Compare commits
9 Commits
9fac14980d
...
cabc1c6d7a
Author | SHA1 | Date |
---|---|---|
Topi Miettinen | cabc1c6d7a | |
Zbigniew Jędrzejewski-Szmek | c3362c2f97 | |
Zbigniew Jędrzejewski-Szmek | 6635f57d3e | |
root | f9d29f6d06 | |
Hans de Goede | e6b68254c2 | |
Lennart Poettering | 602235f27d | |
Zbigniew Jędrzejewski-Szmek | 9aa822179b | |
Zbigniew Jędrzejewski-Szmek | 326b1f897b | |
Zbigniew Jędrzejewski-Szmek | bb288a2cb3 |
6
NEWS
6
NEWS
|
@ -1,5 +1,11 @@
|
|||
systemd System and Service Manager
|
||||
|
||||
CHANGES WITH 246 in spe:
|
||||
* The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
|
||||
systemd-coredump to save core files for suid processes. When saving
|
||||
the core file, systemd-coredump will use the effective uid and gid of
|
||||
the process that faulted.
|
||||
|
||||
CHANGES WITH 245:
|
||||
|
||||
* A new tool "systemd-repart" has been added, that operates as an
|
||||
|
|
|
@ -469,6 +469,12 @@ sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION:pnE*:*
|
|||
sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION:pnMEDION*:*
|
||||
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
|
||||
|
||||
#########################################
|
||||
# MPMAN
|
||||
#########################################
|
||||
sensor:modalias:acpi:BMA250E*:dmi:*:svnMPMAN:pnMPWIN8900CL:*
|
||||
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
|
||||
|
||||
#########################################
|
||||
# MSI
|
||||
#########################################
|
||||
|
|
|
@ -140,7 +140,12 @@ manpages = [
|
|||
''],
|
||||
['sd_bus_attach_event', '3', ['sd_bus_detach_event', 'sd_bus_get_event'], ''],
|
||||
['sd_bus_call', '3', ['sd_bus_call_async'], ''],
|
||||
['sd_bus_call_method', '3', ['sd_bus_call_method_async'], ''],
|
||||
['sd_bus_call_method',
|
||||
'3',
|
||||
['sd_bus_call_method_async',
|
||||
'sd_bus_call_method_asyncv',
|
||||
'sd_bus_call_methodv'],
|
||||
''],
|
||||
['sd_bus_close', '3', ['sd_bus_default_flush_close', 'sd_bus_flush'], ''],
|
||||
['sd_bus_creds_get_pid',
|
||||
'3',
|
||||
|
@ -325,9 +330,11 @@ manpages = [
|
|||
'3',
|
||||
['sd_bus_reply_method_errno',
|
||||
'sd_bus_reply_method_errnof',
|
||||
'sd_bus_reply_method_errorf'],
|
||||
'sd_bus_reply_method_errnofv',
|
||||
'sd_bus_reply_method_errorf',
|
||||
'sd_bus_reply_method_errorfv'],
|
||||
''],
|
||||
['sd_bus_reply_method_return', '3', [], ''],
|
||||
['sd_bus_reply_method_return', '3', ['sd_bus_reply_method_returnv'], ''],
|
||||
['sd_bus_request_name',
|
||||
'3',
|
||||
['sd_bus_release_name',
|
||||
|
|
|
@ -65,7 +65,7 @@
|
|||
|
||||
<para>Output for a signal message (with <constant>SD_BUS_MESSAGE_DUMP_WITH_HEADER</constant>):
|
||||
<programlisting>
|
||||
‣ Type=signal Endian=l Flags=1 Version=1 Priority=0 Cookie=22
|
||||
‣ Type=signal Endian=l Flags=1 Version=1 Cookie=22
|
||||
Path=/value/a Interface=org.freedesktop.DBus.Properties Member=PropertiesChanged
|
||||
MESSAGE "sa{sv}as" {
|
||||
STRING "org.freedesktop.systemd.ValueTest";
|
||||
|
|
|
@ -106,7 +106,7 @@
|
|||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Units managed by the system's service manager</title>
|
||||
<title>Units managed by the system service manager</title>
|
||||
|
||||
<refsect2>
|
||||
<title>Special System Units</title>
|
||||
|
@ -1058,7 +1058,7 @@
|
|||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Units managed by the user's service manager</title>
|
||||
<title>Units managed by the user service manager</title>
|
||||
|
||||
<refsect2>
|
||||
<title>Special User Units</title>
|
||||
|
|
|
@ -1200,7 +1200,6 @@ static int message_json(sd_bus_message *m, FILE *f) {
|
|||
JSON_BUILD_PAIR("endian", JSON_BUILD_STRING(e)),
|
||||
JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(m->header->flags)),
|
||||
JSON_BUILD_PAIR("version", JSON_BUILD_INTEGER(m->header->version)),
|
||||
JSON_BUILD_PAIR_CONDITION(m->priority != 0, "priority", JSON_BUILD_INTEGER(m->priority)),
|
||||
JSON_BUILD_PAIR("cookie", JSON_BUILD_INTEGER(BUS_MESSAGE_COOKIE(m))),
|
||||
JSON_BUILD_PAIR_CONDITION(m->reply_cookie != 0, "reply_cookie", JSON_BUILD_INTEGER(m->reply_cookie)),
|
||||
JSON_BUILD_PAIR_CONDITION(m->sender, "sender", JSON_BUILD_STRING(m->sender)),
|
||||
|
|
|
@ -4247,6 +4247,11 @@ ManagerState manager_state(Manager *m) {
|
|||
|
||||
assert(m);
|
||||
|
||||
/* Is the special shutdown target active or queued? If so, we are in shutdown state */
|
||||
u = manager_get_unit(m, SPECIAL_SHUTDOWN_TARGET);
|
||||
if (u && unit_active_or_pending(u))
|
||||
return MANAGER_STOPPING;
|
||||
|
||||
/* Did we ever finish booting? If not then we are still starting up */
|
||||
if (!MANAGER_IS_FINISHED(m)) {
|
||||
|
||||
|
@ -4257,11 +4262,6 @@ ManagerState manager_state(Manager *m) {
|
|||
return MANAGER_STARTING;
|
||||
}
|
||||
|
||||
/* Is the special shutdown target active or queued? If so, we are in shutdown state */
|
||||
u = manager_get_unit(m, SPECIAL_SHUTDOWN_TARGET);
|
||||
if (u && unit_active_or_pending(u))
|
||||
return MANAGER_STOPPING;
|
||||
|
||||
if (MANAGER_IS_SYSTEM(m)) {
|
||||
/* Are the rescue or emergency targets active or queued? If so we are in maintenance state */
|
||||
u = manager_get_unit(m, SPECIAL_RESCUE_TARGET);
|
||||
|
|
|
@ -56,7 +56,7 @@ _public_ int sd_bus_message_dump(sd_bus_message *m, FILE *f, uint64_t flags) {
|
|||
|
||||
if (flags & SD_BUS_MESSAGE_DUMP_WITH_HEADER) {
|
||||
fprintf(f,
|
||||
"%s%s%s Type=%s%s%s Endian=%c Flags=%u Version=%u Priority=%"PRIi64,
|
||||
"%s%s%s Type=%s%s%s Endian=%c Flags=%u Version=%u",
|
||||
m->header->type == SD_BUS_MESSAGE_METHOD_ERROR ? ansi_highlight_red() :
|
||||
m->header->type == SD_BUS_MESSAGE_METHOD_RETURN ? ansi_highlight_green() :
|
||||
m->header->type != SD_BUS_MESSAGE_SIGNAL ? ansi_highlight() : "",
|
||||
|
@ -69,8 +69,7 @@ _public_ int sd_bus_message_dump(sd_bus_message *m, FILE *f, uint64_t flags) {
|
|||
|
||||
m->header->endian,
|
||||
m->header->flags,
|
||||
m->header->version,
|
||||
m->priority);
|
||||
m->header->version);
|
||||
|
||||
/* Display synthetic message serial number in a more readable
|
||||
* format than (uint32_t) -1 */
|
||||
|
|
|
@ -5924,18 +5924,31 @@ int bus_message_remarshal(sd_bus *bus, sd_bus_message **m) {
|
|||
}
|
||||
|
||||
_public_ int sd_bus_message_get_priority(sd_bus_message *m, int64_t *priority) {
|
||||
static bool warned = false;
|
||||
|
||||
assert_return(m, -EINVAL);
|
||||
assert_return(priority, -EINVAL);
|
||||
|
||||
*priority = m->priority;
|
||||
if (!warned) {
|
||||
log_debug("sd_bus_message_get_priority() is deprecated and always returns 0.");
|
||||
warned = true;
|
||||
}
|
||||
|
||||
*priority = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
_public_ int sd_bus_message_set_priority(sd_bus_message *m, int64_t priority) {
|
||||
static bool warned = false;
|
||||
|
||||
assert_return(m, -EINVAL);
|
||||
assert_return(!m->sealed, -EPERM);
|
||||
|
||||
m->priority = priority;
|
||||
if (!warned) {
|
||||
log_debug("sd_bus_message_set_priority() is deprecated and does nothing.");
|
||||
warned = true;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -76,7 +76,6 @@ struct sd_bus_message {
|
|||
usec_t monotonic;
|
||||
usec_t realtime;
|
||||
uint64_t seqnum;
|
||||
int64_t priority;
|
||||
uint64_t verify_destination_id;
|
||||
|
||||
bool sealed:1;
|
||||
|
|
|
@ -5,8 +5,23 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See sysctl.d(5) for the description of the files in this directory,
|
||||
# and systemd-coredump(8) and core(5) for the explanation of the
|
||||
# setting below.
|
||||
# See sysctl.d(5) for the description of the files in this directory.
|
||||
|
||||
# Pipe the core file to systemd-coredump. The systemd-coredump process spawned
|
||||
# by the kernel will start a second copy of itself as the
|
||||
# systemd-coredump@.service, which will do the actual processing and storing of
|
||||
# the core dump.
|
||||
#
|
||||
# See systemd-coredump(8) and core(5).
|
||||
kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h
|
||||
|
||||
# Also dump processes executing a set-user-ID/set-group-ID program that is
|
||||
# owned by a user/group other than the real user/group ID of the process, or
|
||||
# a program that has file capabilities. ("2" is called "suidsafe" in core(5)).
|
||||
#
|
||||
# systemd-coredump will store the core file owned by the effective uid and gid
|
||||
# of the running process (and not the filesystem-user-ID which the kernel uses
|
||||
# when saving a core dump).
|
||||
#
|
||||
# See proc(5), setuid(2), capabilities(7).
|
||||
fs.suid_dumpable=2
|
||||
|
|
|
@ -21,6 +21,7 @@ NoNewPrivileges=yes
|
|||
PrivateDevices=yes
|
||||
PrivateNetwork=yes
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
ProtectHostname=yes
|
||||
|
|
|
@ -25,6 +25,7 @@ LockPersonality=yes
|
|||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
||||
OOMScoreAdjust=-250
|
||||
ProtectClock=yes
|
||||
Restart=always
|
||||
RestartSec=0
|
||||
RestrictAddressFamilies=AF_UNIX AF_NETLINK
|
||||
|
|
|
@ -36,6 +36,7 @@ LockPersonality=yes
|
|||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
ProtectHostname=yes
|
||||
|
|
|
@ -26,6 +26,7 @@ ExecStart=!!@rootlibexecdir@/systemd-networkd
|
|||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
ProtectKernelModules=yes
|
||||
|
|
|
@ -28,6 +28,7 @@ MemoryDenyWriteExecute=yes
|
|||
NoNewPrivileges=yes
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectClock=yes
|
||||
ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
ProtectKernelModules=yes
|
||||
|
|
|
@ -16,6 +16,8 @@ Before=sysinit.target
|
|||
ConditionPathIsReadWrite=/sys
|
||||
|
||||
[Service]
|
||||
DeviceAllow=block-* rwm
|
||||
DeviceAllow=char-* rwm
|
||||
Type=notify
|
||||
# Note that udev also adjusts the OOM score internally and will reset the value internally for its workers
|
||||
OOMScoreAdjust=-1000
|
||||
|
@ -27,6 +29,7 @@ ExecReload=udevadm control --reload --timeout 0
|
|||
KillMode=mixed
|
||||
TasksMax=infinity
|
||||
PrivateMounts=yes
|
||||
ProtectClock=yes
|
||||
ProtectHostname=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
|
||||
|
|
Loading…
Reference in New Issue