summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
2015-01-18bus-proxy: fake all UIDs/GIDs, not just the real UID/GIDDavid Herrmann
Make sure we tell the kernel to fake all UIDs/GIDs. Otherwise, the remote side has no chance of querying our effective UID (which is usually what they're interested in).
2015-01-18bus-proxy: fix bus-uid trackingDavid Herrmann
We need to implicitly allow HELLO from users with the same uid as the bus. Fix the bus-uid tracking to use the original uid, not the uid after privilege-dropping.
2015-01-18logind: hide 'self' links if not availableDavid Herrmann
If the caller does not run in a session/seat or has no tracked user, hide the /org/freedesktop/login1/.../self links in introspection data. Otherwise, "busctl tree org.freedesktop.login1" tries to query those nodes even though it cant.
2015-01-17bus-proxy: don't print error-messages if we check multiple destsDavid Herrmann
If we test the policy against multiple destination names, we really should not print warnings if one of the names results in DENY. Instead, pass the whole array of names to the policy and let it deal with it.
2015-01-17bus-proxy: implement org.freedesktop.DBus.ReloadConfig()David Herrmann
Make sure to reload our xml policy configuration if requested via the bus.
2015-01-17bus-proxy: fix indentationDavid Herrmann
Fix whitespace indentation.
2015-01-17bus-proxy: drop privileges if run as rootDavid Herrmann
We cannot use "User=" in unit-files if we want to retain privileges. So make bus-proxy.c explicitly drop privileges. However, only do that if we're root, as there is no need to drop it on the user-bus.
2015-01-17bus-proxy: share policy between threadsDavid Herrmann
This implements a shared policy cache with read-write locks. We no longer parse the XML policy in each thread. This will allow us to easily implement ReloadConfig().
2015-01-17build: move stdio-bridge into $PATHDavid Herrmann
Make sure stdio-bridge can be found in $PATH. Otherwise, "xyzctl -H" fails.
2015-01-17hwdb: restore comments about MSI devicesMaxim Mikityanskiy
Some time ago 95-keymap.rules was replaced by 60-keyboard.hwdb. Original comments for MSI laptops (that were in 95-keymap.rules) were removed, but I think they are important for understanding what's going on. https://bugs.freedesktop.org/show_bug.cgi?id=88412
2015-01-17bus-proxy: set custom thread namesDavid Herrmann
Set thread-names to "p$PIDu$UID" and suffix with '*' if truncated. This helps debugging bus-proxy issues if we want to figure out which connections are currently open.
2015-01-17bus-proxy: turn into multi-threaded daemonDavid Herrmann
Instead of using Accept=true and running one proxy for each connection, we now run one proxy-daemon with a thread per connection. This will enable us to share resources like policies in the future.
2015-01-17missing: add macros for OFD locksMichael Marineau
2015-01-17remove unneeded libgen.h includesCristian Rodríguez
2015-01-17Grammar changes to catalogChris Atkinson
2015-01-17random-seed: avoid errors when we cannot write random-seed fileColin Guthrie
When we call 'systemd-random-seed load' with a read-only /var/lib/systemd, the cleanup code (which rewrites the random-seed file) will fail and exit. Arguably, if the filesystem is read-only and the random-seed file exists then this will be possibly be quite bad for entroy on subsequent reboots but it should still not make the unit fail.
2015-01-17bus-proxy: bring back systemd-stdio-bridgeDavid Herrmann
Now that we want to make bus-proxy multi-threaded, we have to bring back the systemd-stdio-bridge for our TCP use-cases.
2015-01-17bus-proxy: extract proxy into Proxy objectDavid Herrmann
Move all the proxy code into a "struct Proxy" object that can be used from multiple binaries. We now dropped SMACK as we have to refactor it to work properly. We can introduce it later on.
2015-01-17bus-proxy: refactor bus-creationDavid Herrmann
Move local and destination bus creation into a helper function. This further reduces the line count of main().
2015-01-16update TODOLennart Poettering
2015-01-16import: support importing qcow2 imagesLennart Poettering
With this change the import tool will now unpack qcow2 images into normal raw disk images, suitable for usage with nspawn. This allows has the benefit of also allowing importing Ubuntu Cloud images for usage with nspawn.
2015-01-16import: support downloading .xz compressed imagesLennart Poettering
That way we can download fedora cloud raw images as-is and decompress them on-the-fly.
2015-01-16build-sys: add libsystemd-fw where neededKay Sievers
2015-01-16build-sys: add missing HAVE_LIBIPTCKay Sievers
2015-01-16hwbd: add click angle for the Logitech M325Peter Hutterer
This device has 18 stops per rotation == 20 degree angle. Advertised as "Micro-precise scrolling"
2015-01-15os-release: Add PRIVACY_POLICY_URLBastien Nocera
2015-01-15LLDP: Support locally assigned port subtypeSusant Sahani
The Zyxel switch sends port subtype as Locally assigned (7). Add LLDP_PORT_SUBTYPE_LOCALLY_ASSIGNED as supported type reported by Mantas Mikulėnas <grawity@gmail.com>
2015-01-15TODO: updateDavid Herrmann
2015-01-15udev: merge evdev_id into input_idDavid Herrmann
There is no reason to keep both separated. We want to avoid API specific tools and instead keep generic terms like 'input'.
2015-01-15udev: fix NULL-ptr derefDavid Herrmann
Make sure we properly validate the return value of udev_device_get_sysattr_value(). It might be NULL for several reasons.
2015-01-15bus-proxyd: move synthesize_name_acquired()Daniel Mack
Move synthesize_name_acquired() to synthesize.c.
2015-01-15bus-proxy: factor out code for driver handling and message synthesisDaniel Mack
Move synthesize_*() into synthesize.c and bus_proxy_process_driver() into driver.c for better code separation.
2015-01-15nspawn: fix log typosJonathan Boulle
2015-01-15hwdb: add MOUSE_WHEEL_CLICK_ANGLE as propertyPeter Hutterer
Most mice have a wheel click angle of 15 degrees, i.e. 24 clicks per full wheel rotation. Some mice, like the Logitech M325 have a larger angle. To allow userspace to make use of that knowledge, add a property to the hwdb. This allows for better predictive scrolling. e.g. a mouse that has a smaller click angle will scroll faster, with this value you can accommodate this where needed. Likewise, using "half turn of the wheel" or "full turn of the wheel" as a UI element becomes possible. This addition is mainly driven by libinput 0.8, having the angle enables libinput to provide an API that distinguishes between a physical distance (like touchpad scrolling does) and discrete steps (wheel clicks). Callers can choose what they prefer based on the device.
2015-01-15update TODOLennart Poettering
2015-01-15nspawn,machined: change default container image location from ↵Lennart Poettering
/var/lib/container to /var/lib/machines Given that this is also the place to store raw disk images which are very much bootable with qemu/kvm it sounds like a misnomer to call the directory "container". Hence, let's change this sooner rather than later, and use the generic name, in particular since we otherwise try to use the generic "machine" preferably over the more specific "container" or "vm".
2015-01-15import: rename "gpt" disk image type to "raw"Lennart Poettering
After all, nspawn can now dissect MBR partition levels, too, hence ".gpt" appears a misnomer. Moreover, the the .raw suffix for these files is already pretty popular (the Fedora disk images use it for example), hence sounds like an OK scheme to adopt.
2015-01-15fix zsh completion typoMoez Bouhlel
json-see => json-sse
2015-01-15test-path: do not skip tests if we are not rootRonny Chevalier
We can properly run the tests without being root
2015-01-15test-exec: do not skip all the testsRonny Chevalier
Only 5 tests cannot be executed if we are not root, so just skip them but not the whole set.
2015-01-15spawn: downgrade loopback detach errors to debugLennart Poettering
Sometimes udev or some other background daemon might keep the loopback devices busy while we already want to detach them. Downgrade the warning about it. Given that we use autodetach downgrading these messages should be with little risk.
2015-01-15nspawn: add support for limited dissecting of MBR disk images with nspawnLennart Poettering
With this change nspawn's -i switch now can now make sense of MBR disk images too - however only if there's only a single, bootable partition of type 0x83 on the image. For all other cases we cannot really make sense from the partition table alone. The big benefit of this change is that upstream Fedora Cloud Images can now be booted unmodified with systemd-nspawn: # wget http://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz # unxz Fedora-Cloud-Base-20141203-21.x86_64.raw.xz # systemd-nspawn -i Fedora-Cloud-Base-20141203-21.x86_64.raw -b Next stop: teach the import logic to automatically download these images, uncompress and verify them.
2015-01-14nspawn: pass the container's init PID out via sd_notify()Lennart Poettering
This is useful for nspawn managers that want to learn when nspawn is finished with initialiuzation, as well what the PID of the init system in the container is.
2015-01-14update TODOLennart Poettering
2015-01-14nspawn: fix an incorrect assert comparisonLennart Poettering
2015-01-14loginctl: fix misuse compound literalsLennart Poettering
The lifetime of compound literals is bound to the local scope, we hence cannot refernce them outside of it.
2015-01-14sd-bus: tell Coverity that it's OK not to care for return values in some casesLennart Poettering
2015-01-14nspawn: add file system locks for controlling access to container imagesLennart Poettering
This adds three kinds of file system locks for container images: a) a file system lock next to the actual image, in a .lck file in the same directory the image is located. This lock has the benefit of usually being located on the same NFS share as the image itself, and thus allows locking container images across NFS shares. b) a file system lock in /run, named after st_dev and st_ino of the root of the image. This lock has the advantage that it is unique even if the same image is bind mounted to two different places at the same time, as the ino/dev stays constant for them. c) a file system lock that is only taken when a new disk image is about to be created, that ensures that checking whether the name is already used across the search path, and actually placing the image is not interrupted by other code taking the name. a + b are read-write locks. When a container is booted in read-only mode a read lock is taken, otherwise a write lock. Lock b is always taken after a, to avoid ABBA problems. Lock c is mostly relevant when renaming or cloning images.
2015-01-14sysv-generator: always use fstatat() if we canLennart Poettering