| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We always need to make them unions with a "struct cmsghdr" in them, so
that things properly aligned. Otherwise we might end up at an unaligned
address and the counting goes all wrong, possibly making the kernel
refuse our buffers.
Also, let's make sure we initialize the control buffers to zero when
sending, but leave them uninitialized when reading.
Both the alignment and the initialization thing is mentioned in the
cmsg(3) man page.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
parsing stubs
--help and --version are implemented in the usual style.
help() prints full path, since the program is not expected to
be in $PATH.
|
| |
|
|
|
|
|
|
|
| |
around cmsg_find()
let's take this once step further, and add type-safety to cmsg_find(),
and imply the CMSG_DATA() macro for finding the cmsg payload.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's be extra careful whenever we return from recvmsg() and see
MSG_CTRUNC set. This generally means we ran into a programming error, as
we didn't size the control buffer large enough. It's an error condition
we should at least log about, or propagate up. Hence do that.
This is particularly important when receiving fds, since for those the
control data can be of any size. In particular on stream sockets that's
nasty, because if we miss an fd because of control data truncation we
cannot recover, we might not even realize that we are one off.
(Also, when failing early, if there's any chance the socket might be
AF_UNIX let's close all received fds, all the time. We got this right
most of the time, but there were a few cases missing. God, UNIX is hard
to use)
|
| |
|
|\
| |
| | |
D-bus API docs
|
| | |
|
| |
| |
| |
| |
| |
| | |
$ perl -i -0pe 's|\s+{\n([^\n]*;)\n\s+}\n|\n\1\n|gms' **/*.c
Inspired by ea7cbf5bdd68d7861ebf1570c439e8bbabd83f6c.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We fix the case when the webserver servers container images without
setting the ETag header in the response. When an image is downloaded to
image root, a read only copy is stored alongside it. The filename has
the following form:
.raw-<encoded-url-of-image>.\x22<ETAG-header>\22.raw.
This is so, if the same resource is fetched multiple times, importd can
avoid extra downloads by creating the new image using the local read-only copy.
The current code assumes the ETag header is set because, if the server
does not set the ETag header, the file is stored without the ETag value
in the filename. When importd fetches a duplicate image, it will run
rename_noreplace and fail:
Failed to rename raw file to /var/lib/machines/.raw-http:\x2f\x2flocalhost:8000\x2fwalkthroughd.raw: File exists
This patch makes importd only store a read-only image if the webserver
has set the ETag header.
|
|\
| |
| | |
add polkit hookup for VT switching in logind
|
| |
| |
| |
| |
| |
| | |
It's enough, complex stuff to warrant its own source file.
No other changes, just splitting out.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Let's abort downloads when they are stuck by setting a download speed
threshold (as suggested in the CURL docs)
Fixes: #14215
|
|/
|
|
|
| |
Let's downgrade the log message to LOG_DEBUG if triggered by an fs that
doesn't support the flag.
|
|
|
|
|
|
|
|
|
|
|
| |
The code existed in machinectl to use stdin/stdout if the path for
import/export tar/raw was empty or dash (-) but a check to
`fd_verify_regular` in importd prevented it from working.
Update the check instead to explicitly check for regular file or
pipe/fifo.
Fixes #14346
|
|
|
|
|
|
|
| |
f5947a5e925117c55b390460d592f57504277bf9 dropped missing.h and
replaced with the more specific headers but did not add
missing_fcntl.h in places that use O_TMPFILE. This is needed for
some older versions of glibc.
|
| |
|
|
|
|
|
|
| |
"ratelimit" is a real word, so we don't need to use the other form anywhere.
We had both forms in various places, let's standarize on the shorter and more
correct one.
|
|
|
|
|
| |
Using plain structure initialization is both shorter _and_ more clearer.
We get type safety for free.
|
|
|
|
|
| |
It's a special case of strjoin(), so no need to keep both. In particular
as typing strjoin() is even shoert than strappend().
|
|
|
|
|
|
|
| |
Make use of curl_multi_assign to associate each IO sd_event_source with
a CURL object. This means we always get passed the right event source
and don't need to worry about looking up the associated CURL object,
particularly in the case where the FD has been closed on a REMOVE event.
|
| |
|
| |
|
|\
| |
| | |
tree-wide: replace strjoin() with path_join()
|
| | |
|
|/
|
|
| |
And move it into format-util.c.
|
| |
|
|\
| |
| | |
Coccinelle improvements
|
| | |
|
|/ |
|
|
|
|
|
| |
We have a function like this at two places already. Let's unify it in
one generic location and let's port a number of users over.
|
|
|
|
|
| |
At quite a few places we check isempty() || streq(…, "-"), let's add a
helper to simplify that, and replace that by a single function call.
|
|
|
|
|
|
|
| |
Some chattrs only work sensible if you set them right after opening a
file for create (think: FS_NOCOW_FL). Others only work when they are
applied when the file is fully written (think: FS_IMMUTABLE_FL). Let's
take that into account when copying files and applying a chattr to them.
|
|
|
|
|
|
| |
Let's be helpful to static analyzers which care about whether we
knowingly ignore return values. We do in these cases, since they are
usually part of error paths.
|
|
|
|
|
| |
This means we need to include many more headers in various files that simply
included util.h before, but it seems cleaner to do it this way.
|
|
|
|
| |
Closes #11940.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
requested
Previously, when we'd copy an individual file we'd synthesize a
user.crtime_usec xattr with the source's creation time if we can
determine it. As the creation/birth time was until recently not
queriable form userspace this effectively just propagated the same xattr
on the source to the same xattr on the destination. However, current
kernels now allow to query the birthtime using statx() and we do make
use of that now. Which means that suddenly we started synthesizing these
xattrs much more regularly.
Doing this actually does make sense, but only in very few cases:
not for the typical regular files we copy, but certainly when dealing
with disk images. Hence, let's keep this kind of propagation, but let's
make it a flag and default to off. Then turn it on whenever we deal with
disk images, and leave it off otherwise.
This is particularly relevant as overlayfs combining a real fs, and a
tmpfs on top will result in EOPNOTSUPP when it is attempted to open a
file with xattrs for writing, as tmpfs does not support xattrs, and
hence the copy-up cannot work. Hence, let's avoid synthesizing this
needlessly, to increase compat with overlayfs.
|
|
|
|
| |
This fixes a bug introduced by c3e658004a66115fa09abcf602d573e65e577aa9.
|
|
|
|
| |
This fixes a bug introduced by 0d94088e4e9e00f5ca9afdb8e68c94558fe23268.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$ build/systemctl --version
systemd 239-3555-g6178cbb5b5
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN +PCRE2 default-hierarchy=hybrid
$ git tag v240 -m 'v240'
$ ninja -C build
ninja: Entering directory `build'
[76/76] Linking target fuzz-unit-file.
$ build/systemctl --version
systemd 240
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN +PCRE2 default-hierarchy=hybrid
This is very useful during development, because a precise version string is
embedded in the build product and displayed during boot, so we don't have to
guess answers for questions like "did I just boot the latest version or the one
from before?".
This change creates an overhead for "noop" builds. On my laptop, 'ninja -C
build' that does nothing goes from 0.1 to 0.5 s. It would be nice to avoid
this, but I think that <1 s is still acceptable.
Fixes #7183.
PACKAGE_VERSION is renamed to GIT_VERSION, to make it obvious that this is the
more dynamically changing version string.
Why save to a file? It would be easy to generate the version tag using
run_command(), but we want to go through a file so that stuff gets rebuilt when
this file changes. If we just defined an variable in meson, ninja wouldn't know
it needs to rebuild things.
|
|\
| |
| |
| | |
Merged by hand to resolve a trivial conflict in TODO.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Whenever we invoke external, foreign code from code that has
RLIMIT_NOFILE's soft limit bumped to high values, revert it to 1024
first. This is a safety precaution for compatibility with programs using
select() which cannot operate with fds > 1024.
This commit adds the call to rlimit_nofile_safe() to all invocations of
exec{v,ve,l}() and friends that either are in code that we know runs
with RLIMIT_NOFILE bumped up (which is PID 1 and all journal code for
starters) or that is part of shared code that might end up there.
The calls are placed as early as we can in processes invoking a flavour
of execve(), but after the last time we do fd manipulations, so that we
can still take benefit of the high fd limits for that.
|
|/
|
|
|
|
|
|
| |
This splits out a bunch of functions from fileio.c that have to do with
temporary files. Simply to make the header files a bit shorter, and to
group things more nicely.
No code changes, just some rearranging of source files.
|
|
|
|
| |
such
|