Age | Commit message (Collapse) | Author |
|
Introduces a new concept of "trusted" vs. "untrusted" busses. For the
latter libsystemd-bus will automatically do per-method access control,
for the former all access is automatically granted. Per-method access
control is encoded in the vtables: by default all methods are only
accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag
is set for a method it is accessible to unprivileged clients too. By
default whether a client is privileged is determined via checking for
its CAP_SYS_ADMIN capability, but this can be altered via the
SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field
of the method.
Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and
SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note
however that read access is unrestricted, as PropertiesChanged messages
might send out the values anyway as an unrestricted broadcast.
By default the system bus is set to "untrusted" and the user bus is
"trusted" since per-method access control on the latter is unnecessary.
On dbus1 busses we check the UID of the caller rather than the
configured capability since the capability cannot be determined without
race. On kdbus the capability is checked if possible from the attached
meta-data of a message and otherwise queried from the sending peer.
This also decorates the vtables of the various daemons we ship with
these flags.
|
|
It tries to find a suitable QEMU binary and will use KVM if present.
We can now configure QEMU from outside with 4 variables :
- $QEMU_BIN : path to QEMU's binary
- $KERNEL_APPEND : arguments appended to kernel cmdline
- $KERNEL_BIN : path to a kernel
Default /boot/vmlinuz-$KERNEL_VER
- $INITRD : path to an initramfs
Default /boot/initramfs-${KERNEL_VER}.img
- $QEMU_SMP : number of CPU simulated by QEMU.
Default 1
(from Alexander Graf's script: http://www.spinics.net/lists/kvm/msg72389.html)
|
|
|
|
|
|
|
|
|
|
other calls
Instead of returning an enum of return codes, make them return error
codes like kdbus does internally.
Also, document this behaviour so that clients can stick to it.
(Also rework bus-control.c to always have to functions for dbus1 vs.
kernel implementation of the various calls.)
|
|
|
|
|
|
|
|
expected return signature generate an error if the response message doesn't match it
|
|
|
|
Since we want to retain the ability to break kernel ←→ userspace ABI
after the next release, let's not make use by default of kdbus, so that
people with future kernels will not suddenly break with current systemd
versions.
kdbus support is left in all builds but must now be explicitly requested
at runtime (for example via setting $DBUS_SESSION_BUS). Via a configure
switch the old behaviour can be restored. In fact, we change autogen.sh
to do this, so that git builds (which run autogen.sh) get kdbus by
default, but tarball builds (which ue the configure defaults) do not get
it, and hence this stays out of the distros by default.
|
|
|
|
|
|
|
|
|
|
|
|
This reverts commit adcf4c81c58511b67644e17fa743d1729d3c9ccf.
We have a better solution for the problem of making two processes run in
the same namespace, and --listener is not needed hence and should be
dropped.
Conflicts:
man/systemd-socket-proxyd.xml
|
|
* library support for setns() system call was added to glibc
version 2.14 (setns() call is use in src/machine/machinectl.c
and src/libsystemd-bus-container.c)
* utf8 validation call are already exported (via sd-utf8.c file) -
commit - 369c583b3fb3d672ef469d53141e274ec9d2e8a7
|
|
files into a single new one
|
|
Also for log_error() except where a specific error is specified
e.g. errno ? strerror(errno) : "Some user specified message"
|
|
to deal with shells
This makes shutdown a bit faster if debug-shell.service is enabled.
|
|
|
|
|
|
|
|
Just in order to bring things inline with the method and property
callbacks.
|
|
|
|
And make it default to 1min
|
|
Message handler callbacks can be simplified drastically if the
dispatcher automatically replies to method calls if errors are returned.
Thus: add an sd_bus_error argument to all message handlers. When we
dispatch a message handler and it returns negative or a set sd_bus_error
we send this as message error back to the client. This means errors
returned by handlers by default are given back to clients instead of
rippling all the way up to the event loop, which is desirable to make
things robust.
As a side-effect we can now easily turn the SELinux checks into normal
function calls, since the method call dispatcher will generate the right
error replies automatically now.
Also, make sure we always pass the error structure to all property and
method handlers as last argument to follow the usual style of passing
variables for return values as last argument.
|
|
require this anymore
|
|
|
|
|
|
|
|
|
|
This patch converts PID 1 to libsystemd-bus and thus drops the
dependency on libdbus. The only remaining code using libdbus is a test
case that validates our bus marshalling against libdbus' marshalling,
and this dependency can be turned off.
This patch also adds a couple of things to libsystem-bus, that are
necessary to make the port work:
- Synthesizing of "Disconnected" messages when bus connections are
severed.
- Support for attaching multiple vtables for the same interface on the
same path.
This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus
calls which used an inappropriate signature.
As a side effect we will now generate PropertiesChanged messages which
carry property contents, rather than just invalidation information.
|
|
When a service exits succesfully and has RemainAfterExit set, its hold
on the console (in m->n_on_console) wasn't released since the unit state
didn't change.
|
|
|
|
|
|
This is where a hack from PID 1 spilled into the client side. We need
to get rid of this as soon as PID 1 is converted to libsystemd-bus.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
remote host).
|