mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-10-28 11:55:23 +03:00
Merge pull request #8607 from poettering/trivialities2
tiny, trivial, unrelated fixes
This commit is contained in:
commit
984b9c8cfe
10
TODO
10
TODO
@ -24,6 +24,16 @@ Janitorial Clean-ups:
|
||||
|
||||
Features:
|
||||
|
||||
* nspawn's console TTY should be allocated from within the container, not
|
||||
mounted in from the outside
|
||||
|
||||
* show invocation ID in systemd-run output
|
||||
|
||||
* bypass SIGTERM state in unit files if KillSignal is SIGKILL
|
||||
|
||||
* tree-wide: ensure we always block the signals we hook into with
|
||||
sd_event_add_signal() first
|
||||
|
||||
* add proper dbus APIs for the various sd_notify() commands, such as MAINPID=1
|
||||
and so on, which would mean we could report errors and such.
|
||||
|
||||
|
@ -440,3 +440,13 @@
|
||||
string, always apply the C-style unescaping fist, followed by the specifier
|
||||
expansion. When doing the reverse, make sure to escape '%' in specifier-style
|
||||
first (i.e. '%' → '%%'), and then do C-style escaping where necessary.
|
||||
|
||||
- It's a good idea to use O_NONBLOCK when opening 'foreign' regular files, i.e
|
||||
file system objects that are supposed to be regular files whose paths where
|
||||
specified by the user and hence might actually refer to other types of file
|
||||
system objects. This is a good idea so that we don't end up blocking on
|
||||
'strange' file nodes, for example if the user pointed us to a FIFO or device
|
||||
node which may block when opening. Moreover even for actual regular files
|
||||
O_NONBLOCK has a benefit: it bypasses any mandatory lock that might be in
|
||||
effect on the regular file. If in doubt consider turning off O_NONBLOCK again
|
||||
after opening.
|
||||
|
@ -301,7 +301,7 @@ systemd-reboot.service systemd-poweroff.service systemd-halt.service syste
|
||||
<para>Commonly used system shutdown targets are <emphasis>emphasized</emphasis>.</para>
|
||||
|
||||
<para>Note that
|
||||
<citerefentry>system<refentrytitle>systemd-halt.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd-halt.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<filename>systemd-reboot.service</filename>, <filename>systemd-poweroff.service</filename> and
|
||||
<filename>systemd-kexec.service</filename> will transition the system and server manager (PID 1) into the second
|
||||
phase of system shutdown (implemented in the <filename>systemd-shutdown</filename> binary), which will unmount any
|
||||
|
@ -181,11 +181,13 @@ void *xbsearch_r(const void *key, const void *base, size_t nmemb, size_t size,
|
||||
const void *p;
|
||||
int comparison;
|
||||
|
||||
assert(!size_multiply_overflow(nmemb, size));
|
||||
|
||||
l = 0;
|
||||
u = nmemb;
|
||||
while (l < u) {
|
||||
idx = (l + u) / 2;
|
||||
p = (const char *) base + idx * size;
|
||||
p = (const uint8_t*) base + idx * size;
|
||||
comparison = compar(key, p, arg);
|
||||
if (comparison < 0)
|
||||
u = idx;
|
||||
|
@ -397,19 +397,18 @@ static int relabel_cgroup_filesystems(void) {
|
||||
only when the filesystem has been already populated by a previous instance of systemd
|
||||
running from initrd. Otherwise don't remount anything and leave the filesystem read-write
|
||||
for the cgroup filesystems to be mounted inside. */
|
||||
r = statfs("/sys/fs/cgroup", &st);
|
||||
if (r < 0) {
|
||||
if (statfs("/sys/fs/cgroup", &st) < 0)
|
||||
return log_error_errno(errno, "Failed to determine mount flags for /sys/fs/cgroup: %m");
|
||||
}
|
||||
|
||||
if (st.f_flags & ST_RDONLY)
|
||||
(void) mount(NULL, "/sys/fs/cgroup", NULL, MS_REMOUNT, NULL);
|
||||
|
||||
(void) label_fix("/sys/fs/cgroup", 0);
|
||||
nftw("/sys/fs/cgroup", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
|
||||
(void) nftw("/sys/fs/cgroup", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
|
||||
|
||||
if (st.f_flags & ST_RDONLY)
|
||||
(void) mount(NULL, "/sys/fs/cgroup", NULL, MS_REMOUNT|MS_RDONLY, NULL);
|
||||
|
||||
} else if (r < 0)
|
||||
return log_error_errno(r, "Failed to determine whether we are in all unified mode: %m");
|
||||
|
||||
@ -435,9 +434,9 @@ int mount_setup(bool loaded_policy) {
|
||||
|
||||
before_relabel = now(CLOCK_MONOTONIC);
|
||||
|
||||
nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
|
||||
nftw("/dev/shm", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
|
||||
nftw("/run", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
|
||||
(void) nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
|
||||
(void) nftw("/dev/shm", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
|
||||
(void) nftw("/run", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
|
||||
|
||||
r = relabel_cgroup_filesystems();
|
||||
if (r < 0)
|
||||
|
@ -343,20 +343,15 @@ void server_process_native_file(
|
||||
sealed = memfd_get_sealed(fd) > 0;
|
||||
|
||||
if (!sealed && (!ucred || ucred->uid != 0)) {
|
||||
_cleanup_free_ char *sl = NULL, *k = NULL;
|
||||
_cleanup_free_ char *k = NULL;
|
||||
const char *e;
|
||||
|
||||
/* If this is not a sealed memfd, and the peer is unknown or
|
||||
* unprivileged, then verify the path. */
|
||||
|
||||
if (asprintf(&sl, "/proc/self/fd/%i", fd) < 0) {
|
||||
log_oom();
|
||||
return;
|
||||
}
|
||||
|
||||
r = readlink_malloc(sl, &k);
|
||||
r = fd_get_path(fd, &k);
|
||||
if (r < 0) {
|
||||
log_error_errno(r, "readlink(%s) failed: %m", sl);
|
||||
log_error_errno(r, "readlink(/proc/self/fd/%i) failed: %m", fd);
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -284,5 +284,5 @@ int main(int argc, char *argv[]) {
|
||||
return r < 0 ? EXIT_FAILURE : r;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
@ -879,8 +879,7 @@ int image_path_lock(const char *path, int operation, LockFile *global, LockFile
|
||||
r = make_lock_file_for(path, operation, &t);
|
||||
if (r < 0) {
|
||||
if ((operation & LOCK_SH) && r == -EROFS)
|
||||
log_debug_errno(r, "Failed to create shared "
|
||||
"lock for %s: %m", path);
|
||||
log_debug_errno(r, "Failed to create shared lock for '%s', ignoring: %m", path);
|
||||
else
|
||||
return r;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user