| Age | Commit message (Collapse) | Author |
|---|
|
The selinux file system is mounted under /sys, so move the code for it
to the appropriate service.
X-Gentoo-Bug: 546290
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=546290
|
|
Tmpfiles.d processing had /run overriding /usr/lib and /etc, but this is
not correct. The correct order, from lowest to highest, for tmpfiles
processing is:
* /usr/lib/tmpfiles.d/*.conf
* /run/tmpfiles.d/*.conf
* /etc/tmpfiles.d
This means /run/tmpfiles.d/*.conf can override /etc/tmpfiles.d/*.conf,
but /etc/tmpfiles.d/*.conf can override both of them.
This fixes #49.
|
|
The local service should use eval when it executes scripts since it has
the redirection set up in a variable.
This fixes #50.
X-Gentoo-Bug: 545012
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=545012
|
|
We do not need to spam the console with variable settings by default.
This fixes #51.
X-Gentoo-Bug: 541922
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=541922
|
|
We were processing the rc_verbose setting before we sourced the
configuration file where it was set; this fixes the issue.
Fixes #46
|
|
|
|
If selinux is disabled, then stub methods will be provided instead of
calling the real methods. This removes some warnings about unused
parameters which used to be covered up with #ifdef HAVE_SELINUX.
Signed-off-by: Jason Zaman <jason@perfinion.com>
|
|
|
|
librc: Fix C90 warning (mixed declaration and code)
rc: Fix warning about discarding const qualifier
Fixes #45.
|
|
The previous fix to --test (PR #34) prevented reading one too many
arguments when --exec -or --name was not specified, but created a
regression where the last argument would not print if either of those
arguments was specified. This corrects the issue.
Fixes #41.
|
|
In >=glibc-2.20, the _BSD_SOURCE macro is deprecated in favor of
_DEFAULT_SOURCE. This adds -D_DEFAULT_SOURCE to CPPFLAGS on Linux.
Fixes #44
|
|
savecore -C only needs the dumpdevice otherwise it causes an error on startup.
This fixes #40.
|
|
MAX_PATH should have been PATH_MAX
|
|
checkpath -W can fail if the specified path doesn't actually exist yet.
In this case savecache script should attempt to create the path if it is
missing, however it is pre-empted by the checkpath call. This patch adds
an explicit existence test before executing checkpath.
This fixes #36.
|
|
If /tmp or / are read-only, the clean_run function can fail in some very
bad ways.
1. dir=$(mktemp -d) returns an EMPTY string on error.
2. "mount -o bind / $dir", and don't check the result of that,
3. "rm -rf $dir/run/*", which removes the REAL /run contents
4. box gets very weird from this point forward
Signed-Off-By: Robin H. Johnson <robbat2@gentoo.org>
Signed-Off-By: Chip Parker <infowolfe@gmail.com>
Reported-by: Chip Parker <infowolfe@gmail.com>
Tested-by: Chip Parker <infowolfe@gmail.com>
|
|
This is another security fix. If you use chown() or chmod() on a
symbolic link, it affects the referenced file, not the symbolic link
itself.
X-Gentoo-Bug: 540006
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=540006
|
|
|
|
The local service now redirects stdout and stderr for the scripts it
runs to /dev/null unless it is run in verbose mode.
X-Gentoo-Bug: 537444
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=537444
|
|
|
|
Do not change permissions on the target if it is a file and has multiple
hard links. This is necessary because a hard link can be an attack
vector to gain privilege escalation.
X-Gentoo-Bug: 540006
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=540006
|
|
X-Gentoo-Bug: 537996
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=537996
|
|
This fixes #35.
|
|
Just to be consistent.
|
|
Add a new variable, ${TOP}, to the top level makefile, which points to
the path of the source tree.
|
|
Fixes #34.
|
|
|
|
X-Gentoo-Bug: 535184
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=535184
|
|
This fixes a double free of the pidfile variable. For discussion of this
issue, see the bug.
X-Gentoo-Bug: 531600
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=531600
|
|
The git log command understands dates such as "1 year ago", so there is
no need to use the date command.
|
|
|
|
This was added by request because some users are requesting a ChangeLog.
This fixes #29.
|
|
This is a more descriptive name since this file only sets the gitver
variable.
|
|
sysfs now mounts all related sysfs file systems and returns success,
like netmount and localmount.
Also, we now check to make sure the cgroups are not mounted before we
mount them.
X-Gentoo-Bug: 530138
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=530138
|
|
X-Gentoo-Bug: 529374
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=529374
|
|
|
|
If symbolic links for /dev/{fd,stdin,stdout,stderr,core} do not exist
once /dev is mounted, we should create them.
|
|
|
|
runscript used to dlopen() runscript_selinux.so. This adds equivalent
functionality directly in to runscript instead. It authenticates with
either PAM or shadow and optionally has a dep on audit.
X-Gentoo-Bug: 517450
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=517450
|
|
Fixes #28.
X-Gentoo-Bug: #527370
X-Gentoo-Bug-Url: https://bugs.gentoo.org/show_bug.cgi?id=527370
|
|
This scripts sole purpose is to "provide clock" on OSs that already
take care of the clock being properly set.
|
|
Fixes #25
Note from William Hubbs:
The original patch overwrote CFLAGS. I modified this patch to add the
ncurses cflags to CPPFLAGS instead of overwriting CFLAGS.
|
|
|
|
TAILQ_CONCAT, TAILQ_FOREACH_SAFE and LIST_FOREACH_SAFE are defined
in our bundled queue.h and are no longer required.
|
|
We are bundling this to allow building on musl-based systems since musl
does not include <sys/queue.h>.
|
|
It is necessary to check for both the kernel and c library because
__FreeBSD_kernel is also defined on native FreeBSD [1].
[1] http://sourceforge.net/p/predef/wiki/OperatingSystems/
|
|
|
|
|
|
|
|
|
|
|
