| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
| |
Added short keys -u and -m for --unescape and --mangle respectively. These short keys are present in systemd-escape --help output and are absent in man systemd-escape page.
|
| |
|
|
|
|
|
|
|
| |
This makes it behave the same whether there is a blank line or not at
the end of the file. This is also consistent with the behavior of the
shell on a shell script that ends on a trailing backslash at the last
line.
Added tests to test_config_parse(), which only pass if the corresponding
change to config_parse() is included.
|
| |
|
|
| |
Add journal-upload.conf refentrytitle to have the same format to systemd-journal-remote.service description, which contains refentrytitle on journal-remote.conf in 'See Also' section.
|
| |\
| |
| | |
meson: add support for building static libsystemd and libudev
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
install_libsystemd_static
This means that when those targets are built, all the sources are built again,
instead of reusing the work done to create libbasic.a and other convenience static
libraries. It would be nice to not do this, but there seems to be no support in
our toolchain for joining multiple static libraries into one. When linking
a static library, any -l arguments are simply ignored by ar/gcc-ar, and .a
libraries given as positional arguments are copied verbatim into the archive
so they objects in them cannot be accessed.
https://stackoverflow.com/questions/2157629/linking-static-libraries-to-other-static-libraries
suggests either unzipping all the archives and putting them back togather,
or using a linker script. Unzipping and zipping back together seems ugly.
The other option is not very nice. The linker script language does not
allow "+" to appear in the filenames, and filenames that meson generates
use that, so files would have to be renamed before a linker script was used.
And we would have to generate the linker script on the fly. Either way, this
doesn't seem attractive. Since those static libraries are a niche use case,
it seems reasonable to just go with the easiest and safest solution and
recompile all the source files. Thanks to ccache, this is probably almost as
cheap as actually reusing the convenience .a libraries.
test-libsystemd-sym.c and test-libudev-sym.c compile fine with the generated
static libs, so it seems that they indeed provide all the symbols they should.
|
| | | |
|
| | |
| |
| |
| |
| | |
This is the same as test-lib{systemd,udev}-sym, but linked to the static
variants of those libraries.
|
| | | |
|
| |\ \
| | |
| | | |
several cleanups
|
| | | | |
|
| | | | |
|
| |/ / |
|
| |\ \
| | |
| | | |
resolvectl: drop service_family_{from,to}_string()
|
| | | |
| | |
| | |
| | |
| | | |
These functions are used only for checking the validity of input string.
Hence, this drops them and introduces a simple checking function.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Use automatic cleanup more in sd-bus
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | | |
C.f. https://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-messages.
|
| |\ \ \ \
| |/ / /
|/| | | |
bus-util: print a friendly message when PID1 is not systemd
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Follow-up for 861f16d2679eeda79e8185057cef24653913e300.
Fixes #8913.
|
| |/ / /
| | |
| | |
| | | |
Follow-up for 5c69b31c137ffa24bca5a4628f9b4879d0f4e84a.
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
network,link: make MACAddress= in [Match] section can take multiple MAC addresses
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
addresses
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |/ / / |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Apparently oss-fuzz's "bad build check" is confused by the library.
Let's make it non-executable, so the checker ignores it.
Should fix https://github.com/google/oss-fuzz/issues/1330.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
$network is converted to network-online.target, not network-target.
See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
and the implementation at `src/sysv-generator/sysv-generator.c`.
|
| |\ \ \
| | | |
| | | | |
login: do not wall message on cancelling shutdown when Manager.enable_wall_messages is false
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Manager.enable_wall_messages is false
Fixes #8904.
|
| | | | |
| | | |
| | | |
| | | | |
Manager.enable_wall_messages
|
| | | | |
| | | |
| | | | |
closes #8856
|
| |\ \ \ \
| | | | |
| | | | | |
some nspawn cgroup and mount lock-down fixes
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This adds a number of entries nspawn already applies to regular service
namespacing too. Most importantly let's mask /proc/kcore and
/proc/kallsyms too.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We need to do this in all cases, including on cgroupsv1 in order to
ensure the host systemd and any systemd in the payload won't fight for
the cgroup attributes of the top-level cgroup of the payload.
This is because systemd for Delegate=yes units will only delegate the
right to create children as well as their attributes. However, nspawn
expects that the cgroup delegated covers both the right to create
children and the attributes of the cgroup itself. Hence, to clear this
up, let's unconditionally insert a intermediary cgroup, on cgroupsv1 as
well as cgroupsv2, unconditionally.
This is also nice as it reduces the differences in the various setups
and exposes very close behaviour everywhere.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
set it
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Similar to the previous commit, let's just use our regular calls for
managing temporary nodes take care of this.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Let's not make /run too special and let's make sure the source file is
not guessable: let's use our regular temporary file helper calls to
create the source node.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This tightens security on /proc: a couple of files exposed there are now
made inaccessible. These files might potentially leak kernel internals
or expose non-virtualized concepts, hence lock them down by default.
Moreover, a couple of dirs in /proc that expose stuff also exposed in
/sys are now marked read-only, similar to how we handle /sys.
The list is taken from what docker/runc based container managers
generally apply, but slightly extended.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
A follow-up for #8840
|
| | | | | |
| | | | |
| | | | |
| | | | | |
confuse statfs() checks
|
