1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-31 07:51:21 +03:00
Commit Graph

4 Commits

Author SHA1 Message Date
Ben Boeckel
5238e95759 codespell: fix spelling errors 2019-04-29 16:47:18 +02:00
Zbigniew Jędrzejewski-Szmek
cc5549ca12 scripts: use 4 space indentation
We had all kinds of indentation: 2 sp, 3 sp, 4 sp, 8 sp, and mixed.
4 sp was the most common, in particular the majority of scripts under test/
used that. Let's standarize on 4 sp, because many commandlines are long and
there's a lot of nesting, and with 8sp indentation less stuff fits. 4 sp
also seems to be the default indentation, so this will make it less likely
that people will mess up if they don't load the editor config. (I think people
often use vi, and vi has no support to load project-wide configuration
automatically. We distribute a .vimrc file, but it is not loaded by default,
and even the instructions in it seem to discourage its use for security
reasons.)

Also remove the few vim config lines that were left. We should either have them
on all files, or none.

Also remove some strange stuff like '#!/bin/env bash', yikes.
2019-04-12 08:30:31 +02:00
Zbigniew Jędrzejewski-Szmek
6c34ed5111 test: use newer verb to set log levels 2019-04-03 08:19:08 +02:00
Lennart Poettering
db256aab13 core: be stricter when handling PID files and MAINPID sd_notify() messages
Let's be more restrictive when validating PID files and MAINPID=
messages: don't accept PIDs that make no sense, and if the configuration
source is not trusted, don't accept out-of-cgroup PIDs. A configuratin
source is considered trusted when the PID file is owned by root, or the
message was received from root.

This should lock things down a bit, in case service authors write out
PID files from unprivileged code or use NotifyAccess=all with
unprivileged code. Note that doing so was always problematic, just now
it's a bit less problematic.

When we open the PID file we'll now use the CHASE_SAFE chase_symlinks()
logic, to ensure that we won't follow an unpriviled-owned symlink to a
privileged-owned file thinking this was a valid privileged PID file,
even though it really isn't.

Fixes: #6632
2018-01-11 15:12:16 +01:00