Rivoreo Source Code Repositories
src.rivoreo.one / systemd-stable / v246.4
tag5a7886c4fde182d10aaa5e1c4e35f7fac8633ef2
taggerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>Wed Sep 02 12:12:15 2020 +0200
objectdc2e82af332b39a2dc615b5f29220df22dfe4e77 
systemd-stable v246.4
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEXCUbX8VOsvgPQHqqxUyjNs/rVX4FAl9Pb/8ACgkQxUyjNs/r
VX40xA/+LpwwLyPLMQ8AhCO6Gd3BkGKuH9TsrTlJDCIwIHrpulQImrvIPsbB8EWx
do7axaQw8TqV5yemsjJVqX9iilNiyQ2RrNwkYWOA+QkKyqz8IwZAguhnUaMEFbSb
AmfHLidt9IE2gM8AeONZ5cL9v2QMQig5c/dM2rKfsz5NU//PhJMLZ3ZyURn/0+SY
wczFRikKRP3V6QOyaMmPmOM88m2Us20N1wRTWvhN4rhmzoI8t3jkMjFEjGHQhPdu
+ypFQPjvTh99fs3BBBVhvbtA/k0Vf4YuBTioRSL9fZ7cV30rkPf135bjRDWTZc93
zCEtcjE6YusD7O1EYbpm0/kt6qgzsNZ4inlW6oba2QYI0Llp3PWrUKooYJJ9XWqx
xYh/LTOUzqTkSZPTx+509kSqxZUEwuX6LBQSR1LF7LCBKdFDHgqJLqyh4GWbplsz
sw5ODaChJ3i0nctgEWDR5vDdvWWsg2obG8ZxtOhYgWhQU7MAtjkJ/PhIlIWW6FW+
74aP2LyUTlISJasPFQQkmEVnjXZRkJlUAGCnBOkSCjUZBVsIA4kRb7jB1lO9kk5H
9qLWXw/qvkSWauP+p0j7NcbRC2Xn1aCi8xgE1HKaAWXI2u5AaGh81BGDng8Neekb
BxSQ7msRe8XypU9L9K9f5HGilL5N+5tbszhE5m7j7eLA7bMp5hs=
=E8+h
-----END PGP SIGNATURE-----
commitdc2e82af332b39a2dc615b5f29220df22dfe4e77[log] [download]
authorLennart Poettering <lennart@poettering.net>Wed Aug 19 17:42:33 2020 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>Wed Sep 02 11:49:08 2020 +0200
tree916da1703823c3214b467dcb65c1614311afa667
parent0b3c497347028bbcc3c6f911967c205b6d0f275f [diff]
core: create per-user inaccessible node from the service manager

Previously, we'd create them from user-runtime-dir@.service. That has
one benefit: since this service runs privileged, we can create the full
set of device nodes. It has one major drawback though: it security-wise
problematic to create files/directories in directories as privileged
user in directories owned by unprivileged users, since they can use
symlinks to redirect what we want to do. As a general rule we hence
avoid this logic: only unpriv code should populate unpriv directories.

Hence, let's move this code to an appropriate place in the service
manager. This means we lose the inaccessible block device node, but
since there's already a fallback in place, this shouldn't be too bad.

(cherry picked from commit 3242980582d501ec2adbcc0f794c7161056812e8)
2 files changed
tree: 916da1703823c3214b467dcb65c1614311afa667
  1. .clang-format
  2. .ctags
  3. .dir-locals.el
  4. .editorconfig
  5. .gitattributes
  6. .github/
  7. .gitignore
  8. .lgtm.yml
  9. .lgtm/cpp-queries/
  10. .mailmap
  11. .mkosi/
  12. .travis.yml
  13. .vimrc
  14. .ycm_extra_conf.py
  15. LICENSE.GPL2
  16. LICENSE.LGPL2.1
  17. Makefile
  18. NEWS
  19. README
  20. README.md
  21. TODO
  22. azure-pipelines.yml
  23. catalog/
  24. coccinelle/
  25. configure
  26. docs/
  27. factory/etc/
  28. hwdb.d/
  29. man/
  30. meson.build
  31. meson_options.txt
  32. mkosi.build
  33. modprobe.d/
  34. network/
  35. po/
  36. presets/
  37. rules.d/
  38. semaphoreci/
  39. shell-completion/
  40. src/
  41. sysctl.d/
  42. sysusers.d/
  43. test/
  44. tmpfiles.d/
  45. tools/
  46. travis-ci/
  47. units/
  48. xorg/
  49. zanata.xml
README.md

Systemd

System and Service Manager

Semaphore CI Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
Travis CI Build Status
Language Grade: C/C++
CentOS CI Build Status
Build Status
Fossies codespell report Packaging status

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.