systemd-sysusers.service unit creates system users and groups and it
could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow.
Those files should have '_' smack label because of accessibility.
However, if systemd has its own smack label using '--with-smack-run-label'
configuration, systemd-sysusers process spawned by systemd(pid:1) has
its parent smack label and eventually updated files also is set as its
parent smack label.
This patch fixes that bug by labeling updated files as '_' smack label
when --with-smack-run-label' is enabled.
Make the API of the new helpers more similar to the old wrapper.
In particular we now return the hash as a byte string to avoid
any endianness problems.
This adds support for naming file descriptors passed using socket
activation. The names are passed in a new $LISTEN_FDNAMES= environment
variable, that matches the existign $LISTEN_FDS= one and contains a
colon-separated list of names.
This also adds support for naming fds submitted to the per-service fd
store using FDNAME= in the sd_notify() message.
This also adds a new FileDescriptorName= setting for socket unit files
to set the name for fds created by socket units.
This also adds a new call sd_listen_fds_with_names(), that is similar to
sd_listen_fds(), but also returns the names of the fds.
systemd-activate gained the new --fdname= switch to specify a name for
testing socket activation.
This is based on #1247 by Maciej Wereski.
Fixes#1247.
Make sure all variable-length inputs are properly terminated or that
their length is encoded in some way. This avoids ambiguity of
adjacent inputs.
E.g., in case of a hash function taking two strings, compressing "ab"
followed by "c" is now distinct from "a" followed by "bc".
All our hash functions are based on siphash24(), factor out
siphash_init() and siphash24_finalize() and pass the siphash
state to the hash functions rather than the hash key.
This simplifies the hash functions, and in particular makes
composition simpler as calling siphash24_compress() repeatedly
on separate chunks of input has the same effect as first
concatenating the input and then calling siphash23_compress()
on the result.
The last compression is special as it deals with the length byte, and padding. Move
it to the finalization step in preparation for making compression decomposable.
The internal speaker is usually not available on modern latops that
support suspend, and even if it is available in the hardware, most
distributions turned support for it off in the kernel. And even if it is
enabled, it's probably still a bad idea to make use of it for the
suspend-failures. If anything a proper sound should be played.
Long story short, let's remove support of this anachronism.
- Rely everywhere that we use abs() on the error code passed in anyway,
thus don't need to explicitly negate what we pass in
- Never attach synthetic error number information to log messages. Only
log about errors we *receive* with the error number we got there,
don't log any synthetic error, that don#t even propagate, but just eat
up.
- Be more careful with attaching exactly the error we get, instead of
errno or unrelated errors randomly.
- Fix one occasion where the error number and line number got swapped.
- Make sure we never tape over OOM issues, or inability to resolve
specifiers
If we just return the value we got from log_level_from_string() on
failure we'll return -1, which is not a proper error code.
log_set_target_from_string() did get this right already, hence let's fix
this here too.
All users of get_status_field() expect the field pattern to occur in
the beginning of a line, and the delimiter is ':'.
Hardcode this into the function, and also skip any whitespace before ':'
to support fields in files like /proc/cpuinfo. Add support for returning
the full field value (currently stops on first whitespace).
Rename the function so it's easier to ensure all callers switch to new
semantics.
This introduces a new systemd.crash_reboot=1 kernel command line option
that triggers a reboot after crashing.
This also cleans up crash VT handling. Specifically, it cleans up the
configuration setting, to be between 1..63 or a boolean. This is to
replace the previous logic where "-1" meant disabled. We continue to
accept that setting, but only document the boolean syntax instead.
This also brings the documentation of the default settings in sync with
what actually happens.
The CrashChVT= configuration file setting is renamed to CrashChangeVT=,
following our usual logic of not abbreviating unnecessarily. The old
setting stays support for compat reasons.
Fixes#1300
This also allows us to drop build.h from a ton of files, hence do so.
Since we touched the #includes of those files, let's order them properly
according to CODING_STYLE.
Also, make it slightly more powerful, by accepting a flags argument, and
make it safe for handling if more than one cmsg attribute happens to be
attached.
Add comment to prioq.c explaining what it does. And more importantly,
mention that we implement a Heap. It's more than annoying having to
figure out what the code actually does, without ever mentioning the word
'heap'.
Use the new code in config_parse_cpu_affinity2.
Tested by modifying CPUAffinity=... setting in /etc/systemd/system.conf
and reloading the daemon, then checking ^Cpus_allowed in /proc/1/status
to confirm the correct CPU mask is in place.
