hwdb.d/60-evdev.hwdb

@@ -265,10 +265,10 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE725
 
 # Dell Latitude E7470
 evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE7470:*
- EVDEV_ABS_00=29:2930:30:16
+ EVDEV_ABS_00=29:2930:30
- EVDEV_ABS_01=26:1533:29:16
+ EVDEV_ABS_01=26:1533:29
- EVDEV_ABS_35=29:2930:30:16
+ EVDEV_ABS_35=29:2930:30
- EVDEV_ABS_36=26:1533:29:16
+ EVDEV_ABS_36=26:1533:29
 
 # Dell Precision 5510
 evdev:name:SynPS/2 Synaptics TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnPrecision5510:*

man/systemd-nspawn.xml

@@ -801,59 +801,46 @@
       <varlistentry>
         <term><option>--network-interface=</option></term>
 
-        <listitem><para>Assign the specified network interface to the container. This will remove the
+        <listitem><para>Assign the specified network interface to the
-        specified interface from the calling namespace and place it in the container. When the container
+        container. This will remove the specified interface from the
-        terminates, it is moved back to the calling namespace.  Note that
+        calling namespace and place it in the container. When the
-        <option>--network-interface=</option> implies <option>--private-network</option>. This option may be
+        container terminates, it is moved back to the host namespace.
-        used more than once to add multiple network interfaces to the container.</para>
+        Note that <option>--network-interface=</option> implies
-
+        <option>--private-network</option>. This option may be used
-        <para>Note that any network interface specified this way must already exist at the time the container
+        more than once to add multiple network interfaces to the
-        is started. If the container shall be started automatically at boot via a
+        container.</para></listitem>
-        <filename>systemd-nspawn@.service</filename> unit file instance, it might hence make sense to add a
-        unit file drop-in to the service instance
-        (e.g. <filename>/etc/systemd/system/systemd-nspawn@foobar.service.d/50-network.conf</filename>) with
-        contents like the following:</para>
-
-        <programlisting>[Unit]
-Wants=sys-subsystem-net-devices-ens1.device
-After=sys-subsystem-net-devices-ens1.device</programlisting>
-
-        <para>This will make sure that activation of the container service will be delayed until the
-        <literal>ens1</literal> network interface has shown up. This is required since hardware probing is
-        fully asynchronous, and network interfaces might be discovered only later during the boot process,
-        after the container would normally be started without these explicit dependencies.</para>
-        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term><option>--network-macvlan=</option></term>
 
-        <listitem><para>Create a <literal>macvlan</literal> interface of the specified Ethernet network
+        <listitem><para>Create a <literal>macvlan</literal> interface
-        interface and add it to the container. A <literal>macvlan</literal> interface is a virtual interface
+        of the specified Ethernet network interface and add it to the
-        that adds a second MAC address to an existing physical Ethernet link. The interface in the container
+        container. A <literal>macvlan</literal> interface is a virtual
-        will be named after the interface on the host, prefixed with <literal>mv-</literal>. Note that
+        interface that adds a second MAC address to an existing
-        <option>--network-macvlan=</option> implies <option>--private-network</option>. This option may be
+        physical Ethernet link. The interface in the container will be
-        used more than once to add multiple network interfaces to the container.</para>
+        named after the interface on the host, prefixed with
-
+        <literal>mv-</literal>. Note that
-        <para>As with <option>--network-interface=</option>, the underlying Ethernet network interface must
+        <option>--network-macvlan=</option> implies
-        already exist at the time the container is started, and thus similar unit file drop-ins as described
+        <option>--private-network</option>. This option may be used
-        above might be useful.</para></listitem>
+        more than once to add multiple network interfaces to the
+        container.</para></listitem>
       </varlistentry>
 
       <varlistentry>
         <term><option>--network-ipvlan=</option></term>
 
-        <listitem><para>Create an <literal>ipvlan</literal> interface of the specified Ethernet network
+        <listitem><para>Create an <literal>ipvlan</literal> interface
-        interface and add it to the container. An <literal>ipvlan</literal> interface is a virtual interface,
+        of the specified Ethernet network interface and add it to the
-        similar to a <literal>macvlan</literal> interface, which uses the same MAC address as the underlying
+        container. An <literal>ipvlan</literal> interface is a virtual
-        interface.  The interface in the container will be named after the interface on the host, prefixed
+        interface, similar to a <literal>macvlan</literal> interface,
-        with <literal>iv-</literal>.  Note that <option>--network-ipvlan=</option> implies
+        which uses the same MAC address as the underlying interface.
-        <option>--private-network</option>. This option may be used more than once to add multiple network
+        The interface in the container will be named after the
-        interfaces to the container.</para>
+        interface on the host, prefixed with <literal>iv-</literal>.
-
+        Note that <option>--network-ipvlan=</option> implies
-        <para>As with <option>--network-interface=</option>, the underlying Ethernet network interface must
+        <option>--private-network</option>. This option may be used
-        already exist at the time the container is started, and thus similar unit file drop-ins as described
+        more than once to add multiple network interfaces to the
-        above might be useful.</para></listitem>
+        container.</para></listitem>
       </varlistentry>
 
       <varlistentry>
@@ -920,11 +907,7 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
         this option is used, the host side of the Ethernet link will use the <literal>vb-</literal> prefix
         instead of <literal>ve-</literal>. Regardless of the used naming prefix the same network interface
         name length limits imposed by Linux apply, along with the complications this creates (for details see
-        above).</para>
+        above).</para></listitem>
-
-        <para>As with <option>--network-interface=</option>, the underlying bridge network interface must
-        already exist at the time the container is started, and thus similar unit file drop-ins as described
-        above might be useful.</para></listitem>
       </varlistentry>
 
       <varlistentry>

src/basic/copy.c

@@ -1147,24 +1147,24 @@ int copy_file_atomic_full(
          * writing it. */
 
         if (copy_flags & COPY_REPLACE) {
-                _cleanup_free_ char *f = NULL;
+                r = tempfn_random(to, NULL, &t);
-
-                r = tempfn_random(to, NULL, &f);
                 if (r < 0)
                         return r;
 
                 if (copy_flags & COPY_MAC_CREATE) {
                         r = mac_selinux_create_file_prepare(to, S_IFREG);
-                        if (r < 0)
+                        if (r < 0) {
+                                t = mfree(t);
                                 return r;
+                        }
                 }
-                fdt = open(f, O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY|O_WRONLY|O_CLOEXEC, 0600);
+                fdt = open(t, O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY|O_WRONLY|O_CLOEXEC, 0600);
                 if (copy_flags & COPY_MAC_CREATE)
                         mac_selinux_create_file_clear();
-                if (fdt < 0)
+                if (fdt < 0) {
+                        t = mfree(t);
                         return -errno;
-
+                }
-                t = TAKE_PTR(f);
         } else {
                 if (copy_flags & COPY_MAC_CREATE) {
                         r = mac_selinux_create_file_prepare(to, S_IFREG);
@@ -1232,8 +1232,6 @@ int copy_access(int fdf, int fdt) {
         assert(fdf >= 0);
         assert(fdt >= 0);
 
-        /* Copies just the access mode (and not the ownership) from fdf to fdt */
-
         if (fstat(fdf, &st) < 0)
                 return -errno;
 
@@ -1243,20 +1241,6 @@ int copy_access(int fdf, int fdt) {
         return 0;
 }
 
-int copy_rights(int fdf, int fdt) {
-        struct stat st;
-
-        assert(fdf >= 0);
-        assert(fdt >= 0);
-
-        /* Copies both access mode and ownership from fdf to fdt */
-
-        if (fstat(fdf, &st) < 0)
-                return -errno;
-
-        return fchmod_and_chown(fdt, st.st_mode & 07777, st.st_uid, st.st_gid);
-}
-
 int copy_xattr(int fdf, int fdt) {
         _cleanup_free_ char *names = NULL;
         int ret = 0, r;

src/basic/copy.h

@@ -64,5 +64,4 @@ static inline int copy_bytes(int fdf, int fdt, uint64_t max_bytes, CopyFlags cop
 
 int copy_times(int fdf, int fdt, CopyFlags flags);
 int copy_access(int fdf, int fdt);
-int copy_rights(int fdf, int fdt);
 int copy_xattr(int fdf, int fdt);

src/basic/fileio.c

@@ -548,9 +548,7 @@ int read_full_stream_full(
                 }
 
                 buf = t;
-                /* Unless a size has been explicitly specified, try to read as much as fits into the memory
+                n = n_next;
-                 * we allocated (minus 1, to leave one byte for the safety NUL byte) */
-                n = size == SIZE_MAX ? malloc_usable_size(buf) - 1 : n_next;
 
                 errno = 0;
                 k = fread(buf + l, 1, n - l, f);
@@ -1327,6 +1325,15 @@ int warn_file_is_world_accessible(const char *filename, struct stat *st, const c
         return 0;
 }
 
+int sync_rights(int from, int to) {
+        struct stat st;
+
+        if (fstat(from, &st) < 0)
+                return -errno;
+
+        return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid);
+}
+
 int rename_and_apply_smack_floor_label(const char *from, const char *to) {
         int r = 0;
         if (rename(from, to) < 0)

src/basic/fileio.h

@@ -118,4 +118,6 @@ int safe_fgetc(FILE *f, char *ret);
 
 int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line);
 
+int sync_rights(int from, int to);
+
 int rename_and_apply_smack_floor_label(const char *temp_path, const char *dest_path);

src/basic/rm-rf.h

@@ -24,7 +24,7 @@ static inline char *rm_rf_physical_and_free(char *p) {
         if (!p)
                 return NULL;
 
-        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_MISSING_OK|REMOVE_CHMOD);
+        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL);
         free(p);
         return NULL;
 }
@@ -37,7 +37,7 @@ static inline char *rm_rf_subvolume_and_free(char *p) {
         if (!p)
                 return NULL;
 
-        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME|REMOVE_MISSING_OK|REMOVE_CHMOD);
+        (void) rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
         free(p);
         return NULL;
 }

src/firstboot/firstboot.c

@@ -675,7 +675,7 @@ static int write_root_passwd(const char *passwd_path, const char *password, cons
         if (original) {
                 struct passwd *i;
 
-                r = copy_rights(fileno(original), fileno(passwd));
+                r = sync_rights(fileno(original), fileno(passwd));
                 if (r < 0)
                         return r;
 
@@ -743,7 +743,7 @@ static int write_root_shadow(const char *shadow_path, const char *hashed_passwor
         if (original) {
                 struct spwd *i;
 
-                r = copy_rights(fileno(original), fileno(shadow));
+                r = sync_rights(fileno(original), fileno(shadow));
                 if (r < 0)
                         return r;
 

src/run/run.c

@@ -956,12 +956,10 @@ static int make_unit_name(sd_bus *bus, UnitType t, char **ret) {
                 return 0;
         }
 
-        /* We managed to get the unique name, then let's use that to name our transient units. */
+        /* We managed to get the unique name, then let's use that to
+         * name our transient units. */
 
-        id = startswith(unique, ":1."); /* let' strip the usual prefix */
+        id = startswith(unique, ":");
-        if (!id)
-                id = startswith(unique, ":"); /* the spec only requires things to start with a colon, hence
-                                               * let's add a generic fallback for that. */
         if (!id)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Unique name %s has unexpected format.",

src/sysusers/sysusers.c

@@ -393,7 +393,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char
         original = fopen(passwd_path, "re");
         if (original) {
 
-                r = copy_rights(fileno(original), fileno(passwd));
+                r = sync_rights(fileno(original), fileno(passwd));
                 if (r < 0)
                         return r;
 
@@ -494,7 +494,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
         original = fopen(shadow_path, "re");
         if (original) {
 
-                r = copy_rights(fileno(original), fileno(shadow));
+                r = sync_rights(fileno(original), fileno(shadow));
                 if (r < 0)
                         return r;
 
@@ -590,7 +590,7 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char **
         original = fopen(group_path, "re");
         if (original) {
 
-                r = copy_rights(fileno(original), fileno(group));
+                r = sync_rights(fileno(original), fileno(group));
                 if (r < 0)
                         return r;
 
@@ -688,7 +688,7 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch
         if (original) {
                 struct sgrp *sg;
 
-                r = copy_rights(fileno(original), fileno(gshadow));
+                r = sync_rights(fileno(original), fileno(gshadow));
                 if (r < 0)
                         return r;