Compare commits

..

No commits in common. "cabc1c6d7adae658a2966a4b02a6faabb803e92b" and "9fac14980df8dcce922e1fe8856a88b09590d2c3" have entirely different histories.

18 changed files with 21 additions and 73 deletions

6
NEWS
View File

@ -1,11 +1,5 @@
systemd System and Service Manager
CHANGES WITH 246 in spe:
* The fs.suid_dumpable sysctl is set to 2 / "suidsafe". This allows
systemd-coredump to save core files for suid processes. When saving
the core file, systemd-coredump will use the effective uid and gid of
the process that faulted.
CHANGES WITH 245:
* A new tool "systemd-repart" has been added, that operates as an

View File

@ -469,12 +469,6 @@ sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION:pnE*:*
sensor:modalias:acpi:KIOX010A*:dmi:*:svnMEDION:pnMEDION*:*
ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1
#########################################
# MPMAN
#########################################
sensor:modalias:acpi:BMA250E*:dmi:*:svnMPMAN:pnMPWIN8900CL:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
#########################################
# MSI
#########################################

View File

@ -140,12 +140,7 @@ manpages = [
''],
['sd_bus_attach_event', '3', ['sd_bus_detach_event', 'sd_bus_get_event'], ''],
['sd_bus_call', '3', ['sd_bus_call_async'], ''],
['sd_bus_call_method',
'3',
['sd_bus_call_method_async',
'sd_bus_call_method_asyncv',
'sd_bus_call_methodv'],
''],
['sd_bus_call_method', '3', ['sd_bus_call_method_async'], ''],
['sd_bus_close', '3', ['sd_bus_default_flush_close', 'sd_bus_flush'], ''],
['sd_bus_creds_get_pid',
'3',
@ -330,11 +325,9 @@ manpages = [
'3',
['sd_bus_reply_method_errno',
'sd_bus_reply_method_errnof',
'sd_bus_reply_method_errnofv',
'sd_bus_reply_method_errorf',
'sd_bus_reply_method_errorfv'],
'sd_bus_reply_method_errorf'],
''],
['sd_bus_reply_method_return', '3', ['sd_bus_reply_method_returnv'], ''],
['sd_bus_reply_method_return', '3', [], ''],
['sd_bus_request_name',
'3',
['sd_bus_release_name',

View File

@ -65,7 +65,7 @@
<para>Output for a signal message (with <constant>SD_BUS_MESSAGE_DUMP_WITH_HEADER</constant>):
<programlisting>
‣ Type=signal Endian=l Flags=1 Version=1 Cookie=22
‣ Type=signal Endian=l Flags=1 Version=1 Priority=0 Cookie=22
Path=/value/a Interface=org.freedesktop.DBus.Properties Member=PropertiesChanged
MESSAGE "sa{sv}as" {
STRING "org.freedesktop.systemd.ValueTest";

View File

@ -106,7 +106,7 @@
</refsect1>
<refsect1>
<title>Units managed by the system service manager</title>
<title>Units managed by the system's service manager</title>
<refsect2>
<title>Special System Units</title>
@ -1058,7 +1058,7 @@
</refsect1>
<refsect1>
<title>Units managed by the user service manager</title>
<title>Units managed by the user's service manager</title>
<refsect2>
<title>Special User Units</title>

View File

View File

@ -1200,6 +1200,7 @@ static int message_json(sd_bus_message *m, FILE *f) {
JSON_BUILD_PAIR("endian", JSON_BUILD_STRING(e)),
JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(m->header->flags)),
JSON_BUILD_PAIR("version", JSON_BUILD_INTEGER(m->header->version)),
JSON_BUILD_PAIR_CONDITION(m->priority != 0, "priority", JSON_BUILD_INTEGER(m->priority)),
JSON_BUILD_PAIR("cookie", JSON_BUILD_INTEGER(BUS_MESSAGE_COOKIE(m))),
JSON_BUILD_PAIR_CONDITION(m->reply_cookie != 0, "reply_cookie", JSON_BUILD_INTEGER(m->reply_cookie)),
JSON_BUILD_PAIR_CONDITION(m->sender, "sender", JSON_BUILD_STRING(m->sender)),

View File

@ -4247,11 +4247,6 @@ ManagerState manager_state(Manager *m) {
assert(m);
/* Is the special shutdown target active or queued? If so, we are in shutdown state */
u = manager_get_unit(m, SPECIAL_SHUTDOWN_TARGET);
if (u && unit_active_or_pending(u))
return MANAGER_STOPPING;
/* Did we ever finish booting? If not then we are still starting up */
if (!MANAGER_IS_FINISHED(m)) {
@ -4262,6 +4257,11 @@ ManagerState manager_state(Manager *m) {
return MANAGER_STARTING;
}
/* Is the special shutdown target active or queued? If so, we are in shutdown state */
u = manager_get_unit(m, SPECIAL_SHUTDOWN_TARGET);
if (u && unit_active_or_pending(u))
return MANAGER_STOPPING;
if (MANAGER_IS_SYSTEM(m)) {
/* Are the rescue or emergency targets active or queued? If so we are in maintenance state */
u = manager_get_unit(m, SPECIAL_RESCUE_TARGET);

View File

@ -56,7 +56,7 @@ _public_ int sd_bus_message_dump(sd_bus_message *m, FILE *f, uint64_t flags) {
if (flags & SD_BUS_MESSAGE_DUMP_WITH_HEADER) {
fprintf(f,
"%s%s%s Type=%s%s%s Endian=%c Flags=%u Version=%u",
"%s%s%s Type=%s%s%s Endian=%c Flags=%u Version=%u Priority=%"PRIi64,
m->header->type == SD_BUS_MESSAGE_METHOD_ERROR ? ansi_highlight_red() :
m->header->type == SD_BUS_MESSAGE_METHOD_RETURN ? ansi_highlight_green() :
m->header->type != SD_BUS_MESSAGE_SIGNAL ? ansi_highlight() : "",
@ -69,7 +69,8 @@ _public_ int sd_bus_message_dump(sd_bus_message *m, FILE *f, uint64_t flags) {
m->header->endian,
m->header->flags,
m->header->version);
m->header->version,
m->priority);
/* Display synthetic message serial number in a more readable
* format than (uint32_t) -1 */

View File

@ -5924,31 +5924,18 @@ int bus_message_remarshal(sd_bus *bus, sd_bus_message **m) {
}
_public_ int sd_bus_message_get_priority(sd_bus_message *m, int64_t *priority) {
static bool warned = false;
assert_return(m, -EINVAL);
assert_return(priority, -EINVAL);
if (!warned) {
log_debug("sd_bus_message_get_priority() is deprecated and always returns 0.");
warned = true;
}
*priority = 0;
*priority = m->priority;
return 0;
}
_public_ int sd_bus_message_set_priority(sd_bus_message *m, int64_t priority) {
static bool warned = false;
assert_return(m, -EINVAL);
assert_return(!m->sealed, -EPERM);
if (!warned) {
log_debug("sd_bus_message_set_priority() is deprecated and does nothing.");
warned = true;
}
m->priority = priority;
return 0;
}

View File

@ -76,6 +76,7 @@ struct sd_bus_message {
usec_t monotonic;
usec_t realtime;
uint64_t seqnum;
int64_t priority;
uint64_t verify_destination_id;
bool sealed:1;

View File

@ -5,23 +5,8 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See sysctl.d(5) for the description of the files in this directory.
# See sysctl.d(5) for the description of the files in this directory,
# and systemd-coredump(8) and core(5) for the explanation of the
# setting below.
# Pipe the core file to systemd-coredump. The systemd-coredump process spawned
# by the kernel will start a second copy of itself as the
# systemd-coredump@.service, which will do the actual processing and storing of
# the core dump.
#
# See systemd-coredump(8) and core(5).
kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h
# Also dump processes executing a set-user-ID/set-group-ID program that is
# owned by a user/group other than the real user/group ID of the process, or
# a program that has file capabilities. ("2" is called "suidsafe" in core(5)).
#
# systemd-coredump will store the core file owned by the effective uid and gid
# of the running process (and not the filesystem-user-ID which the kernel uses
# when saving a core dump).
#
# See proc(5), setuid(2), capabilities(7).
fs.suid_dumpable=2

View File

@ -21,7 +21,6 @@ NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes

View File

@ -25,7 +25,6 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
OOMScoreAdjust=-250
ProtectClock=yes
Restart=always
RestartSec=0
RestrictAddressFamilies=AF_UNIX AF_NETLINK

View File

@ -36,7 +36,6 @@ LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes

View File

@ -26,7 +26,6 @@ ExecStart=!!@rootlibexecdir@/systemd-networkd
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes

View File

@ -28,7 +28,6 @@ MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelModules=yes

View File

@ -16,8 +16,6 @@ Before=sysinit.target
ConditionPathIsReadWrite=/sys
[Service]
DeviceAllow=block-* rwm
DeviceAllow=char-* rwm
Type=notify
# Note that udev also adjusts the OOM score internally and will reset the value internally for its workers
OOMScoreAdjust=-1000
@ -29,7 +27,6 @@ ExecReload=udevadm control --reload --timeout 0
KillMode=mixed
TasksMax=infinity
PrivateMounts=yes
ProtectClock=yes
ProtectHostname=yes
MemoryDenyWriteExecute=yes
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6