[systemd-commits] 4 commits - Makefile.am TODO src/shared units/systemd-importd.service.in

Lennart Poettering lennart at kemper.freedesktop.org
Thu Jan 22 09:55:52 PST 2015 

 Makefile.am                      |    2 +-
 TODO                             |    2 --
 src/shared/cgroup-show.c         |    4 +++-
 units/systemd-importd.service.in |    3 ++-
 4 files changed, 6 insertions(+), 5 deletions(-)

New commits:
commit 34109a531fb3b26fa00f0261987c7cca710e42aa
Author: Lennart Poettering <lennart at poettering.net>
Date:   Thu Jan 22 18:55:30 2015 +0100

    update TODO

diff --git a/TODO b/TODO
index fb77052..47694a6 100644
--- a/TODO
+++ b/TODO
@@ -37,8 +37,6 @@ Release 219 preparations:
 
 * nspawn: don't change superblock mount options from nspawn for cgroup hierarchies
 
-* importd: sandbox things
-
 * "systemctl kill" is broken
 
 * the dbus1 connection user id is actually the euid, not the uid, and creds should return that

commit e57565dd5bae380122ba1b6c34cbba1d44f44d1f
Author: Lennart Poettering <lennart at poettering.net>
Date:   Thu Jan 22 18:55:08 2015 +0100

    importd: run daemon at minimal capabilities

diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
index b9cb97e..26759ea 100644
--- a/units/systemd-importd.service.in
+++ b/units/systemd-importd.service.in
@@ -12,8 +12,9 @@ Documentation=man:systemd-importd.service(8)
 [Service]
 ExecStart=@rootlibexecdir@/systemd-importd
 BusName=org.freedesktop.import1
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
+NoNewPrivileges=yes
 WatchdogSec=1min
 PrivateTmp=yes
-PrivateDevices=yes
 ProtectSystem=full
 ProtectHome=yes

commit 3637713a2006320a8844adc6de5cd134444bb329
Author: Lennart Poettering <lennart at poettering.net>
Date:   Thu Jan 22 18:54:48 2015 +0100

    cgroup-show: don't hit assert, when the extra pids array is empty

diff --git a/src/shared/cgroup-show.c b/src/shared/cgroup-show.c
index 1e14ba6..d113277 100644
--- a/src/shared/cgroup-show.c
+++ b/src/shared/cgroup-show.c
@@ -43,7 +43,9 @@ static int compare(const void *a, const void *b) {
 static void show_pid_array(pid_t pids[], unsigned n_pids, const char *prefix, unsigned n_columns, bool extra, bool more, bool kernel_threads, OutputFlags flags) {
         unsigned i, j, pid_width;
 
-        assert(n_pids > 0);
+        if (n_pids <= 0)
+                return;
+
         qsort(pids, n_pids, sizeof(pid_t), compare);
 
         /* Filter duplicates */

commit 57d8a552af020a4dee034e2fd67782c3d8128f58
Author: Lennart Poettering <lennart at poettering.net>
Date:   Thu Jan 22 18:38:51 2015 +0100

    importd: fix path to download binary

diff --git a/Makefile.am b/Makefile.am
index d5344b9..2b7ee6f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -5280,7 +5280,7 @@ systemd_importd_SOURCES = \
 
 systemd_importd_CFLAGS = \
 	$(AM_CFLAGS) \
-	-D SYSTEMD_PULL_PATH=\"$(rootlibexecdir)/systemd-import\"
+	-D SYSTEMD_PULL_PATH=\"$(rootlibexecdir)/systemd-pull\"
 
 systemd_importd_LDADD = \
 	libsystemd-internal.la \

More information about the systemd-commits mailing list