Doesn't matter much, but this makes it leas magic and independent of
/proc/ mounts. (Well, it actually doesn't, since the right-hand path is
also in /proc/, but still...
Let's be more accurate about what this function does: it checks whether
the underlying reported inode is the same. Internally, this already uses
a better named stat_inode_same() call, hence let's similarly name the
wrapping function following the same logic.
Similar for files_same_at() and path_equal_or_same_files().
No code changes, just some renaming.
Set --boot with --follow only if it's not already set and if --merge is
not used, since it's not compatible with --boot.
Follow-up to 2dd9285bac.
Resolves: #24565
Dump*() methods can take quite some time due to the amount of data to
serialize, so they can potentially stall the manager. Make them
privileged, as they are debugging tools anyway. Use a new 'dump'
capability for polkit, and the 'reload' capability for SELinux, as
that's also non-destructive but slow.
If the caller is not privileged, allow it but rate limited to 10 calls
every 10 minutes.
The call is void anyway, it doesn't return an failure indication. Hence,
no need to cast void to (void)...
(We got this right in most cases, but forgot some)
Let's save some time and build the SELinux test module on the host
instead of a possibly unaccelerated VM. This brings the runtime of
TEST-06-SELINUX from ~12 minutes down to a ~1 minute.
Let's drop stuff from the current $BUILD_DIR from the final coverage
report, as it's all generated files (mostly gperf) which we don't
really care about and it makes the Coveralls report confusing, since it
reports "source not available" for all such files.
Without acceleration this part of the test takes over 10 minutes (!),
which feels quite unnecessary. Let's cut down the number of stuff we
dump to the journal in such case, but keep the original value if we run
with acceleration (since in that case it takes less than 10 seconds).
When an argument specified to udevadm verify is a directory,
verify all *.rules files in that directory.
Suggested-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
When udevadm verify is given an argument that doesn't point to an
existing file, there used to be two diagnostics messages, the first one
at a warning level, and the second one at an error level:
$ build/udevadm verify /no/such/directory
Failed to open /no/such/directory, ignoring: No such file or directory
Failed to parse rules file /no/such/directory: No such file or directory
Fix this by issuing just the error message.
When running on Debian/Ubuntu, I get a minute delay or so on every boot
because the local initramfs tries to resume from hibernation. This is
not really useful here, so always skip it
This in unnecessarilly unpleasant: the code might report about a bus
connection, e.g. in an error message or assert. Let's let it query
the name of the object.
This partially reverts f4b2933ee7.
The code has an explicit fallback using runtime_scope_to_string(), which
is also documented in the man page. So -ENXIO should only be returned when
the fallback doesn't work, i.e. bus->runtime_scope == -EINVAL.
Fixup for f4b2933ee7.
This should fix the following errors during boot:
May 18 16:05:37 fedora systemd-update-utmp[263]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora systemctl[360]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora systemctl[363]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora systemd-update-utmp[372]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora @ystemctl[387]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:40 fedora systemd-update-utmp[477]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:41 fedora systemd-homed[509]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:41 fedora systemd-logind[510]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:41 fedora systemd-update-utmp[529]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:42 fedora systemd-user-runtime-dir[531]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:42 fedora systemctl[542]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:42 fedora systemd-hostnamed[556]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
Interface=/MACVLAN=/IPVLAN= nspawn options take a _list_ of interface
names - this was recently enhanced by 2f091b1b49 to support interface
pairs. Unfortunately, this also introduced a regression where we don't
parse the list as a list, but just as a single value. For example,
having `Interface=sd-shared1 sd-shared2` in an nspawn config file would
throw:
systemd-nspawn[898]: Network interface, interface name not valid: sd-shared1 sd-shared2
systemd-nspawn[898]: /run/systemd/nspawn/testsuite-13.nspawn-settings.1po.nspawn:41: Failed to parse file: Invalid argument
Follow-up to 2f091b1b49.
Which bind-mounts the $BUILD_DIR into the container. This whole coverage
thing is getting slightly ridiculous.
Follow-up to 3b2823a749, but for non-machinectl containers.
DVE-2018-0001 has been fixed by the vendor, and this workaround is no longer
needed. Removal of this workaround improves performance as queries used to be
retried more than necessory.
This reverts 1ed4e584f3.
This reverts https://github.com/systemd/systemd/pull/18638
Keep .clamp_feature_level_servfail name, as imho it is more descriptive than
just .clamp_feature_level, especially if we ever need to add similar
workarounds as the one we had for DVE-2018-0001.
However note that there is another retry which was added in
8a33aa199d - seems to be working around Stubby
resolver behaviour.
Fixes: #26967
