mirror of
https://github.com/systemd/systemd.git
synced 2025-01-10 05:18:17 +03:00
Merge branch 'master' into journal
This commit is contained in:
commit
689b9a22f7
@ -20,7 +20,7 @@ ACLOCAL_AMFLAGS = -I m4
|
||||
SUBDIRS = po
|
||||
|
||||
LIBSYSTEMD_LOGIN_CURRENT=0
|
||||
LIBSYSTEMD_LOGIN_REVISION=5
|
||||
LIBSYSTEMD_LOGIN_REVISION=6
|
||||
LIBSYSTEMD_LOGIN_AGE=0
|
||||
|
||||
LIBSYSTEMD_DAEMON_CURRENT=0
|
||||
@ -341,7 +341,9 @@ dist_systemunit_DATA = \
|
||||
units/halt.target \
|
||||
units/kexec.target \
|
||||
units/local-fs.target \
|
||||
units/local-fs-pre.target \
|
||||
units/remote-fs.target \
|
||||
units/remote-fs-pre.target \
|
||||
units/cryptsetup.target \
|
||||
units/network.target \
|
||||
units/nss-lookup.target \
|
||||
|
7
TODO
7
TODO
@ -19,7 +19,12 @@ Bugfixes:
|
||||
|
||||
Features:
|
||||
|
||||
* bind mounts should be ordered after remount-root-fs.service
|
||||
* unset container= in PID1?
|
||||
|
||||
* if we can not get user quota for tmpfs, mount a separate tmpfs instance
|
||||
for every user in /run/user/$USER with a configured maximum size
|
||||
|
||||
* default to actual 32bit PIDs, via /proc/sys/kernel/pid_max
|
||||
|
||||
* add an option to make mounts private/shareable and so on, enable this for root by default
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
|
||||
AC_PREREQ(2.63)
|
||||
|
||||
AC_INIT([systemd],[36],[systemd-devel@lists.freedesktop.org])
|
||||
AC_INIT([systemd],[37],[systemd-devel@lists.freedesktop.org])
|
||||
AC_CONFIG_SRCDIR([src/main.c])
|
||||
AC_CONFIG_MACRO_DIR([m4])
|
||||
AC_CONFIG_HEADERS([config.h])
|
||||
|
@ -602,6 +602,13 @@
|
||||
command.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>list-unit-files</command></term>
|
||||
|
||||
<listitem><para>List installed unit files.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>enable [NAME...]</command></term>
|
||||
|
||||
|
@ -279,6 +279,11 @@
|
||||
assignments. Empty lines and lines
|
||||
starting with ; or # will be ignored,
|
||||
which may be used for commenting. The
|
||||
parser strips leading and
|
||||
trailing whitespace from the values
|
||||
of assignments, unless you use
|
||||
double quotes (").
|
||||
The
|
||||
argument passed should be an absolute
|
||||
file name, optionally prefixed with
|
||||
"-", which indicates that if the file
|
||||
|
@ -311,20 +311,28 @@
|
||||
main process of the daemon. The
|
||||
command line accepts % specifiers as
|
||||
described in
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. On
|
||||
top of that basic environment variable
|
||||
substitution is supported, where
|
||||
<literal>${FOO}</literal> is replaced
|
||||
by the string value of the environment
|
||||
variable of the same name. Also
|
||||
<literal>$FOO</literal> may appear as
|
||||
separate word on the command line in
|
||||
which case the variable is replaced by
|
||||
its value split at whitespaces. Note
|
||||
that the first argument (i.e. the
|
||||
binary to execute) may not be a
|
||||
variable, and must be a literal and
|
||||
absolute path name.</para></listitem>
|
||||
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
||||
|
||||
<para>On top of that basic environment
|
||||
variable substitution is
|
||||
supported. Use
|
||||
<literal>${FOO}</literal> as part of a
|
||||
word, or as word of its own on the
|
||||
command line, in which case it will be
|
||||
replaced by the value of the
|
||||
environment variable including all
|
||||
whitespace it contains, resulting in a
|
||||
single argument. Use
|
||||
<literal>$FOO</literal> as a separate
|
||||
word on the command line, in which
|
||||
case it will be replaced by the value
|
||||
of the environment variable split up
|
||||
at whitespace, resulting in no or more
|
||||
arguments. Note that the first
|
||||
argument (i.e. the program to execute)
|
||||
may not be a variable, and must be a
|
||||
literal and absolute path
|
||||
name.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -59,6 +59,7 @@
|
||||
<filename>halt.target</filename>,
|
||||
<filename>kbrequest.target</filename>,
|
||||
<filename>local-fs.target</filename>,
|
||||
<filename>local-fs-pre.target</filename>,
|
||||
<filename>mail-transfer-agent.target</filename>,
|
||||
<filename>multi-user.target</filename>,
|
||||
<filename>network.target</filename>,
|
||||
@ -66,6 +67,7 @@
|
||||
<filename>poweroff.target</filename>,
|
||||
<filename>reboot.target</filename>,
|
||||
<filename>remote-fs.target</filename>,
|
||||
<filename>remote-fs-pre.target</filename>,
|
||||
<filename>rescue.target</filename>,
|
||||
<filename>rpcbind.target</filename>,
|
||||
<filename>runlevel2.target</filename>,
|
||||
@ -260,6 +262,18 @@
|
||||
facility.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><filename>local-fs-pre.target</filename></term>
|
||||
<listitem>
|
||||
<para>This target unit is
|
||||
automatically ordered before
|
||||
all local mount points marked
|
||||
with <option>auto</option>
|
||||
(see above). It can be used to
|
||||
execute certain units before
|
||||
all local mounts.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><filename>mail-transfer-agent.target</filename></term>
|
||||
<listitem>
|
||||
@ -373,6 +387,18 @@
|
||||
facility.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><filename>remote-fs-pre.target</filename></term>
|
||||
<listitem>
|
||||
<para>This target unit is
|
||||
automatically ordered before
|
||||
all remote mount points marked
|
||||
with <option>auto</option>
|
||||
(see above). It can be used to
|
||||
execute certain units before
|
||||
all remote mounts.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><filename>rescue.target</filename></term>
|
||||
<listitem>
|
||||
|
@ -121,8 +121,9 @@
|
||||
|
||||
<para>If a line starts with <option>.include</option>
|
||||
followed by a file name, the specified file will be
|
||||
read as if its contents were listed in place of the
|
||||
<option>.include</option> directive.</para>
|
||||
parsed at this point. Make sure that the file that is
|
||||
included has the appropiate section headers before
|
||||
any directives.</para>
|
||||
|
||||
<para>Along with a unit file
|
||||
<filename>foo.service</filename> a directory
|
||||
@ -672,6 +673,7 @@
|
||||
<term><varname>ConditionKernelCommandLine=</varname></term>
|
||||
<term><varname>ConditionVirtualization=</varname></term>
|
||||
<term><varname>ConditionSecurity=</varname></term>
|
||||
<term><varname>ConditionCapability=</varname></term>
|
||||
<term><varname>ConditionNull=</varname></term>
|
||||
|
||||
<listitem><para>Before starting a unit
|
||||
@ -748,9 +750,9 @@
|
||||
value to check if being executed in
|
||||
any virtualized environment, or one of
|
||||
<varname>vm</varname> and
|
||||
<varname>container</varname> to test against
|
||||
a specific type of virtualization
|
||||
solution, or one of
|
||||
<varname>container</varname> to test
|
||||
against a specific type of
|
||||
virtualization solution, or one of
|
||||
<varname>qemu</varname>,
|
||||
<varname>kvm</varname>,
|
||||
<varname>vmware</varname>,
|
||||
@ -774,7 +776,19 @@
|
||||
system. Currently the only recognized
|
||||
value is <varname>selinux</varname>.
|
||||
The test may be negated by prepending
|
||||
an exclamation mark. Finally,
|
||||
an exclamation
|
||||
mark. <varname>ConditionCapability=</varname>
|
||||
may be used to check whether the given
|
||||
capability exists in the capability
|
||||
bounding set of the service manager
|
||||
(i.e. this does not check whether
|
||||
capability is actually available in
|
||||
the permitted or effective sets, see
|
||||
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
for details). Pass a capability name
|
||||
such as <literal>CAP_MKNOD</literal>,
|
||||
possibly prefixed with an exclamation
|
||||
mark to negate the check. Finally,
|
||||
<varname>ConditionNull=</varname> may
|
||||
be used to add a constant condition
|
||||
check value to the unit. It takes a
|
||||
@ -931,7 +945,8 @@
|
||||
<citerefentry><refentrytitle>systemd.target</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd.path</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
<citerefentry><refentrytitle>systemd.snapshot</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
10
po/pl.po
10
po/pl.po
@ -53,7 +53,7 @@ msgstr "Ustawienie lokalizacji systemu"
|
||||
|
||||
#: ../src/org.freedesktop.login1.policy.in.h:1
|
||||
msgid "Allow attaching devices to seats"
|
||||
msgstr "Zezwolenie na podłączanie urządzeń do siedzeń"
|
||||
msgstr "Zezwolenie na podłączanie urządzeń do stanowisk"
|
||||
|
||||
#: ../src/org.freedesktop.login1.policy.in.h:2
|
||||
msgid "Allow non-logged-in users to run programs"
|
||||
@ -69,8 +69,8 @@ msgstr ""
|
||||
#: ../src/org.freedesktop.login1.policy.in.h:4
|
||||
msgid "Authentication is required to allow attaching a device to a seat"
|
||||
msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby zezwolić na podłączanie urządzeń do "
|
||||
"siedzeń"
|
||||
"Wymagane jest uwierzytelnienie, aby zezwolić na podłączenie urządzenia do "
|
||||
"stanowiska"
|
||||
|
||||
#: ../src/org.freedesktop.login1.policy.in.h:5
|
||||
msgid "Authentication is required to allow powering off the system"
|
||||
@ -103,11 +103,11 @@ msgid ""
|
||||
"seats"
|
||||
msgstr ""
|
||||
"Wymagane jest uwierzytelnienie, aby zezwolić na ponowne ustawianie sposobu "
|
||||
"podłączenia urządzeń do siedzeń"
|
||||
"podłączenia urządzeń do stanowisk"
|
||||
|
||||
#: ../src/org.freedesktop.login1.policy.in.h:10
|
||||
msgid "Flush device to seat attachments"
|
||||
msgstr "Czyszczenie podłączeń urządzeń do siedzeń"
|
||||
msgstr "Usunięcie podłączenia urządzeń do stanowisk"
|
||||
|
||||
#: ../src/org.freedesktop.login1.policy.in.h:11
|
||||
msgid "Power off the system"
|
||||
|
@ -23,6 +23,7 @@
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/capability.h>
|
||||
|
||||
#ifdef HAVE_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
@ -148,7 +149,7 @@ static bool test_virtualization(const char *parameter) {
|
||||
return true;
|
||||
|
||||
/* Finally compare id */
|
||||
return streq(parameter, id);
|
||||
return v > 0 && streq(parameter, id);
|
||||
}
|
||||
|
||||
static bool test_security(const char *parameter) {
|
||||
@ -159,6 +160,36 @@ static bool test_security(const char *parameter) {
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool test_capability(const char *parameter) {
|
||||
cap_value_t value;
|
||||
FILE *f;
|
||||
char line[LINE_MAX];
|
||||
unsigned long long capabilities = (unsigned long long) -1;
|
||||
|
||||
/* If it's an invalid capability, we don't have it */
|
||||
|
||||
if (cap_from_name(parameter, &value) < 0)
|
||||
return false;
|
||||
|
||||
/* If it's a valid capability we default to assume
|
||||
* that we have it */
|
||||
|
||||
f = fopen("/proc/self/status", "re");
|
||||
if (!f)
|
||||
return true;
|
||||
|
||||
while (fgets(line, sizeof(line), f)) {
|
||||
truncate_nl(line);
|
||||
|
||||
if (startswith(line, "CapBnd:")) {
|
||||
(void) sscanf(line+7, "%llx", &capabilities);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return !!(capabilities & (1ULL << value));
|
||||
}
|
||||
|
||||
bool condition_test(Condition *c) {
|
||||
assert(c);
|
||||
|
||||
@ -214,6 +245,9 @@ bool condition_test(Condition *c) {
|
||||
case CONDITION_SECURITY:
|
||||
return test_security(c->parameter) == !c->negate;
|
||||
|
||||
case CONDITION_CAPABILITY:
|
||||
return test_capability(c->parameter) == !c->negate;
|
||||
|
||||
case CONDITION_NULL:
|
||||
return !c->negate;
|
||||
|
||||
|
@ -37,6 +37,7 @@ typedef enum ConditionType {
|
||||
CONDITION_KERNEL_COMMAND_LINE,
|
||||
CONDITION_VIRTUALIZATION,
|
||||
CONDITION_SECURITY,
|
||||
CONDITION_CAPABILITY,
|
||||
CONDITION_NULL,
|
||||
_CONDITION_TYPE_MAX,
|
||||
_CONDITION_TYPE_INVALID = -1
|
||||
|
@ -895,12 +895,9 @@ static int do_capability_bounding_set_drop(uint64_t drop) {
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0; i <= MAX(63LU, (unsigned long) CAP_LAST_CAP); i++)
|
||||
for (i = 0; i <= cap_last_cap(); i++)
|
||||
if (drop & ((uint64_t) 1ULL << (uint64_t) i)) {
|
||||
if (prctl(PR_CAPBSET_DROP, i) < 0) {
|
||||
if (errno == EINVAL)
|
||||
break;
|
||||
|
||||
r = -errno;
|
||||
goto finish;
|
||||
}
|
||||
@ -1720,7 +1717,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
|
||||
unsigned long l;
|
||||
fprintf(f, "%sCapabilityBoundingSet:", prefix);
|
||||
|
||||
for (l = 0; l <= (unsigned long) CAP_LAST_CAP; l++)
|
||||
for (l = 0; l <= cap_last_cap(); l++)
|
||||
if (!(c->capability_bounding_set_drop & ((uint64_t) 1ULL << (uint64_t) l))) {
|
||||
char *t;
|
||||
|
||||
|
@ -1,49 +1,33 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
import system_config_keyboard.keyboard_models, sys
|
||||
import sys
|
||||
import system_config_keyboard.keyboard_models
|
||||
|
||||
def strdash(s):
|
||||
r = s.strip()
|
||||
|
||||
if r == "":
|
||||
return "-"
|
||||
|
||||
return r
|
||||
|
||||
def tab_extend(s, n = 1):
|
||||
return s.strip() or '-'
|
||||
|
||||
def tab_extend(s, n=1):
|
||||
s = strdash(s)
|
||||
k = len(s) / 8
|
||||
k = len(s) // 8
|
||||
|
||||
if k >= n:
|
||||
f = 1
|
||||
else:
|
||||
f = n - k
|
||||
|
||||
for x in range(0, f):
|
||||
s = s + "\t"
|
||||
|
||||
return s
|
||||
|
||||
return s + '\t'*f
|
||||
|
||||
|
||||
models = system_config_keyboard.keyboard_models.KeyboardModels().get_models()
|
||||
|
||||
print "# Generated from system-config-keyboard's model list"
|
||||
|
||||
print "# consolelayout\t\txlayout\txmodel\t\txvariant\txoptions"
|
||||
|
||||
k = models.keys()
|
||||
for key, value in reversed(models.items()):
|
||||
options = "terminate:ctrl_alt_bksp"
|
||||
if value[4]:
|
||||
options += ',' + value[4]
|
||||
|
||||
k.reverse()
|
||||
|
||||
for key in k:
|
||||
value = models[key]
|
||||
|
||||
options = value[4]
|
||||
if len(options) > 0:
|
||||
options = "terminate:ctrl_alt_bksp," + options
|
||||
else:
|
||||
options = "terminate:ctrl_alt_bksp"
|
||||
|
||||
print "%s%s%s%s%s" % (tab_extend(key, 3), tab_extend(value[1]), tab_extend(value[2], 2), tab_extend(value[3], 2), options)
|
||||
print ''.join((tab_extend(key, 3), tab_extend(value[1]),
|
||||
tab_extend(value[2], 2), tab_extend(value[3], 2),
|
||||
options))
|
||||
|
@ -32,7 +32,7 @@
|
||||
|
||||
#if defined(TARGET_FEDORA) || defined(TARGET_ALTLINUX) || defined(TARGET_MANDRIVA) || defined(TARGET_MEEGO)
|
||||
#define FILENAME "/etc/sysconfig/network"
|
||||
#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE)
|
||||
#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE)
|
||||
#define FILENAME "/etc/HOSTNAME"
|
||||
#elif defined(TARGET_ARCH)
|
||||
#define FILENAME "/etc/rc.conf"
|
||||
@ -114,7 +114,7 @@ finish:
|
||||
fclose(f);
|
||||
return r;
|
||||
|
||||
#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE) || defined(TARGET_FRUGALWARE)
|
||||
#elif defined(TARGET_SUSE) || defined(TARGET_SLACKWARE)
|
||||
return read_and_strip_hostname(FILENAME, hn);
|
||||
#else
|
||||
return -ENOENT;
|
||||
|
@ -119,6 +119,7 @@ Unit.ConditionFileIsExecutable, config_parse_unit_condition_path, CONDITION_F
|
||||
Unit.ConditionKernelCommandLine, config_parse_unit_condition_string, CONDITION_KERNEL_COMMAND_LINE, 0
|
||||
Unit.ConditionVirtualization, config_parse_unit_condition_string, CONDITION_VIRTUALIZATION, 0
|
||||
Unit.ConditionSecurity, config_parse_unit_condition_string, CONDITION_SECURITY, 0
|
||||
Unit.ConditionCapability, config_parse_unit_condition_string, CONDITION_CAPABILITY, 0
|
||||
Unit.ConditionNull, config_parse_unit_condition_null, 0, 0
|
||||
m4_dnl
|
||||
Service.PIDFile, config_parse_unit_path_printf, 0, offsetof(Service, pid_file)
|
||||
|
@ -574,6 +574,10 @@ static int write_data_x11(void) {
|
||||
|
||||
#ifdef TARGET_FEDORA
|
||||
unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
|
||||
|
||||
/* Symlink this to /dev/null, so that s-s-k (if it is
|
||||
* still running) doesn't recreate this. */
|
||||
symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
|
||||
#endif
|
||||
|
||||
if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0)
|
||||
@ -619,6 +623,10 @@ static int write_data_x11(void) {
|
||||
|
||||
#ifdef TARGET_FEDORA
|
||||
unlink("/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
|
||||
|
||||
/* Symlink this to /dev/null, so that s-s-k (if it is
|
||||
* still running) doesn't recreate this. */
|
||||
symlink("/dev/null", "/etc/X11/xorg.conf.d/00-system-setup-keyboard.conf");
|
||||
#endif
|
||||
|
||||
r = 0;
|
||||
|
@ -973,8 +973,11 @@ static DBusHandlerResult manager_message_handler(
|
||||
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "CreateSession")) {
|
||||
|
||||
r = bus_manager_create_session(m, message, &reply);
|
||||
if (r == -ENOMEM)
|
||||
goto oom;
|
||||
|
||||
/* Don't delay the work on OOM here, since it might be
|
||||
* triggered by a low RLIMIT_NOFILE here (since we
|
||||
* send a dupped fd to the client), and we'd rather
|
||||
* see this fail quickly then be retried later */
|
||||
|
||||
if (r < 0)
|
||||
return bus_send_error_reply(connection, message, &error, r);
|
||||
|
@ -357,9 +357,11 @@ static int mount_add_fstab_links(Mount *m) {
|
||||
|
||||
if (mount_is_network(p)) {
|
||||
target = SPECIAL_REMOTE_FS_TARGET;
|
||||
after = SPECIAL_NETWORK_TARGET;
|
||||
} else
|
||||
after = SPECIAL_REMOTE_FS_PRE_TARGET;
|
||||
} else {
|
||||
target = SPECIAL_LOCAL_FS_TARGET;
|
||||
after = SPECIAL_LOCAL_FS_PRE_TARGET;
|
||||
}
|
||||
|
||||
if (!path_equal(m->where, "/"))
|
||||
if ((r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true)) < 0)
|
||||
|
@ -361,7 +361,7 @@ static int drop_capabilities(void) {
|
||||
|
||||
unsigned long l;
|
||||
|
||||
for (l = 0; l <= MAX(63LU, (unsigned long) CAP_LAST_CAP); l++) {
|
||||
for (l = 0; l <= cap_last_cap(); l++) {
|
||||
unsigned i;
|
||||
|
||||
for (i = 0; i < ELEMENTSOF(retain); i++)
|
||||
@ -372,12 +372,6 @@ static int drop_capabilities(void) {
|
||||
continue;
|
||||
|
||||
if (prctl(PR_CAPBSET_DROP, l) < 0) {
|
||||
|
||||
/* If this capability is not known, EINVAL
|
||||
* will be returned, let's ignore this. */
|
||||
if (errno == EINVAL)
|
||||
break;
|
||||
|
||||
log_error("PR_CAPBSET_DROP failed: %m");
|
||||
return -errno;
|
||||
}
|
||||
|
@ -32,7 +32,7 @@
|
||||
|
||||
static pid_t pager_pid = 0;
|
||||
|
||||
static void pager_fallback(void) {
|
||||
_noreturn_ static void pager_fallback(void) {
|
||||
ssize_t n;
|
||||
do {
|
||||
n = splice(STDIN_FILENO, NULL, STDOUT_FILENO, NULL, 64*1024, 0);
|
||||
|
@ -27,7 +27,7 @@
|
||||
|
||||
#include "macro.h"
|
||||
|
||||
#define READAHEAD_FILE_SIZE_MAX (128*1024*1024)
|
||||
#define READAHEAD_FILE_SIZE_MAX (10*1024*1024)
|
||||
|
||||
int file_verify(int fd, const char *fn, off_t file_size_max, struct stat *st);
|
||||
|
||||
|
@ -83,7 +83,7 @@ int sd_session_get_seat(const char *session, char **seat);
|
||||
int sd_seat_get_active(const char *seat, char **session, uid_t *uid);
|
||||
|
||||
/* Return sessions and users on seat. Returns number of sessions as
|
||||
* return value. If sessions is NULL returs only the number of
|
||||
* return value. If sessions is NULL returns only the number of
|
||||
* sessions. */
|
||||
int sd_seat_get_sessions(const char *seat, char ***sessions, uid_t **uid, unsigned *n_uids);
|
||||
|
||||
@ -94,7 +94,7 @@ int sd_seat_can_multi_session(const char *seat);
|
||||
* seats is NULL only returns number of seats. */
|
||||
int sd_get_seats(char ***seats);
|
||||
|
||||
/* Get all sessions, store in *seessions. Returns the number of
|
||||
/* Get all sessions, store in *sessions. Returns the number of
|
||||
* sessions. If sessions is NULL only returns number of sessions. */
|
||||
int sd_get_sessions(char ***sessions);
|
||||
|
||||
|
@ -829,6 +829,7 @@ static int service_load_sysv_path(Service *s, const char *path) {
|
||||
/* Special setting for all SysV services */
|
||||
s->type = SERVICE_FORKING;
|
||||
s->remain_after_exit = !s->pid_file;
|
||||
s->guess_main_pid = false;
|
||||
s->restart = SERVICE_RESTART_NO;
|
||||
|
||||
if (s->meta.manager->sysv_console)
|
||||
|
@ -45,7 +45,9 @@
|
||||
#define SPECIAL_SYSINIT_TARGET "sysinit.target"
|
||||
#define SPECIAL_SOCKETS_TARGET "sockets.target"
|
||||
#define SPECIAL_LOCAL_FS_TARGET "local-fs.target" /* LSB's $local_fs */
|
||||
#define SPECIAL_LOCAL_FS_PRE_TARGET "local-fs-pre.target"
|
||||
#define SPECIAL_REMOTE_FS_TARGET "remote-fs.target" /* LSB's $remote_fs */
|
||||
#define SPECIAL_REMOTE_FS_PRE_TARGET "remote-fs-pre.target"
|
||||
#define SPECIAL_SWAP_TARGET "swap.target"
|
||||
#define SPECIAL_BASIC_TARGET "basic.target"
|
||||
|
||||
|
@ -170,8 +170,24 @@ static int read_data(void) {
|
||||
free_data();
|
||||
|
||||
r = read_one_line_file("/etc/timezone", &zone);
|
||||
if (r < 0 && r != -ENOENT)
|
||||
return r;
|
||||
if (r < 0) {
|
||||
if (r != -ENOENT)
|
||||
log_warning("Failed to read /etc/timezone: %s", strerror(-r));
|
||||
|
||||
#ifdef TARGET_FEDORA
|
||||
r = parse_env_file("/etc/sysconfig/clock", NEWLINE,
|
||||
"ZONE", &zone,
|
||||
NULL);
|
||||
|
||||
if (r < 0 && r != -ENOENT)
|
||||
log_warning("Failed to read /etc/sysconfig/clock: %s", strerror(-r));
|
||||
#endif
|
||||
}
|
||||
|
||||
if (isempty(zone)) {
|
||||
free(zone);
|
||||
zone = NULL;
|
||||
}
|
||||
|
||||
verify_timezone();
|
||||
|
||||
|
@ -157,6 +157,7 @@ static void load_unix_sockets(void) {
|
||||
}
|
||||
}
|
||||
|
||||
fclose(f);
|
||||
return;
|
||||
|
||||
fail:
|
||||
|
41
src/util.c
41
src/util.c
@ -2336,8 +2336,10 @@ int chvt(int vt) {
|
||||
0
|
||||
};
|
||||
|
||||
if (ioctl(fd, TIOCLINUX, tiocl) < 0)
|
||||
return -errno;
|
||||
if (ioctl(fd, TIOCLINUX, tiocl) < 0) {
|
||||
r = -errno;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
vt = tiocl[0] <= 0 ? 1 : tiocl[0];
|
||||
}
|
||||
@ -2345,7 +2347,8 @@ int chvt(int vt) {
|
||||
if (ioctl(fd, VT_ACTIVATE, vt) < 0)
|
||||
r = -errno;
|
||||
|
||||
close_nointr_nofail(r);
|
||||
fail:
|
||||
close_nointr_nofail(fd);
|
||||
return r;
|
||||
}
|
||||
|
||||
@ -5899,4 +5902,36 @@ int prot_from_flags(int flags) {
|
||||
default:
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
unsigned long cap_last_cap(void) {
|
||||
static __thread unsigned long saved;
|
||||
static __thread bool valid = false;
|
||||
unsigned long p;
|
||||
|
||||
if (valid)
|
||||
return saved;
|
||||
|
||||
p = (unsigned long) CAP_LAST_CAP;
|
||||
|
||||
if (prctl(PR_CAPBSET_READ, p) < 0) {
|
||||
|
||||
/* Hmm, look downwards, until we find one that
|
||||
* works */
|
||||
for (p--; p > 0; p --)
|
||||
if (prctl(PR_CAPBSET_READ, p) >= 0)
|
||||
break;
|
||||
|
||||
} else {
|
||||
|
||||
/* Hmm, look upwards, until we find one that doesn't
|
||||
* work */
|
||||
for (;; p++)
|
||||
if (prctl(PR_CAPBSET_READ, p+1) < 0)
|
||||
break;
|
||||
}
|
||||
|
||||
saved = p;
|
||||
valid = true;
|
||||
|
||||
return p;
|
||||
}
|
||||
|
@ -515,4 +515,6 @@ bool kexec_loaded(void);
|
||||
|
||||
int prot_from_flags(int flags);
|
||||
|
||||
unsigned long cap_last_cap(void);
|
||||
|
||||
#endif
|
||||
|
11
units/local-fs-pre.target
Normal file
11
units/local-fs-pre.target
Normal file
@ -0,0 +1,11 @@
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See systemd.special(7) for details
|
||||
|
||||
[Unit]
|
||||
Description=Local File Systems (Pre)
|
15
units/remote-fs-pre.target
Normal file
15
units/remote-fs-pre.target
Normal file
@ -0,0 +1,15 @@
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See systemd.special(7) for details
|
||||
|
||||
[Unit]
|
||||
Description=Remote File Systems (Pre)
|
||||
After=network.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -10,7 +10,8 @@ Description=Remount Root FS
|
||||
DefaultDependencies=no
|
||||
Conflicts=shutdown.target
|
||||
After=systemd-readahead-collect.service systemd-readahead-replay.service fsck-root.service
|
||||
Before=local-fs.target shutdown.target
|
||||
Before=local-fs-pre.target local-fs.target shutdown.target
|
||||
Wants=local-fs-pre.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
@ -16,3 +16,7 @@ Type=dbus
|
||||
BusName=org.freedesktop.login1
|
||||
CapabilityBoundingSet=CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER
|
||||
StandardOutput=syslog
|
||||
|
||||
# Increase the default a bit in order to allow many simultaneous
|
||||
# logins since we keep one fd open per session.
|
||||
LimitNOFILE=16384
|
||||
|
@ -10,7 +10,8 @@ Description=Remount API VFS
|
||||
DefaultDependencies=no
|
||||
Conflicts=shutdown.target
|
||||
After=systemd-readahead-collect.service systemd-readahead-replay.service
|
||||
Before=local-fs.target shutdown.target
|
||||
Before=local-fs-pre.target local-fs.target shutdown.target
|
||||
Wants=local-fs-pre.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
@ -18,3 +18,7 @@ ExecStart=@rootlibexecdir@/systemd-stdout-syslog-bridge
|
||||
NotifyAccess=all
|
||||
StandardOutput=null
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SETUID CAP_SETGID
|
||||
|
||||
# Increase the default a bit in order to allow many simultaneous
|
||||
# services being run since we keep one fd open per service.
|
||||
LimitNOFILE=16384
|
||||
|
Loading…
Reference in New Issue
Block a user