summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-12-10bus: introduce "trusted" bus concept and encode access control in object vtablesLennart Poettering
Introduces a new concept of "trusted" vs. "untrusted" busses. For the latter libsystemd-bus will automatically do per-method access control, for the former all access is automatically granted. Per-method access control is encoded in the vtables: by default all methods are only accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag is set for a method it is accessible to unprivileged clients too. By default whether a client is privileged is determined via checking for its CAP_SYS_ADMIN capability, but this can be altered via the SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field of the method. Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note however that read access is unrestricted, as PropertiesChanged messages might send out the values anyway as an unrestricted broadcast. By default the system bus is set to "untrusted" and the user bus is "trusted" since per-method access control on the latter is unnecessary. On dbus1 busses we check the UID of the caller rather than the configured capability since the capability cannot be determined without race. On kdbus the capability is checked if possible from the attached meta-data of a message and otherwise queried from the sending peer. This also decorates the vtables of the various daemons we ship with these flags.
2013-12-10libudev: hwdb - use libudev not systemd loggingKay Sievers
2013-12-10test: wrap $LOOPDEV in quotesZbigniew Jędrzejewski-Szmek
Otherwise things go awry if it is not set ('[ -b ]' is not the same as '[ -b "" ]'!).
2013-12-10test: rework run_qemuRonny Chevalier
It tries to find a suitable QEMU binary and will use KVM if present. We can now configure QEMU from outside with 4 variables : - $QEMU_BIN : path to QEMU's binary - $KERNEL_APPEND : arguments appended to kernel cmdline - $KERNEL_BIN : path to a kernel Default /boot/vmlinuz-$KERNEL_VER - $INITRD : path to an initramfs Default /boot/initramfs-${KERNEL_VER}.img - $QEMU_SMP : number of CPU simulated by QEMU. Default 1 (from Alexander Graf's script: http://www.spinics.net/lists/kvm/msg72389.html)
2013-12-10test: fix TEST-02-CRYPTSETUPRonny Chevalier
missing generate_module_dependencies call which prevents dm_mod and dm_crypt modules to be loaded
2013-12-10Bring bootchart code in line with CODING_STYLEDan McGee
Use double and not float, as there is little to no benefit.
2013-12-10Ensure unit is journaled for short-lived or oneshot processesDan McGee
In the time it takes to process incoming log messages, the process we are logging details for may exit. This means the cgroup data is no longer available from '/proc'. Unfortunately, the way the code was structured before, we never log _SYSTEMD_UNIT if we don't have this cgroup information. Add an else if case that allows the passed in unit_id to be logged even if we couldn't capture cgroup information. This ensures a command like `journalctl -u run-XXX` will return all log messages from a oneshot process.
2013-12-10update README to not suggest that systemd works without procfsShawn Landden
2013-12-10hwdb: Update database of Bluetooth company identifiersMarcel Holtmann
2013-12-10correct name of Tajik kbd layout in kbd-model-mapAdam Williamson
2013-12-10drop several entries from kbd-model-map whose kbd layouts do not existAdam Williamson
kbd-model-map was generated from system-config-keyboard's keyboard_models.py. Several of the kbd layouts referred in that file do not exist and, so far as I can tell, never did. I believe these entries existed simply to provide the xkb configuration information for those layouts, and there never were matching kbd entries; the kbd names were entirely notional, to satisfy the need for some entry or other in that field. For systemd, the only function of kbd-model-map is to 'match' kbd and xkb configurations, so it does not make any sense to maintain entries for cases where only one or the other exists in this context.
2013-12-10man: improve wording and comma usage in systemd.journal-fields(7)Jason St. John
Improve wording under "Description" and "_KERNEL_DEVICE="
2013-12-09libsystemd-bus: use assert_returnLukasz Skalski
2013-12-09kernel-install: fix help outputSébastien Luttringer
Kernel install doesn't need the second argument on his command line when removing. This is correctly documented in the man page.
2013-12-10test: add gvariant test for empty messagesLennart Poettering
2013-12-10bus: properly handle empty messagesLennart Poettering
2013-12-10bus: empty gvariant arrays should at least get size 1Lennart Poettering
2013-12-10bus: it's OK to send messages with an empty payload but non-empty signatureLennart Poettering
THis might happen when sending arrays with 0 enttries, hence this is not an indication for a problem.
2013-12-10bus: update kdbus.hLennart Poettering
2013-12-10bus: make gcc shut upLennart Poettering
2013-12-10update TODOLennart Poettering
2013-12-10bus: beef up zero copy test caseLennart Poettering
2013-12-10bus: only accept gvariant native endian messages via kdbusLennart Poettering
2013-12-10bus: fix rewinding in gvariant messagesLennart Poettering
2013-12-10bus: fix signature handling when exiting containerLennart Poettering
2013-12-10bus: properly deserialize gvariant fixed size arraysLennart Poettering
2013-12-10bus: handler empty messages correctly when using gvariant marshallingLennart Poettering
2013-12-10bus: suppress creating empty parts in messagesLennart Poettering
2013-12-09bus: rely on explicit eof check instead of checking when mapping payloadLennart Poettering
This allows us to drop quite a bit of code.
2013-12-09bus: rearrange bus-message.c function order to keep read and write calls ↵Lennart Poettering
together
2013-12-09bus: demarshal gvariantLennart Poettering
2013-12-09extend CODING_STYLE document a bitLennart Poettering
2013-12-08man: document 'is-enabled' outputZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=953077
2013-12-08systemctl: fix 'is-enabled'Zbigniew Jędrzejewski-Szmek
2013-12-08systemctl: simplify argument parsingZbigniew Jędrzejewski-Szmek
2013-12-08Help output spring cleaningZbigniew Jędrzejewski-Szmek
Use [brackets] only for optional elements. Use <optional> in XML sources.
2013-12-08kernel-install: add -h/--helpZbigniew Jędrzejewski-Szmek
2013-12-08Trim TODOZbigniew Jędrzejewski-Szmek
2013-12-08bootchart: remove dead assignmentThomas Hindoe Paaboel Andersen
2013-12-08Fix memory leak in stdout journal streamsDan McGee
Just as 'identifier' is strdup-ed and freed, we need to do the same for unit_id.
2013-12-08test: cgroup-util - do not fail if cpu controller is not availableKay Sievers
2013-12-07systemctl: fix and refactor wait_for_jobsThomas Hindoe Paaboel Andersen
wait_for_jobs was ignoring the errors from the jobs stored in r. It would only ever return whether the call to sd_bus_remove_filter went ok. This patch changes it to return the first job related error encountered. If a job related error is found, then the result of the call to sd_bus_remove_filter is ignored. wait_for_jobs was a bit hard to read so I split it up to avoid the goto and deep nesting.
2013-12-06systemctl: allow globbing in list-<whatever> commandsZbigniew Jędrzejewski-Szmek
It is nicer to say 'systemctl list-units ssh\*' then to use grep, because colouring is preserved and it is easier to match just against the unit name.
2013-12-06Get rid of our reimplementation of basenameZbigniew Jędrzejewski-Szmek
The only problem is that libgen.h #defines basename to point to it's own broken implementation instead of the GNU one. This can be fixed by #undefining basename.
2013-12-06systemctl: check the value from start_unit_oneThomas Hindoe Paaboel Andersen
introduced in f459b6025f9368116d8c410376546c157314c205
2013-12-06bus: catch up with latest kdbus changesKay Sievers
2013-12-06bus: catch up with latest kdbus changesKay Sievers
2013-12-06rfkill: Avoid error when state restore is disabledBastien Nocera
When the state restore is disabled, we would print: "Unknown verb: load" instead of simply skipping loading the state.
2013-12-06bus: catch up with latest kdbus changesKay Sievers
2013-12-06busctl: remove ','; it's all one stringKay Sievers