0)
+ return !!cache;
+
+ if (!synthesize_nobody())
+ goto invalid;
+
+ p = getpwnam(NOBODY_USER_NAME);
+ if (!p ||
+ !streq(p->pw_name, NOBODY_USER_NAME) ||
+ p->pw_uid != UID_NOBODY ||
+ p->pw_gid != GID_NOBODY)
+ goto invalid;
+
+ p = getpwuid(UID_NOBODY);
+ if (!p ||
+ !streq(p->pw_name, NOBODY_USER_NAME) ||
+ p->pw_uid != UID_NOBODY ||
+ p->pw_gid != GID_NOBODY)
+ goto invalid;
+
+ g = getgrnam(NOBODY_GROUP_NAME);
+ if (!g ||
+ !streq(g->gr_name, NOBODY_GROUP_NAME) ||
+ g->gr_gid != GID_NOBODY)
+ goto invalid;
+
+ g = getgrgid(GID_NOBODY);
+ if (!g ||
+ !streq(g->gr_name, NOBODY_GROUP_NAME) ||
+ g->gr_gid != GID_NOBODY)
+ goto invalid;
+
+ cache = 1;
+ return true;
+
+invalid:
+ cache = 0;
+ return false;
+}
+
static bool is_inaccessible_available(void) {
char *p;
log_notice("Seccomp not available, skipping %s", __func__);
return;
}
- if (getpwnam("nobody"))
- test(m, "exec-systemcallfilter-system-user.service", 0, CLD_EXITED);
- else if (getpwnam("nfsnobody"))
- test(m, "exec-systemcallfilter-system-user-nfsnobody.service", 0, CLD_EXITED);
- else
- log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
+
+ test(m, "exec-systemcallfilter-system-user.service", 0, CLD_EXITED);
+
+ if (!check_nobody_user_and_group()) {
+ log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping remaining tests in %s", __func__);
+ return;
+ }
+
+ if (!STR_IN_SET(NOBODY_USER_NAME, "nobody", "nfsnobody")) {
+ log_error("Unsupported nobody user name '%s', skipping remaining tests in %s", NOBODY_USER_NAME, __func__);
+ return;
+ }
+
+ test(m, "exec-systemcallfilter-system-user-" NOBODY_USER_NAME ".service", 0, CLD_EXITED);
#endif
}
static void test_exec_user(Manager *m) {
- if (getpwnam("nobody"))
- test(m, "exec-user.service", 0, CLD_EXITED);
- else if (getpwnam("nfsnobody"))
- test(m, "exec-user-nfsnobody.service", 0, CLD_EXITED);
- else
- log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
+ test(m, "exec-user.service", 0, CLD_EXITED);
+
+ if (!check_nobody_user_and_group()) {
+ log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping remaining tests in %s", __func__);
+ return;
+ }
+
+ if (!STR_IN_SET(NOBODY_USER_NAME, "nobody", "nfsnobody")) {
+ log_error("Unsupported nobody user name '%s', skipping remaining tests in %s", NOBODY_USER_NAME, __func__);
+ return;
+ }
+
+ test(m, "exec-user-" NOBODY_USER_NAME ".service", 0, CLD_EXITED);
}
static void test_exec_group(Manager *m) {
- if (getgrnam("nobody"))
- test(m, "exec-group.service", 0, CLD_EXITED);
- else if (getgrnam("nfsnobody"))
- test(m, "exec-group-nfsnobody.service", 0, CLD_EXITED);
- else if (getgrnam("nogroup"))
- test(m, "exec-group-nogroup.service", 0, CLD_EXITED);
- else
- log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody/nogroup group: %m", __func__);
+ test(m, "exec-group.service", 0, CLD_EXITED);
+
+ if (!check_nobody_user_and_group()) {
+ log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping remaining tests in %s", __func__);
+ return;
+ }
+
+ if (!STR_IN_SET(NOBODY_GROUP_NAME, "nobody", "nfsnobody", "nogroup")) {
+ log_error("Unsupported nobody group name '%s', skipping remaining tests in %s", NOBODY_GROUP_NAME, __func__);
+ return;
+ }
+
+ test(m, "exec-group-" NOBODY_GROUP_NAME ".service", 0, CLD_EXITED);
}
static void test_exec_supplementarygroups(Manager *m) {
static void test_exec_runtimedirectory(Manager *m) {
test(m, "exec-runtimedirectory.service", 0, CLD_EXITED);
test(m, "exec-runtimedirectory-mode.service", 0, CLD_EXITED);
- if (getgrnam("nobody"))
- test(m, "exec-runtimedirectory-owner.service", 0, CLD_EXITED);
- else if (getgrnam("nfsnobody"))
- test(m, "exec-runtimedirectory-owner-nfsnobody.service", 0, CLD_EXITED);
- else
- log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody group: %m", __func__);
+ test(m, "exec-runtimedirectory-owner.service", 0, CLD_EXITED);
+
+ if (!check_nobody_user_and_group()) {
+ log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping remaining tests in %s", __func__);
+ return;
+ }
+
+ if (!STR_IN_SET(NOBODY_GROUP_NAME, "nobody", "nfsnobody", "nogroup")) {
+ log_error("Unsupported nobody group name '%s', skipping remaining tests in %s", NOBODY_GROUP_NAME, __func__);
+ return;
+ }
+
+ test(m, "exec-runtimedirectory-owner-" NOBODY_GROUP_NAME ".service", 0, CLD_EXITED);
}
static void test_exec_capabilityboundingset(Manager *m) {
return;
}
- if (getpwnam("nobody")) {
- test(m, "exec-capabilityambientset.service", 0, CLD_EXITED);
- test(m, "exec-capabilityambientset-merge.service", 0, CLD_EXITED);
- } else if (getpwnam("nfsnobody")) {
- test(m, "exec-capabilityambientset-nfsnobody.service", 0, CLD_EXITED);
- test(m, "exec-capabilityambientset-merge-nfsnobody.service", 0, CLD_EXITED);
- } else
- log_error_errno(errno, "Skipping %s, could not find nobody/nfsnobody user: %m", __func__);
+ test(m, "exec-capabilityambientset.service", 0, CLD_EXITED);
+ test(m, "exec-capabilityambientset-merge.service", 0, CLD_EXITED);
+
+ if (!check_nobody_user_and_group()) {
+ log_error_errno(errno, "nobody user/group is not synthesized or may conflict to other entries, skipping remaining tests in %s", __func__);
+ return;
+ }
+
+ if (!STR_IN_SET(NOBODY_USER_NAME, "nobody", "nfsnobody")) {
+ log_error("Unsupported nobody user name '%s', skipping remaining tests in %s", NOBODY_USER_NAME, __func__);
+ return;
+ }
+
+ test(m, "exec-capabilityambientset-" NOBODY_USER_NAME ".service", 0, CLD_EXITED);
+ test(m, "exec-capabilityambientset-merge-" NOBODY_USER_NAME ".service", 0, CLD_EXITED);
}
static void test_exec_privatenetwork(Manager *m) {
#include "fd-util.h"
#include "fileio.h"
#include "macro.h"
+#include "path-util.h"
+#include "process-util.h"
#include "random-util.h"
#include "string-util.h"
#include "util.h"
assert_se(close_nointr(new_fd) != EBADF);
}
+static void test_rearrange_stdio(void) {
+ pid_t pid;
+ int r;
+
+ r = safe_fork("rearrange", FORK_WAIT|FORK_LOG, &pid);
+ assert_se(r >= 0);
+
+ if (r == 0) {
+ _cleanup_free_ char *path = NULL;
+ char buffer[10];
+
+ /* Child */
+
+ safe_close(STDERR_FILENO); /* Let's close an fd < 2, to make it more interesting */
+
+ assert_se(rearrange_stdio(-1, -1, -1) >= 0);
+
+ assert_se(fd_get_path(STDIN_FILENO, &path) >= 0);
+ assert_se(path_equal(path, "/dev/null"));
+ path = mfree(path);
+
+ assert_se(fd_get_path(STDOUT_FILENO, &path) >= 0);
+ assert_se(path_equal(path, "/dev/null"));
+ path = mfree(path);
+
+ assert_se(fd_get_path(STDOUT_FILENO, &path) >= 0);
+ assert_se(path_equal(path, "/dev/null"));
+ path = mfree(path);
+
+ safe_close(STDIN_FILENO);
+ safe_close(STDOUT_FILENO);
+ safe_close(STDERR_FILENO);
+
+ {
+ int pair[2];
+ assert_se(pipe(pair) >= 0);
+ assert_se(pair[0] == 0);
+ assert_se(pair[1] == 1);
+ assert_se(fd_move_above_stdio(0) == 3);
+ }
+ assert_se(open("/dev/full", O_WRONLY|O_CLOEXEC) == 0);
+ assert_se(acquire_data_fd("foobar", 6, 0) == 2);
+
+ assert_se(rearrange_stdio(2, 0, 1) >= 0);
+
+ assert_se(write(1, "x", 1) < 0 && errno == ENOSPC);
+ assert_se(write(2, "z", 1) == 1);
+ assert_se(read(3, buffer, sizeof(buffer)) == 1);
+ assert_se(buffer[0] == 'z');
+ assert_se(read(0, buffer, sizeof(buffer)) == 6);
+ assert_se(memcmp(buffer, "foobar", 6) == 0);
+
+ assert_se(rearrange_stdio(-1, 1, 2) >= 0);
+ assert_se(write(1, "a", 1) < 0 && errno == ENOSPC);
+ assert_se(write(2, "y", 1) == 1);
+ assert_se(read(3, buffer, sizeof(buffer)) == 1);
+ assert_se(buffer[0] == 'y');
+
+ assert_se(fd_get_path(0, &path) >= 0);
+ assert_se(path_equal(path, "/dev/null"));
+ path = mfree(path);
+
+ _exit(EXIT_SUCCESS);
+ }
+}
+
int main(int argc, char *argv[]) {
test_close_many();
test_close_nointr();
test_open_serialization_fd();
test_acquire_data_fd();
test_fd_move_above_stdio();
+ test_rearrange_stdio();
return 0;
}
fd = open(p, O_WRONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
if (fd < 0) {
- log_debug_errno(errno, "Failed top open the wall pipe: %m");
+ log_debug_errno(errno, "Failed to open the wall pipe: %m");
return 1;
}
if (add < 8)
add = 8;
- tokens = realloc(rules->tokens, (rules->token_max + add ) * sizeof(struct token));
+ tokens = reallocarray(rules->tokens, rules->token_max + add, sizeof(struct token));
if (tokens == NULL)
return -1;
rules->tokens = tokens;
if (add < 1)
add = 8;
- uids = realloc(rules->uids, (rules->uids_max + add ) * sizeof(struct uid_gid));
+ uids = reallocarray(rules->uids, rules->uids_max + add, sizeof(struct uid_gid));
if (uids == NULL)
return uid;
rules->uids = uids;
if (add < 1)
add = 8;
- gids = realloc(rules->gids, (rules->gids_max + add ) * sizeof(struct uid_gid));
+ gids = reallocarray(rules->gids, rules->gids_max + add, sizeof(struct uid_gid));
if (gids == NULL)
return gid;
rules->gids = gids;
udev_list_init(udev, &file_list, true);
/* init token array and string buffer */
- rules->tokens = malloc(PREALLOC_TOKEN * sizeof(struct token));
+ rules->tokens = malloc_multiply(PREALLOC_TOKEN, sizeof(struct token));
if (rules->tokens == NULL)
return udev_rules_unref(rules);
rules->token_max = PREALLOC_TOKEN;
struct trie_child_entry *child;
/* extend array, add new entry, sort for bisection */
- child = realloc(node->children, (node->children_count + 1) * sizeof(struct trie_child_entry));
+ child = reallocarray(node->children, node->children_count + 1, sizeof(struct trie_child_entry));
if (!child)
return -ENOMEM;
}
/* extend array, add new entry, sort for bisection */
- val = realloc(node->values, (node->values_count + 1) * sizeof(struct trie_value_entry));
+ val = reallocarray(node->values, node->values_count + 1, sizeof(struct trie_value_entry));
if (!val)
return -ENOMEM;
trie->values_count++;
* requries 32 per glyph, regardless of the actual height - see the comment above #define
* max_font_size 65536 in drivers/tty/vt/vt.c for more details.
*/
- fontbuf = malloc((cfo.width + 7) / 8 * 32 * cfo.charcount);
+ fontbuf = malloc_multiply((cfo.width + 7) / 8 * 32, cfo.charcount);
if (!fontbuf) {
log_oom();
return;
--- /dev/null
+groupname:x:300:
--- /dev/null
+username:x:SYSTEM_UID_MAX:300::/:/sbin/nologin
--- /dev/null
+g groupname 300
+u username -:300
--- /dev/null
+user1:x:300:
--- /dev/null
+user1:x:300:300::/:/sbin/nologin
+user2:x:SYSTEM_UID_MAX:300::/:/sbin/nologin
--- /dev/null
+u user1 300
+u user2 -:300
sysinit.target
test-execute/exec-bindpaths.service
test-execute/exec-capabilityambientset-merge-nfsnobody.service
+ test-execute/exec-capabilityambientset-merge-nobody.service
test-execute/exec-capabilityambientset-merge.service
test-execute/exec-capabilityambientset-nfsnobody.service
+ test-execute/exec-capabilityambientset-nobody.service
test-execute/exec-capabilityambientset.service
test-execute/exec-capabilityboundingset-invert.service
test-execute/exec-capabilityboundingset-merge.service
test-execute/exec-environment.service
test-execute/exec-environmentfile.service
test-execute/exec-group-nfsnobody.service
+ test-execute/exec-group-nobody.service
test-execute/exec-group-nogroup.service
test-execute/exec-group.service
test-execute/exec-ignoresigpipe-no.service
test-execute/exec-restrictnamespaces-yes.service
test-execute/exec-runtimedirectory-mode.service
test-execute/exec-runtimedirectory-owner-nfsnobody.service
+ test-execute/exec-runtimedirectory-owner-nobody.service
+ test-execute/exec-runtimedirectory-owner-nogroup.service
test-execute/exec-runtimedirectory-owner.service
test-execute/exec-runtimedirectory.service
test-execute/exec-specifier-interpolation.service
test-execute/exec-systemcallfilter-not-failing.service
test-execute/exec-systemcallfilter-not-failing2.service
test-execute/exec-systemcallfilter-system-user-nfsnobody.service
+ test-execute/exec-systemcallfilter-system-user-nobody.service
test-execute/exec-systemcallfilter-system-user.service
test-execute/exec-systemcallfilter-with-errno-name.service
test-execute/exec-systemcallfilter-with-errno-number.service
test-execute/exec-umask-default.service
test-execute/exec-unsetenvironment.service
test-execute/exec-user-nfsnobody.service
+ test-execute/exec-user-nobody.service
test-execute/exec-user.service
test-execute/exec-workingdirectory.service
test-path/basic.target
--- /dev/null
+[Unit]
+Description=Test for AmbientCapabilities
+
+[Service]
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+Type=oneshot
+User=nobody
+AmbientCapabilities=CAP_NET_ADMIN
+AmbientCapabilities=CAP_NET_RAW
[Unit]
-Description=Test for AmbientCapabilities
+Description=Test for AmbientCapabilities (daemon)
[Service]
ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
Type=oneshot
-User=nobody
+User=daemon
AmbientCapabilities=CAP_NET_ADMIN
AmbientCapabilities=CAP_NET_RAW
--- /dev/null
+[Unit]
+Description=Test for AmbientCapabilities
+
+[Service]
+ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
+Type=oneshot
+User=nobody
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
[Unit]
-Description=Test for AmbientCapabilities
+Description=Test for AmbientCapabilities (daemon)
[Service]
ExecStart=/bin/sh -x -c 'c=$$(grep "CapAmb:" /proc/self/status); test "$$c" = "CapAmb: 0000000000003000"'
Type=oneshot
-User=nobody
+User=daemon
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
--- /dev/null
+[Unit]
+Description=Test for Group
+
+[Service]
+ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nobody"'
+Type=oneshot
+Group=nobody
[Unit]
-Description=Test for Group
+Description=Test for Group (daemon)
[Service]
-ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "nobody"'
+ExecStart=/bin/sh -x -c 'test "$$(id -n -g)" = "daemon"'
Type=oneshot
-Group=nobody
+Group=daemon
--- /dev/null
+[Unit]
+Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set)
+
+[Service]
+ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nobody"'
+Type=oneshot
+Group=nobody
+User=root
+RuntimeDirectory=test-exec_runtimedirectory-owner
--- /dev/null
+[Unit]
+Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set)
+
+[Service]
+ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nogroup"'
+Type=oneshot
+Group=nogroup
+User=root
+RuntimeDirectory=test-exec_runtimedirectory-owner
Description=Test for RuntimeDirectory owner (must not be the default group of the user if Group is set)
[Service]
-ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner); test "$$group" = "nobody"'
+ExecStart=/bin/sh -x -c 'group=$$(stat -c %%G %t/test-exec_runtimedirectory-owner-daemon); test "$$group" = "daemon"'
Type=oneshot
-Group=nobody
+Group=daemon
User=root
-RuntimeDirectory=test-exec_runtimedirectory-owner
+RuntimeDirectory=test-exec_runtimedirectory-owner-daemon
--- /dev/null
+[Unit]
+Description=Test for SystemCallFilter in system mode with User set
+
+[Service]
+ExecStart=/bin/sh -c 'echo "Foo bar"'
+Type=oneshot
+User=nobody
+SystemCallFilter=~read write open execve ioperm
+SystemCallFilter=ioctl
+SystemCallFilter=read write open execve
+SystemCallFilter=~ioperm
[Unit]
-Description=Test for SystemCallFilter in system mode with User set
+Description=Test for SystemCallFilter in system mode with User set (daemon)
[Service]
ExecStart=/bin/sh -c 'echo "Foo bar"'
Type=oneshot
-User=nobody
+User=daemon
SystemCallFilter=~read write open execve ioperm
SystemCallFilter=ioctl
SystemCallFilter=read write open execve
--- /dev/null
+[Unit]
+Description=Test for User
+
+[Service]
+ExecStart=/bin/sh -x -c 'test "$$USER" = "nobody"'
+Type=oneshot
+User=nobody
[Unit]
-Description=Test for User
+Description=Test for User (daemon)
[Service]
-ExecStart=/bin/sh -x -c 'test "$$USER" = "nobody"'
+ExecStart=/bin/sh -x -c 'test "$$USER" = "daemon"'
Type=oneshot
-User=nobody
+User=daemon
[Service]
Type=oneshot
ExecStart=/bin/rm -fv /system-update
-ExecStart=@SYSTEMCTL@ reboot
+SuccessAction=reboot