Age | Commit message (Collapse) | Author |
|
Our bloom-filters support root-path matching. Make sure we properly add
the path_namespace= tag.
|
|
DBus-spec defines two different pattern matchings:
1) Path and namespace prefix matching. In this case, A matches B either
if both are equal, or if B is fully included in the namespace of A.
In other words, A has to be a prefix of B, but end with a separator
character (or the following character in B must be one).
This is used for path_namespace= and arg0namespace=
2) The other pattern matching is used for arg0path= which does a two-way
matching. That is, A must be a prefix of B, or B a prefix of A.
Furthermore, the prefix must end with a separator.
Fix the sd-bus helpers to reflect that. The 'simple_' and 'complex_'
prefixes don't make any sense now, but.. eh..
|
|
Make sure we actually verify our match-rules are executed properly. Right
now all we test is the bloom-matches, which are non-reliable as they leave
through false-positives.
|
|
DBus spec clearly defines arg0path= to be a two-way matching. That is,
either the matcher or the matchee can be a prefix of the other to match.
This is not possible to implement with bloom-filters. Instead, we'd have
to add a separate filter for each prefix. This is non-trivial, though.
Hence, just skip the match for now and match locally.
|
|
Lets look at an example where we add arg0="/foo/bar/waldo" to a
bloom-filter. The following strings are added:
"arg0:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar"
"arg0-slash-prefix:/foo"
Two problems arise:
1) If we match on "arg0path=/foo/bar/waldo", the dbus-spec explicitly
states that equal strings are also considered prefixes. However, in the
bloom-match, we can only provide a single match-filter. Therefore, we have
to add "arg0-slash-prefix:/foo/bar/waldo" there, but this never occured in
the bloom-mask of the message.
Hence, this patch makes sure bloom_add_prefixes() adds the full path as
prefix, too.
2) If we match on "arg0path=/foo/", the dbus-spec states that arg0path
does prefix-matching with the trailing slash _included_, unlike
path_namespace= matches, which does *not* include them. This is
inconsistent, but we have to support the specs. Therefore, we must add
prefixes with _and_ without trailing separators.
Hence, this patch makes sure bloom_add_prefixes() adds all prefixes with
the trailing slash included.
The final set of strings added therefore is:
"arg0:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar/"
"arg0-slash-prefix:/foo/bar"
"arg0-slash-prefix:/foo/"
"arg0-slash-prefix:/foo"
"arg0-slash-prefix:/"
|
|
util: introduce CMSG_FOREACH() macro and make use of it everywhere
|
|
It's only marginally shorter then the usual for() loop, but certainly
more readable.
|
|
man: clarify that IMPORT{program} is done only for zero exit code
|
|
Follow up for 7c918141ed.
|
|
|
|
sd-network: allow NULL in sd_network_monitor_unref
|
|
man: udevd - correct default event timeout
|
|
Match rest of codebase, we always allow unref'ing NULL.
|
|
|
|
|
|
This was changed from 30 to 180 seconds quite some time ago.
|
|
use it anymore
|
|
|
|
|
|
|
|
By using our homegrown function we can dispense with all the iffdefery.
|
|
This appears to be the right time to do it for SOCK_STREAM
unix sockets.
Also: condition bus_get_owner_creds_dbus1 was reversed. Split
it out to a separate variable for clarity and fix.
https://bugzilla.redhat.com/show_bug.cgi?id=1224211
|
|
networkd: bond improve logging
|
|
utezduyar/use-async-convenience-function-on-setting-hostname
networkd: use async convenience call to set hostname
|
|
networkd: vxlan improve logging
|
|
SELinux information cannot be retrieved this way, since we are
using stream unix sockets and SCM_SECURITY does not work for
them.
SCM_CREDENTIALS use dropped to be consistent. We also should
get this information at connection time.
https://bugzilla.redhat.com/show_bug.cgi?id=1224211
"SCM_SECURITY was only added for datagram sockets."
|
|
sd-bus: Correct typo
|
|
|
|
|
|
keymap: Add Samsung NP350V and NP670Z
|
|
typo
keymap: Add Samsung NP350V and NP670Z
|
|
utezduyar/feat/dump-sync-dbus-message-with-logging-on
sd-bus: dump sync messages in debug mode
|
|
build-sys: turn some warnings into errors
|
|
Make the build sys error out on missing function prototypes, missing
variable declarations, implicit function declarations or forgotten return
statements.
None of these conditions are acceptable, and by making them hard errors, the
build bots can detect them earlier.
|
|
Hwdb updates
|
|
|
|
Replaces a lof of strerror() usage with log_netdev_error_errno()
|
|
Replaces a lof of strerror() usage with log_netdev_error_errno()
|
|
Replaces a lof of strerror() usage with log_netdev_error_errno()
|
|
Since 3.19, the devices have the proper vid/pid and the model number in the
name.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
mask/handlers
Also, when the child is potentially long-running make sure to set a
death signal.
Also, ignore the result of the reset operations explicitly by casting
them to (void).
|
|
|
|
core: log oom during killing spree
|
|
but don't do anything else. We still want to kill as much as
possible.
Coverity CID#996306
|
|
path-util: Fix path_is_mount_point for parent mount points in symlink mode
|
|
When we have a structure like this:
/bin -> /usr/bin
/usr is a mount point
Then path_is_mount_point("/bin", AT_SYMLINK_FOLLOW) needs to look at the pair
/usr/bin and /usr, not at the pair / and /usr/bin, as the latter have different
mount IDs. But we only want to consider the base name, not any parent.
Thus we have to resolve the given path first to get the real parent when
allowing symlinks.
Bug: https://github.com/systemd/systemd/issues/61
|
|
Also reorder the code a bit to be easier to parse.
|
|
build-sys: always dist *.policy.in files
|
|
Unconditionally dist org.freedesktop.{import1,machine1}.policy.in, like all the
other *.policy.in files. This avoids missing policy files in the tarball.
Spotted by "make distcheck" failure with --disable-importd.
|