Let's tighten the logic behind path_extract_filename() a bit: first of
all, refuse all cases of invalid paths with -EINVAL. More importantly
though return a recognizable error when a valid path is specified that
does not contain any filename. Specifically, "/" will now result in
-EADDRNOTAVAIL.
This changes API, but none of the existing callers care about the return
value, hence the change should be fine.
The wiki was slightly stale, and almost all the information there
was already present in the man page. I moved the remaing part (discussion)
into the man page and adjusted all links to point to the man page instead.
daemon(7) has a some examples of packaging scriptlets… I don't think it fits
there very well. Most likely they should be moved to systemd.preset(5) or maybe
even removed, but I'm leaving that for later.
Otherwise, the list becomes dirty when an entry is freed.
This also remove the entry from the hashmap only when its name is set.
The name should be always set, so that does not change anything. But
just for safety.
This should not change anything. As hashmap_remove() is called before
hashmap_ensure_put(). So, even if hashmap_ensure_put() fails, a wrong
entry will not removed from the hashmap by udev_list_entry_free().
But anyway, just for safety.
668b3a42fe allowed update-dbus-docs.py to start
running on Cent OS 8 (instead of skipping). But subprocess.check_output()'s
text argument didn't exist until Python 3.7 and C8 is still running
Python 3.6. Use universal_newlines instead for backwards compatibility.
The device is very similar to MACH-WX9 in many ways, including this
particular one. Adding these rules gets rid of evdev warnings as buttons
are being pressed on this device.
I think this formatting was originally used because it simplified
adding new options to the help messages. However, these days, most
tools their help message end with "\nSee the %s for details.\n" so
the final line almost never has to be edited which eliminates the
benefit of the custom formatting used for printf() help messages.
Let's make things more consistent and use the same formatting for
printf() help messages that we use everywhere else.
Prompted by https://github.com/systemd/systemd/pull/18355#discussion_r567241580
Actually, systemd takes the minimum of
* a) the maximum tasks value the kernel allows on this architecture
* b) the cgroups pids_max attribute for the system
* c) the kernel's configured maximum PID value
to calculate the DefaultTasksMax. Here, kernel.thread-max should also be methioned.
As documented at the top of the file we require the normal property if we have
the horizontal property, and we require the CLICK_ANGLE property if the
CLICK_COUNT property is present. Codify this into the hwdb parser so we can
pick up on it.
Follow-up for 4ea8b443de. The logic that manages DnsQueryCandidate is rather
complicated: a calls to dns_query_complete() that wants to destroy a
DnsQueryCandidate can be nested inside a deep chain of calls. Using reference
counts seems like the simplest approach.
DnsSearchDomain already uses reference counting.
This patch effectively brings dns_query_candidate_go() to the state before
4ea8b443de, but wraps the iteration over DnsQueryCandidate.transactions in
dns_query_candidate_ref+dns_query_candidate_unref.
Follow-up for 133b34f69a where this was
forgotten.
While we are at it, bring the parameters into the same order as we
declare them in the PullRaw/PullTar objects, i.e. match them to the
canonical order.
Implement directives `NoExecPaths=` and `ExecPaths=` to control `MS_NOEXEC`
mount flag for the file system tree. This can be used to implement file system
W^X policies, and for example with allow-listing mode (NoExecPaths=/) a
compromised service would not be able to execute a shell, if that was not
explicitly allowed.
Example:
[Service]
NoExecPaths=/
ExecPaths=/usr/bin/daemon /usr/lib64 /usr/lib
Closes: #17942.
Let's enable the Packit integration and see if it's a viable option for
us. This configuration builds systemd on Fedora (on x86_64, i386, and
aarch64) and runs the unit test suite. To do that, it uses the specfile
from Fedora Rawhide[0] with some minor modifications, thus dropping the
need to have a specfile in the upstream repository.
So far the builds took around 25 minutes each, so speed-wise it's pretty
good. The two remaining supported architectures (s390x and armhfp) are
excluded, for now, since they're emulated and build there takes a really
long time (~4 hours).
[0] https://src.fedoraproject.org/rpms/systemd/
