[systemd-commits] stable Branch 'v215-stable' - 5 commits - configure.ac Makefile.am shell-completion/bash src/shared src/sysusers src/update-done
Zbigniew Jędrzejewski-Szmek
zbyszek at kemper.freedesktop.org
Tue Jul 22 18:05:47 PDT 2014
Makefile.am | 3 +-
configure.ac | 1
shell-completion/bash/journalctl | 9 ++++++-
src/shared/fileio-label.c | 2 -
src/shared/missing.h | 12 ++++++++++
src/sysusers/sysusers.c | 45 ++++++++++++++++++++-------------------
src/update-done/update-done.c | 25 +++++++++++++++++----
7 files changed, 67 insertions(+), 30 deletions(-)
New commits:
commit 62ae78fdcc50515d292f7622aeff7a89a5b2bfd3
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Mon Jul 21 20:56:29 2014 -0400
update-done: set proper selinux context for .updated
https://bugzilla.redhat.com/show_bug.cgi?id=1121806
(cherry picked from commit 7dbb1d08f66cd44b1296be3ee8e3629b989e19a8)
diff --git a/Makefile.am b/Makefile.am
index 53f82f9..764a4fd 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1724,6 +1724,7 @@ systemd_update_done_SOURCES = \
systemd_update_done_LDADD = \
libsystemd-internal.la \
+ libsystemd-label.la \
libsystemd-shared.la
# ------------------------------------------------------------------------------
diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c
index 10ba85c..b199a68 100644
--- a/src/update-done/update-done.c
+++ b/src/update-done/update-done.c
@@ -20,6 +20,7 @@
***/
#include "util.h"
+#include "label.h"
static int apply_timestamp(const char *path, struct timespec *ts) {
struct timespec twice[2];
@@ -51,10 +52,20 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
} else if (errno == ENOENT) {
_cleanup_close_ int fd = -1;
+ int r;
/* The timestamp file doesn't exist yet? Then let's create it. */
+ r = label_context_set(path, S_IFREG);
+ if (r < 0) {
+ log_error("Failed to set SELinux context for %s: %s",
+ path, strerror(-r));
+ return r;
+ }
+
fd = open(path, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
+ label_context_clear();
+
if (fd < 0) {
if (errno == EROFS) {
@@ -83,7 +94,7 @@ static int apply_timestamp(const char *path, struct timespec *ts) {
int main(int argc, char *argv[]) {
struct stat st;
- int r, q;
+ int r, q = 0;
log_set_target(LOG_TARGET_AUTO);
log_parse_environment();
@@ -94,11 +105,15 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
}
- r = apply_timestamp("/etc/.updated", &st.st_mtim);
+ r = label_init(NULL);
+ if (r < 0) {
+ log_error("SELinux setup failed: %s", strerror(-r));
+ goto finish;
+ }
+ r = apply_timestamp("/etc/.updated", &st.st_mtim);
q = apply_timestamp("/var/.updated", &st.st_mtim);
- if (q < 0 && r == 0)
- r = q;
- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+finish:
+ return r < 0 || q < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
commit ec300fdabb27c41258cf5aea91dae518a3b88a04
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Mon Jul 21 20:41:19 2014 -0400
sysusers: fix selinux context of backup files
Also, fix fopen_temporary_label to set proper context. By chance,
all users so far used the same context, so the error didn't matter.
Also, check return value from label_init().
https://bugzilla.redhat.com/show_bug.cgi?id=1121806
(cherry picked from commit 9f1c19405a1ccaf59dcc8c32c13a1619541189ad)
diff --git a/src/shared/fileio-label.c b/src/shared/fileio-label.c
index 417ca56..c3def3c 100644
--- a/src/shared/fileio-label.c
+++ b/src/shared/fileio-label.c
@@ -59,7 +59,7 @@ int fopen_temporary_label(const char *target,
const char *path, FILE **f, char **temp_path) {
int r;
- r = label_context_set("/etc/passwd", S_IFREG);
+ r = label_context_set(target, S_IFREG);
if (r < 0)
return r;
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index bf2fbbc..2387d58 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -195,8 +195,9 @@ static int load_group_database(void) {
return 0;
}
-static int make_backup(const char *x) {
- _cleanup_close_ int src = -1, dst = -1;
+static int make_backup(const char *target, const char *x) {
+ _cleanup_close_ int src = -1;
+ _cleanup_fclose_ FILE *dst = NULL;
char *backup, *temp;
struct timespec ts[2];
struct stat st;
@@ -213,30 +214,30 @@ static int make_backup(const char *x) {
if (fstat(src, &st) < 0)
return -errno;
- temp = strappenda(x, ".XXXXXX");
- dst = mkostemp_safe(temp, O_WRONLY|O_CLOEXEC|O_NOCTTY);
- if (dst < 0)
- return dst;
+ r = fopen_temporary_label(target, x, &dst, &temp);
+ if (r < 0)
+ return r;
- r = copy_bytes(src, dst, (off_t) -1);
+ r = copy_bytes(src, fileno(dst), (off_t) -1);
if (r < 0)
goto fail;
+ /* Don't fail on chmod() or chown(). If it stays owned by us
+ * and/or unreadable by others, then it isn't too bad... */
+
+ backup = strappenda(x, "-");
+
/* Copy over the access mask */
- if (fchmod(dst, st.st_mode & 07777) < 0) {
- r = -errno;
- goto fail;
- }
+ if (fchmod(fileno(dst), st.st_mode & 07777) < 0)
+ log_warning("Failed to change mode on %s: %m", backup);
- /* Don't fail on chmod(). If it stays owned by us, then it
- * isn't too bad... */
- fchown(dst, st.st_uid, st.st_gid);
+ if (fchown(fileno(dst), st.st_uid, st.st_gid)< 0)
+ log_warning("Failed to change ownership of %s: %m", backup);
ts[0] = st.st_atim;
ts[1] = st.st_mtim;
- futimens(dst, ts);
+ futimens(fileno(dst), ts);
- backup = strappenda(x, "-");
if (rename(temp, backup) < 0)
goto fail;
@@ -469,13 +470,13 @@ static int write_files(void) {
/* Make a backup of the old files */
if (group && group_changed) {
- r = make_backup(group_path);
+ r = make_backup("/etc/group", group_path);
if (r < 0)
goto finish;
}
if (passwd) {
- r = make_backup(passwd_path);
+ r = make_backup("/etc/passwd", passwd_path);
if (r < 0)
goto finish;
}
@@ -1529,9 +1530,11 @@ int main(int argc, char *argv[]) {
umask(0022);
- label_init(NULL);
-
- r = 0;
+ r = label_init(NULL);
+ if (r < 0) {
+ log_error("SELinux setup failed: %s", strerror(-r));
+ goto finish;
+ }
if (optind < argc) {
int j;
commit de92879c4fd08974b90bc73f3bd3129774486a1f
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sat Jul 19 19:46:04 2014 -0400
bash-completion: -p option for journalctl
(cherry picked from commit be8f4a9fa732d61e845e1ab1a62ac3a6b368d3a7)
diff --git a/shell-completion/bash/journalctl b/shell-completion/bash/journalctl
index e4b2f4a..14dcd22 100644
--- a/shell-completion/bash/journalctl
+++ b/shell-completion/bash/journalctl
@@ -35,6 +35,8 @@ __journal_fields=(MESSAGE{,_ID} PRIORITY CODE_{FILE,LINE,FUNC}
_UDEV_{SYSNAME,DEVNODE,DEVLINK}
__CURSOR __{REALTIME,MONOTONIC}_TIMESTAMP)
+__syslog_priorities=(emerg alert crit err warning notice info debug)
+
_journalctl() {
local field_vals= cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
local -A OPTS=(
@@ -44,8 +46,8 @@ _journalctl() {
--no-tail -q --quiet --setup-keys --this-boot --verify
--version --list-catalog --update-catalog --list-boots'
[ARG]='-b --boot --this-boot -D --directory --file -F --field
- -o --output -u --unit --user-unit'
- [ARGUNKNOWN]='-c --cursor --interval -n --lines -p --priority --since --until
+ -o --output -u --unit --user-unit -p --priority'
+ [ARGUNKNOWN]='-c --cursor --interval -n --lines --since --until
--verify-key'
)
@@ -68,6 +70,9 @@ _journalctl() {
--field|-F)
comps=${__journal_fields[*]}
;;
+ --priority|-p)
+ comps=${__syslog_priorities[*]}
+ ;;
--unit|-u)
comps=$(journalctl -F '_SYSTEMD_UNIT' 2>/dev/null)
;;
commit 766fa6bb149ece2ed4bb0d58e4f836a86bb51893
Author: Michael Olbrich <m.olbrich at pengutronix.de>
Date: Fri Jul 18 06:33:52 2014 +0200
install: systemd-timesyncd.service is enabled by sysinit.target
systemd-timesyncd.service has a "WantedBy=sysinit.target" so the
initially generated link should match that.
(cherry picked from commit e9b11a8457293c553296e5d986a0bb7f86f275d5)
diff --git a/Makefile.am b/Makefile.am
index 2b0c855..53f82f9 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4346,7 +4346,7 @@ nodist_systemunit_DATA += \
units/systemd-timesyncd.service
GENERAL_ALIASES += \
- $(systemunitdir)/systemd-timesyncd.service $(pkgsysconfdir)/system/multi-user.target.wants/systemd-timesyncd.service
+ $(systemunitdir)/systemd-timesyncd.service $(pkgsysconfdir)/system/sysinit.target.wants/systemd-timesyncd.service
EXTRA_DIST += \
units/systemd-timesyncd.service.in
commit 9f2dae12f4ee324e3c1cb26ce3ea382e586235b6
Author: Jean-André Santoni <jean.andre.santoni at gmail.com>
Date: Mon Jul 21 21:04:44 2014 -0400
Add IFLA_VTI defines to missing.h
(cherry picked from commit 6589d0dba2b1ccf2406db527c2c1b51c7143e117)
diff --git a/configure.ac b/configure.ac
index df6b357..8925eb5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -311,6 +311,7 @@ AC_CHECK_DECLS([gettid, pivot_root, name_to_handle_at, setns, LO_FLAGS_PARTSCAN]
]])
AC_CHECK_DECLS([IFLA_MACVLAN_FLAGS,
+ IFLA_VTI_REMOTE,
IFLA_PHYS_PORT_ID,
IFLA_BOND_AD_INFO,
IFLA_VLAN_PROTOCOL,
diff --git a/src/shared/missing.h b/src/shared/missing.h
index 818d704..2985285 100644
--- a/src/shared/missing.h
+++ b/src/shared/missing.h
@@ -380,6 +380,18 @@ static inline int setns(int fd, int nstype) {
#define IFLA_MACVLAN_MAX (__IFLA_MACVLAN_MAX - 1)
#endif
+#if !HAVE_DECL_IFLA_VTI_REMOTE
+#define IFLA_VTI_UNSPEC 0
+#define IFLA_VTI_LINK 1
+#define IFLA_VTI_IKEY 2
+#define IFLA_VTI_OKEY 3
+#define IFLA_VTI_LOCAL 4
+#define IFLA_VTI_REMOTE 5
+#define __IFLA_VTI_MAX 6
+
+#define IFLA_VTI_MAX (__IFLA_VTI_MAX - 1)
+#endif
+
#if !HAVE_DECL_IFLA_PHYS_PORT_ID
#undef IFLA_PROMISCUITY
#define IFLA_PROMISCUITY 30
More information about the systemd-commits
mailing list