| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
| |
The method already uses a boolean argument to determine whether it is in
whitelist mode or not. The code that will parse the string of filters
does not expect the ~, since it already has the boolean argument. Thus,
it will fail to parse the list of filters.
|
| |
|
|
|
|
| |
Looks like the Miix 510 has the same sensor and placement as the Miix 320
(put it separate for clarity)
Verified on own hardware
|
| | |
|
| |\
| |
| | |
man: use systemd-boot instead of sd-boot
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
add a new `@system-service` syscall group that is good as a starting point for whitelisting syscalls
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
service profiles
… but leave the "trusted" profile unmodified, it shall have full access
to all system calls, as before.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is generally the safer approach, and is what container managers
(including nspawn) do, hence let's move to this too for our own
services. This is particularly useful as this this means the new
@system-service system call filter group will get serious real-life
testing quickly.
This also switches from firing SIGSYS on unexpected syscalls to
returning EPERM. This would have probably been a better default anyway,
but it's hard to change that these days. When whitelisting system calls
SIGSYS is highly problematic as system calls that are newly introduced
to Linux become minefields for services otherwise.
Note that this enables a system call filter for udev for the first time,
and will block @clock, @mount and @swap from it. Some downstream
distributions might want to revert this locally if they want to permit
unsafe operations on udev rules, but in general this shiuld be mostly
safe, as we already set MountFlags=shared for udevd, hence at least
@mount won't change anything.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
system services
Currently we employ mostly system call blacklisting for our system
services. Let's add a new system call filter group @system-service that
helps turning this around into a whitelist by default.
The new group is very similar to nspawn's default filter list, but in
some ways more restricted (as sethostname() and suchlike shouldn't be
available to most system services just like that) and in others more
relaxed (for example @keyring is blocked in nspawn since it's not
properly virtualized yet in the kernel, but is fine for regular system
services).
|
| | | | |
|
| | |/
|/|
| |
| |
| |
| |
| | |
The functions protect_{home,system}_from_string() are not used
except for defining protect_{home,system}_or_bool_from_string().
This makes protect_{home,system}_from_string() support boolean
strings, and drops protect_{home,system}_or_bool_from_string().
|
| |\ \
| | |
| | | |
tiny busctl fixlets
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
We really should try to be as precise as possible here. Saying
"your interfaces might be renamed" scares the shit of out people,
for obvious reasons. This change only touches some niche cases
fortunately, let's make this clear.
|
| | | | |
|
| | |/
|/|
| |
| |
| |
| | |
During the transition from system functions using errno to our own read and write functions with negative return codes some errors where introduced. This patch correctly convert errno to negative return codes for read and write and fix checks still using errno instead of the return code.
Closes #9283
|
| |\ \
| |/
|/| |
man: drop unused <authorgroup> tags from man sources
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Docbook styles required those to be present, even though the templates that we
use did not show those names anywhere. But something changed semi-recently (I
would suspect docbook templates, but there was only a minor version bump in
recent years, and the changelog does not suggest anything related), and builds
now work without those entries. Let's drop this dead weight.
Tested with F26-F29, debian unstable.
$ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
|
| |\ \
| |/
|/| |
Drop my copyright and some license tags
|
| | |
| |
| |
| |
| |
| |
| |
| | |
$ git grep -e 'This program is free software' -l |grep -v LICENSE | \
xargs perl -i -0pe 's/ \* This program.*?for more details.\s*\*\n( \* You should have.*licenses.>.\n)?//gms'
For some reason they were missed previously. All those files seem to
have proper SDPX tags.
|
| | | |
|
| |/
|
|
|
|
|
| |
perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms'
git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
|
| |\
| |
| | |
drop "this file is part of systemd" and lennart's copyright from header
|
| | |
| |
| |
| |
| |
| | |
Let's unify an beautify our remaining copyright statements, with a
unicode ©. This means our copyright statements are now always formatted
the same way. Yay.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These lines are generally out-of-date, incomplete and unnecessary. With
SPDX and git repository much more accurate and fine grained information
about licensing and authorship is available, hence let's drop the
per-file copyright notice. Of course, removing copyright lines of others
is problematic, hence this commit only removes my own lines and leaves
all others untouched. It might be nicer if sooner or later those could
go away too, making git the only and accurate source of authorship
information.
|
| | |
| |
| |
| | |
No idea why they didn't get removed earlier...
|
| | |
| |
| |
| |
| | |
These lines are template lines that never got filled in. Let's drop
them, as they carry zero information and are just useless.
|
| | |
| |
| |
| |
| |
| | |
Let's use a proper unicode copyright symbol where we can, it's prettier.
This important patch is very important.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This part of the copyright blurb stems from the GPL use recommendations:
https://www.gnu.org/licenses/gpl-howto.en.html
The concept appears to originate in times where version control was per
file, instead of per tree, and was a way to glue the files together.
Ultimately, we nowadays don't live in that world anymore, and this
information is entirely useless anyway, as people are very welcome to
copy these files into any projects they like, and they shouldn't have to
change bits that are part of our copyright header for that.
hence, let's just get rid of this old cruft, and shorten our codebase a
bit.
|
| |\ \
| | |
| | | |
make copy_file_atomic() use O_TMPFILE to create the destination file
|
| | | |
| | |
| | |
| | | |
possible
|
| | | |
| | |
| | |
| | | |
In that case simply place the directory in /tmp.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1) mv /var/tmp /var/tmp.old
2) mkdir /tmp/varrr
3) ln -s /tmp/varrr /var/tmp
Now, when a service has PrivateTmp=yes, during namespace setup,
/tmp is first mounted over with a new mount. Then, when /var/tmp
is being resolved, it points to /tmp/varrr, which by then doesn't
exist, because it had already been obscured.
|
| |\ \ \
| |_|/
|/| | |
timesync: ignore any errors related to timestamp file
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
The new function fchmod_and_chown() is almost same as chmod_and_chown()
except it takes file descriptor instead of file path.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
On overlayfs, FTW_MOUNT causes nftw to not list *any* files because the
condition used by glibc to verify that it's on the same mountpoint doesn't work
on overlayfs, see https://bugzilla.suse.com/show_bug.cgi?id=1096807 for the
details.
However using FTW_MOUNT doesn't seem to be really needed when walking through
the keymap directorie tree. So until the glibc or the kernel is fixed (which
might take some time), let's make localectl works with overlayfs.
There's a small side effect here, by which regular (non-directory) files with
bind mounts will be parsed while they were skipped by the previous logic.
|
| | | |
| | |
| | |
| | | |
Closes #9249.
|
| |\ \ \
| | | |
| | | | |
Coverity support for glibc-2.27
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
$ build/test-sizeof
...
_Float128 → 128 bits, signed
_Float64 → 64 bits, signed
_Float64x → 128 bits, signed
_Float32 → 32 bits, signed
_Float32x → 64 bits, signed
...
This seems to be enough to make coverity work with glibc-2.27 found in Fedora 28+.
|
| | | | | |
|
| | | | |
| | | |
| | | | |
PrivateDNS is not considered a good name for this option, so rename it to DNSOverTLS
|
