also be locked down). But even without that, mount -o noexec
does meaningfully improve security, and the trivial workaround no longer
works.
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
ation, and many such programs can
do such caching themselves without worrying about an unexpected fork().
I think only specialized library code would ever want to do this.
Hopefully these numbers will help anyone looking to implement such
caching in their own code.
- Josh Triplett
#include
#i
On Tue, Aug 29, 2017 at 06:43:58PM +0200, Lennart Poettering wrote:
> On Sa, 26.08.17 10:43, Josh Triplett (j...@joshtriplett.org) wrote:
>
> > systemd's file-hierarchy manpage
> > <https://www.freedesktop.org/software/systemd/man/file-hierarchy.html>
> > docume
d ~/.local/bin to the XDG Base Directory
specification itself? I'd be happy to write up an addition to the spec
for that, and propose it on the appropriate list.
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
htt
Lennart Poettering wrote:
> inotify doesn't really provide such a feature, and fanotify is
> crap.
Leaving aside any other issues with fanotify, it doesn't seem to provide
this feature either; "man fanotify" says "Fanotify monitoring of
directories is not recursive: to monitor subdirectories under
On April 20, 2015 8:39:33 AM PDT, Lennart Poettering
wrote:
>On Fri, 17.04.15 08:52, Josh Triplett (j...@joshtriplett.org) wrote:
>
>> On Thu, Apr 16, 2015 at 08:23:45PM +0200, Lennart Poettering wrote:
>> > Now, to put together a more complex scenario for you: consider a
&g
e remaining less-controversial
parts of kdbus merged, and then make the case for that separately. Then
kdbus would be available for everyone to use sooner, and later on it
could gain some additional features.
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
support if anyone would be
interested in saying "yes, this is the solution we want".
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
_warning("Key file %s is
> > world-readable. This is not a good idea!", key_file);
> > +}
>
> I'd prefer if we'd change the check instead to only apply to
> S_ISREG() files. This way we wouldn't have to list all RNG
On Thu, Dec 25, 2014 at 10:20:14PM +0100, Kay Sievers wrote:
> On Sat, Dec 6, 2014 at 11:46 PM, Josh Triplett wrote:
> > I went to use libabc as the basis for a new library, and found a few issues;
> > rather than just correcting them in my own library, I'd like to push the
&
The sample libabc includes functions to get a "thing", as a sample
sub-object of the overall library context. Each "thing" has a reference
to the parent library context, and a function to return that reference.
Given that, abc_thing_new_from_string should call abc_ref, and
abc_thing_unref should c
On Mon, Dec 08, 2014 at 05:09:17PM +0100, David Herrmann wrote:
> On Sun, Dec 7, 2014 at 2:39 AM, Josh Triplett wrote:
> > The sample libabc includes functions to get a "thing", as a sample
> > sub-object of the overall library context. Each "thing" has a
hing, which would have a pointer to an invalid abc context.
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
It has changed in the past, and these days, anyone can get a copy of the
LGPL via the web rather than by post.
---
src/abc/libabc.h | 4
src/libabc-private.h | 4
src/libabc.c | 4
src/test-libabc.c| 4
4 files changed, 16 deletions(-)
diff --git a/src/abc/liba
Otherwise, if someone uses "sh autogen.sh", the -e will get ignored.
---
autogen.sh | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/autogen.sh b/autogen.sh
index 0d60b0a..07afd85 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -1,4 +1,5 @@
-#!/bin/sh -e
+#!/bin/sh
+set -e
if [
---
m4/.gitignore | 1 -
1 file changed, 1 deletion(-)
diff --git a/m4/.gitignore b/m4/.gitignore
index 8bab51c..38066dd 100644
--- a/m4/.gitignore
+++ b/m4/.gitignore
@@ -3,4 +3,3 @@ ltoptions.m4
ltsugar.m4
ltversion.m4
lt~obsolete.m4
-
--
2.1.3
_
Source files, including those in the library itself, should include
, not .
---
Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index 1ac18d0..aa53b51 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -7,7 +7,6 @@ AM_CPPFLAGS = \
-include $(top_builddir
As README points out, the library should not execute out-of-process
tools. Thus, it should never need to know LIBEXECDIR.
---
Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/Makefile.am b/Makefile.am
index aa53b51..d7dcaed 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -6,7 +6,6 @@
I went to use libabc as the basis for a new library, and found a few issues;
rather than just correcting them in my own library, I'd like to push the
changes back into libabc.
Josh Triplett (5):
Makefile.am: Don't add abc subdirectory to include path
Makefile.am: Don't de
On Sun, Nov 30, 2014 at 12:23:07AM +0100, Lennart Poettering wrote:
> Applied! Thanks!
Thanks for the fast response!
Out of curiosity, what's the process/criteria to apply for commit
access? (I have an fd.o account already.) I didn't see any documented
on the systemd homepage.
-
Also provide guidance to distributions, to make sure they don't start
dropping files in the configuration directories in /etc/.
---
NEWS | 13 +
1 file changed, 13 insertions(+)
diff --git a/NEWS b/NEWS
index 0d3ab2b..8fc0720 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,19 @@ CHANGES WITH
---
src/journal-remote/journal-remote.c | 8
src/journal-remote/journal-upload.c | 8
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/journal-remote/journal-remote.c
b/src/journal-remote/journal-remote.c
index a5d40cb..6ec5ad2 100644
--- a/src/journal-remote/j
---
Makefile-man.am | 5 +
man/resolved.conf.xml| 16 +++-
src/resolve/resolved-conf.c | 9 +
src/resolve/resolved.conf.in | 3 +++
4 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/Makefile-man.am b/Makefile-man.am
index 01d3408..36e0
---
Makefile-man.am| 7 ++-
man/timesyncd.conf.xml | 17 +++--
src/timesync/timesyncd-conf.c | 9 +
src/timesync/timesyncd.conf.in | 3 +++
4 files changed, 25 insertions(+), 11 deletions(-)
diff --git a/Makefile-man.am b/Makefile-man.am
index 3
---
Makefile-man.am | 6 --
man/coredump.conf.xml | 14 +++---
src/journal/coredump.c| 9 +
src/journal/coredump.conf | 3 +++
4 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/Makefile-man.am b/Makefile-man.am
index 593dc40..01d3408 100644
--
---
Makefile-man.am | 6 --
man/bootchart.conf.xml | 21 +++--
src/bootchart/bootchart.c| 7 +++
src/bootchart/bootchart.conf | 3 +++
4 files changed, 25 insertions(+), 12 deletions(-)
diff --git a/Makefile-man.am b/Makefile-man.am
index 2a0d73e.
---
Makefile-man.am | 5 +
man/systemd-sleep.conf.xml | 15 ---
man/systemd-suspend.service.xml | 3 ++-
src/shared/sleep-config.c | 7 ---
4 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/Makefile-man.am b/Makefile-man.am
index e0c1
---
Makefile-man.am | 12 +++-
man/systemd-system.conf.xml | 25 -
man/systemd.xml | 10 ++
src/core/main.c | 9 -
src/core/system.conf| 3 +++
src/core/user.conf | 3 +++
6 files changed, 47 in
---
Makefile-man.am | 5 +
man/journald.conf.xml | 14 +++---
src/journal/journald-server.c | 9 +
src/journal/journald.conf | 3 +++
4 files changed, 24 insertions(+), 7 deletions(-)
diff --git a/Makefile-man.am b/Makefile-man.am
index f025be0..e0
Several manpages contain duplicate text describing a standard set of .d
configuration directories, with the usual sorting, precedence,
overrides, and so on. Factor this common text out using XInclude before
proliferating it even further.
---
Makefile-man.am| 1 +
man/binfmt.d.xml |
---
Makefile-man.am | 5 +
man/logind.conf.xml | 1 +
2 files changed, 6 insertions(+)
diff --git a/Makefile-man.am b/Makefile-man.am
index f817a05..906a968 100644
--- a/Makefile-man.am
+++ b/Makefile-man.am
@@ -1110,8 +1110,13 @@ MANPAGES += \
man/logind.conf.5 \
man/syst
On Thu, Nov 27, 2014 at 01:45:43AM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> On Wed, Nov 26, 2014 at 01:24:53PM +0100, Gergely Nagy wrote:
> > >>>>> "Josh" == Josh Triplett writes:
> >
> > Josh> This makes it possible to drop in login
work for you, I can produce
additional patches for the other config files in /etc/systemd.
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
This makes it possible to drop in logind configuration snippets from a
package or other configuration management mechanism.
Add documentation to the header of /etc/logind.conf pointing the user at
/etc/logind.conf.d/*.conf.
Introduce a new helper, conf_parse_many, to parse configuration files in
Several different systemd tools define a nulstr containing a standard
series of configuration file directories, in /etc, /run, /usr/local/lib,
/usr/lib, and (#ifdef HAVE_SPLIT_USR) /lib. Factor that logic out into
a new helper macro, CONF_DIRS_NULSTR.
---
Realized when defining the Nth instance o
; make sense in /etc only really, and should be the total exception in
> /usr.
OK, if you're fine with /usr/lib/systemd/logind.conf.d/*.conf overriding
/etc/logind.conf, then the patch gets *really* simple, and I'll submit
v3 soon.
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
On Fri, Oct 17, 2014 at 08:40:48AM +0300, Mantas Mikulėnas wrote:
> On Fri, Oct 17, 2014 at 7:29 AM, Josh Triplett wrote:
> > This makes it possible to drop in logind configuration snippets from a
> > package or other configuration management mechanism.
>
> I'm still
This makes it possible to drop in logind configuration snippets from a
package or other configuration management mechanism.
Introduce a new helper, conf_parse_many, to parse configuration files in
a search path.
systemd now installs /usr/lib/systemd/logind.conf.d/50-default.conf
rather than /etc/
On Thu, Oct 16, 2014 at 09:42:50AM -0400, Rahul Sundaram wrote:
> On Thu, Oct 16, 2014 at 6:27 AM, Josh Triplett wrote:
> > This makes it possible to drop in configuration file snippets from a
> > package or other configuration management mechanism.
>
> Shouldn't those
On Thu, Oct 16, 2014 at 03:36:57PM +0200, Zbigniew Jędrzejewski-Szmek wrote:
> On Thu, Oct 16, 2014 at 12:27:21PM +0200, Josh Triplett wrote:
> > This makes it possible to drop in configuration file snippets from a
> > package or other configuration management mechanism.
> Wha
This makes it possible to drop in configuration file snippets from a
package or other configuration management mechanism.
---
man/logind.conf.xml | 4 +++-
src/login/logind.c | 21 +
src/shared/conf-parser.c | 19 +++
src/shared/conf-parser.h | 7 ++
On Thu, Oct 02, 2014 at 09:11:39PM +0200, Lennart Poettering wrote:
> On Thu, 02.10.14 11:56, Josh Triplett (j...@joshtriplett.org) wrote:
>
> > On Thu, Oct 02, 2014 at 09:36:46AM +0200, Jan Synacek wrote:
> > > Introduce option to display time in UTC.
> >
> > Do
On Thu, Oct 02, 2014 at 09:36:46AM +0200, Jan Synacek wrote:
> Introduce option to display time in UTC.
Does "TZ=UTC journalctl" not do the right thing? A quick test here
suggests that it does. That seems preferable to teaching individual
tools to special-case UTC.
-
then I don't want *anything* other than the VPN itself to send
traffic over a non-VPN interface. Any way we could fix that while
retaining the "works out of the box" behavior?
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@l
On Mon, Aug 25, 2014 at 07:19:47PM +0200, Lennart Poettering wrote:
> On Sat, 23.08.14 19:26, Josh Triplett (j...@joshtriplett.org) wrote:
>
> > Rather than requiring a third-party tool for this, systemctl should
> > handle this natively.
>
> This has been proposed befo
Rather than requiring a third-party tool for this, systemctl should
handle this natively.
---
TODO | 1 +
1 file changed, 1 insertion(+)
diff --git a/TODO b/TODO
index 0fcd3a0..aaf6444 100644
--- a/TODO
+++ b/TODO
@@ -441,6 +441,7 @@ Features:
- Something is wrong with symlink handling of "aut
On Wed, Jul 09, 2014 at 01:16:04AM +, "Jóhann B. Guðmundsson" wrote:
>
> On 07/09/2014 01:05 AM, j...@joshtriplett.org wrote:
> >On Tue, Jul 08, 2014 at 10:45:11PM +, "Jóhann B. Guðmundsson" wrote:
> >>>
> >>>On 07/08/2014 10:45 PM,
;. This also allows MachineRole to contain
something like "staging foobranch", for instance, which indicates a
staging server that's part of the experimental parallel foobranch
infrastructure.
This would still allow the role string to serve its prima
nd-editing logind.conf.
Does that sound like a reasonable addition? Happy to write the patch if
so.
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
On Sun, Mar 16, 2014 at 02:56:10PM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> On Sat, Mar 15, 2014 at 11:40:07AM -0700, Josh Triplett wrote:
> > GCC optimizes strlen("string constant") to a constant, even with -O0.
> > Thus, replace patterns like sizeof("strin
GCC optimizes strlen("string constant") to a constant, even with -O0.
Thus, replace patterns like sizeof("string constant")-1 with
strlen("string constant") where possible, for clarity. In particular,
for expressions intended to add up the lengths of components going into
a string, this often make
Some systems turn the backlight all the way off at the lowest levels.
Clamp saved brightness to at least 1 or 5% of max_brightness. This
avoids preserving an unreadably dim screen, which would otherwise force
the user to disable state restoration.
---
v2: Send the right patch this time. Factor cl
udev_device_get_sysattr_value returns NULL on failure, but doesn't
provide an error code; thus, when printing an error from it, don't print
an unrelated error code from a previous call.
---
v2: Patch 1/2 unchanged from v1.
src/backlight/backlight.c | 2 +-
1 file changed, 1 insertion(+), 1 deletio
On Wed, Mar 12, 2014 at 03:32:47AM +0100, Lennart Poettering wrote:
> On Tue, 11.03.14 18:55, Josh Triplett (j...@joshtriplett.org) wrote:
>
> > +/* Some systems turn the backlight all the way off at the
> > + * lowest levels. Clamp saved bright
Some systems turn the backlight all the way off at the lowest levels.
Clamp saved brightness to at least 1 or 5% of max_brightness. This
avoids preserving an unreadably dim screen, which would otherwise force
the user to disable state restoration.
---
src/backlight/backlight.c | 39 ++
udev_device_get_sysattr_value returns NULL on failure, but doesn't
provide an error code; thus, when printing an error from it, don't print
an unrelated error code from a previous call.
---
src/backlight/backlight.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/backlight/
With in_charset now reduced to a one-liner (plus asserts), make it a
static inline.
---
This applies on top of the previous patch simplifying in_charset.
src/shared/util.c | 6 --
src/shared/util.h | 6 +-
2 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/src/shared/util.c b
This simplifies in_charset down to a one-liner, and allows for possible
optimizations of strspn in libc.
---
src/shared/util.c | 9 +
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/src/shared/util.c b/src/shared/util.c
index d28caae..82326df 100644
--- a/src/shared/util.c
+++
ies? I prefer to avoid
simultaneously changing code and moving it, since it makes the change
diff less obvious.
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
On Mon, Mar 10, 2014 at 04:44:02PM +0100, Lennart Poettering wrote:
> On Sat, 08.03.14 20:33, Josh Triplett (j...@joshtriplett.org) wrote:
>
> > avoid_cleanup also returns a copy of the pointer, making it convenient
> > to use at the point where initialization completes, to ha
GCC optimizes strlen("string constant") to a constant, even with -O0.
Thus, replace patterns like sizeof("string constant")-1 with
strlen("string constant") where possible, for clarity. In particular,
for expressions intended to add up the lengths of components going into
a string, this often make
avoid_cleanup also returns a copy of the pointer, making it convenient
to use at the point where initialization completes, to hand the constructed
object off somewhere without freeing it.
Change all NULL assignments tagged with /* avoid cleanup */ to use this
instead.
---
Seems like a common patt
On Wed, Mar 05, 2014 at 10:21:17PM +0100, David Herrmann wrote:
> On Wed, Mar 5, 2014 at 8:31 PM, Josh Triplett wrote:
> > On Wed, Mar 05, 2014 at 07:10:51PM +0100, Lennart Poettering wrote:
> >> On Wed, 05.03.14 09:46, Josh Triplett (j...@joshtriplett.org) wrote:
> >>
On Wed, Mar 05, 2014 at 07:10:51PM +0100, Lennart Poettering wrote:
> On Wed, 05.03.14 09:46, Josh Triplett (j...@joshtriplett.org) wrote:
> > systemd-backlight saves backlight levels on shutdown, and restores them
> > on startup. However, on some systems, backlight level 0 actuall
On Wed, Mar 05, 2014 at 06:59:27PM +0100, David Herrmann wrote:
> On Wed, Mar 5, 2014 at 6:46 PM, Josh Triplett wrote:
> > systemd-backlight saves backlight levels on shutdown, and restores them
> > on startup. However, on some systems, backlight level 0 actually turns
> &g
nt to restore backlight level
0.)
- Something ought to listen to the brightness keys (and perhaps other
hotkeys) in pure text mode. systemd seems like a good place for such
a something to live.
- Josh Triplett
___
systemd-devel mailing list
sy
On Sat, Mar 01, 2014 at 03:03:17PM +, Colin Walters wrote:
> On Fri, Feb 28, 2014 at 9:36 AM, Josh Triplett
> wrote:
> >---
> >
> >Strawman proposal, open to suggestions.
> >
> ...
> >
> >+ - Simple conditionals: "C path mode user group -
---
Strawman proposal, open to suggestions. A change like this would make
tmpfiles flexible enough to detect what permission configuration an
admin wants to use and go along with that. In general, "set a
directory's permissions based on the set{u,g}id status of the binary"
seems common enough to
.
Is this due to the issues with touching NSS from PID 1?
What might it take to add those options back?
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
On Tue, Apr 23, 2013 at 01:45:32AM +0200, Tom Gundersen wrote:
> On Mon, Apr 22, 2013 at 11:53 PM, Josh Triplett wrote:
> > 1) Leave only root in /etc/passwd and /etc/group.
>
> Not commenting on the overall idea, but if you are going to do
> something like this, at least allow
On Mon, Apr 22, 2013 at 11:24:56PM +0200, Kay Sievers wrote:
> On Mon, Apr 22, 2013 at 9:29 PM, Josh Triplett wrote:
> > On Thu, Apr 18, 2013 at 12:26:15AM +0200, Kay Sievers wrote:
> >> On Wed, Apr 17, 2013 at 11:50 PM, Josh Triplett
> >> wrote:
> >> >
On Thu, Apr 18, 2013 at 12:26:15AM +0200, Kay Sievers wrote:
> On Wed, Apr 17, 2013 at 11:50 PM, Josh Triplett wrote:
> > ---
> > TODO |5 +
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/TODO b/TODO
> > index eb482d0..6cf632a 100644
>
On Thu, Apr 18, 2013 at 12:42:38AM +0200, Kay Sievers wrote:
> On Thu, Apr 18, 2013 at 12:28 AM, Josh Triplett wrote:
> > On Thu, Apr 18, 2013 at 12:12:38AM +0200, Kay Sievers wrote:
> >> On Wed, Apr 17, 2013 at 11:49 PM, Josh Triplett
> >> wrote:
> >
---
Resubmitting the uncontroversial bits.
TODO | 2 ++
1 file changed, 2 insertions(+)
diff --git a/TODO b/TODO
index 88be72d..33c24ea 100644
--- a/TODO
+++ b/TODO
@@ -272,6 +272,8 @@ Features:
- journal: store euid in journal if it differs from uid
- journal: sanely deal with entries wh
libsystemd-audit needs functions from libsystemd-shared, so
libsystemd-audit needs to appear first. Otherwise:
CCLD systemd-logind
./.libs/libsystemd-audit.a(audit.o): In function `audit_session_from_pid':
/home/josh/src/systemd/src/shared/audit.c:50: undefined reference to
`detect_container
On Thu, Apr 18, 2013 at 12:15:22AM +0200, Kay Sievers wrote:
> On Thu, Apr 18, 2013 at 12:11 AM, Josh Triplett wrote:
> > On Thu, Apr 18, 2013 at 12:04:24AM +0200, Kay Sievers wrote:
> >> On Wed, Apr 17, 2013 at 11:50 PM, Josh Triplett
> >> wrote:
> >
On Thu, Apr 18, 2013 at 12:12:38AM +0200, Kay Sievers wrote:
> On Wed, Apr 17, 2013 at 11:49 PM, Josh Triplett wrote:
>
> > + - Replace utmp, wtmp, btmp, and lastlog completely with journal
>
> We should definitely add the data needed to constuct this information,
> if
On Thu, Apr 18, 2013 at 12:04:24AM +0200, Kay Sievers wrote:
> On Wed, Apr 17, 2013 at 11:50 PM, Josh Triplett wrote:
>
> > + - unit generator for compatibility with crontab and cron.d
>
> We kind of decided to port the 40-60 things that use the .d/ dirs to
> native units
---
TODO |5 +
1 file changed, 5 insertions(+)
diff --git a/TODO b/TODO
index eb482d0..6cf632a 100644
--- a/TODO
+++ b/TODO
@@ -679,6 +679,11 @@ External:
- put bootcharts in the journal
- kernel cmdline "bootchart" option for simplicity?
+* Support passwd.d and group.d; accumul
---
TODO |7 +++
1 file changed, 7 insertions(+)
diff --git a/TODO b/TODO
index 88be72d..48e5d2e 100644
--- a/TODO
+++ b/TODO
@@ -272,6 +272,13 @@ Features:
- journal: store euid in journal if it differs from uid
- journal: sanely deal with entries which are larger than the individu
---
TODO |1 +
1 file changed, 1 insertion(+)
diff --git a/TODO b/TODO
index 48e5d2e..eb482d0 100644
--- a/TODO
+++ b/TODO
@@ -320,6 +320,7 @@ Features:
o CLOCK_REALTIME makes jumps (TFD_TIMER_CANCEL_ON_SET)
o DST changes
- Support 2012-02~4 as syntax for specifying the fourth to
The new socket option SO_REUSEPORT would enable some new functionality;
add it to TODO.
---
TODO |5 +
1 file changed, 5 insertions(+)
diff --git a/TODO b/TODO
index f1a0bcf..f469e96 100644
--- a/TODO
+++ b/TODO
@@ -46,6 +46,11 @@ Fedora 19:
Features:
+* Support SO_REUSEPORT with soc
t
plan to include the patch unless PAM upstream does. I've submitted the
patch to upstream PAM, but haven't managed to get any response yet.
As soon as that patch or something like it makes it into PAM, the PAM
scripts for login and similar services can switch to pam_exec, and
Debian
On Wed, Mar 14, 2012 at 06:58:32PM +0100, Lennart Poettering wrote:
> On Wed, 07.03.12 06:34, Josh Triplett (j...@joshtriplett.org) wrote:
> > I've attached a header file which should provide all the endianness
> > checking you need. Just include it in place of end
orresponding Sparse attributes,
and which become no-ops when compiling with GCC. I'd recommend
following that approach.
I've attached a header file which should provide all the endianness
checking you need. Just include it in place of endian.h everywhere you
currently include endia
On Wed, Aug 24, 2011 at 08:39:38PM +0200, Lennart Poettering wrote:
> On Sat, 06.08.11 15:48, Josh Triplett (j...@joshtriplett.org) wrote:
>
> > Many people prefer to avoid clearing /tmp and /var/tmp, and
> > distributions often have explicit settings for how often to clear
temd.conf file, so that it is cleared on boot?
Files in /tmp get cleared when older than 10 days; that seems like a
fine default.
- Josh Triplett
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
This manpage presents the special targets in alphabetical order, but
time-sync.target appeared in the wrong place.
---
man/systemd.special.xml.in | 28 ++--
1 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/man/systemd.special.xml.in b/man/systemd.special.x
---
Using .X[0-9]*-lock seems safe to me, but if you prefer I can write
separate lines for [0-9], [0-9][0-9], and [0-9][0-9][0-9]. Now if only
tmpfiles.d could do regexes or extglob rather than just shell-style
globs. :)
tmpfiles.d/x11.conf |2 +-
1 files changed, 1 insertions(+), 1 deletio
Many people prefer to avoid clearing /tmp and /var/tmp, and
distributions often have explicit settings for how often to clear them
if at all. Overriding those with systemd currently requires overriding
all of /usr/lib/tmpfiles.d/systemd.conf via
/etc/tmpfiles.d/systemd.conf, copying across all the
arily useful to avoid accidental changes to the host
system from the container."
How can a process in a systemd-nspawn container circumvent the container
setup? What additional steps would systemd-nspawn need to take to
provide a secure container setup?
- Jos
On Sat, Apr 23, 2011 at 11:28:58AM +0800, microcai wrote:
> 于 2011年04月23日 10:55, Josh Triplett 写道:
> > The systemd-nspawn manpage lists the various mechanisms used to isolate
> > the container, and then says "Note that even though these security
> > precautions are t
arily useful to avoid accidental changes to the host
system from the container."
How can a process in a systemd-nspawn container circumvent the container
setup? What additional steps would systemd-nspawn need to take to
provide a secure container setup?
- Jos
93 matches
Mail list logo