IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This permit to switch to a specific apparmor profile when starting a daemon. This
will result in a non operation if apparmor is disabled.
It also add a new build requirement on libapparmor for using this feature.
SECCOMP_CFLAGS must be in the global CFLAGS as <seccomp.h> is
included in core/execute.h. when seccomp.h is not in the standard
path.(i.e openSUSE has it in /usr/include/pkg/libseccomp/, precisely to
catch this kind of bugs) compiling systemd fails.
The kernel still doesn't support audit in containers, so let's make use
of seccomp and simply turn it off entirely. We can get rid of this big
as soon as the kernel is fixed again.
This allows us users of the library to keep copies of old leases. This is
used by networkd to know what addresses to drop (if any) when the lease
expires.
In the future this may be used by DNAv4 and sd-dhcp-server.
Thomas H.P. Andersen <phomes@gmail.com> wrote:
> Does -lresolv belong in libsystemd_la_CFLAGS? I would have thought
> that it should be in LIBADD for the lib and LDADD for the test.
signal(7) provides a list of functions which may be called from a
signal handler. Other functions, which only call those functions and
don't access global memory and are reentrant are also safe.
sd_j_sendv was mostly OK, but would call mkostemp and writev in a
fallback path, which are unsafe.
Being able to call sd_j_sendv in a async-signal-safe way is important
because it allows it be used in signal handlers.
Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an
open-coded writev replacement which uses write. Unfortunately,
O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is
unavailable, an open-coded mkostemp is used.
https://bugzilla.gnome.org/show_bug.cgi?id=722889
The cppcheck target was introduced by commit 16f4efb415
"build-sys: add cppcheck target". But it is preferable to use a make phony target
for it, as this patch does.
There are two general reasons to use a phony target: to avoid a
conflict with a file of the same name, and to improve performance. In
this case the first reason is obvious, and the second is that make
skips the implicit rule search for phony targets, since it knows that
phony targets do not name actual files that could be remade from other
files (as described in the "Gnu Make" Manual).
A compatibility libsystemd-login library is created which uses
.symver and ifunc magic proposed by Lennart to make programs linked
to the old library name continue to work seamlessly.
Unfortunately the bfd linker crashes:
https://sourceware.org/bugzilla/show_bug.cgi?id=16467
This will be fixed in binutils 2.25.
As a work-around, gold can be used:
LDFLAGS=-Wl,-fuse-ld=gold
Unfortunately the switch to pick the linker appeared in gcc 4.8.
This also doesn't work with LLVM:
http://llvm.org/bugs/show_bug.cgi?id=11897
This adds support to generate a basic resolv.conf in /run/systemd/network.
This file will not take any effect unless a symlink is created from
/etc/resolv.conf.
Nameservers received over DHCP takes precedence over statically configured ones.
Note: /etc/resolv.conf is severely limited, so in the future we will likely
rather provide a much more powerfull nss plugin (or something to that effect),
but this should allow current users to function without any loss of
functionality.
This adds basic DHCPv4 support. Link-sense is enabled unconditionally,
but the plan is to make that configurable.
I tested this in a VM with lots of NICs and over wifi in the various
coffee shops I found this Christmas, but more testing would definitely
be appreciated.
Various operations done by systemd-tmpfiles may only be safely done at
boot (e.g. removal of X lockfiles in /tmp, creation of /run/nologin).
Other operations may be done at any point in time (e.g. setting the
ownership on /{run,var}/log/journal). This distinction is largely
orthogonal to the type of operation.
A new switch --unsafe is added, and operations which should only be
executed during bootup are marked with an exclamation mark in the
configuration files. systemd-tmpfiles.service is modified to use this
switch, and guards are added so it is hard to re-start it by mistake.
If we install a new version of systemd, we actually want to enforce
some changes to tmpfiles configuration immediately. This should now be
possible to do safely, so distribution packages can be modified to
execute the "safe" subset at package installation time.
/run/nologin creation is split out into a separate service, to make it
easy to override.
https://bugzilla.redhat.com/show_bug.cgi?id=1043212https://bugzilla.redhat.com/show_bug.cgi?id=1045849
Let's try to standardize on a single non-cryptographic hash algorithm,
and for that SipHash appears to be the best answer.
With this change there are two other hash functions left in systemd: an
older version of MurmurHash embedded into libudev for the bloom filters
in udev messages (which is hard to update, given that the we probably
should stay compatible with older versions of the library). And lookup3
in the journal files (which we could replace for new files, but which is
probably not worth the work).
systemd-bus-driverd is a small daemon that connects to kdbus and
implements the org.freedesktop.DBus interface. IOW, it provides the bus
functions traditionally taken care for by dbus-daemon.
Calls are proxied to kdbus, either via libsystemd-bus (were applicable)
or with the open-coded use of ioctl().
Note that the implementation is not yet finished as the functions to
add and remove matches and to start services by name are still missing.
This uses --enable=all mode. Should be taken with a grain of salt
though. While many recommendations make sense we should probably keep
"int r" always on function scope, and many of the portability warnings
really don't matter to us because we only care for Linux/glibc.
Set a fake MAC address and emulate raw packet sending. When the buffer
containing the Discover message is received, check selected IP and
UDP headers and compute IP header and UDP message checksums. Also
send the DHCP message for option parsing and expect a successful
outcome.
Adds a new call sd_event_set_watchdog() that can be used to hook up the
event loop with the watchdog supervision logic of systemd. If enabled
and $WATCHDOG_USEC is set the event loop will ping the invoking systemd
daemon right after coming back from epoll_wait() but not more often than
$WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than
$WATCHDOG_USEC/4*3, to make sure the service manager is called in time.
This means that setting WatchdogSec= in a .service file and calling
sd_event_set_watchdog() in your daemon is enough to hook it up with the
watchdog logic.
The static analyzer scan-build had a few issues with analysing
parts of systemd.
gpt-auto-generator.c:
scan-build could not find blkid.h. Whether it should be blkid.h or
blkid/blkid.h seems to depend on the version used. We already use
blkid/blkid.h in udev-builtin-blkid.c so it seems safe to use that
here too.
Makefile.am:
Moved some -D's from CFLAGS to CPPFLAGS. I also simplified them a
bit and got rid of a left over DBUS_CFLAGS.
test-cgroup-mask.c/test-sched-prio.c
A variable was added to store the replaced TEST_DIR. When wrapped
in an assert_se TEST_DIR was not replaced in the logged error.
While not an issue introduced in this patch we might as well fix
it up while we are here.
