summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-08-19sysusers: add another column to sysusers files for the home directoryLennart Poettering
2014-08-19networkd: fix use-after-freeTom Gundersen
Elements must be removed from the hashtable before they are freed.
2014-08-19update TODOLennart Poettering
2014-08-19sysusers: add a new RPM macro for creating users directly from data passed ↵Lennart Poettering
in via stdin This allows encoding users to create directly in %pre, which is necessary so that files owned by the RPM can be assigned to the right users/groups. This new macro does create a redundancy, as user definitions for all users that shall own files need to to be listed twice, once with this new macro, and then secondly, in the sysusers file shipped with the package. But there's little way around that, as the users of this type need to exist before we install the first file, but we actually want to ship the user information in a file.
2014-08-19sysusers: optionally, read sysuers configuration from standard inputLennart Poettering
2014-08-19update TODOLennart Poettering
2014-08-19sysusers: also update /etc/shadow and /etc/gshadow when creating new system ↵Lennart Poettering
users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19hashmap: try to use the existing 64bit hash functions for dev_t if it is 64bitLennart Poettering
2014-08-18bus: map sealed memfds as MAP_PRIVATEDavid Herrmann
Mapping files as MAP_SHARED is handled by the kernel as 'writable' mapping. Always! Even with PROT_READ. Reason for that is, mprotect(PROT_WRITE) could change the mapping underneath and currently there is no kernel infrastructure to add protection there. This might change in the future, but until then, map sealed files as MAP_PRIVATE so we don't get EPERM.
2014-08-18Update TODOLennart Poettering
2014-08-18util: try to be a bit more NFS compatible when checking whether an FS is ↵Lennart Poettering
writable https://bugs.freedesktop.org/show_bug.cgi?id=81169
2014-08-18core: minor modernizationsLennart Poettering
2014-08-18units: fix BindsTo= logic when applied relative to services with Type=oneshotLennart Poettering
Start jobs for Type=oneshot units are successful when the unit state transition activating → inactive took place. In such a case all units that BindsTo= on it previously would continue to run, even though the unit they dependet on was actually already gone.
2014-08-18man: fix typoRonny Chevalier
2014-08-18bootchart: use NSEC_PER_SECRonny Chevalier
2014-08-18bus-control: Fix cgroup handlingDenis Kenzior
On systems without properly setup systemd, cg_get_root_path returns -ENOENT. This means that busctl doesn't display much information. busctl monitor also fails whenever it intercepts messages. This fix fakes creates a fake "/" root cgroup which lets busctl work on such systems.
2014-08-18man: mention that "units" are commonly system servicesLennart Poettering
Also, provide an example for -u.
2014-08-18networkd: fix how we generate lists in link_save()Lennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=82721
2014-08-18tests: add missing entry to test-tablesRonny Chevalier
2014-08-18tests: add tests for time-util.cRonny Chevalier
add tests for: - timezone_is_valid - get_timezones
2014-08-18tests: add test-condition-utilRonny Chevalier
2014-08-18tests: add tests for util.cRonny Chevalier
add tests for: - is_symlink - pid_is_unwaited - pid_is_alive - search_and_fopen - search_and_fopen_nulstr - glob_exists - execute_directory
2014-08-18tests: add test for fdset_iterateRonny Chevalier
2014-08-18tests: add tests for fileio.cRonny Chevalier
add tests for: - write_string_stream - write_string_file - sendfile_full
2014-08-18tests: add missing unlinkRonny Chevalier
2014-08-18tests: add tests for socket-util.cRonny Chevalier
add tests for: - socket_address_is - socket_address_is_netlink - sockaddr_equal
2014-08-18man: fix typoRonny Chevalier
2014-08-18tmpfiles: only execute chmod()/chown() when neededMichael Olbrich
This avoids errors like this, when the paths are already there with the correct permissions and owner: chmod(/var/spool) failed: Read-only file system
2014-08-18Merge remote-tracking branch 'origin/master'Lennart Poettering
2014-08-18networkd: warn when ignoring unsupported tuntap optionsTom Gundersen
The interface for creating tuntap devices should be ported to rtnl so it would support the same settings as other kinds. In the meantime, the best one can do is to drop in a .link file to set the desired options.
2014-08-18core: Verify systemd1 DBus method callers via polkitStef Walter
DBus methods that retrieve information can be called by anyone. DBus methods that modify state of units are verified via polkit action: org.freedesktop.systemd1.manage-units DBus methods that modify state of unit files are verified via polkit action: org.freedesktop.systemd1.manage-unit-files DBus methods that reload the entire daemon state are verified via polkit action: org.freedesktop.systemd1.reload-daemon DBus methods that modify job state are callable from the clients that started the job. root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property access etc. There are several DBus methods that can only be called by root. Open up the dbus1 policy for the above methods. (Heavily modified by Lennart, making use of the new bus_verify_polkit_async() version that doesn't force us to always pass the original callback around. Also, interactive auhentication must be opt-in, not unconditional, hence I turned this off.)
2014-08-18bus-util: simplify bus_verify_polkit_async() a bitLennart Poettering
First, let's drop the "bus" argument, we can determine it from the message anyway. Secondly, determine the right callback/userdata pair automatically from what is currently is being dispatched. This should simplify things a lot for us, since it makes it unnecessary to pass pointers through the original handlers through all functions when we process messages, which might require authentication.
2014-08-18sd-bus: add API to query which handler/callback is currently being dispatchedLennart Poettering
2014-08-18memfd: internalize functions, drop sd_memfd typeDaniel Mack
Remove the sd_ prefix from internal functions and get rid of the sd_memfd type. As a memfd is now just a native file descriptor, we can get rid of our own wrapper type, and also use close() and dup() on them directly.
2014-08-18memfd: use _cleanup_ if applicableDavid Herrmann
We now have a sd_memfd_freep helper, use it if applicable.
2014-08-18memfd: map unsealed files as MAP_SHAREDDavid Herrmann
We need to map sealed files as MAP_PRIVATE so far as the kernel treats MAP_SHARED as writable mapping (you can run mprotect(PROT_WRITE) at any time on those). However, unsealed files must be mapped as MAP_SHARED. Otherwise, we never end up writing to the real file.
2014-08-18memfd: disallow importing memfds without sealingDavid Herrmann
We use memfds for sealing. Lets not bother with memfds created without MFD_ALLOW_SEALING for now. They're equivalent to random shmem files, so don't bother treating them as sealable memfds.
2014-08-18memfd: don't open kdbus for memfdDavid Herrmann
No reason to open /dev/kdbus/control if we want memfds. memfd_create() is always available.
2014-08-18memfd: internalize headerDavid Herrmann
Fix the memfd.h header to use handy features like #pragma, cleanup-funcs and util.h. Also drop the EXTERN-C macros.
2014-08-18memfd: fix memfd_create() syscall wrapperDaniel Mack
Unlike earlier versions, the syscall only takes 2 arguments in its final version, not 3.
2014-08-18memfd: move code from public library to src/sharedDaniel Mack
Don't expose generic kernel API via libsystemd, but keep the code internal for our own usage.
2014-08-18Makefile.am: test-bus-memfd went away. Kill its residues in Makefile.amDaniel Mack
2014-08-17kdbus: switch over to generic memfd implementation (ABI+API break)Daniel Mack
2014-08-16networkctl: use safe_qsort in case no links are presentThomas Hindoe Paaboel Andersen
Unlikely to happen but still...
2014-08-16sd-bus,log: remove unused variablesThomas Hindoe Paaboel Andersen
2014-08-15sd-event: return 'r' rather than '-errno'Tom Gundersen
2014-08-15Merge commit 'b39a2770ba55637da80e2e389222c59dbea73507'Lennart Poettering
2014-08-15sd-event: fix missing needs_rearmTom Gundersen
2014-08-15sd-bus: add API to check if a client has privilegesLennart Poettering
This is a generalization of the vtable privilege check we already have, but exported, and hence useful when preparing for a polkit change. This will deal with the complexity that on dbus1 one cannot trust the capability field we retrieve via the bus, since it is read via /proc/$$/stat (and thus might be out-of-date) rather than directly from the message (like on kdbus) or bus connection (as for uid creds on dbus1). Also, port over all code to this new API.
2014-08-15update TODOLennart Poettering