Sami Kerola [Sat, 24 Nov 2012 19:09:38 +0000 (19:09 +0000)]
declarations: fix shadow declarations
user.c:68:7: warning: declaration of 'save_errno' shadows a previous local [-Wshadow]
user.c:64:14: warning: shadowed declaration is here [-Wshadow]
do_command.c:559:9: warning: declaration of 'pid' shadows a previous local [-Wshadow]
do_command.c:91:8: warning: shadowed declaration is here [-Wshadow]
Sami Kerola [Sat, 24 Nov 2012 11:43:35 +0000 (11:43 +0000)]
includes: make inclusions clean
This change makes files to include what they need, instead of having
generic inclusion headers which will include everything to everywhere.
Also the local headers havee ifndef & define protection, which makes them
to be save to include in any file, without one having to think in which
order the inclusions happen at compile time.
Sami Kerola [Sat, 24 Nov 2012 10:57:58 +0000 (10:57 +0000)]
build-sys: reduce selinux and pam compiling scope when possible
This will fix following warnings, and makes compiled program to contain
less unnecessary references.
crontab.c:60:14: warning: 'selinux_context' defined but not used [-Wunused-variable]
security.c:188:12: warning: 'cron_open_pam_session' defined but not used [-Wunused-function]
security.c:250:12: warning: 'cron_authorize_context' defined but not used [-Wunused-function]
security.c:283:12: warning: 'cron_authorize_range' defined but not used [-Wunused-function]
Tom Jones [Thu, 11 Oct 2012 12:00:56 +0000 (14:00 +0200)]
The sysadmin may want to arrange for the PATH to be correct in the
environment from which cron is launched. This new option tells
cron to not overwrite this path for itself or for the child cron
jobs.
Tim Landscheidt [Wed, 6 Jun 2012 15:14:06 +0000 (17:14 +0200)]
Previously, crond exited in the signal handler for SIGINT and SIGTERM.
Thus, the Inotify close code in main() was never reached. This commit
introduces a got_sigintterm variable that is set when SIGINT or SIGTERM
are received and leads to a clean exit of the main loop.
* src/cron.c: Rename quit() to sigintterm_handler(). Add got_sigintterm
variable and set it on SIGINT and SIGTERM. Shorten sleep and exit main
loop on got_sigintterm.
Tim Landscheidt [Wed, 6 Jun 2012 14:49:26 +0000 (16:49 +0200)]
9th bit is overwritten.
Hour bit fields have 24 bits (0..23, 3 bytes). bit_nclear() however in this case is called to clear bits 0..24! Thus, it overwrites the first bit of the following struct member (dom). This is not problematic for normal use as dom is set after hour as are all other fields.
The last field, dow, uses 8 bits so 9 are cleared. This could be the MIN_STAR bit of flags, but as flags is an int, there is probably a padding byte in between; at least I couldn't trigger it to be unset. So this could probably only cause problems on 8-bit systems.
This unit file is used in Fedora. The systemd-user-sessions.service guarantees
everything, what is needed for log in of users, is already running
(ypbind, sssd, ldap, ...).
Cron writes job output to syslog incorrectly. When cron is invoked in a way to print job output to syslog, it does print only the first character of the output. Author: Vitezslav Cizek
We want all long running daemons to have PIE and RELRO flags set. This is a
missing security mechanism. Fixing this generally involves adding -fPIE -DPIE
to the CFLAGS, and -pie -Wl,-z,relro -Wl,-z,now to the LDFLAGS.
Expected results:
PIE and partial RELRO at a minimum.
Tomas Mraz [Thu, 16 Dec 2010 16:06:28 +0000 (17:06 +0100)]
Revert "Cache the security class and bit values and translate the remaining hardcoded values."
Caching cannot be done as the values can change on SELinux policy update.
Colin Dean [Mon, 4 Oct 2010 14:29:12 +0000 (16:29 +0200)]
cronie on cluster
On issue we have is that although we've made our services very
resilient, by employing HA failover, load balancing and round robin DNS,
the one service that's difficult to do anything with is cron, because it
has traditionally been tied to a single machine.
For instance, we have a cluster of 4 Fedora servers which our end users
use as timeshare systems, using round robin DNS, and if one of the
servers is down it doesn't really matter too much. We don't even backup
the servers, relying on NFS home directories and rebuilding from scratch
using kickstart + cfengine if a server fails and can't be restarted.
However, the users have scattered crontab files around the 4 servers, so
that if the particular server a cron job is meant to run on dies, the
job doesn't run any more, and the crontab file may be permanently lost.
What we needed was a facility to allow crontabs in /var/spool/cron on
these 4 servers be NFS mounted from a single directory on our NetApp
filers (so giving us backups and snapshots), with any user able to run
"crontab -e" from any of the servers to manage a single shared crontab,
and for us in the IT Service to be able to set just one of the 4 servers
to run user crontab jobs at any time. However, we needed to keep
/etc/crontab and the files in /etc/cron.d/ specific to each individual
server still, and keep crond running on all 4 servers.
projects / cronie / log