[systemd-commits] 6 commits - configure.ac make-directive-index.py man/localectl.xml src/core src/journal src/shared
Zbigniew Jędrzejewski-Szmek
zbyszek at kemper.freedesktop.org
Wed May 29 21:45:01 PDT 2013
configure.ac | 1 +
make-directive-index.py | 20 +++++++++++---------
man/localectl.xml | 7 ++++++-
src/core/cgroup-semantics.c | 2 +-
src/core/condition.c | 13 ++++++++++++-
src/journal/journald-server.c | 6 ++++--
src/shared/acl-util.c | 28 ++++++++++++++++++++++++++++
src/shared/acl-util.h | 1 +
8 files changed, 64 insertions(+), 14 deletions(-)
New commits:
commit 23ad4dd8844c582929115a11ed2830a1371568d6
Author: Jan Alexander Steffens (heftig) <jan.steffens at gmail.com>
Date: Tue May 28 20:45:34 2013 +0200
journald: DO recalculate the ACL mask, but only if it doesn't exist
Since 11ec7ce, journald isn't setting the ACLs properly anymore if
the files had no ACLs to begin with: acl_set_fd fails with EINVAL.
An ACL with ACL_USER or ACL_GROUP entries but no ACL_MASK entry is
invalid, so make sure a mask exists before trying to set the ACL.
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index b717b92..da5b725 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -227,9 +227,11 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
}
}
- /* We do not recalculate the mask here, so that the fchmod() mask above stays intact. */
+ /* We do not recalculate the mask unconditionally here,
+ * so that the fchmod() mask above stays intact. */
if (acl_get_permset(entry, &permset) < 0 ||
- acl_add_perm(permset, ACL_READ) < 0) {
+ acl_add_perm(permset, ACL_READ) < 0 ||
+ calc_acl_mask_if_needed(&acl) < 0) {
log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
goto finish;
}
diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
index 48bb12f..fb04e49 100644
--- a/src/shared/acl-util.c
+++ b/src/shared/acl-util.c
@@ -69,6 +69,34 @@ int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) {
return 0;
}
+int calc_acl_mask_if_needed(acl_t *acl_p) {
+ acl_entry_t i;
+ int found;
+
+ assert(acl_p);
+
+ for (found = acl_get_entry(*acl_p, ACL_FIRST_ENTRY, &i);
+ found > 0;
+ found = acl_get_entry(*acl_p, ACL_NEXT_ENTRY, &i)) {
+
+ acl_tag_t tag;
+
+ if (acl_get_tag_type(i, &tag) < 0)
+ return -errno;
+
+ if (tag == ACL_MASK)
+ return 0;
+ }
+
+ if (found < 0)
+ return -errno;
+
+ if (acl_calc_mask(acl_p) < 0)
+ return -errno;
+
+ return 0;
+}
+
int search_acl_groups(char*** dst, const char* path, bool* belong) {
acl_t acl;
diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h
index 23090d9..36ef490 100644
--- a/src/shared/acl-util.h
+++ b/src/shared/acl-util.h
@@ -24,4 +24,5 @@
#include <stdbool.h>
int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry);
+int calc_acl_mask_if_needed(acl_t *acl_p);
int search_acl_groups(char*** dst, const char* path, bool* belong);
commit 8de1fd281e82c038797b02a447056a382f9b5110
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed May 29 22:48:58 2013 -0400
build-sys: more pretty colors
diff --git a/configure.ac b/configure.ac
index 14a90c5..c24b4a8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -128,6 +128,7 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
-ffast-math \
-fno-common \
-fdiagnostics-show-option \
+ -fdiagnostics-color \
-fno-strict-aliasing \
-fvisibility=hidden \
-ffunction-sections \
commit cb0edd735c40f3bda8a1956489a5794c322aee59
Author: Nirbheek Chauhan <nirbheek.chauhan at gmail.com>
Date: Wed May 29 15:38:04 2013 -0400
core: use the same test as upstart for apparmor
Lennart:
> Hmm, I just noticed this patch:
>
> https://code.launchpad.net/~mdeslaur/upstart/apparmor-support/+merge/164169
>
> It contains a different check for AppArmor. Basically something like this:
>
> /sys/module/apparmor/parameters/enabled == 'Y'
>
> I'd prefer if we could change our code to do the same, given that
> the Ubuntu guys are guys are upstream for apparmor.
https://bugs.freedesktop.org/show_bug.cgi?id=63312
diff --git a/src/core/condition.c b/src/core/condition.c
index 4293d6d..b2617ef 100644
--- a/src/core/condition.c
+++ b/src/core/condition.c
@@ -157,13 +157,24 @@ static bool test_virtualization(const char *parameter) {
return v > 0 && streq(parameter, id);
}
+static bool test_apparmor_enabled(void) {
+ int r;
+ _cleanup_free_ char *p = NULL;
+
+ r = read_one_line_file("/sys/module/apparmor/parameters/enabled", &p);
+ if (r < 0)
+ return false;
+
+ return parse_boolean(p) > 0;
+}
+
static bool test_security(const char *parameter) {
#ifdef HAVE_SELINUX
if (streq(parameter, "selinux"))
return is_selinux_enabled() > 0;
#endif
if (streq(parameter, "apparmor"))
- return access("/sys/kernel/security/apparmor/", F_OK) == 0;
+ return test_apparmor_enabled();
if (streq(parameter, "ima"))
return access("/sys/kernel/security/ima/", F_OK) == 0;
if (streq(parameter, "smack"))
commit 827f70eb764428baa397e9f3e295c470a1fd43e6
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed May 29 22:31:20 2013 -0400
man: fix display of keys which appear in two sections in directive index
When an index key appeared in multiple sections (e.g.
CPUAffinity= was present in both "SYSTEM MANAGER DIRECTIVES"
and "UNIT DIRECTIVES"), when lxml was used, the key would
be not be displayed in all but one of those sections, and
only an empty <term/> element would be present. This
happens because lxml allows only one parent for each node,
and when the same formatted element was used in multiple places,
it was actually moved between them. Fix this by making a copy
of the element. The bug was present since lxml support was
introduced.
Also fix some indentation issues.
diff --git a/make-directive-index.py b/make-directive-index.py
index 396947b..468d14d 100755
--- a/make-directive-index.py
+++ b/make-directive-index.py
@@ -21,6 +21,7 @@ import sys
import collections
import re
from xml_helper import *
+from copy import deepcopy
TEMPLATE = '''\
<refentry id="systemd.directives" conditional="HAVE_PYTHON">
@@ -226,19 +227,20 @@ def _make_section(template, name, directives, formatting):
for varname, manpages in sorted(directives.items()):
entry = tree.SubElement(varlist, 'varlistentry')
term = tree.SubElement(entry, 'term')
- term.append(formatting[varname])
+ display = deepcopy(formatting[varname])
+ term.append(display)
para = tree.SubElement(tree.SubElement(entry, 'listitem'), 'para')
b = None
for manpage, manvolume in sorted(set(manpages)):
- if b is not None:
- b.tail = ', '
- b = tree.SubElement(para, 'citerefentry')
- c = tree.SubElement(b, 'refentrytitle')
- c.text = manpage
- d = tree.SubElement(b, 'manvolnum')
- d.text = manvolume
+ if b is not None:
+ b.tail = ', '
+ b = tree.SubElement(para, 'citerefentry')
+ c = tree.SubElement(b, 'refentrytitle')
+ c.text = manpage
+ d = tree.SubElement(b, 'manvolnum')
+ d.text = manvolume
entry.tail = '\n\n'
def _make_colophon(template, groups):
@@ -264,7 +266,7 @@ def _make_page(template, directive_groups, formatting):
}
"""
for name, directives in directive_groups.items():
- _make_section(template, name, directives, formatting)
+ _make_section(template, name, directives, formatting)
_make_colophon(template, directive_groups.values())
commit 310b59edcf0a98343425a47ea5835fc670c0cda3
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Wed May 29 22:38:06 2013 -0400
man: link to XKB conf. guide in localectl(1)
diff --git a/man/localectl.xml b/man/localectl.xml
index febdeec..4a04570 100644
--- a/man/localectl.xml
+++ b/man/localectl.xml
@@ -49,7 +49,9 @@
<refsynopsisdiv>
<cmdsynopsis>
- <command>localectl <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="req">COMMAND</arg></command>
+ <command>localectl</command>
+ <arg choice="opt" rep="repeat">OPTIONS</arg>
+ <arg choice="req">COMMAND</arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -276,6 +278,9 @@
<citerefentry><refentrytitle>vconsole.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>loadkeys</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>kbd</refentrytitle><manvolnum>4</manvolnum></citerefentry>,
+ <ulink url="http://www.x.org/releases/current/doc/xorg-docs/input/XKB-Config.html">
+ The XKB Configuration Guide
+ </ulink>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-localed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
commit ccd90a976dbaf2acd1b62eb46f26bc35ae090467
Author: Eelco Dolstra <eelco.dolstra at logicblox.com>
Date: Fri May 24 13:34:53 2013 -0400
Fix CPUShares configuration option
This fixes the error message "Unknown or unsupported cgroup attribute
CPUShares".
diff --git a/src/core/cgroup-semantics.c b/src/core/cgroup-semantics.c
index 82b02bb..7df9d01 100644
--- a/src/core/cgroup-semantics.c
+++ b/src/core/cgroup-semantics.c
@@ -255,7 +255,7 @@ static int map_blkio(const CGroupSemantics *s, const char *value, char **ret) {
}
static const CGroupSemantics semantics[] = {
- { "cpu", "cpu.shares", "CPUShare", false, parse_cpu_shares, NULL, NULL },
+ { "cpu", "cpu.shares", "CPUShares", false, parse_cpu_shares, NULL, NULL },
{ "memory", "memory.soft_limit_in_bytes", "MemorySoftLimit", false, parse_memory_limit, NULL, NULL },
{ "memory", "memory.limit_in_bytes", "MemoryLimit", false, parse_memory_limit, NULL, NULL },
{ "devices", "devices.allow", "DeviceAllow", true, parse_device, map_device, NULL },
More information about the systemd-commits
mailing list