| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For scripts, when we call fexecve(), on new kernels glibc calls execveat(),
which fails with ENOENT, and then we fall back to execve() which succeeds:
[pid 63039] execveat(3, "", ["/home/zbyszek/src/systemd/test/test-path-util/script.sh", "--version"], 0x7ffefa3633f0 /* 0 vars */, AT_EMPTY_PATH) = -1 ENOENT (No such file or directory)
[pid 63039] execve("/home/zbyszek/src/systemd/test/test-path-util/script.sh", ["/home/zbyszek/src/systemd/test/test-path-util/script.sh", "--version"], 0x7ffefa3633f0 /* 0 vars */) = 0
But on older kernels glibc (some versions?) implement a fallback which falls
into the same trap with bash $0:
[pid 13534] execve("/proc/self/fd/3", ["/home/test/systemd/test/test-path-util/script.sh", "--version"], 0x7fff84995870 /* 0 vars */) = 0
We don't want that, so let's call execveat() ourselves. Then we can do the
execve() fallback as we want.
|
| |
|
|
| |
fexecve() fails with ENOENT and we need a fallback. Add appropriate test.
|
| |
|
|
|
| |
We base the smack/selinux setup on the executable. Let's open the file
once and use the same fd for that setup and the subsequent execve.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We close fds in two phases, first some and then the some more. When passing
a list of fds to exclude from closing to the closing function, we would
pass some in an array and the rest as separate arguments. For the fds which
should be excluded in both closing phases, let's always create the array
and put the relevant fds there. This has the advantage that if more fds to
exclude in both phases are added later, we don't need to add more positional
arguments.
The list passed to setup_pam() is not changed. I think we could pass more fds
to close there, but I'm leaving that unchanged.
The setting of FD_CLOEXEC on an already open fds is dropped. The fd is opened
in service_allocate_exec_fd() and there is no reason to suspect that it might
have been opened incorrectly. If some rogue code is unsetting our FD_CLOEXEC
bits, then it might flip any fd, no reason to single this one out.
|
| |\
| |
| | |
core, udev: remove old device on move event
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
on non-'add' uevent
Previous commit makes drop ID_NET_DRIVER=, ID_NET_LINK_FILE=, and
ID_NET_NAME= properties for network interfaces on 'move' uevent.
ID_NET_DRIVER= and ID_NET_LINK_FILE= properties are used by networkctl.
ID_NET_NAME= may be used by end-user rules or programs. So, let's
re-assign them on 'move' uevent. (Note that strictly speaking, this
makes them re-assigned on all but 'remove' uevent.)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit b081b27e1433cdc7ac72b25ae8b4db887d79187f.
If a network interface get a 'move' event, then previously SYSTEMD_ALIAS=
property still contains an old alias, and the old alias .device unit
will not be removed.
This makes all properties cleared on 'move' event, and then old alias
.device unit will be removed by pid1.
Fixes #16967.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Partially fixes #16967.
|
| |\ \
| | |
| | | |
make use of new kernel 5.9 close_range() syscall in close_all_fds()
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
The syscall was added in 5.9 and is not yet exposed in glibc, hence
define our own wrapper.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
It's not clear what libc's make of this. We clamp to 1 byte allocations
in most cases already, let's add this for a few where this was missing.
|
| |\ \ \
| | | |
| | | | |
network: fixes several issues in IPv4 DAD for DHCP4
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
A .network file may matches multiple interfaces.
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
hashmap: make hashmap_put_strdup() take hash_ops
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
properties
This fixes an issue caused by eb1c1dc029c91750e6255c3fd844b4f4bf238fab.
Before the commit, multiple values can be specified for the same
sysattr or property.
Fixes #17259.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Will be used in a later commit.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
They can take hash_ops.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
network: directly compare with in_addr element for IPv4 case
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Then, Address objects in Network and Link can be easily compared by
address_equal().
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When peer address is set, address_compare_func() (or address_equal())
does not work in link_is_static_address_configured(), as an Address object
stored in a Link does not contain peer addresses. So, we need to also
compare with in_addr element for IPv4 case.
Fixes #17304.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
sd-dhcp: make sd_dhcp_client_set_request_option() not return -EEXIST
|
| | | | | | | |
|
| | |/ / / /
| | | | |
| | | | |
| | | | | |
Fixes #16964.
|
| | |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The function link_acquire_conf() may make the link state 'configuring'
when DHCP6 PD is enabled. Previously link_acquire_conf() was called
before link_enter_join_netdev(), and thus the assertion in the function
might be triggered.
Fixes #17329.
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This updates the "systemd-analyze syscall-filter" command to show a
special section of syscalls that are included in @known but in no other
group. Typically this should show syscalls we either should add to any
of the existing groups or where we unsure were they best fit in.
Right now, it mostly shows arch-specific compat syscalls, we probably
should move "@obsolete". This patch doesn't add thta however.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Fixes: #17306
|
| |/ /
| |
| |
| |
| | |
As usual, it seems that there are mostly additions with a smaller amount
of corrections, no big removals.
|
| | |
| |
| |
| |
| |
| | |
This partially reverts 7b8c70ed209:
- È richiesto autenticarsi → Autenticazione richiesta
- «${unit}» → '${unit}'
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need to make sure that our coredump pattern handler manages to read
process metadata from /proc/$PID/ before the kernel reaps the crashed
process. By default the kernel will reap the process as soon as it can.
By setting kernel.core_pipe_limit to a non-zero the kernel will wait for
userspace to finish before reaping.
We'll set the value to 16, which allows 16 crashes to be
processed in parallel. This matches the MaxConnections= setting in
systemd-coredump.socket.
See: #17301
(This doesn't close 17301, since we probably should also gracefully
handle if /proc/$PID/ vanished already while our coredump handler runs,
just in case people loclly set the sysctl back to zero. i.e. we should
collect what we can and rather issue an incomplete log record than
none.)
|
| | |
| |
| |
| |
| |
| |
| | |
Latest glibc has deprecated mallinfo(), so it might become unavailable at some point
in the future. There is malloc_info(), but it returns XML, ffs. I think the information
that we get from mallinfo() is quite useful, so let's use mallinfo() if available, and
not otherwise.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It is expected for numerous autostart files to not be convertible to
corresponding units. The information is only useful for someone
debugging why a file might not be started, but it is not generally
useful for users in most situations.
As such, lower the warnings. Anyone wondering why an application is not
started will easily notice that the unit is not generated. From there it
will be somewhat harder to figure out why, but the overall trade-off is
still improved.
Fixes: #17305
|
