IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
If a name was passed in as function argument, trust it, and don't do utf-8
encoding for them. Callers are obliged to check the names themselves, and
escape them in case they use anything they got from the outside world.
This is what we have done so far for all other time values, and hence we
should do this here. This indicates the default unit of time values
specified here, if they don't contain a unit.
As memfds are now created by proper kernel API, and not by our functions, we
can't rely on names being escaped/unescaped according to our current logic.
Thus, the only safe way is to remove the escaping and when reading names,
just escape names that are not properly encoded in UTF-8.
Also, remove assert(name) lines from the memfd creation functions, as we
explictly allow name to be NULL.
Now, that the memfd stuff is not exported anymore, we can simplify a few
things:
Use assert() instead of assert_return(), since this is used internally
only, and we should be less permissive then.
No need to pass an allocated fd back by call-by-reference, we can just
directly return it.
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_label derived from xinetd.
Reviewed-by: Paul Moore <pmoore@redhat.com>
As the comment says, the passed in callback must always be invoked, or the underlying link
will hang. This was missed when reworking the code, so add it back in.
We are only guaranteed to stay in ENSLAVING state whilst enslaving by bridges/bonds, not
when adding stacked devices (as then the underlying device can be IFF_UP'ed and configured
in parallel), so drop these asserts.
This allows encoding users to create directly in %pre, which is
necessary so that files owned by the RPM can be assigned to the right
users/groups.
This new macro does create a redundancy, as user definitions for all
users that shall own files need to to be listed twice, once with this
new macro, and then secondly, in the sysusers file shipped with the
package. But there's little way around that, as the users of this type
need to exist before we install the first file, but we actually want to
ship the user information in a file.
Mapping files as MAP_SHARED is handled by the kernel as 'writable'
mapping. Always! Even with PROT_READ. Reason for that is,
mprotect(PROT_WRITE) could change the mapping underneath and currently
there is no kernel infrastructure to add protection there. This might
change in the future, but until then, map sealed files as MAP_PRIVATE so
we don't get EPERM.
Start jobs for Type=oneshot units are successful when the unit state
transition activating → inactive took place. In such a case all units
that BindsTo= on it previously would continue to run, even though the unit
they dependet on was actually already gone.
On systems without properly setup systemd, cg_get_root_path returns
-ENOENT. This means that busctl doesn't display much information.
busctl monitor also fails whenever it intercepts messages.
This fix fakes creates a fake "/" root cgroup which lets busctl work
on such systems.
