| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
| |
The latest clang has started catching more integer promotions which
cause us to pass the wrong type to printf() format specifiers so let's
fix those.
|
|\
| |
| | |
machine: generalise logic of GetMachineAddresses/GetOsRelease to later use it in corresponding varlink interfaces
|
| | |
|
| |
| |
| |
| | |
interface
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Let's systematically use RTL_NOW|RLTD_NODELETE as flags passed to
dlopen(), across our codebase.
Various distros build with "-z now" anyway, hence it's weird to specify
RTLD_LAZY trying to override that (which it doesn't). Hence, let's
follow suit, and just do what everybody else does.
Also set RTLD_NODELETE, which is apparently what distros will probably
end up implying sooner or later anyway. Given that for pretty much all
our dlopen() calls we never call dlclose() anyway, let's just set this
everywhere too, to make things systematic.
This way, the flags we use by default match what distros such as fedora
do, there are no surprises, and read-only relocations can be a thing.
Fixes: #34537
|
| |
| |
| |
| |
| | |
The CIs apparently have rally old headers, where KEY_BRIGHTNESS_AUTO is
missing, let's hence ship our own copies from a current kernel.
|
| |
| |
| |
| | |
This reverts commit 0a40325573b91ea71070653865f7f6a9cada2bef.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On upgrades, only the %postun scriptlets of the old package version
run. This means that any changes related to restarting daemons require
two releases before they're actually used.
%postun is used because it runs after the old package has been removed,
which is important as it means any lingering dropins from the old package
will have been removed as well.
To allow deploying fixes in just a single release while still running after
the old package has been removed, let's introduce %posttrans versions of these
scriptlets as %posttrans of the new package runs on upgrade and install after
the old package has been removed.
|
| |
| |
| |
| | |
Signed-off-by: Daniel Dawson <danielcdawson@gmail.com>
|
|\ \
| | |
| | | |
repart: copy denylist fixes
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
If the source or target we're copying to is a subdirectory of any of the
directories specified in ExcludeFiles= or ExcludeFilesTarget=, shortcut the
entire copy operation.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is the same as json_dispatch_user_group_name() but fills in the
string as "const char*" to the JSON field. Or in other words, it's what
sd_json_dispatch_const_string() is to sd_json_dispatch_string().
Note this drops the SD_JSON_STRICT flags from various dispatch tables
for these fields, and replaces this by SD_JSON_RELAX, i.e. the opposite
behaviour. As #34558 correctly suggests we should validate user names
in lookup functions using the lax rules, rather than the strict ones,
since clients not knowing the rules might ask us for arbitrary
resolution.
(SD_JSON_RELAX internally translates to valid_user_group_name() with the
VALID_USER_RELAX flag).
See: #34558
|
|\ \ \
| | | |
| | | | |
ukify: Use SizeOfImage from linux image as virtual size of .linux section
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Now that we properly leave sufficient space for inline execution of
the .linux section, let's remove the special casing of the .linux
section as it doesn't need to be the last section anymore now.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The SizeOfImage is bigger than the image itself so that space is
guaranteed to be available for in place execution of the linux image. Let's
make sure we take this into account and use SizeOfImage as the section's virtual
size instead of the size of the image itself.
Fixes #34578
|
| |/ / |
|
|\ \ \
| | | |
| | | | |
systemctl: also show job id in status output
|
| | | |
| | | |
| | | |
| | | | |
Prompted by one ASG talk ;)
|
| |/ / |
|
|\ \ \
| | | |
| | | | |
core/cgroup: cache IO accounting data when pruning a cgroup
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When removing a cgroup in unit_prune_cgroup(), read IO metrics to cache
them similar to the existing treatment of the CPU and memory usage data.
Note that we do not do this for the IP metrics as the firewall objects
are only destroyed in unit_free() and thus stay alive long enough to
be read out directly by all interested parties.
Fixes #26988.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The name of the parameter is misleading and it does not save us much
work because it is not used during regular unit property queries.
It is only used during unit_log_resources(), and the cgroup is already
dead by that point so it won't be read anyway.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
After 3b16e9f41983f697bc38c40bb8e7119c1bb4f7c8, even the libraries are
documented in the man page, it is useful to mention which libraries are
checked in the command output.
Of course, the dependencies are kind of implementation detail, and may
be changed in the future version, but that's especially why I think
showing the library deps in the output is useful.
systemd-analyze is a debugging tool, and already shows many internal
states. I think there is nothing to prevent from showing the deps.
Prompted by #34477.
|
| | | |
| | | |
| | | |
| | | | |
Fixes #34554
|
|\ \ \ \
| | | | |
| | | | | |
Fix printing of RootImageOptions
|
| | | | | |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | | |
The type is a(ss), so a custom printer is required.
Fixes https://github.com/systemd/systemd/issues/33967.
|
|\ \ \ \
| |_|_|/
|/| | | |
creds: fix cat with encrypted credentials
|
| |/ /
| | |
| | |
| | | |
Fixes: https://github.com/systemd/systemd/issues/34547
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Every services and containers should be able to protect their users and
limit the impact of security bugs thanks to the security syscalls
provided by seccomp and Landlock. The goal of these syscalls is to
improve security with additional restrictions. They are designed to be
safely used by unprivileged (and then potentially malicious) users.
Remove the now-redundant "seccomp" entry for nspawn.
|
| |
| |
| |
| |
| |
| | |
Verity= is an image build concept, not a first boot concept, whereas
a partition designator is always available, so let's do the size stuff
based on that.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
We need to make sure the presets from /usr/lib/systemd/user-preset
are applied as well. Currently only the ones from
/usr/lib/systemd/system-preset are applied.
|
|\ \
| | |
| | | |
basic/strv: introduce strv_extend_strv_consume()
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
raw size
Follow-up for eda6223942a172fa6777901cf5fbd47438f285ce
|
| | | |
|
| | |
| | |
| | |
| | | |
This shall never be used outside of test functions.
|
|\ \ \
| | | |
| | | | |
strv: introduce strv_find_closest()
|
| | | |
| | | |
| | | |
| | | | |
This also makes the list of verbs is always shown on failure.
|
| | |/
| |/|
| | |
| | | |
Follow-up for 1e1ac5d53b0f126b6c4419506c7c42b67c07537f.
|
| | | |
|