summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | hwdb: Add accelerometer orientation quirk for the Teclast F6 ProLuís Ferreira2019-04-051-0/+4
|/
* test-journal: move tests to /var/tmp/ and set FS_NOCOW_FLv242-rc3Lennart Poettering2019-04-046-18/+42
| | | | | | | | The journal files might not be tiny hence let's write them to /var/tmp/ instead of /tmp. Also, let's turn on NOCOW on the files, as these tests might apparently be slow on btrfs. Fixes: #12210
* ask-passwd: slightly optimize handling argumentsYu Watanabe2019-04-041-8/+7
| | | | It is not necessary to copy arguments for each console.
* bus-util: treat org.freedesktop.DBus.Error.ServiceUnknown nicely when polkit ↵Yu Watanabe2019-04-041-2/+2
| | | | | | does not exist Fixes #12209.
* Merge pull request #12208 from poettering/base-file-system-tweaksYu Watanabe2019-04-041-10/+17
|\ | | | | base-filesystem: be nicer to read-only fs images
| * shared: be friendly to EROFS imagesLennart Poettering2019-04-031-8/+14
| | | | | | | | | | | | There are environments where /lib might not be necessary (think: statically compiled portable service binary), hence don't insist on it if the image is read-only.
| * shared: path_join() is your friendLennart Poettering2019-04-031-1/+2
| |
| * shared: no need to initialize variableLennart Poettering2019-04-031-1/+1
| |
* | Merge pull request #12207 from poettering/portable-bus-policy-fixYu Watanabe2019-04-043-5/+5
|\ \ | | | | | | portabled dbus policy fix
| * | portabled: fix method nameLennart Poettering2019-04-031-1/+1
| | | | | | | | | | | | yikes.
| * | portabled: reorder methods in vtableLennart Poettering2019-04-031-1/+1
| | | | | | | | | | | | | | | Let's stick to the same order in the per-image vtable and the manager vtable.
| * | portabled: fix dbus policyLennart Poettering2019-04-031-3/+3
| |/ | | | | | | | | Let's whitelist the method calls actually defined, not some outdated old names.
* | udevadm: drop unused optionYu Watanabe2019-04-041-1/+1
| |
* | tty-ask-pw-agent: use right arrayLennart Poettering2019-04-041-1/+1
| | | | | | | | | | | | No point in copying the array if we are not going to use the copy. Prompted by: https://github.com/systemd/systemd/pull/12183#issuecomment-479591781
* | udev-util: allocate an event loop of our own for waitingLennart Poettering2019-04-041-1/+1
|/ | | | | | We can't use the per-thread default one here, as it might already be running (for example, that's the case in portabled), and our event loops are not recursive, hence running them a second time is not OK.
* Merge pull request #12198 from keszybz/seccomp-parsing-loggingZbigniew Jędrzejewski-Szmek2019-04-0310-40/+69
|\ | | | | Seccomp parsing logging cleanup
| * pid1: pass unit name to seccomp parser when we have no file locationZbigniew Jędrzejewski-Szmek2019-04-034-13/+19
| | | | | | | | | | | | | | | | Building on previous commit, let's pass the unit name when parsing dbus message or builtin whitelist, which is better than nothing. seccomp_parse_syscall_filter() is not needed anymore, so it is removed, and seccomp_parse_syscall_filter_full() is renamed to take its place.
| * basic/log: log any available location information in log_syntax()Zbigniew Jędrzejewski-Szmek2019-04-031-10/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We would log "(null):0: Failed to parse system call, ignoring: rseq" from log_syntax_internal() from log_syntax() from seccomp_parse_syscall_filter_full() from seccomp_parse_syscall_filter() from config_parse_syscall_filter(), when generating the built-in @default whitelist. Since it was not based on the unit file, we would not pass a file name. So let's make sure that log_syntax() does not print "(null)" pointer (which is iffy and ugly), and use the unit name as fallback or nothing if both are missing. In principle, one of the two should be always available, since why use log_syntax() otherwise, but let's make things more resilient by guarding against this case too. log_syntax() is called from a thousand places, and often in error path, so it's hard to verify all callers.
| * core: use a temporary variable for calculation of seccomp flagsZbigniew Jędrzejewski-Szmek2019-04-031-5/+10
| | | | | | | | I think it is easier to read this way.
| * test: use newer verb to set log levelsZbigniew Jędrzejewski-Szmek2019-04-035-14/+14
| |
* | Merge pull request #12205 from keszybz/update-release-docsZbigniew Jędrzejewski-Szmek2019-04-031-1/+2
|\ \ | | | | | | docs: let's not close the milestone early
| * | docs: also document updates to stable repoZbigniew Jędrzejewski-Szmek2019-04-031-0/+1
| | |
| * | docs: let's not close the milestone earlyZbigniew Jędrzejewski-Szmek2019-04-031-1/+1
|/ /
* | Merge pull request #12202 from keszybz/seccomp-arm64Lennart Poettering2019-04-032-107/+145
|\ \ | | | | | | Fixes for S[GU]ID filter on arm64
| * | seccomp: rework how the S[UG]ID filter is installedZbigniew Jędrzejewski-Szmek2019-04-031-106/+138
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we know that a syscall is undefined on the given architecture, don't even try to add it. Try to install the filter even if some syscalls fail. Also use a helper function to make the whole a bit less magic. This allows the S[UG]ID test to pass on arm64.
| * | test-seccomp: fix compilation on arm64Zbigniew Jędrzejewski-Szmek2019-04-031-1/+7
| | | | | | | | | | | | It has no open().
* | | kernel-install: add a check that the vmlinuz arg is saneZbigniew Jędrzejewski-Szmek2019-04-031-0/+5
| | |
* | | docs: update release steps for mesonZbigniew Jędrzejewski-Szmek2019-04-031-8/+10
|/ /
* | build-sys: bump package versionv242-rc2Zbigniew Jędrzejewski-Szmek2019-04-031-1/+1
| |
* | Merge pull request #12121 from poettering/contribv242-rc1Zbigniew Jędrzejewski-Szmek2019-04-033-4/+45
|\ \ | |/ |/|
| * update NEWSLennart Poettering2019-04-021-0/+22
| |
| * meson: bump so versionsLennart Poettering2019-04-021-2/+2
| | | | | | | | | | Since we aren't quite ready for release v242 yet, let's not bump the package version yet, but let's already bump the soversion.
| * NEWS: add preliminary contributor listLennart Poettering2019-04-021-1/+18
| |
| * update .mailmapLennart Poettering2019-04-021-0/+2
| |
* | docs: fix path to unit filesLennart Poettering2019-04-031-11/+11
| |
* | core: fix build failure if seccomp is disabledDavide Cavalca2019-04-031-1/+1
| |
* | Revert "build: install /etc/systemd/{system,user}-generators"Lennart Poettering2019-04-022-4/+0
| | | | | | | | This reverts commit 509276f2b7d44d472b66e79cbfa531c1de4c3801.
* | Merge pull request #12188 from poettering/coccinelle-fixletsYu Watanabe2019-04-0314-140/+76
|\ \ | |/ |/| tree-wide: let's run coccinelle again
| * udev: use strempty() where appropriateLennart Poettering2019-04-021-2/+1
| |
| * json: use SYNTHETIC_ERRNO() where appropriateLennart Poettering2019-04-021-44/+22
| |
| * sd-event: use DIV_ROUND_UP where appropriateLennart Poettering2019-04-021-1/+1
| |
| * sd-device: use xsprintf() where appropriateLennart Poettering2019-04-021-1/+1
| |
| * tree-wide: use SYNTHETIC_ERRNO() where appropriateLennart Poettering2019-04-023-67/+36
| |
| * boot: use TAKE_PTR() where appropriateLennart Poettering2019-04-022-16/+8
| |
| * tree-wide: use reallocarray() where appropriateLennart Poettering2019-04-022-2/+2
| |
| * util-lib: use FLAGS_SET() where appropriateLennart Poettering2019-04-022-3/+3
| |
| * analyze: use empty_or_root() where appropriateLennart Poettering2019-04-021-4/+2
| |
* | Merge pull request #12056 from poettering/seccomp-suid-sgidLennart Poettering2019-04-0228-30/+466
|\ \ | | | | | | Introduce RestrictSUIDSGID= for disabling SUID/SGID file creation
| * | update TODOLennart Poettering2019-04-021-3/+0
| | |
| * | core: imply NNP and SUID/SGID restriction for DynamicUser=yes serviceLennart Poettering2019-04-025-10/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | Let's be safe, rather than sorry. This way DynamicUser=yes services can neither take benefit of, nor create SUID/SGID binaries. Given that DynamicUser= is a recent addition only we should be able to get away with turning this on, even though this is strictly speaking a binary compatibility breakage.
View Lorry Controller Status