Compare commits

..

22 Commits

Author SHA1 Message Date
Yu Watanabe dd0395b565 make namespace_flags_to_string() not return empty string
This improves the following debug log.

Before:
systemd[1162]: Restricting namespace to: .

After:
systemd[1162]: Restricting namespace to: n/a.
2020-03-03 21:17:38 +01:00
Zbigniew Jędrzejewski-Szmek fbd6ac2601
Merge pull request #15009 from keszybz/version-and-doc-updates
Version and doc updates
2020-03-03 20:29:12 +01:00
Zbigniew Jędrzejewski-Szmek efd58985f6
Merge pull request #15002 from keszybz/sysusers-no-proc
Make systemd-sysusers work if /proc is unavailable
2020-03-03 20:28:02 +01:00
Frantisek Sumsal e31b6bd020 lgtm: drop the TMPDIR/meson workaround
The underlying issue seems to be fixed, so let's drop the now obsolete
workarounds.

Introduced in 65be7042a8
2020-03-03 20:27:42 +01:00
Zbigniew Jędrzejewski-Szmek d4de2b2aff man: document that .link/.network/.netdev files have the usual ini syntax
Fixes #1266.
2020-03-03 19:11:59 +01:00
Zbigniew Jędrzejewski-Szmek 870d38dca9 docs: add .link/.network/.netdev files to interface stability chart
Fixes #9850.
2020-03-03 19:11:45 +01:00
Zbigniew Jędrzejewski-Szmek c7fe06fb0a man: document the default value for IPv6AcceptRA=
Fixes #14121.
2020-03-03 18:36:03 +01:00
Zbigniew Jędrzejewski-Szmek cd517eb731 man: specify that Domains= is a space-separated list
Fixes #14998.
2020-03-03 18:03:53 +01:00
Daniel Lublin 1699f53788 hwdb: add corrections for Olimex Teres-I to keyboard hwdb
The firmware of the Olimex Teres-I (a DIY laptop kit) seems to have wrong
scancodes.

Fixes #15003.
2020-03-03 18:00:23 +01:00
Zbigniew Jędrzejewski-Szmek 105a1a36cd tree-wide: fix spelling of lookup and setup verbs
"set up" and "look up" are the verbs, "setup" and "lookup" are the nouns.
2020-03-03 15:02:53 +01:00
Zbigniew Jędrzejewski-Szmek 33eb1f2497 tree-wide: drop printk.devkmsg=on setting in various places
Since 6123dfaa72 this should not be necessary anymore.
2020-03-03 15:02:53 +01:00
Zbigniew Jędrzejewski-Szmek a345d5c1c9 man,mkosi: use glibc-minimal-langpack for Fedora
This saves ~24MB of space, see
https://fedoraproject.org/wiki/Changes/Remove_glibc-langpacks-all_from_buildroot.
2020-03-03 15:02:53 +01:00
Zbigniew Jędrzejewski-Szmek 95d311faea man: bump fedora versions 2020-03-03 15:02:53 +01:00
Zbigniew Jędrzejewski-Szmek 7e0276b37a
Merge pull request #14874 from bluca/portable_detach_now_block
portablectl: block when stopping a unit on detach (--now)
2020-03-03 14:40:12 +01:00
Guido Günther 1c5b427f5d
hwdb: 60-sensor.hwdb: Add proximity sensor udev property (#14845)
Devices with proximity sensors can specify a near level that
indicates when an object is considered close to the device.
2020-03-03 14:40:00 +01:00
Christian Göttsche fdb0405edd selinux: check return value of string_to_security_class()
This should never happen, but better safe than sorry.
2020-03-03 14:17:52 +01:00
Vladimir Yerilov 81d4a026a6 drop unused translations 2020-03-03 13:57:29 +01:00
Vladimir Yerilov d015652944 update Russian translation 2020-03-03 13:57:29 +01:00
Zbigniew Jędrzejewski-Szmek 1fb5a5edc7 sysusers: do not require /proc to be mounted
We're operating on known paths in root-owned directories here, so the detour
through toctou-safe methods that require /proc to be mounted is not necessary.
Should fix https://bugzilla.redhat.com/show_bug.cgi?id=1807768.
2020-03-03 12:29:57 +01:00
Zbigniew Jędrzejewski-Szmek 6cb356ca9f basic/fs-util: add a version of chmod_and_chown that doesn not use /proc 2020-03-03 11:56:44 +01:00
Zbigniew Jędrzejewski-Szmek 08c7c3216b sysusers: many different errnos to express one condition
See https://bugzilla.redhat.com/show_bug.cgi?id=1807768. It turns
out that sysusers cannot query if the group exists:
Failed to check if group dnsmasq already exists: No such process
...
Failed to check if group systemd-timesync already exists: No such process

When the same command is executed later, the issue does not occur. Not sure why
the behaviour in the initial transaction is different. But let's accept all
errors that the man pages list. We check if the user/group exists before creating
anyway, so this seems pretty safe.
2020-03-03 11:56:25 +01:00
Luca Boccassi 31c33315b3 portablectl: block when stopping a unit on detach (--now)
If portablectl detach --now is used, there's a possible race condition
where the unit is not stopped in time before the detach is attempted,
which causes it to fail.
Add a DBUS call to block after starting/stopping if --now is passed,
and add a --no-block parameter to skip it optionally when starting,
since it is not necessary in that case for correct functioning.
2020-02-18 12:02:53 +00:00
38 changed files with 561 additions and 142 deletions

View File

@ -9,16 +9,6 @@ extraction:
- libfdisk-dev
- libp11-kit-dev
- libssl-dev
before_index:
# /tmp has `noexec` set in the LGTM infra which breaks meson's
# compilation checks. Let's temporarily override TMPDIR to /var/tmp which
# should work as expected
# See: https://discuss.lgtm.com/t/meson-fails-to-determine-sizes-of-basic-data-types/2639
- export TMPDIR=/var/tmp
index:
build_command:
- meson build
- ninja -C build
python:
python_setup:
version: 3

View File

@ -10,7 +10,6 @@ Release=31
[Output]
Format=gpt_ext4
Bootable=yes
KernelCommandLine=printk.devkmsg=on
[Partitions]
RootSize=3G
@ -27,6 +26,7 @@ BuildPackages=
gcc
gettext
git
glibc-minimal-langpack
gnu-efi
gnu-efi-devel
gnutls-devel

View File

@ -96,6 +96,8 @@ And now, here's the list of (hopefully) all APIs that we have introduced with sy
| [$NOTIFY_SOCKET Daemon Notifications](https://www.freedesktop.org/software/systemd/man/sd_notify.html) | Environment | yes | yes | a few, including udev | yes | - | no |
| [argv[0][0]='@' Logic](https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons) | `/proc` marking | yes | yes | mdadm | yes | - | no |
| [Unit file format](https://www.freedesktop.org/software/systemd/man/systemd.unit.html) | File format | yes | yes | numerous | no | - | no |
| [Network](https://www.freedesktop.org/software/systemd/man/systemd.network.html) & [Netdev file format](https://www.freedesktop.org/software/systemd/man/systemd.netdev.html) | File format | yes | yes | no | no | - | no |
| [Link file format](https://www.freedesktop.org/software/systemd/man/systemd.link.html) | File format | yes | yes | no | no | - | no |
| [Journal File Format](https://www.freedesktop.org/wiki/Software/systemd/journal-files) | File format | yes | yes | - | maybe | - | no |
| [Journal Export Format](https://www.freedesktop.org/wiki/Software/systemd/export) | File format | yes | yes | - | yes | - | no |
| [Cooperation in cgroup tree](https://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups) | Treaty | yes | yes | libvirt | yes | libvirt | no |

View File

@ -1200,6 +1200,19 @@ evdev:name:MSI Laptop hotkeys:dmi:bvn*:bvr*:bd*:svn*:pnM[iI][cC][rR][oO]-S[tT][a
KEYBOARD_KEY_0213=f22
KEYBOARD_KEY_0214=f23
###########################################################
# Olimex
###########################################################
# Teres-I
evdev:input:b0003v15BAp003C*
KEYBOARD_KEY_70066=sleep # Fn+F1
KEYBOARD_KEY_700f6=wlan # Fn+F2
KEYBOARD_KEY_700c7=f21 # Fn+F3 touchpad toggle
KEYBOARD_KEY_7006f=brightnessdown # Fn+F7
KEYBOARD_KEY_70070=brightnessup # Fn+F8
KEYBOARD_KEY_7006e=switchvideomode # Fn+F9
###########################################################
# OLPC
###########################################################

View File

@ -41,11 +41,15 @@
#
# Allowed properties are:
# ACCEL_MOUNT_MATRIX=<matrix>
# PROXIMITY_NEAR_LEVEL=<value>
#
# where <matrix> is a mount-matrix in the format specified in the IIO
# subsystem[1]. The default, when unset, is equivalent to:
# ACCEL_MOUNT_MATRIX=1, 0, 0; 0, 1, 0; 0, 0, 1
# eg. the identity matrix.
# and <value> is an integer value above which an object is considered
# close by a proximity sensor:
# PROXIMITY_NEAR_LEVEL=100
#
# [1]: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfc57732ad38f93ae6232a3b4e64fd077383a0f1
#

View File

@ -128,6 +128,7 @@ def property_grammar():
('KEYBOARD_LED_CAPSLOCK', Literal('0')),
('ACCEL_MOUNT_MATRIX', mount_matrix),
('ACCEL_LOCATION', Or(('display', 'base'))),
('PROXIMITY_NEAR_LEVEL', INTEGER),
)
fixed_props = [Literal(name)('NAME') - Suppress('=') - val('VALUE')
for name, val in props]

View File

@ -350,9 +350,9 @@
<varname>TTYPath=</varname>, described below.</para>
<para>When forwarding to the kernel log buffer (kmsg), make sure to select a suitably large size for
the log buffer, and ensure the kernel's rate-limiting applied to userspace processes is turned
off. Specifically, add <literal>log_buf_len=8M</literal> and <literal>printk.devkmsg=on</literal> (or
similar) to the kernel command line.</para></listitem>
the log buffer, for example by adding <literal>log_buf_len=8M</literal> to the kernel command line.
<command>systemd</command> will automatically disable kernel's rate-limiting applied to userspace
processes (equivalent to setting <literal>printk.devkmsg=on</literal>).</para></listitem>
</varlistentry>
<varlistentry>

View File

@ -135,7 +135,8 @@
the service manager are seen by it.</para>
<para>If <option>--now</option> and/or <option>--enable</option> are passed, the portable service(s) are
immediately started and/or enabled after attaching the image.</para>
immediately started (blocking operation unless <option>--no-block</option> is passed) and/or enabled after
attaching the image.</para>
</listitem>
</varlistentry>
@ -150,8 +151,8 @@
<command>detach</command>.</para></listitem>
<para>If <option>--now</option> and/or <option>--enable</option> are passed, the portable service(s) are
immediately started and/or enabled before detaching the image. Prefix(es) are also accepted, to be used in
case the unit names do not match the image name as described in the <command>attach</command>.</para>
immediately stopped (blocking operation) and/or disabled before detaching the image. Prefix(es) are also accepted,
to be used in case the unit names do not match the image name as described in the <command>attach</command>.</para>
</varlistentry>
<varlistentry>
@ -330,6 +331,12 @@
<listitem><para>Immediately start/stop the portable service after attaching/before detaching.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--no-block</option></term>
<listitem><para>Don't block waiting for attach --now to complete.</para></listitem>
</varlistentry>
<xi:include href="user-system-options.xml" xpointer="host" />
<xi:include href="user-system-options.xml" xpointer="machine" />

View File

@ -1,8 +1,8 @@
<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY fedora_latest_version "30">
<!ENTITY fedora_cloud_release "1.2">
<!ENTITY fedora_latest_version "31">
<!ENTITY fedora_cloud_release "1.9">
]>
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
@ -1378,7 +1378,7 @@
<programlisting># dnf -y --releasever=&fedora_latest_version; --installroot=/var/lib/machines/f&fedora_latest_version; \
--disablerepo='*' --enablerepo=fedora --enablerepo=updates install \
systemd passwd dnf fedora-release vim-minimal
systemd passwd dnf fedora-release vim-minimal glibc-minimal-langpack
# systemd-nspawn -bD /var/lib/machines/f&fedora_latest_version;</programlisting>
<para>This installs a minimal Fedora distribution into the

View File

@ -26,8 +26,11 @@
<refsect1>
<title>Description</title>
<para>Network link configuration is performed by the
<command>net_setup_link</command> udev builtin.</para>
<para>A plain ini-style text file that encodes configuration for matching network devices, used by
<citerefentry><refentrytitle>systemd-udev</refentrytitle><manvolnum>8</manvolnum></citerefentry> and in
particular its <command>net_setup_link</command> builtin. See
<citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> for a
general description of the syntax.</para>
<para>The link files are read from the files located in the system
network directory <filename>/usr/lib/systemd/network</filename>,

View File

@ -27,9 +27,10 @@
<refsect1>
<title>Description</title>
<para>Network setup is performed by
<para>A plain ini-style text file that encodes configuration about a virtual network device, used by
<citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
</para>
See <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for a general description of the syntax.</para>
<para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>;
other extensions are ignored. Virtual network devices are created as soon as networkd is

View File

@ -28,9 +28,11 @@
<refsect1>
<title>Description</title>
<para>Network setup is performed by
<para>A plain ini-style text file that encodes network configuration for matching network interfaces,
used by
<citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
</para>
See <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for a general description of the syntax.</para>
<para>The main network file must have the extension <filename>.network</filename>; other
extensions are ignored. Networks are applied to links whenever the links appear.</para>
@ -514,13 +516,14 @@
<varlistentry>
<term><varname>Domains=</varname></term>
<listitem>
<para>A list of domains which should be resolved using the DNS servers on this link. Each item in the list
should be a domain name, optionally prefixed with a tilde (<literal>~</literal>). The domains with the
prefix are called "routing-only domains". The domains without the prefix are called "search domains" and
are first used as search suffixes for extending single-label host names (host names containing no dots) to
become fully qualified domain names (FQDNs). If a single-label host name is resolved on this interface,
each of the specified search domains are appended to it in turn, converting it into a fully qualified
domain name, until one of them may be successfully resolved.</para>
<para>A whitespace-separated list of domains which should be resolved using the DNS servers on
this link. Each item in the list should be a domain name, optionally prefixed with a tilde
(<literal>~</literal>). The domains with the prefix are called "routing-only domains". The
domains without the prefix are called "search domains" and are first used as search suffixes for
extending single-label host names (host names containing no dots) to become fully qualified
domain names (FQDNs). If a single-label host name is resolved on this interface, each of the
specified search domains are appended to it in turn, converting it into a fully qualified domain
name, until one of them may be successfully resolved.</para>
<para>Both "search" and "routing-only" domains are used for routing of DNS queries: look-ups for host names
ending in those domains (hence also single label names, if any "search domains" are listed), are routed to
@ -613,10 +616,12 @@
</varlistentry>
<varlistentry>
<term><varname>IPv6AcceptRA=</varname></term>
<listitem><para>Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support
for the interface. If true, RAs are accepted; if false, RAs are ignored, independently of the
local forwarding state. When RAs are accepted, they may trigger the start of the DHCPv6
client if the relevant flags are set in the RA data, or if no routers are found on the link.</para>
<listitem><para>Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the
interface. If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they may
trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or if no
routers are found on the link. The default is to disable RA reception for bridge devices or when IP
forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link
local adressing is disabled.</para>
<para>Further settings for the IPv6 RA support may be configured in the
<literal>[IPv6AcceptRA]</literal> section, see below.</para>

View File

@ -46,6 +46,15 @@
<citerefentry><refentrytitle>systemd.nspawn</refentrytitle><manvolnum>5</manvolnum></citerefentry>
</para></listitem>
<listitem><para>link files, see
<citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>
</para></listitem>
<listitem><para>netdev and network files, see
<citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
</para></listitem>
<listitem><para>daemon config files, see
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-user.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,

378
po/ru.po
View File

@ -1,22 +1,24 @@
# SPDX-License-Identifier: LGPL-2.1+
#
# translation of ru.po to Rissian
#
# Julia Dronova <juliette.tux@gmail.com>, 2013.
# Sergey Ptashnick <0comffdiz@inbox.ru>, 2013-2018.
#
# Vladimir Yerilov <openmindead@gmail.com>, 2020.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: https://github.com/systemd/systemd/issues\n"
"POT-Creation-Date: 2015-11-22 16:37+0100\n"
"PO-Revision-Date: 2018-09-01 18:46+0300\n"
"Last-Translator: Sergey Ptashnick <0comffdiz@inbox.ru>\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2020-03-03 00:56+1000\n"
"PO-Revision-Date: 2020-03-03 16:05+1000\n"
"Last-Translator: Vladimir Yerilov <openmindead@gmail.com>\n"
"Language: ru\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<"
"=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
"X-Generator: Lokalize 19.12.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -69,6 +71,68 @@ msgstr ""
"Чтобы заставить systemd перечитать конфигурацию, необходимо пройти "
"аутентификацию."
#: src/home/org.freedesktop.home1.policy:13
msgid "Create a home area"
msgstr "Создать домашнее пространство"
#: src/home/org.freedesktop.home1.policy:14
msgid "Authentication is required to create a user's home area."
msgstr ""
"Чтобы создать домашнее пространство пользователя, необходимо пройти"
" аутентификацию."
#: src/home/org.freedesktop.home1.policy:23
msgid "Remove a home area"
msgstr "Удалить домашнее пространство"
#: src/home/org.freedesktop.home1.policy:24
msgid "Authentication is required to remove a user's home area."
msgstr ""
"Чтобы удалить домашнее пространство пользователя, необходимо пройти"
" аутентификацию."
#: src/home/org.freedesktop.home1.policy:33
msgid "Check credentials of a home area"
msgstr "Проверить учётные данные домашнего пространства"
#: src/home/org.freedesktop.home1.policy:34
msgid ""
"Authentication is required to check credentials against a user's home area."
msgstr ""
"Чтобы проверить учётные данные для домашнего пространства пользователя,"
" необходимо пройти аутентификацию."
#: src/home/org.freedesktop.home1.policy:43
msgid "Update a home area"
msgstr "Обновить домашнее пространство"
#: src/home/org.freedesktop.home1.policy:44
msgid "Authentication is required to update a user's home area."
msgstr ""
"Чтобы обновить домашнее пространство пользователя, необходимо пройти"
" аутентификацию."
#: src/home/org.freedesktop.home1.policy:53
msgid "Resize a home area"
msgstr "Изменить размер домашнего пространства"
#: src/home/org.freedesktop.home1.policy:54
msgid "Authentication is required to resize a user's home area."
msgstr ""
"Чтобы изменить размер домашнего пространства пользователя, необходимо пройти"
" аутентификацию."
#: src/home/org.freedesktop.home1.policy:63
msgid "Change password of a home area"
msgstr "Изменить пароль для домашнего пространства"
#: src/home/org.freedesktop.home1.policy:64
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr ""
"Чтобы изменить пароль для домашнего пространства пользователя, необходимо"
" пройти аутентификацию."
#: src/hostname/org.freedesktop.hostname1.policy:20
msgid "Set host name"
msgstr "Настроить имя компьютера"
@ -266,8 +330,7 @@ msgstr ""
#: src/login/org.freedesktop.login1.policy:117
msgid "Allow non-logged-in user to run programs"
msgstr ""
"Разрешить работу программ в фоновом режиме после завершения сеанса"
msgstr "Разрешить работу программ в фоновом режиме после завершения сеанса"
#: src/login/org.freedesktop.login1.policy:118
msgid "Explicit request is required to run programs as a non-logged-in user."
@ -302,8 +365,7 @@ msgid "Flush device to seat attachments"
msgstr "Сбросить привязки устройств к рабочим местам"
#: src/login/org.freedesktop.login1.policy:149
msgid ""
"Authentication is required to reset how devices are attached to seats."
msgid "Authentication is required to reset how devices are attached to seats."
msgstr ""
"Чтобы сбросить привязки устройств к рабочим местам, необходимо пройти "
"аутентификацию."
@ -337,8 +399,8 @@ msgstr ""
#: src/login/org.freedesktop.login1.policy:181
msgid ""
"Authentication is required to power off the system while an application "
"is inhibiting this."
"Authentication is required to power off the system while an application is "
"inhibiting this."
msgstr ""
"Чтобы выключить систему, несмотря на то, что приложение запросило блокировку "
"выключения, необходимо пройти аутентификацию."
@ -358,8 +420,8 @@ msgstr ""
#: src/login/org.freedesktop.login1.policy:203
msgid ""
"Authentication is required to reboot the system while other users are "
"logged in."
"Authentication is required to reboot the system while other users are logged "
"in."
msgstr ""
"Чтобы перезагрузить систему, несмотря на то, что в ней работают другие "
"пользователи, необходимо пройти аутентификацию."
@ -372,8 +434,8 @@ msgstr ""
#: src/login/org.freedesktop.login1.policy:214
msgid ""
"Authentication is required to reboot the system while an application "
"is inhibiting this."
"Authentication is required to reboot the system while an application is "
"inhibiting this."
msgstr ""
"Чтобы перезагрузить систему, несмотря на то, что приложение запросило "
"блокировку выключения, необходимо пройти аутентификацию."
@ -393,8 +455,8 @@ msgstr ""
#: src/login/org.freedesktop.login1.policy:236
msgid ""
"Authentication is required to halt the system while other users are "
"logged in."
"Authentication is required to halt the system while other users are logged "
"in."
msgstr ""
"Чтобы остановить систему, несмотря на то, что в ней работают другие "
"пользователи, необходимо пройти аутентификацию."
@ -402,16 +464,16 @@ msgstr ""
#: src/login/org.freedesktop.login1.policy:246
msgid "Halt the system while an application is inhibiting this"
msgstr ""
"Остановить систему, несмотря на то, что приложение запросило блокировку "
"Остановить систему несмотря на то, что приложение запросило блокировку "
"выключения"
#: src/login/org.freedesktop.login1.policy:247
msgid ""
"Authentication is required to halt the system while an application asked "
"to inhibit it."
"Authentication is required to halt the system while an application is "
"inhibiting this."
msgstr ""
"Чтобы остановить систему, несмотря на то, что приложение запросило "
"блокировку выключения, необходимо пройти аутентификацию."
"Чтобы остановить систему несмотря на то, что приложение запросило блокировку"
" выключения, необходимо пройти аутентификацию."
#: src/login/org.freedesktop.login1.policy:257
msgid "Suspend the system"
@ -444,8 +506,8 @@ msgstr ""
#: src/login/org.freedesktop.login1.policy:279
msgid ""
"Authentication is required to suspend the system while an application "
"is inhibiting this."
"Authentication is required to suspend the system while an application is "
"inhibiting this."
msgstr ""
"Чтобы перевести систему в ждущий режим, несмотря на то, что приложение "
"запросило блокировку, необходимо пройти аутентификацию."
@ -481,8 +543,8 @@ msgstr ""
#: src/login/org.freedesktop.login1.policy:311
msgid ""
"Authentication is required to hibernate the system while an application "
"is inhibiting this."
"Authentication is required to hibernate the system while an application is "
"inhibiting this."
msgstr ""
"Чтобы перевести систему в спящий режим, несмотря на то, что приложение "
"запросило блокировку, необходимо пройти аутентификацию."
@ -492,8 +554,7 @@ msgid "Manage active sessions, users and seats"
msgstr "Управление текущими сеансами, пользователями и рабочими местами"
#: src/login/org.freedesktop.login1.policy:322
msgid ""
"Authentication is required to manage active sessions, users and seats."
msgid "Authentication is required to manage active sessions, users and seats."
msgstr ""
"Для управления текущими сеансами, пользователями и рабочими местами, "
"необходимо пройти аутентификацию."
@ -509,26 +570,68 @@ msgstr ""
"аутентификацию."
#: src/login/org.freedesktop.login1.policy:341
msgid "Allow indication to the firmware to boot to setup interface"
msgstr "Разрешить загрузку в режиме настройки прошивки материнской платы"
msgid "Set the reboot \"reason\" in the kernel"
msgstr "Установить \"причину\" перезагрузки"
#: src/login/org.freedesktop.login1.policy:342
msgid "Authentication is required to set the reboot \"reason\" in the kernel."
msgstr ""
"Чтобы установить \"причину\" перезагрузки, необходимо пройти аутентификацию."
#: src/login/org.freedesktop.login1.policy:352
msgid "Indicate to the firmware to boot to setup interface"
msgstr ""
"Запустить режим настройки прошивки материнской платы при следующей загрузке"
#: src/login/org.freedesktop.login1.policy:353
msgid ""
"Authentication is required to indicate to the firmware to boot to setup "
"interface."
msgstr ""
"Чтобы разрешить загрузку в режиме настройки прошивки материнской платы, "
"Чтобы запустить режим настройки прошивки материнской платы, "
"необходимо пройти аутентификацию."
#: src/login/org.freedesktop.login1.policy:351
#: src/login/org.freedesktop.login1.policy:363
msgid "Indicate to the boot loader to boot to the boot loader menu"
msgstr "Отобразить меню загрузчика при следующей загрузке"
#: src/login/org.freedesktop.login1.policy:364
msgid ""
"Authentication is required to indicate to the boot loader to boot to the "
"boot loader menu."
msgstr ""
"Чтобы отобразить меню загрузчика при следующей загрузке, "
"необходимо пройти аутентификацию."
#: src/login/org.freedesktop.login1.policy:374
msgid "Indicate to the boot loader to boot a specific entry"
msgstr "Выбрать определённую загрузочную запись при следующем запуске"
#: src/login/org.freedesktop.login1.policy:375
msgid ""
"Authentication is required to indicate to the boot loader to boot into a "
"specific boot loader entry."
msgstr ""
"Чтобы установить определённую загрузочную запись для загрузки, "
"необходимо пройти аутентификацию."
#: src/login/org.freedesktop.login1.policy:385
msgid "Set a wall message"
msgstr "Отправить сообщение на все терминалы"
#: src/login/org.freedesktop.login1.policy:352
#: src/login/org.freedesktop.login1.policy:386
msgid "Authentication is required to set a wall message"
msgstr ""
"Чтобы отправить сообщение на все терминалы, необходимо пройти аутентификацию."
#: src/login/org.freedesktop.login1.policy:395
msgid "Change Session"
msgstr "Сменить сессию"
#: src/login/org.freedesktop.login1.policy:396
msgid "Authentication is required to change the virtual terminal."
msgstr "Чтобы сменить виртуальный терминал, необходимо пройти аутентификацию."
#: src/machine/org.freedesktop.machine1.policy:22
msgid "Log into a local container"
msgstr "Зайти в локальный контейнер"
@ -609,14 +712,151 @@ msgstr ""
"Для управления образами виртуальных машин и контейнеров, необходимо пройти "
"аутентификацию."
#: src/network/org.freedesktop.network1.policy:22
msgid "Set NTP servers"
msgstr "Задать NTP-серверы"
#: src/network/org.freedesktop.network1.policy:23
msgid "Authentication is required to set NTP servers."
msgstr "Чтобы задать NTP-серверы, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:33
#: src/resolve/org.freedesktop.resolve1.policy:44
msgid "Set DNS servers"
msgstr "Задать DNS-серверы"
#: src/network/org.freedesktop.network1.policy:34
#: src/resolve/org.freedesktop.resolve1.policy:45
msgid "Authentication is required to set DNS servers."
msgstr "Чтобы задать DNS-серверы, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:44
#: src/resolve/org.freedesktop.resolve1.policy:55
msgid "Set domains"
msgstr "Задать домены"
#: src/network/org.freedesktop.network1.policy:45
#: src/resolve/org.freedesktop.resolve1.policy:56
msgid "Authentication is required to set domains."
msgstr "Чтобы задать домены, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:55
#: src/resolve/org.freedesktop.resolve1.policy:66
msgid "Set default route"
msgstr "Задать маршрут по умолчанию"
#: src/network/org.freedesktop.network1.policy:56
#: src/resolve/org.freedesktop.resolve1.policy:67
msgid "Authentication is required to set default route."
msgstr "Чтобы задать маршрут по умолчанию, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:66
#: src/resolve/org.freedesktop.resolve1.policy:77
msgid "Enable/disable LLMNR"
msgstr "Включить/отключить LLMNR"
#: src/network/org.freedesktop.network1.policy:67
#: src/resolve/org.freedesktop.resolve1.policy:78
msgid "Authentication is required to enable or disable LLMNR."
msgstr "Чтобы включить или отключить LLMNR, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:77
#: src/resolve/org.freedesktop.resolve1.policy:88
msgid "Enable/disable multicast DNS"
msgstr "Включить/отключить multicast DNS"
#: src/network/org.freedesktop.network1.policy:78
#: src/resolve/org.freedesktop.resolve1.policy:89
msgid "Authentication is required to enable or disable multicast DNS."
msgstr ""
"Чтобы включить или отключить multicast DNS, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:88
#: src/resolve/org.freedesktop.resolve1.policy:99
msgid "Enable/disable DNS over TLS"
msgstr "Включить/отключить DNS поверх TLS"
#: src/network/org.freedesktop.network1.policy:89
#: src/resolve/org.freedesktop.resolve1.policy:100
msgid "Authentication is required to enable or disable DNS over TLS."
msgstr ""
"Чтобы включить или отключить DNS поверх TLS, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:99
#: src/resolve/org.freedesktop.resolve1.policy:110
msgid "Enable/disable DNSSEC"
msgstr "Включить/отключить DNSSEC"
#: src/network/org.freedesktop.network1.policy:100
#: src/resolve/org.freedesktop.resolve1.policy:111
msgid "Authentication is required to enable or disable DNSSEC."
msgstr "Чтобы включить или отключить DNSSEC, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:110
#: src/resolve/org.freedesktop.resolve1.policy:121
msgid "Set DNSSEC Negative Trust Anchors"
msgstr "Задать DNSSEC Negative Trust Anchors"
#: src/network/org.freedesktop.network1.policy:111
#: src/resolve/org.freedesktop.resolve1.policy:122
msgid "Authentication is required to set DNSSEC Negative Trust Anchors."
msgstr ""
"Чтобы задать DNSSEC Negative Trust Anchors, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:121
msgid "Revert NTP settings"
msgstr "Восстановить настройки NTP по умолчанию"
#: src/network/org.freedesktop.network1.policy:122
msgid "Authentication is required to reset NTP settings."
msgstr ""
"Чтобы сбросить локальные настройки NTP, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:132
msgid "Revert DNS settings"
msgstr "Восстановить настройки DNS по умолчанию"
#: src/network/org.freedesktop.network1.policy:133
msgid "Authentication is required to reset DNS settings."
msgstr ""
"Чтобы сбросить локальные настройки DNS, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:143
msgid "Renew dynamic addresses"
msgstr "Обновить динамические адреса"
#: src/network/org.freedesktop.network1.policy:144
msgid "Authentication is required to renew dynamic addresses."
msgstr "Чтобы обновить динамические адреса, необходимо пройти аутентификацию."
#: src/network/org.freedesktop.network1.policy:154
msgid "Reload network settings"
msgstr "Перечитать настройки сети"
#: src/network/org.freedesktop.network1.policy:155
msgid "Authentication is required to reload network settings."
msgstr ""
"Чтобы заставить systemd перечитать настройки сети, необходимо пройти "
"аутентификацию."
#: src/network/org.freedesktop.network1.policy:165
msgid "Reconfigure network interface"
msgstr "Изменить конфигурацию сетевого интерфейса"
#: src/network/org.freedesktop.network1.policy:166
msgid "Authentication is required to reconfigure network interface."
msgstr ""
"Чтобы изменить конфигурацию сетевого интерфейса, необходимо пройти"
" аутентификацию."
#: src/portable/org.freedesktop.portable1.policy:13
msgid "Inspect a portable service image"
msgstr "Прочитать образ переносимой службы"
#: src/portable/org.freedesktop.portable1.policy:14
msgid "Authentication is required to inspect a portable service image."
msgstr "Чтобы прочитать образ переносимой службы, необходимо пройти "
"аутентификацию."
msgstr ""
"Чтобы прочитать образ переносимой службы, необходимо пройти аутентификацию."
#: src/portable/org.freedesktop.portable1.policy:23
msgid "Attach or detach a portable service image"
@ -625,8 +865,9 @@ msgstr "Подключить или отключить образ перенос
#: src/portable/org.freedesktop.portable1.policy:24
msgid ""
"Authentication is required to attach or detach a portable service image."
msgstr "Чтобы подключить или отключить образ переносимой службы, необходимо "
"пройти аутентификацию."
msgstr ""
"Чтобы подключить или отключить образ переносимой службы, необходимо пройти "
"аутентификацию."
#: src/portable/org.freedesktop.portable1.policy:34
msgid "Delete or modify portable service image"
@ -645,8 +886,8 @@ msgstr "Зарегистрировать службу в DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:23
msgid "Authentication is required to register a DNS-SD service"
msgstr "Чтобы зарегистрировать службу в DNS-SD, необходимо пройти "
"аутентификацию."
msgstr ""
"Чтобы зарегистрировать службу в DNS-SD, необходимо пройти аутентификацию."
#: src/resolve/org.freedesktop.resolve1.policy:33
msgid "Unregister a DNS-SD service"
@ -656,6 +897,15 @@ msgstr "Удалить службу из DNS-SD"
msgid "Authentication is required to unregister a DNS-SD service"
msgstr "Чтобы удалить службу из DNS-SD, необходимо пройти аутентификацию."
#: src/resolve/org.freedesktop.resolve1.policy:132
msgid "Revert name resolution settings"
msgstr "Вернуть настройки разрешения имён по умолчанию"
#: src/resolve/org.freedesktop.resolve1.policy:133
msgid "Authentication is required to reset name resolution settings."
msgstr ""
"Чтобы сбросить настройки разрешения имён, необходимо пройти аутентификацию."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Настроить системное время"
@ -696,49 +946,47 @@ msgstr ""
"Чтобы включить или выключить синхронизацию времени по сети, необходимо "
"пройти аутентификацию."
#: src/core/dbus-unit.c:326
#: src/core/dbus-unit.c:356
msgid "Authentication is required to start '$(unit)'."
msgstr "Чтобы запустить «$(unit)», необходимо пройти аутентификацию."
#: src/core/dbus-unit.c:327
#: src/core/dbus-unit.c:357
msgid "Authentication is required to stop '$(unit)'."
msgstr "Чтобы остановить «$(unit)», необходимо пройти аутентификацию."
#: src/core/dbus-unit.c:328
#: src/core/dbus-unit.c:358
msgid "Authentication is required to reload '$(unit)'."
msgstr ""
"Чтобы заставить «$(unit)» перечитать конфигурацию, необходимо пройти "
"аутентификацию."
#: src/core/dbus-unit.c:329 src/core/dbus-unit.c:330
#: src/core/dbus-unit.c:359 src/core/dbus-unit.c:360
msgid "Authentication is required to restart '$(unit)'."
msgstr "Чтобы перезапустить «$(unit)», необходимо пройти аутентификацию."
#: src/core/dbus-unit.c:437
msgid "Authentication is required to kill '$(unit)'."
msgstr "Чтобы убить юнит «$(unit)», необходимо пройти аутентификацию."
#: src/core/dbus-unit.c:532
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
"'$(unit)'."
msgstr ""
"Чтобы отправить сигнал UNIX процессам юнита «$(unit)», необходимо пройти"
" аутентификацию."
#: src/core/dbus-unit.c:468
#: src/core/dbus-unit.c:563
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
"Чтобы сбросить состояние «failed» у юнита «$(unit)», необходимо пройти "
"аутентификацию."
#: src/core/dbus-unit.c:501
#: src/core/dbus-unit.c:596
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "Чтобы изменить параметры юнита «$(unit)», необходимо пройти "
"аутентификацию."
msgstr ""
"Чтобы изменить параметры юнита «$(unit)», необходимо пройти аутентификацию."
#~ msgid "Press Ctrl+C to cancel all filesystem checks in progress"
#~ msgstr ""
#~ "Чтобы прервать все запущенные проверки файловых систем, нажмите Ctrl+C"
# There is no difference between "на 2 дисках" (plural==1) and "на 5 дисках" (plural==2)
#~ msgid "Checking in progress on %d disk (%3.1f%% complete)"
#~ msgid_plural "Checking in progress on %d disks (%3.1f%% complete)"
#~ msgstr[0] ""
#~ "Проверяется целостность файловой системы на %d диске (выполнено %3.1f%%)"
#~ msgstr[1] ""
#~ "Проверяется целостность файловых систем на %d дисках (выполнено %3.1f%%)"
#~ msgstr[2] ""
#~ "Проверяется целостность файловых систем на %d дисках (выполнено %3.1f%%)"
#: src/core/dbus-unit.c:705
msgid ""
"Authentication is required to delete files and directories associated with "
"'$(unit)'."
msgstr ""
"Чтобы удалить файлы и директории, относящиеся к юниту «$(unit)», необходимо"
" пройти аутентификацию."

View File

@ -272,6 +272,52 @@ int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid) {
return do_chown || do_chmod;
}
int chmod_and_chown_unsafe(const char *path, mode_t mode, uid_t uid, gid_t gid) {
bool do_chown, do_chmod;
struct stat st;
assert(path);
/* Change ownership and access mode of the specified path, see description of fchmod_and_chown().
* Should only be used on trusted paths. */
if (lstat(path, &st) < 0)
return -errno;
do_chown =
(uid != UID_INVALID && st.st_uid != uid) ||
(gid != GID_INVALID && st.st_gid != gid);
do_chmod =
!S_ISLNK(st.st_mode) && /* chmod is not defined on symlinks */
((mode != MODE_INVALID && ((st.st_mode ^ mode) & 07777) != 0) ||
do_chown); /* If we change ownership, make sure we reset the mode afterwards, since chown()
* modifies the access mode too */
if (mode == MODE_INVALID)
mode = st.st_mode; /* If we only shall do a chown(), save original mode, since chown() might break it. */
else if ((mode & S_IFMT) != 0 && ((mode ^ st.st_mode) & S_IFMT) != 0)
return -EINVAL; /* insist on the right file type if it was specified */
if (do_chown && do_chmod) {
mode_t minimal = st.st_mode & mode; /* the subset of the old and the new mask */
if (((minimal ^ st.st_mode) & 07777) != 0)
if (chmod(path, minimal & 07777) < 0)
return -errno;
}
if (do_chown)
if (lchown(path, uid, gid) < 0)
return -errno;
if (do_chmod)
if (chmod(path, mode & 07777) < 0)
return -errno;
return do_chown || do_chmod;
}
int fchmod_umask(int fd, mode_t m) {
mode_t u;
int r;

View File

@ -34,6 +34,7 @@ int readlink_and_make_absolute(const char *p, char **r);
int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid);
int fchmod_and_chown(int fd, mode_t mode, uid_t uid, gid_t gid);
int chmod_and_chown_unsafe(const char *path, mode_t mode, uid_t uid, gid_t gid);
int fchmod_umask(int fd, mode_t mode);
int fchmod_opath(int fd, mode_t m);

View File

@ -233,6 +233,9 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
return -errno;
sclass = string_to_security_class("process");
if (sclass == 0)
return -ENOSYS;
r = security_compute_create_raw(mycon, fcon, sclass, label);
if (r < 0)
return -errno;
@ -312,6 +315,9 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
return -ENOMEM;
sclass = string_to_security_class("process");
if (sclass == 0)
return -ENOSYS;
r = security_compute_create_raw(mycon, fcon, sclass, label);
if (r < 0)
return -errno;

View File

@ -127,7 +127,8 @@ int bus_property_get_triggered_unit(sd_bus *bus, const char *path, const char *i
if (!UNIT_WRITE_FLAGS_NOOP(flags)) { \
*p = (cast_type) v; \
unit_write_settingf(u, flags, name, \
"%s=%s", name, s); \
"%s=%s", \
name, strempty(s)); \
} \
\
return 1; \

View File

@ -4881,7 +4881,7 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix) {
r = namespace_flags_to_string(c->restrict_namespaces, &s);
if (r >= 0)
fprintf(f, "%sRestrictNamespaces: %s\n",
prefix, s);
prefix, strna(s));
}
if (c->network_namespace_path)

View File

@ -9,6 +9,7 @@
#include "bus-error.h"
#include "bus-unit-util.h"
#include "bus-util.h"
#include "bus-wait-for-jobs.h"
#include "def.h"
#include "dirent-util.h"
#include "env-file.h"
@ -42,6 +43,7 @@ static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
static const char *arg_host = NULL;
static bool arg_enable = false;
static bool arg_now = false;
static bool arg_no_block = false;
static int determine_image(const char *image, bool permit_non_existing, char **ret) {
int r;
@ -445,7 +447,7 @@ static int maybe_enable_disable(sd_bus *bus, const char *path, bool enable) {
return 0;
}
static int maybe_start_stop(sd_bus *bus, const char *path, bool start) {
static int maybe_start_stop(sd_bus *bus, const char *path, bool start, BusWaitForJobs *wait) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
char *name = (char *)basename(path), *job = NULL;
@ -476,15 +478,29 @@ static int maybe_start_stop(sd_bus *bus, const char *path, bool start) {
if (!arg_quiet)
log_info("Queued %s to %s portable service %s.", job, start ? "start" : "stop", name);
if (wait) {
r = bus_wait_for_jobs_add(wait, job);
if (r < 0)
return log_error_errno(r, "Failed to watch %s job for %s %s: %m",
job, start ? "starting" : "stopping", name);
}
return 0;
}
static int maybe_enable_start(sd_bus *bus, sd_bus_message *reply) {
_cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *wait = NULL;
int r;
if (!arg_enable && !arg_now)
return 0;
if (!arg_no_block) {
r = bus_wait_for_jobs_new(bus, &wait);
if (r < 0)
return log_error_errno(r, "Could not watch jobs: %m");
}
r = sd_bus_message_rewind(reply, true);
if (r < 0)
return r;
@ -503,7 +519,7 @@ static int maybe_enable_start(sd_bus *bus, sd_bus_message *reply) {
if (STR_IN_SET(type, "symlink", "copy") && ENDSWITH_SET(path, ".service", ".target", ".socket")) {
(void) maybe_enable_disable(bus, path, true);
(void) maybe_start_stop(bus, path, true);
(void) maybe_start_stop(bus, path, true, wait);
}
}
@ -511,10 +527,17 @@ static int maybe_enable_start(sd_bus *bus, sd_bus_message *reply) {
if (r < 0)
return r;
if (!arg_no_block) {
r = bus_wait_for_jobs(wait, arg_quiet, NULL);
if (r < 0)
return r;
}
return 0;
}
static int maybe_stop_disable(sd_bus *bus, char *image, char *argv[]) {
_cleanup_(bus_wait_for_jobs_freep) BusWaitForJobs *wait = NULL;
_cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL, *reply = NULL;
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_strv_free_ char **matches = NULL;
@ -527,6 +550,10 @@ static int maybe_stop_disable(sd_bus *bus, char *image, char *argv[]) {
if (r < 0)
return r;
r = bus_wait_for_jobs_new(bus, &wait);
if (r < 0)
return log_error_errno(r, "Could not watch jobs: %m");
r = sd_bus_message_new_method_call(
bus,
&m,
@ -578,7 +605,7 @@ static int maybe_stop_disable(sd_bus *bus, char *image, char *argv[]) {
if (r < 0)
return bus_log_parse_error(r);
(void) maybe_start_stop(bus, name, false);
(void) maybe_start_stop(bus, name, false, wait);
(void) maybe_enable_disable(bus, name, false);
}
@ -586,6 +613,11 @@ static int maybe_stop_disable(sd_bus *bus, char *image, char *argv[]) {
if (r < 0)
return bus_log_parse_error(r);
/* Stopping must always block or the detach will fail if the unit is still running */
r = bus_wait_for_jobs(wait, arg_quiet, NULL);
if (r < 0)
return r;
return 0;
}
@ -997,6 +1029,7 @@ static int help(int argc, char *argv[], void *userdata) {
" after attach/detach\n"
" --now Immediately start/stop the portable service after\n"
" attach/before detach\n"
" --no-block Don't block waiting for attach --now to complete\n"
"\nSee the %s for details.\n"
, program_invocation_short_name
, ansi_highlight()
@ -1020,6 +1053,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_CAT,
ARG_ENABLE,
ARG_NOW,
ARG_NO_BLOCK,
};
static const struct option options[] = {
@ -1038,6 +1072,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "cat", no_argument, NULL, ARG_CAT },
{ "enable", no_argument, NULL, ARG_ENABLE },
{ "now", no_argument, NULL, ARG_NOW },
{ "no-block", no_argument, NULL, ARG_NO_BLOCK },
{}
};
@ -1132,6 +1167,10 @@ static int parse_argv(int argc, char *argv[]) {
arg_now = true;
break;
case ARG_NO_BLOCK:
arg_no_block = true;
break;
case '?':
return -EINVAL;

View File

@ -406,7 +406,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b
if (r < 0)
return r;
result = s;
result = strempty(s);
}
bus_print_property_value(name, expected_value, value, result);

View File

@ -65,12 +65,6 @@ int namespace_flags_to_string(unsigned long flags, char **ret) {
return -ENOMEM;
}
if (!s) {
s = strdup("");
if (!s)
return -ENOMEM;
}
*ret = TAKE_PTR(s);
return 0;

View File

@ -94,6 +94,12 @@ STATIC_DESTRUCTOR_REGISTER(database_groups, set_free_freep);
STATIC_DESTRUCTOR_REGISTER(uid_range, freep);
STATIC_DESTRUCTOR_REGISTER(arg_root, freep);
static int errno_is_not_exists(int code) {
/* See getpwnam(3) and getgrnam(3): those codes and others can be returned if the user or group are
* not found. */
return IN_SET(code, 0, ENOENT, ESRCH, EBADF, EPERM);
}
static int load_user_database(void) {
_cleanup_fclose_ FILE *f = NULL;
const char *passwd_path;
@ -193,7 +199,7 @@ static int load_group_database(void) {
static int make_backup(const char *target, const char *x) {
_cleanup_close_ int src = -1;
_cleanup_fclose_ FILE *dst = NULL;
_cleanup_free_ char *temp = NULL;
_cleanup_free_ char *dst_tmp = NULL;
char *backup;
struct timespec ts[2];
struct stat st;
@ -210,7 +216,7 @@ static int make_backup(const char *target, const char *x) {
if (fstat(src, &st) < 0)
return -errno;
r = fopen_temporary_label(target, x, &dst, &temp);
r = fopen_temporary_label(target, x, &dst, &dst_tmp);
if (r < 0)
return r;
@ -224,7 +230,7 @@ static int make_backup(const char *target, const char *x) {
backup = strjoina(x, "-");
/* Copy over the access mask */
r = fchmod_and_chown(fileno(dst), st.st_mode & 07777, st.st_uid, st.st_gid);
r = chmod_and_chown_unsafe(dst_tmp, st.st_mode & 07777, st.st_uid, st.st_gid);
if (r < 0)
log_warning_errno(r, "Failed to change access mode or ownership of %s: %m", backup);
@ -237,7 +243,7 @@ static int make_backup(const char *target, const char *x) {
if (r < 0)
goto fail;
if (rename(temp, backup) < 0) {
if (rename(dst_tmp, backup) < 0) {
r = -errno;
goto fail;
}
@ -245,7 +251,7 @@ static int make_backup(const char *target, const char *x) {
return 0;
fail:
(void) unlink(temp);
(void) unlink(dst_tmp);
return r;
}
@ -339,13 +345,13 @@ static int putsgent_with_members(const struct sgrp *sg, FILE *gshadow) {
}
#endif
static int sync_rights(FILE *from, FILE *to) {
static int sync_rights(FILE *from, const char *to) {
struct stat st;
if (fstat(fileno(from), &st) < 0)
return -errno;
return fchmod_and_chown(fileno(to), st.st_mode & 07777, st.st_uid, st.st_gid);
return chmod_and_chown_unsafe(to, st.st_mode & 07777, st.st_uid, st.st_gid);
}
static int rename_and_apply_smack(const char *temp_path, const char *dest_path) {
@ -383,7 +389,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char
original = fopen(passwd_path, "re");
if (original) {
r = sync_rights(original, passwd);
r = sync_rights(original, passwd_tmp);
if (r < 0)
return r;
@ -485,7 +491,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
original = fopen(shadow_path, "re");
if (original) {
r = sync_rights(original, shadow);
r = sync_rights(original, shadow_tmp);
if (r < 0)
return r;
@ -582,7 +588,7 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char **
original = fopen(group_path, "re");
if (original) {
r = sync_rights(original, group);
r = sync_rights(original, group_tmp);
if (r < 0)
return r;
@ -681,7 +687,7 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch
if (original) {
struct sgrp *sg;
r = sync_rights(original, gshadow);
r = sync_rights(original, gshadow_tmp);
if (r < 0)
return r;
@ -971,7 +977,7 @@ static int add_user(Item *i) {
return 0;
}
if (!IN_SET(errno, 0, ENOENT))
if (!errno_is_not_exists(errno))
return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
}
@ -1108,7 +1114,7 @@ static int get_gid_by_name(const char *name, gid_t *gid) {
*gid = g->gr_gid;
return 0;
}
if (!IN_SET(errno, 0, ENOENT))
if (!errno_is_not_exists(errno))
return log_error_errno(errno, "Failed to check if group %s already exists: %m", name);
}

View File

@ -802,6 +802,50 @@ static void test_chmod_and_chown(void) {
assert_se(S_ISLNK(st.st_mode));
}
static void test_chmod_and_chown_unsafe(void) {
_cleanup_(rm_rf_physical_and_freep) char *d = NULL;
_unused_ _cleanup_umask_ mode_t u = umask(0000);
struct stat st;
const char *p;
if (geteuid() != 0)
return;
log_info("/* %s */", __func__);
assert_se(mkdtemp_malloc(NULL, &d) >= 0);
p = strjoina(d, "/reg");
assert_se(mknod(p, S_IFREG | 0123, 0) >= 0);
assert_se(chmod_and_chown_unsafe(p, S_IFREG | 0321, 1, 2) >= 0);
assert_se(chmod_and_chown_unsafe(p, S_IFDIR | 0555, 3, 4) == -EINVAL);
assert_se(lstat(p, &st) >= 0);
assert_se(S_ISREG(st.st_mode));
assert_se((st.st_mode & 07777) == 0321);
p = strjoina(d, "/dir");
assert_se(mkdir(p, 0123) >= 0);
assert_se(chmod_and_chown_unsafe(p, S_IFDIR | 0321, 1, 2) >= 0);
assert_se(chmod_and_chown_unsafe(p, S_IFREG | 0555, 3, 4) == -EINVAL);
assert_se(lstat(p, &st) >= 0);
assert_se(S_ISDIR(st.st_mode));
assert_se((st.st_mode & 07777) == 0321);
p = strjoina(d, "/lnk");
assert_se(symlink("idontexist", p) >= 0);
assert_se(chmod_and_chown_unsafe(p, S_IFLNK | 0321, 1, 2) >= 0);
assert_se(chmod_and_chown_unsafe(p, S_IFREG | 0555, 3, 4) == -EINVAL);
assert_se(chmod_and_chown_unsafe(p, S_IFDIR | 0555, 3, 4) == -EINVAL);
assert_se(lstat(p, &st) >= 0);
assert_se(S_ISLNK(st.st_mode));
}
int main(int argc, char *argv[]) {
test_setup_logging(LOG_INFO);
@ -819,6 +863,7 @@ int main(int argc, char *argv[]) {
test_fsync_directory_of_file();
test_rename_noreplace();
test_chmod_and_chown();
test_chmod_and_chown_unsafe();
return 0;
}

View File

@ -190,7 +190,7 @@ static void test_restrict_namespace(void) {
log_info("/* %s */", __func__);
assert_se(namespace_flags_to_string(0, &s) == 0 && streq(s, ""));
assert_se(namespace_flags_to_string(0, &s) == 0 && isempty(s));
s = mfree(s);
assert_se(namespace_flags_to_string(CLONE_NEWNS, &s) == 0 && streq(s, "mnt"));
s = mfree(s);

View File

@ -10,7 +10,6 @@ Release=29
[Output]
Format=raw_btrfs
Bootable=yes
KernelCommandLine=printk.devkmsg=on
OutputDirectory=../mkosi.output
Output=networkd-test.raw

View File

@ -212,7 +212,6 @@ loglevel=2 \
init=$PATH_TO_INIT \
console=$CONSOLE \
selinux=0 \
printk.devkmsg=on \
$_cgroup_args \
$KERNEL_APPEND \
"