| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Reload the internal selabel cache automatically on SELinux policy reloads so non pid-1 daemons are participating.
Run the reload function `mac_selinux_reload()` not manually on daemon-reload, but rather pass it as callback to libselinux.
Trigger the callback prior usage of the systemd internal selabel cache by depleting the selinux netlink socket via `avc_netlink_check_nb()`.
Improves: a9dfac21ec85 ("core: reload SELinux label cache on daemon-reload")
Improves: #13363
|
|
The firmware of the Olimex Teres-I (a DIY laptop kit) seems to have wrong
scancodes.
Fixes #15003.
|
|
Devices with proximity sensors can specify a near level that
indicates when an object is considered close to the device.
|
|
This should never happen, but better safe than sorry.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rename
|
|
|
|
check
|
|
Let's use structured initialization and let the compiler do its job.
|
|
It fully initializes the address structure, so no need for pre-initialization,
and also returns the length of the address, so no need to recalculate using
SOCKADDR_UN_LEN().
socklen_t is unsigned, so let's not use an int for it. (It doesn't matter, but
seems cleaner and more portable to not assume anything about the type.)
|
|
It returns 32 bits, unsigned on amd64, so it's probably similar everywhere
with glibc. But let's make the code generic, without assuming specific size
or signedness.
|
|
.msg_namelen was set to a bogus value before we actually stored the path in the
the structure. sockaddr_un_set_path() returns the length, so just use that.
Fixes #14799.
|
|
This patch modifies the RequireMountsFor setting in systemd-nspawn@.service to wait for the machine instance directory to be mounted, not just /var/lib/machines.
Closes #14931
|
|
As of the commit aae9a96d4b3a8562af9e8c6a23871b442645b954 removing --follow
option in systemctl command, OUTPUT_FOLLOW has never been set anywhere. Let's
remove it.
The condition expression of the if-statement in show_journal() that refers to
OUTPUT_FOLLOW now thus evaluates always to true. Hence, the call of
sd_journal_wait() is in dead code, and the outer infinite for-loop is
meaningless, which we remove as cleanup.
There is no functional change by this commit.
|
|
This makes Type= can match the type shown in networkctl.
Closes #14952.
|
|
|
|
|
|
machined needs access to the host mount namespace to propagate bind
mounts created with the "machinectl bind" command. However, the
"ProtectKernelLogs" directive relies on mount namespaces to make the
kernel ring buffer inaccessible. This commit removes the
"ProtectKernelLogs=yes" directive from machined service file introduced
in 6168ae5.
Closes #14559.
|
|
GRND_NONBLOCK has been introduced with the 3.17 kernel version [1]
while adding getrandom(2) system call.
The header missing_random.h is needed for random-seed.c when building
with old toolchain, such Sourcery CodeBench ARM 2014.05 (kernel headers
3.13).
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/454255917
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895
|
|
|
|
|
|
|
|
When use UseRoutes=False so the DHCP request itself does not request
for Classless Static Routes option.
As a result, the DHCP server will only respond with a Router option.
In this case since we are using the UseRoutes=False option the gateway
that comes in via the router option does not get configured.
This patch fixes theis behaviour.
|
|
RUN seems to be used primarily for historical reasons over the more
immediate IMPORT command. As a side-effect, RUN also runs *after* all the
rules have been processed which is not really what we want here - we expect
the device to be updated immediately. Other rules that rely on accurate evdev
axes should be able to assume the axes are already present. So let's use
IMPORT here.
For consistency, the second two rules are split across multiple lines as well.
|
|
|
|
|
|
|
|
|
|
|
|
systemd.show-status=error is useful for the case where people care about errors
only.
If people want to have a quiet boot, they most likely don't want to see all
status output even if there is a delay in boot, so make "quiet" imply
systemd.show-status=error instead of systemd.show-status=auto.
Fixes #14976.
|
|
We would flip to status=temporary mode on the first error, and then switch back
to status=auto after the initial transaction was done. This isn't very useful,
because usually all the messages about successfully started units and not
related to the original failure. In fact, all those messages most likely cause
the information about the prime error to scroll off screen. And if the user
requested quiet boot, there's no reason to think that they care about those
success messages.
Also, when logging about dependency cycles, treat this similarly to a unit
error and show the message even if the status is "soft disabled" (before we
wouldn't show it in that case).
|
|
When we are booting with show-status=on, normally new status updates happen a
few times per second. Thus, it is reasonable to start showing the cylon eye
after 5 s, because that means a significant delay has happened. When we are
running with show-status=off or show-status=auto (and no error had occured),
the user is expecting maybe 15 to 90 seconds with no output (because that's
usually how long the whole boot takes). So we shouldn't bother the user with
information about a few seconds of delay. Let's make the timeout 25s if we are
not showing any messages.
Conversly, when we are outputting status messages, we can show the cylon eye
with a shorter delay, now that we removed the connection to enablement status.
Let's make this 2s, so users get feedback about delays more quickly.
|
|
We know if we created the file before, no need to repeat the operation. The
state in /run should always match our internal state. Since we call
manager_set_show_status() quite often internally, this saves quite a few
pointless syscalls.
|
|
|
|
We would say "Enabling" also for SHOW_STATUS_AUTO, which is actually
"soft off". So just print the exact state to make things easier to understand.
Also add a helper function to avoid repeating the enum value list.
For #14814.
|
|
Unlike newer Medion Akoya E* models for which we have a generic
wildcard match, this model uses a somewhat older KIOX0009 accelerometer.
Not only does our generic catch all not match, we also need a different
matrix for this model, so add a model-specific entry for it.
|
|
Fixes #9716.
|
|
|
|
This reverts commit e6e81ec0a56861b905db975fc32c83e2f2faca7d.
|
|
In a user namespace container:
Feb 28 12:45:53 0b2420135953 systemd[1]: Starting Home Manager...
Feb 28 12:45:53 0b2420135953 systemd[21]: systemd-homed.service: Failed to set up network namespacing: Operation not permitted
Feb 28 12:45:53 0b2420135953 systemd[21]: systemd-homed.service: Failed at step NETWORK spawning /usr/lib/systemd/systemd-homed: Operation not permitted
Feb 28 12:45:53 0b2420135953 systemd[1]: systemd-homed.service: Main process exited, code=exited, status=225/NETWORK
Feb 28 12:45:53 0b2420135953 systemd[1]: systemd-homed.service: Failed with result 'exit-code'.
Feb 28 12:45:53 0b2420135953 systemd[1]: Failed to start Home Manager.
We should treat this similarly to the case where network namespace are not
supported at all.
https://bugzilla.redhat.com/show_bug.cgi?id=1807465
|
|
The man pages state that the '+' prefix in Exec* directives should
ignore filesystem namespacing options such as PrivateTmp. Now it does.
This is very similar to #8842, just with PrivateTmp instead of
PrivateDevices.
|
|
It has no effect is the pstore is not used, and prevents the non-volatile
storage from filling up if is used by the kernel.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952767
|
|
That is the pattern that we always use with executables not in
$PATH.
|
|
|
|
We generally want the man page to also be available under the
binary name, but the <refname> tags were missing in two cases.
|
