shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-02-14 01:57:27 +03:00
Code
60,721 Commits 36 Branches 656 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Sam James 2b52748d45 nspawn: allow sched_rr_get_interval_time64 through seccomp filter 
We only allow a selected subset of syscalls from nspawn containers
and don't list any time64 variants (needed for 32-bit arches when
built using TIME_BITS=64, which is relatively new).

We allow sched_rr_get_interval which cpython's test suite makes
use of, but we don't allow sched_rr_get_interval_time64.

The test failures when run in an arm32 nspawn container on an arm64 host
were as follows:
```
======================================================================
ERROR: test_sched_rr_get_interval (test.test_posix.PosixTester.test_sched_rr_get_interval)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/var/tmp/portage/dev-lang/python-3.11.0_p1/work/Python-3.11.0/Lib/test/test_posix.py", line 1180, in test_sched_rr_get_interval
    interval = posix.sched_rr_get_interval(0)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
PermissionError: [Errno 1] Operation not permitted
```

Then strace showed:
```
sched_rr_get_interval_time64(0, 0xffbbd4a0) = -1 EPERM (Operation not permitted)
```

This appears to be the only time64 syscall that isn't already included one of
the sets listed in nspawn-seccomp.c that has a non-time64 variant. Checked
over each of the time64 syscalls known to systemd and verified that none
of the others had a non-time64-variant whitelisted in nspawn other than
sched_rr_get_interval.

Bug: https://bugs.gentoo.org/880131
(cherry picked from commit b9e7f22c2d80930cad36ae53e66e42a2996dca4a)
2022-11-24 17:38:34 +01:00
.clusterfuzzlite
ci: unpin CFLite
2022-04-26 09:13:57 +00:00
.github
Disable code freeze banner
2022-10-31 18:57:13 +00:00
.semaphore
semaphore: remove the Semaphore repositories recursively
2022-11-07 19:01:47 +00:00
catalog
man: reword some awkward sentences
2022-10-14 15:56:58 +02:00
coccinelle
basic/list: drop LIST_IS_EMPTY
2022-07-02 12:46:16 +02:00
docs
Revert "initrd: extend SYSTEMD_IN_INITRD to accept non-ramfs rootfs"
2022-11-24 17:38:34 +01:00
factory
meson: also allow setting GIT_VERSION via templates
2022-04-05 22:18:31 +02:00
hwdb.d
parse_hwdb: allow negative value for EVDEV_ABS_ properties
2022-11-04 23:31:28 +00:00
LICENSES
network: change license of examples to MIT-0
2022-10-26 08:39:34 +02:00
man
man: add note that network-generator is not a generator
2022-11-08 14:59:01 +01:00
mkosi.default.d
mkosi: libbpf0 -> libbpf1
2022-10-24 20:40:07 +02:00
modprobe.d
meson: install the right README file in modprobe.d
2021-07-07 14:52:05 +02:00
network
network: change license of examples to MIT-0
2022-10-26 08:39:34 +02:00
po
po: Translated using Weblate (Chinese (Simplified) (zh_CN))
2022-10-31 12:54:01 +01:00
presets
units: enable systemd-network-generator by default
2021-12-16 09:49:39 +01:00
rules.d
udev: add safe guard for setting by-id symlink
2022-11-04 23:31:28 +00:00
shell-completion
shell-completion/zsh: rename helper for clarity
2022-10-20 09:58:00 +02:00
src
nspawn: allow sched_rr_get_interval_time64 through seccomp filter
2022-11-24 17:38:34 +01:00
sysctl.d
tree-wide: link to docs.kernel.org for kernel documentation
2022-07-04 19:56:53 +02:00
sysusers.d
Use descriptive name for nobody
2022-05-27 22:09:24 +01:00
test
test: fix keymaps installation on Arch
2022-11-08 14:59:01 +01:00
tmpfiles.d
tmpfiles.d: do not fail if provision.conf fails
2022-11-04 23:31:28 +00:00
tools
Report version string as in the Boot Loader Spec, fix boot loader upgrades
2022-10-25 13:23:57 +02:00
units
unit: also prioritize input devices when triggering devices
2022-10-26 10:49:09 +02:00
xorg
xorg/50-systemd-user: add a full license header
2021-10-01 14:45:00 +02:00
.clang-format
clang-format: Adjust style of pointers
2022-05-30 04:00:54 +09:00
.ctags
editors: Prevent ctags from following symlinks
2019-02-15 11:01:20 -08:00
.dir-locals.el
scripts: use 4 space indentation
2019-04-12 08:30:31 +02:00
.editorconfig
docs: configure editorconfig for css and html
2022-05-17 21:13:17 +02:00
.gitattributes
gitattributes: introduce and use "generated" attribute
2021-10-18 09:42:55 +02:00
.gitignore
core/cgroup: CPUWeight/CPUShares support idle input
2022-08-11 14:25:58 +02:00
.mailmap
mailmap: two more names
2021-03-30 13:17:58 +02:00
.packit.yml
Packit: build SRPMs in Copr
2022-03-09 09:52:41 +00:00
.vimrc
scripts: use 4 space indentation
2019-04-12 08:30:31 +02:00
.ycm_extra_conf.py
ycm: add doc string for all the functions in configuration file
2017-11-29 13:21:49 -07:00
configure
tools: shellcheck-ify tool scripts
2021-09-30 12:27:06 +02:00
LICENSE.GPL2
relicense to LGPLv2.1 (with exceptions)
2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1
licence: remove references to old FSF address
2012-12-17 11:41:31 +01:00
Makefile
tree-wide: add spdx header on all scripts and helpers
2021-01-28 09:55:35 +01:00
meson_options.txt
core: allow disabling system time correction if rtc returns time far in the future
2022-08-24 21:39:46 +01:00
meson.build
shared/tpm2-util: Fix "Error: Esys invalid ESAPI handle (40000001)" warning
2022-11-24 17:38:34 +01:00
mkosi.build
mkosi: Make sure bpf-framework works on CentOS Stream 8 as well
2022-10-17 08:45:48 +02:00
mkosi.postinst
mkosi: Ensure we build all features/components in mkosi
2022-08-23 15:19:26 +02:00
NEWS
Finalise 👻 SpOoOky 👻 NEWS for v252
2022-10-31 18:59:18 +00:00
README
README: Fix libbpf minimum version
2022-10-17 08:45:16 +02:00
README.md
README.md: add a missing line break
2022-10-19 11:17:33 +02:00
TODO
update TODO
2022-10-31 12:38:48 +01:00

README.md

Systemd

System and Service Manager

Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
CentOS CI - CentOS 8
CentOS CI - Arch
CentOS CI - Arch (sanitizers)
CentOS CI - Rawhide (SELinux)
Fossies codespell report
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.

Description
Backports of patch from systemd git to stable distributions
Readme 226 MiB
Languages
C 89.4%
Python 5.8%
Shell 2.1%
Meson 1.3%
HTML 0.9%
Other 0.4%