IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Rename is_procfs_sysfs_or_suchlike() to is_fs_fully_userns_compatible()
to give it the real meaning. This may prevent future modifications that
may introduce bugs.
We have to pass addresses of changes and n_changes to
bus_deserialize_and_dump_unit_file_changes(). Otherwise we are hit by
missing information (subsequent calls to unit_file_changes_add() to
not add anything).
Also prevent null pointer dereference in
bus_deserialize_and_dump_unit_file_changes() by asserting.
Fixes#3339
but also on all other consoles. This does help on e.g. mainframes
where often a serial console together with other consoles are
used. Even rack based servers attachted to both a serial console
as well as having a virtual console do sometimes miss a connected
monitor.
To be able to ask on all terminal devices of /dev/console the devices
are collected. If more than one device are found, then on each of the
terminals a inquiring task for passphrase is forked and do not return
to the caller.
Every task has its own session and its own controlling terminal.
If one of the tasks does handle a password, the remaining tasks
will be terminated.
Also let contradictory options on the command of
systemd-tty-ask-password-agent fail.
Spwan for each device of the system console /dev/console a own process.
Replace the system call wait() with with system call waitid().
Use SIGTERM instead of SIGHUP to get unresponsive childs down.
Port the collect_consoles() function forward to a pulbic and strv
based function "get_kernel_consoles()" in terminal-util.c and use this
in tty-ask-password-agent.c.
This reverts commit 483d8bbb4c.
In [1] Michel Dänzer and Daniel Vetter wrote:
>> The scenario you describe isn't possible if the Wayland compositor
>> directly uses the KMS API of /dev/dri/card*, but it may be possible if
>> the Wayland compositor uses the fbdev API of /dev/fb* instead (e.g. if
>> weston uses its fbdev backend).
>
> Yeah, if both weston and your screen grabber uses native fbdev API you can
> now screenshot your desktop. And since fbdev has no concept of "current
> owner of the display hw" like the drm master, I think this is not fixable.
> At least not just in userspace. Also even with native KMS compositors
> fbdev still doesn't have the concept of ownership, which is why it doesn't
> bother clearing it's buffer before KMS takes over. I agree that this
> should be reverted or at least hidden better.
TBH, I think that privilege separation between processes running under the same
UID is tenuous. Even with drm, in common setups any user process can ptrace the
"current owner of the display" and call DROP_MASTER or do whatever. It *is*
possible to prevent that, e.g. by disabling ptrace using yama.ptrace_scope, or
selinux, and so on, but afaik this is not commonly done. E.g. all Fedora
systems pull in elfutils-default-yama-scope.rpm through dependencies which sets
yama.ptrace_scope=0. And even assuming that ptrace was disabled, it is trivial
to modify files on disk, communicate through dbus, etc; there is just to many
ways for a non-sandboxed process to interact maliciously with the display shell
to close them all off. To achieve real protection, some sort of sandboxing
must be implemented, and in that case there is no need to rely on access mode
on the device files, since much more stringent measures have to be implemented
anyway.
The situation is similar for framebuffer devices. It is common to add
framebuffer users to video group to allow them unlimited access to /dev/fb*.
Using uaccess would be better solution in that case. Also, since there is no
"current owner" limitation like in DRM, processes running under the same UID
should be able to access /proc/<pid-of-display-server>/fd/* and gain access to
the devices. Nevertheless, weston implements a suid wrapper to access the
devices and then drop privileges, and this patch would make this daemon
pointless. So if the weston developers feel that this change reduces security,
I prefer to revert it.
[1] https://lists.freedesktop.org/archives/wayland-devel/2016-May/029017.html
The statemachine was unable to parse properties with empty values,
reported in [0].
When reaching the start of the KEY, we would unconditionally read
one more character before starting to look for the end-of-line.
Simply look for the end-of-line from the first character.
[0]: <https://bugzilla.redhat.com/show_bug.cgi?id=1338823>
From the issue #2004 we are receiving packet even if this
packet is not intended for this interface.
This can be reproduced.
lp3s0: Updating address: 2001:db8:1:0:7e7a:91ff:fe6d:ffe2/64 (valid for 1d)
wlp3s0: Updating address: fe80::7e7a:91ff:fe6d:ffe2/64 (valid forever)
NDisc CLIENT: Received RA from non-link-local address ::. Ignoring.
NDisc CLIENT: Received RA on wrong interface: 2 != 6. Ignoring.
NDisc CLIENT: Received RA on wrong interface: 2 != 3. Ignoring.
enp0s25: Updating address: 2001:db8:1:0:2ad2:44ff:fe6a:ae07/64 (valid for 1d)
enp0s25: Updating address: fe80::2ad2:44ff:fe6a:ae07/64 (valid forever)
NDisc CLIENT: Sent Router Solicitation
NDisc CLIENT: Sent Router Solicitation
NDisc CLIENT: Sent Router Solicitation
NDisc CLIENT: Received RA on wrong interface: 3 != 2. Ignoring.
NDisc CLIENT: Received RA on wrong interface: 3 != 6. Ignoring.
NDisc CLIENT: Received RA from non-link-local address ::. Ignoring.
NDisc CLIENT: Received RA on wrong interface: 2 != 6. Ignoring.
NDisc CLIENT: Received RA on wrong interface: 2 != 3. Ignoring.
enp0s25: Updating address: 2001:db8:1:0:2ad2:44ff:fe6a:ae07/64 (valid for 1d)
enp0s25: Updating address: fe80::2ad2:44ff:fe6a:ae07/64 (valid forever)
Add SO_BINDTODEVICE to socket
fixes#2004
This is a follow-up to cf447cb62d.
Let's generally follow the rule to not use read() on SOCK_DGRAM sockets, let's
always use recv() on that.
Also, don't abort IPV4ACD logic in case we read a short packet. Simply log and
ignore.
Fixup for #3304.
Only warn, and not return, because that's what sd_dhcp6_client_start()
does right below the call to sd_dhcp6_client_set_local_address().
We'd call sd_bus_message_unref and then proceed to use
variables pointing into the reply buffer (fd and char*).
dup the fd and copy the string before destorying the reply.
This makes systemd-run run again for me.
https://bugzilla.redhat.com/show_bug.cgi?id=1337636
In order to support stateless systems that support offline /usr updates
properly, let's restore the ConditionNeesUpdate=/etc line that makes sure we
are run when /usr is updated and this update needs to be propagated to the
/etc/ld.so.conf file stored in /etc.
This reverts part of #2859, which snuck this change in, but really shouldn't
have.
According to recv(2) these should be the same, but that is not true.
Passing a buffer of length 0 to read is defined to be a noop according
to read(2), but passing a buffer of length 0 to recv will discard the
pending pacet.
We can easily hit this as we allocate our buffer size depending on
the size of the incoming packet (using FIONREAD). As pointed out in
issue #3299 simply sending an empty UDP packet to the DHCP client
port will trigger a busy loop in networkd as we are polling on the
socket but never discarding the empty packet.
This reverts ad5ae47a0d but fixes the
same issue.
The original conflict is fixed in the kernel in v4.6-rc7-40-g4a91cb61bb,
but now our work-around causes a compilation failure.
Keep the workaround to support 4.5 kernels for now, and layer
more ugliness on top.
Tested with:
kernel-headers-4.6.0-1.fc25.x86_64
glibc-devel-2.23.90-18.fc25.x86_64
kernel-headers-4.5.4-300.fc24.x86_64
glibc-devel-2.23.1-7.fc24.x86_64
kernel-headers-4.4.9-300.fc23.x86_64
glibc-devel-2.22-16.fc23.x86_64
kernel-headers-4.1.13-100.fc21.x86_64
glibc-devel-2.20-8.fc21.x86_64
After a few link up/down events I got this warning:
May 17 22:05:10 laptop systemd-resolved[2983]: Failed to read DNS servers for interface wlp3s0, ignoring: Argument list too long
Starting the DHCP client doesn't seem like dhcp6_request_address()'s responsibility anyway. Whenever it's called, sd_dhcp6_client_start() is unconditionally called outside of it as well. See ndisc_router_handler() and ndisc_handler() in networkd-ndisc.c.
After enabling/disabling a unit, the daemon configuration is expected
to be unless '--no-reload' option is passed.
However this is not done when enabling a sysv units. This can lead to
the following scenario:
$ cp /etc/init.d/named /etc/init.d/foo
$ systemctl enable foo
foo.service is not a native service, redirecting to systemd-sysv-install
Executing /usr/lib/systemd/systemd-sysv-install enable foo
$ systemctl start foo
Failed to start foo.service: Unit foo.service failed to load: No such file or directory.
This can also be seen after installing a package providing a sysv
service: the service can't be started unless 'daemon-reload' is called
manually. This shouldn't be needed and this patch will fix this case
too since during package installation, the service is expected to be
enabled/disabled.
The sync() call on shutdown had been removed with commit 57371e5829
together with the no-sync option for the shutdown commands.
The sync call was restored in commit 4a3ad39957 but the no-sync option
wasn't re-added.
I think we should restore this option at least for the legacy halt command.
blkid reports PARTUUID values also for partitions that are defined by a
dos partitioning scheme. Instead of limiting the partitioning scheme to
"gpt or dos" just drop the test for the partitioning scheme and trust
blkid to do the right thing.
... logind SIGHUP support, sd_journal_open_{directory,files}_fd,
specifiers in DeviceAllow, "generated" and "trasnient" unit types.
Move removed features to the end and cluster features by type.
Due to the substantial interface changes in cgroup unified hierarchy, new IO
settings are introduced. Currently, IO settings apply only to unified
hierarchy and BlockIO to legacy. While the transition is necessary, it's
painful for users to have to provide configs for both. This patch implements
translation from one config set to another for configs which make sense.
* The translation takes place during application of the configs. Users won't
see IO or BlockIO settings appearing without being explicitly created.
* The translation takes place only if there is no config for the matching
cgroup hierarchy type at all.
While this doesn't provide comprehensive compatibility, it should considerably
ease transition to the new IO settings which are a superset of BlockIO
settings.
v2:
- Update test-cgroup-mask.c so that it accounts for the fact that
CGROUP_MASK_IO and CGROUP_MASK_BLKIO move together. Also, test/parent.slice
now sets IOWeight instead of BlockIOWeight.
Factor out the following functions out of cgroup_context_apply()
* cgroup_context_[blk]io_weight()
* cgroup_apply_[blk]io_device_weight()
* cgroup_apply_[blk]io_device_limit()
This is pure refactoring and shouldn't cause any functional differences.
CGroupBlockIODeviceBandwith is used to keep track of IO bandwidth limits for
legacy cgroup hierarchies. Unlike the unified hierarchy counterpart
CGroupIODeviceLimit, a CGroupBlockIODeviceBandwiddth records either a read or
write limit and has a couple issues.
* There's no way to clear specific config entry.
* When configs are cleared for an IO direction of a unit, the kernel settings
aren't cleared accordingly creating discrepancies.
This patch updates CGroupBlockIODeviceBandwidth so that it behaves similarly to
CGroupIODeviceLimit - each entry records both rbps and wbps limits and is
cleared if both are at default values after kernel settings are updated.
