diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/ima-setup.c | 2 | ||||
| -rw-r--r-- | src/core/ima-setup.h | 2 | ||||
| -rw-r--r-- | src/core/selinux-access.c | 5 | ||||
| -rw-r--r-- | src/core/unit.c | 2 | ||||
| -rw-r--r-- | src/journal/journald-server.c | 2 | ||||
| -rw-r--r-- | src/libsystemd/sd-device/sd-device.c | 6 | ||||
| -rw-r--r-- | src/libsystemd/sd-resolve/test-resolve.c | 2 | ||||
| -rw-r--r-- | src/login/.gitignore | 1 | ||||
| -rw-r--r-- | src/login/loginctl.c | 14 | ||||
| -rw-r--r-- | src/login/logind-core.c | 8 | ||||
| -rw-r--r-- | src/login/logind-dbus.c | 8 | ||||
| -rw-r--r-- | src/login/logind.c | 82 | ||||
| -rw-r--r-- | src/login/logind.conf.in (renamed from src/login/logind.conf) | 2 | ||||
| -rw-r--r-- | src/login/org.freedesktop.login1.policy.in | 8 | ||||
| -rw-r--r-- | src/network/networkd-link.c | 8 | ||||
| -rw-r--r-- | src/network/test-network-tables.c | 2 | ||||
| -rw-r--r-- | src/nspawn/nspawn.c | 2 | ||||
| -rw-r--r-- | src/resolve/RFCs | 2 | ||||
| -rw-r--r-- | src/resolve/resolved-link.c | 2 | ||||
| -rw-r--r-- | src/shared/logs-show.c | 2 | ||||
| -rw-r--r-- | src/test/test-nss.c | 6 | ||||
| -rw-r--r-- | src/udev/udev-builtin-net_id.c | 28 |
22 files changed, 125 insertions, 71 deletions
diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c index ff7558d500..d1b0ce76ef 100644 --- a/src/core/ima-setup.c +++ b/src/core/ima-setup.c @@ -3,7 +3,7 @@ Copyright 2010 Lennart Poettering Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy - TORSEC group -- http://security.polito.it + TORSEC group — http://security.polito.it systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by diff --git a/src/core/ima-setup.h b/src/core/ima-setup.h index 3bad74b246..472b58cb00 100644 --- a/src/core/ima-setup.h +++ b/src/core/ima-setup.h @@ -5,7 +5,7 @@ Copyright 2010 Lennart Poettering Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy - TORSEC group -- http://security.polito.it + TORSEC group — http://security.polito.it systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c index 2cdfcf7b5d..cc287d602d 100644 --- a/src/core/selinux-access.c +++ b/src/core/selinux-access.c @@ -110,6 +110,7 @@ static int callback_type_to_priority(int type) { */ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) { va_list ap; + const char *fmt2; #ifdef HAVE_AUDIT int fd; @@ -131,8 +132,10 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) { } #endif + fmt2 = strjoina("selinux: ", fmt); + va_start(ap, fmt); - log_internalv(LOG_AUTH | callback_type_to_priority(type), 0, __FILE__, __LINE__, __FUNCTION__, fmt, ap); + log_internalv(LOG_AUTH | callback_type_to_priority(type), 0, __FILE__, __LINE__, __FUNCTION__, fmt2, ap); va_end(ap); return 0; diff --git a/src/core/unit.c b/src/core/unit.c index c60ae2be9d..1f57293a0b 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -3600,7 +3600,7 @@ int unit_kill_context( * cases. It doesn't work at all in * containers, and outside of containers it * can be confused easily by left-over - * directories in the cgroup -- which however + * directories in the cgroup — which however * should not exist in non-delegated units. On * the unified hierarchy that's different, * there we get proper events. Hence rely on diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index b1d1bf9e14..8089bb5883 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -1660,7 +1660,7 @@ static int server_connect_notify(Server *s) { it. Specifically: given that PID 1 might block on dbus-daemon during IPC, and dbus-daemon is logging to us, and might hence block on us, we might end up in a deadlock - if we block on sending PID 1 notification messages -- by + if we block on sending PID 1 notification messages — by generating a full blocking circle. To avoid this, let's create a non-blocking socket, and connect it to the notification socket, and then wait for POLLOUT before we diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c index e787cb69d3..b1c3d5f228 100644 --- a/src/libsystemd/sd-device/sd-device.c +++ b/src/libsystemd/sd-device/sd-device.c @@ -1212,19 +1212,19 @@ int device_get_id_filename(sd_device *device, const char **ret) { if (major(devnum) > 0) { assert(subsystem); - /* use dev_t -- b259:131072, c254:0 */ + /* use dev_t — b259:131072, c254:0 */ r = asprintf(&id, "%c%u:%u", streq(subsystem, "block") ? 'b' : 'c', major(devnum), minor(devnum)); if (r < 0) return -ENOMEM; } else if (ifindex > 0) { - /* use netdev ifindex -- n3 */ + /* use netdev ifindex — n3 */ r = asprintf(&id, "n%u", ifindex); if (r < 0) return -ENOMEM; } else { - /* use $subsys:$sysname -- pci:0000:00:1f.2 + /* use $subsys:$sysname — pci:0000:00:1f.2 * sysname() has '!' translated, get it from devpath */ const char *sysname; diff --git a/src/libsystemd/sd-resolve/test-resolve.c b/src/libsystemd/sd-resolve/test-resolve.c index 33ef6fc0f7..1be1a7f8a7 100644 --- a/src/libsystemd/sd-resolve/test-resolve.c +++ b/src/libsystemd/sd-resolve/test-resolve.c @@ -63,7 +63,7 @@ static int getnameinfo_handler(sd_resolve_query *q, int ret, const char *host, c return 0; } - printf("Host: %s -- Serv: %s\n", strna(host), strna(serv)); + printf("Host: %s — Serv: %s\n", strna(host), strna(serv)); return 0; } diff --git a/src/login/.gitignore b/src/login/.gitignore index 39088ec252..3a8ba497c1 100644 --- a/src/login/.gitignore +++ b/src/login/.gitignore @@ -1,4 +1,5 @@ /logind-gperf.c +/logind.conf /org.freedesktop.login1.policy /71-seat.rules /73-seat-late.rules diff --git a/src/login/loginctl.c b/src/login/loginctl.c index 01f6fa5db0..8b23135edd 100644 --- a/src/login/loginctl.c +++ b/src/login/loginctl.c @@ -293,6 +293,7 @@ typedef struct SessionStatusInfo { typedef struct UserStatusInfo { uid_t uid; + bool linger; char *name; struct dual_timestamp timestamp; char *state; @@ -551,6 +552,7 @@ static int print_user_status_info(sd_bus *bus, const char *path, bool *new_line) static const struct bus_properties_map map[] = { { "Name", "s", NULL, offsetof(UserStatusInfo, name) }, + { "Linger", "b", NULL, offsetof(UserStatusInfo, linger) }, { "Slice", "s", NULL, offsetof(UserStatusInfo, slice) }, { "State", "s", NULL, offsetof(UserStatusInfo, state) }, { "UID", "u", NULL, offsetof(UserStatusInfo, uid) }, @@ -595,16 +597,16 @@ static int print_user_status_info(sd_bus *bus, const char *path, bool *new_line) char **l; printf("\tSessions:"); - STRV_FOREACH(l, i.sessions) { - if (streq_ptr(*l, i.display)) - printf(" *%s", *l); - else - printf(" %s", *l); - } + STRV_FOREACH(l, i.sessions) + printf(" %s%s", + streq_ptr(*l, i.display) ? "*" : "", + *l); printf("\n"); } + printf("\t Linger: %s\n", yes_no(i.linger)); + if (i.slice) { printf("\t Unit: %s\n", i.slice); show_unit_cgroup(bus, "org.freedesktop.systemd1.Slice", i.slice, 0); diff --git a/src/login/logind-core.c b/src/login/logind-core.c index 8bdb3a9a38..cbf8d757fe 100644 --- a/src/login/logind-core.c +++ b/src/login/logind-core.c @@ -364,16 +364,16 @@ bool manager_shall_kill(Manager *m, const char *user) { assert(m); assert(user); - if (!m->kill_user_processes) + if (!m->kill_exclude_users && streq(user, "root")) return false; if (strv_contains(m->kill_exclude_users, user)) return false; - if (strv_isempty(m->kill_only_users)) - return true; + if (!strv_isempty(m->kill_only_users)) + return strv_contains(m->kill_only_users, user); - return strv_contains(m->kill_only_users, user); + return m->kill_user_processes; } static int vt_is_busy(unsigned int vtnr) { diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c index 1d3133ee25..a281f99a34 100644 --- a/src/login/logind-dbus.c +++ b/src/login/logind-dbus.c @@ -1077,11 +1077,11 @@ static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) { _cleanup_free_ char *cc = NULL; Manager *m = userdata; - int b, r; + int r, b, interactive; struct passwd *pw; const char *path; uint32_t uid; - int interactive; + bool self = false; assert(message); assert(m); @@ -1102,6 +1102,8 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu if (r < 0) return r; + self = true; + } else if (!uid_is_valid(uid)) return -EINVAL; @@ -1113,7 +1115,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu r = bus_verify_polkit_async( message, CAP_SYS_ADMIN, - "org.freedesktop.login1.set-user-linger", + self ? "org.freedesktop.login1.set-self-linger" : "org.freedesktop.login1.set-user-linger", NULL, interactive, UID_INVALID, diff --git a/src/login/logind.c b/src/login/logind.c index d5f6757bd3..a48e2fc61e 100644 --- a/src/login/logind.c +++ b/src/login/logind.c @@ -41,17 +41,7 @@ static void manager_free(Manager *m); -static Manager *manager_new(void) { - Manager *m; - int r; - - m = new0(Manager, 1); - if (!m) - return NULL; - - m->console_active_fd = -1; - m->reserve_vt_fd = -1; - +static void manager_reset_config(Manager *m) { m->n_autovts = 6; m->reserve_vt = 6; m->remove_ipc = true; @@ -61,16 +51,38 @@ static Manager *manager_new(void) { m->handle_hibernate_key = HANDLE_HIBERNATE; m->handle_lid_switch = HANDLE_SUSPEND; m->handle_lid_switch_docked = HANDLE_IGNORE; + m->power_key_ignore_inhibited = false; + m->suspend_key_ignore_inhibited = false; + m->hibernate_key_ignore_inhibited = false; m->lid_switch_ignore_inhibited = true; + m->holdoff_timeout_usec = 30 * USEC_PER_SEC; m->idle_action_usec = 30 * USEC_PER_MINUTE; m->idle_action = HANDLE_IGNORE; - m->idle_action_not_before_usec = now(CLOCK_MONOTONIC); m->runtime_dir_size = PAGE_ALIGN((size_t) (physical_memory() / 10)); /* 10% */ m->user_tasks_max = UINT64_C(12288); + m->kill_user_processes = KILL_USER_PROCESSES; + + m->kill_only_users = strv_free(m->kill_only_users); + m->kill_exclude_users = strv_free(m->kill_exclude_users); +} + +static Manager *manager_new(void) { + Manager *m; + int r; + + m = new0(Manager, 1); + if (!m) + return NULL; + + m->console_active_fd = -1; + m->reserve_vt_fd = -1; + + m->idle_action_not_before_usec = now(CLOCK_MONOTONIC); + m->devices = hashmap_new(&string_hash_ops); m->seats = hashmap_new(&string_hash_ops); m->sessions = hashmap_new(&string_hash_ops); @@ -84,10 +96,6 @@ static Manager *manager_new(void) { if (!m->devices || !m->seats || !m->sessions || !m->users || !m->inhibitors || !m->buttons || !m->user_units || !m->session_units) goto fail; - m->kill_exclude_users = strv_new("root", NULL); - if (!m->kill_exclude_users) - goto fail; - m->udev = udev_new(); if (!m->udev) goto fail; @@ -98,6 +106,8 @@ static Manager *manager_new(void) { sd_event_set_watchdog(m->event, true); + manager_reset_config(m); + return m; fail: @@ -986,6 +996,30 @@ static int manager_dispatch_idle_action(sd_event_source *s, uint64_t t, void *us return 0; } +static int manager_parse_config_file(Manager *m) { + assert(m); + + return config_parse_many(PKGSYSCONFDIR "/logind.conf", + CONF_PATHS_NULSTR("systemd/logind.conf.d"), + "Login\0", + config_item_perf_lookup, logind_gperf_lookup, + false, m); +} + +static int manager_dispatch_reload_signal(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { + Manager *m = userdata; + int r; + + manager_reset_config(m); + r = manager_parse_config_file(m); + if (r < 0) + log_warning_errno(r, "Failed to parse config file, using defaults: %m"); + else + log_info("Config file reloaded."); + + return 0; +} + static int manager_startup(Manager *m) { int r; Seat *seat; @@ -997,6 +1031,12 @@ static int manager_startup(Manager *m) { assert(m); + assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGHUP, -1) >= 0); + + r = sd_event_add_signal(m->event, NULL, SIGHUP, manager_dispatch_reload_signal, m); + if (r < 0) + return log_error_errno(r, "Failed to register SIGHUP handler: %m"); + /* Connect to console */ r = manager_connect_console(m); if (r < 0) @@ -1099,16 +1139,6 @@ static int manager_run(Manager *m) { } } -static int manager_parse_config_file(Manager *m) { - assert(m); - - return config_parse_many(PKGSYSCONFDIR "/logind.conf", - CONF_PATHS_NULSTR("systemd/logind.conf.d"), - "Login\0", - config_item_perf_lookup, logind_gperf_lookup, - false, m); -} - int main(int argc, char *argv[]) { Manager *m = NULL; int r; diff --git a/src/login/logind.conf b/src/login/logind.conf.in index 6095e482ac..3c96def45d 100644 --- a/src/login/logind.conf +++ b/src/login/logind.conf.in @@ -14,7 +14,7 @@ [Login] #NAutoVTs=6 #ReserveVT=6 -#KillUserProcesses=no +#KillUserProcesses=@KILL_USER_PROCESSES@ #KillOnlyUsers= #KillExcludeUsers=root #InhibitDelayMaxSec=5 diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in index 23326bb79f..1fa6441629 100644 --- a/src/login/org.freedesktop.login1.policy.in +++ b/src/login/org.freedesktop.login1.policy.in @@ -111,6 +111,14 @@ </defaults> </action> + <action id="org.freedesktop.login1.set-self-linger"> + <_description>Allow non-logged-in user to run programs</_description> + <_message>Explicit request is required to run programs as a non-logged-in user.</_message> + <defaults> + <allow_any>yes</allow_any> + </defaults> + </action> + <action id="org.freedesktop.login1.set-user-linger"> <_description>Allow non-logged-in users to run programs</_description> <_message>Authentication is required to run programs as a non-logged-in user.</_message> diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index 0fb3aa6c43..5cdf123652 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -299,7 +299,6 @@ void link_update_operstate(Link *link) { link->operstate = operstate; link_send_changed(link, "OperationalState", NULL); link_dirty(link); - manager_dirty(link->manager); } } @@ -3228,14 +3227,17 @@ void link_dirty(Link *link) { assert(link); + /* mark manager dirty as link is dirty */ + manager_dirty(link->manager); + r = set_ensure_allocated(&link->manager->dirty_links, NULL); if (r < 0) /* allocation errors are ignored */ return; r = set_put(link->manager->dirty_links, link); - if (r < 0) - /* allocation errors are ignored */ + if (r <= 0) + /* don't take another ref if the link was already dirty */ return; link_ref(link); diff --git a/src/network/test-network-tables.c b/src/network/test-network-tables.c index ecbbe6c3c9..adbe09a5e1 100644 --- a/src/network/test-network-tables.c +++ b/src/network/test-network-tables.c @@ -9,7 +9,7 @@ int main(int argc, char **argv) { test_table(bond_mode, NETDEV_BOND_MODE); - /* test_table(link_state, LINK_STATE); -- not a reversible mapping */ + /* test_table(link_state, LINK_STATE); — not a reversible mapping */ test_table(link_operstate, LINK_OPERSTATE); test_table(address_family_boolean, ADDRESS_FAMILY_BOOLEAN); test_table(netdev_kind, NETDEV_KIND); diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index a07f148ef6..44dce471e7 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1481,7 +1481,7 @@ static int setup_journal(const char *directory) { } if (arg_link_journal == LINK_HOST) { - /* don't create parents here -- if the host doesn't have + /* don't create parents here — if the host doesn't have * permanent journal set up, don't force it here */ if (mkdir(p, 0755) < 0 && errno != EEXIST) { diff --git a/src/resolve/RFCs b/src/resolve/RFCs index 22004a00cd..09c85f9518 100644 --- a/src/resolve/RFCs +++ b/src/resolve/RFCs @@ -8,7 +8,7 @@ D = Comprehensively Implemented, by a dependency of resolved Y https://tools.ietf.org/html/rfc1034 → DOMAIN NAMES - CONCEPTS AND FACILITIES Y https://tools.ietf.org/html/rfc1035 → DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION ? https://tools.ietf.org/html/rfc1101 → DNS Encoding of Network Names and Other Types -Y https://tools.ietf.org/html/rfc1123 → Requirements for Internet Hosts -- Application and Support +Y https://tools.ietf.org/html/rfc1123 → Requirements for Internet Hosts — Application and Support ~ https://tools.ietf.org/html/rfc1464 → Using the Domain Name System To Store Arbitrary String Attributes Y https://tools.ietf.org/html/rfc1536 → Common DNS Implementation Errors and Suggested Fixes Y https://tools.ietf.org/html/rfc1876 → A Means for Expressing Location Information in the Domain Name System diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c index c5863b3aa2..b0dc65036d 100644 --- a/src/resolve/resolved-link.c +++ b/src/resolve/resolved-link.c @@ -468,7 +468,7 @@ static void link_read_settings(Link *l) { } if (r > 0) { - /* If this link used to be managed, but is now unmanaged, flush all our settings -- but only once. */ + /* If this link used to be managed, but is now unmanaged, flush all our settings — but only once. */ if (l->is_managed) link_flush_settings(l); diff --git a/src/shared/logs-show.c b/src/shared/logs-show.c index e2d2931c51..38a55525c0 100644 --- a/src/shared/logs-show.c +++ b/src/shared/logs-show.c @@ -1073,7 +1073,7 @@ int add_matches_for_unit(sd_journal *j, const char *unit) { ); if (r == 0 && endswith(unit, ".slice")) { - char *m5 = strappend("_SYSTEMD_SLICE=", unit); + const char *m5 = strjoina("_SYSTEMD_SLICE=", unit); /* Show all messages belonging to a slice */ (void)( diff --git a/src/test/test-nss.c b/src/test/test-nss.c index 9c13288d2e..55af592287 100644 --- a/src/test/test-nss.c +++ b/src/test/test-nss.c @@ -381,12 +381,18 @@ static void test_byaddr(void *handle, #ifdef HAVE_MYHOSTNAME # define MODULE1 "myhostname\0" +#else +# define MODULE1 #endif #ifdef HAVE_RESOLVED # define MODULE2 "resolve\0" +#else +# define MODULE2 #endif #ifdef HAVE_MACHINED # define MODULE3 "mymachines\0" +#else +# define MODULE3 #endif #define MODULE4 "dns\0" diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c index 8b1bcefe2d..a7be2a4eed 100644 --- a/src/udev/udev-builtin-net_id.c +++ b/src/udev/udev-builtin-net_id.c @@ -27,21 +27,21 @@ * http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames * * Two character prefixes based on the type of interface: - * en -- Ethernet - * sl -- serial line IP (slip) - * wl -- wlan - * ww -- wwan + * en — Ethernet + * sl — serial line IP (slip) + * wl — wlan + * ww — wwan * * Type of names: - * b<number> -- BCMA bus core number - * c<bus_id> -- CCW bus group name, without leading zeros [s390] - * o<index>[d<dev_port>] -- on-board device index number - * s<slot>[f<function>][d<dev_port>] -- hotplug slot index number - * x<MAC> -- MAC address + * b<number> — BCMA bus core number + * c<bus_id> — CCW bus group name, without leading zeros [s390] + * o<index>[d<dev_port>] — on-board device index number + * s<slot>[f<function>][d<dev_port>] — hotplug slot index number + * x<MAC> — MAC address * [P<domain>]p<bus>s<slot>[f<function>][d<dev_port>] - * -- PCI geographical location + * — PCI geographical location * [P<domain>]p<bus>s<slot>[f<function>][u<port>][..][c<config>][i<interface>] - * -- USB port number chain + * — USB port number chain * * All multi-function PCI devices will carry the [f<function>] number in the * device name, including the function 0 device. @@ -140,9 +140,9 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) { const char *attr; int idx; - /* ACPI _DSM -- device specific method for naming a PCI or PCI Express device */ + /* ACPI _DSM — device specific method for naming a PCI or PCI Express device */ attr = udev_device_get_sysattr_value(names->pcidev, "acpi_index"); - /* SMBIOS type 41 -- Onboard Devices Extended Information */ + /* SMBIOS type 41 — Onboard Devices Extended Information */ if (!attr) attr = udev_device_get_sysattr_value(names->pcidev, "index"); if (!attr) @@ -230,7 +230,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) { if (l == 0) names->pci_path[0] = '\0'; - /* ACPI _SUN -- slot user number */ + /* ACPI _SUN — slot user number */ pci = udev_device_new_from_subsystem_sysname(udev, "subsystem", "pci"); if (!pci) { err = -ENOENT; |