summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* start work on testsdefault_memoryChris Down2019-04-031-0/+77
|
* make defaultmemorylow only affect subtreeChris Down2019-04-031-6/+2
|
* tempChris Down2019-04-037-8/+74
|
* kernel-install: add a check that the vmlinuz arg is saneZbigniew Jędrzejewski-Szmek2019-04-031-0/+5
|
* docs: update release steps for mesonZbigniew Jędrzejewski-Szmek2019-04-031-8/+10
|
* build-sys: bump package versionv242-rc2Zbigniew Jędrzejewski-Szmek2019-04-031-1/+1
|
* Merge pull request #12121 from poettering/contribv242-rc1Zbigniew Jędrzejewski-Szmek2019-04-033-4/+45
|\
| * update NEWSLennart Poettering2019-04-021-0/+22
| |
| * meson: bump so versionsLennart Poettering2019-04-021-2/+2
| | | | | | | | | | Since we aren't quite ready for release v242 yet, let's not bump the package version yet, but let's already bump the soversion.
| * NEWS: add preliminary contributor listLennart Poettering2019-04-021-1/+18
| |
| * update .mailmapLennart Poettering2019-04-021-0/+2
| |
* | docs: fix path to unit filesLennart Poettering2019-04-031-11/+11
| |
* | core: fix build failure if seccomp is disabledDavide Cavalca2019-04-031-1/+1
| |
* | Revert "build: install /etc/systemd/{system,user}-generators"Lennart Poettering2019-04-022-4/+0
| | | | | | | | This reverts commit 509276f2b7d44d472b66e79cbfa531c1de4c3801.
* | Merge pull request #12188 from poettering/coccinelle-fixletsYu Watanabe2019-04-0314-140/+76
|\ \ | |/ |/| tree-wide: let's run coccinelle again
| * udev: use strempty() where appropriateLennart Poettering2019-04-021-2/+1
| |
| * json: use SYNTHETIC_ERRNO() where appropriateLennart Poettering2019-04-021-44/+22
| |
| * sd-event: use DIV_ROUND_UP where appropriateLennart Poettering2019-04-021-1/+1
| |
| * sd-device: use xsprintf() where appropriateLennart Poettering2019-04-021-1/+1
| |
| * tree-wide: use SYNTHETIC_ERRNO() where appropriateLennart Poettering2019-04-023-67/+36
| |
| * boot: use TAKE_PTR() where appropriateLennart Poettering2019-04-022-16/+8
| |
| * tree-wide: use reallocarray() where appropriateLennart Poettering2019-04-022-2/+2
| |
| * util-lib: use FLAGS_SET() where appropriateLennart Poettering2019-04-022-3/+3
| |
| * analyze: use empty_or_root() where appropriateLennart Poettering2019-04-021-4/+2
| |
* | Merge pull request #12056 from poettering/seccomp-suid-sgidLennart Poettering2019-04-0228-30/+466
|\ \ | | | | | | Introduce RestrictSUIDSGID= for disabling SUID/SGID file creation
| * | update TODOLennart Poettering2019-04-021-3/+0
| | |
| * | core: imply NNP and SUID/SGID restriction for DynamicUser=yes serviceLennart Poettering2019-04-025-10/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | Let's be safe, rather than sorry. This way DynamicUser=yes services can neither take benefit of, nor create SUID/SGID binaries. Given that DynamicUser= is a recent addition only we should be able to get away with turning this on, even though this is strictly speaking a binary compatibility breakage.
| * | units: turn on RestrictSUIDSGID= in most of our long-running daemonsLennart Poettering2019-04-0211-1/+12
| | |
| * | man: document the new RestrictSUIDSGID= settingLennart Poettering2019-04-022-12/+30
| | |
| * | analyze: check for RestrictSUIDSGID= in "systemd-analyze security"Lennart Poettering2019-04-021-0/+12
| | | | | | | | | | | | | | | And let's give it a heigh weight, since it pretty much can be used for bad things only.
| * | core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID=Lennart Poettering2019-04-026-6/+36
| | |
| * | test: add test case for restrict_suid_sgid()Lennart Poettering2019-04-021-0/+208
| | |
| * | seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for ↵Lennart Poettering2019-04-022-0/+133
| | | | | | | | | | | | suid/sgid files
| * | seccomp: add debug messages to seccomp_protect_hostname()Lennart Poettering2019-04-021-2/+6
|/ /
* | core: add a generic helper that forwards per-unit method calls from ManagerLennart Poettering2019-04-021-135/+51
| | | | | | | | | | | | | | Quite often we have a method DoSomethingWithUnit() on the Manager object that is the same as a function DoSomething() on a Unit object. Let's shorten things by introducing a common function that forwards the former to the latter, instead of writing this again and again.
* | Merge pull request #12013 from yuwata/fix-switchroot-11997Zbigniew Jędrzejewski-Szmek2019-04-028-13/+94
|\ \ | |/ |/| core: on switching root do not emit device state change based on enumeration results
| * test: add a testcase for device plugged -> dead -> plugged bugYu Watanabe2019-03-153-0/+62
| |
| * core: add Manager::honor_device_enumeration flagYu Watanabe2019-03-153-1/+26
| | | | | | | | | | | | | | | | When system manager is started first time or after switching root, then the udev's device tag data do not exist yet. So, let's not honor the enumeration results. Fixes #11997.
| * core: use TAKE_PTR() at few more placesYu Watanabe2019-03-151-3/+2
| |
| * core: use _cleanup_free_ attribute and free_and_replace() macro in ↵Yu Watanabe2019-03-151-9/+4
| | | | | | | | method_switch_root()
* | Merge pull request #12185 from poettering/login-unstore-fdZbigniew Jędrzejewski-Szmek2019-04-022-76/+66
|\ \ | | | | | | logind: remove unused fds from fdstore
| * | logind: when we cannot attach a passed fd to a device, close itLennart Poettering2019-04-021-61/+61
| | | | | | | | | | | | Replaces: #8532
| * | logind: simplify removal of device fdsLennart Poettering2019-04-021-15/+5
| | | | | | | | | | | | | | | | | | let's use sd_notifyf(). Let's also stop validating the session ID here. This is the destructor. if it contains a dash, we are already too late here anyway.
* | | Merge pull request #12186 from poettering/lgtm-updatesZbigniew Jędrzejewski-Szmek2019-04-022-3/+22
|\ \ \ | | | | | | | | lgtm ruleset updates
| * | | test: stop using dup() needlesslyLennart Poettering2019-04-021-1/+2
| | | |
| * | | lgtm: beef up list of dangerous/questionnable API calls not to makeLennart Poettering2019-04-021-2/+20
| |/ /
* | | Merge pull request #12183 from poettering/askpwargvZbigniew Jędrzejewski-Szmek2019-04-021-27/+34
|\ \ \ | | | | | | | | tty-ask-password: let's copy argv[] before forking
| * | | tty-ask-password: re-break commentLennart Poettering2019-04-021-6/+4
| | | |
| * | | tty-ask-password: simplify signal handler installationLennart Poettering2019-04-021-6/+7
| | | |
| * | | tty-ask-password: no need to initialize something already NUL initialized to NULLennart Poettering2019-04-021-1/+0
| | | |