Age | Commit message (Collapse) | Author |
|
To be able to use `systemd-run` or `machinectl login` on a container
that is in a private user namespace, the sub-process must have entered
the user namespace before connecting to the container's D-Bus, otherwise
the UID and GID in the peer credentials are garbage.
So we extend namespace_open and namespace_enter to support UID namespaces,
and we enter the UID namespace in bus_container_connect_{socket,kernel}.
namespace_open will degrade to a no-op if user namespaces are not enabled
in the kernel.
Special handling is required for the setns call in namespace_enter with
a user namespace, since transitioning to your own namespace is forbidden,
as it would result in re-entering your user namespace as root.
Arguably it may be valid to check this at the call site, rather than
inside namespace_enter, but it is less code to do it inside, and if the
intention of calling namespace_enter is to *be* in the target namespace,
rather than to transition to the target namespace, it is a reasonable
approach.
The check for whether the user namespace is the same must happen before
entering namespaces, as we may not be able to access /proc during the
intermediate transition stage.
We can't instead attempt to enter the user namespace and then ignore
the failure from it being the same namespace, since the error code is
not distinct, and we can't compare namespaces while mid-transition.
|
|
Manual merge of https://github.com/systemd/systemd/pull/751.
|
|
|
|
All users are now setting lowercase=false.
|
|
Tests are modified to check behaviour with relax and without relax.
New tests are added for hostname_cleanup().
Tests are moved a new file (test-hostname-util) because there's
now a bunch of them.
New parameter is not used anywhere, except in tests, so there should
be no observable change.
|
|
networkd: save private-zone DHCP options
|
|
Alpha does not have a getpid syscall, but rather has getxpid to match
OSF/1.
|
|
- Add smack xattr lookup table
- Unify all of mac_smack_apply_xxx{_fd}() to mac_smack_apply() and
mac_smack_apply_fd().
- Add smack xattr read apis similar with apply apis as
mac_smack_read{_fd}().
|
|
To get xattr of given path or fd on newly allocated buffer, add new
helper api getxattr_malloc() and fgetxattr_malloc().
|
|
Similar in function to LIST_INSERT_AFTER, this will insert a new element
into the list before the specified position. If the specified position
is NULL, the element is added as the tail of the list.
|
|
add O_NONBLOCK to terminal handling
|
|
|
|
That's just handle this as a normal error.
|
|
|
|
In case of non-CLOCAL lines (i.e. those with carrier detect configured)
we shouldnt wait for a carrier if all we try to do is reset the TTY.
Hence, whenever we open such a TTY pass O_NONBLOCK.
Note that we continue to open ttys we intend to write to without
O_ONBLOCK, we only add it in cases we invoke ioctl()s or other terminal
operations without reading or writing to the device.
Fixes #835.
|
|
tree-wide: introduce mfree()
|
|
Pretty trivial helper which wraps free() but returns NULL, so we can
simplify this:
free(foobar);
foobar = NULL;
to this:
foobar = mfree(foobar);
|
|
busctl: Misc cleanups and a fix (v2)
|
|
In member_compare_func(), it compares interface, type and name of
members. But as it can contain NULL pointer, it needs to check them
before calling strcmp(). So make it as a separate strcmp_ptr
function (named after streq_ptr) so that it can be used by others.
Also let streq_ptr() to use it in order to make the code simpler.
|
|
Given two bitmaps and the following code:
Bitmap *a = bitmap_new(), *b = bitmap_new();
bitmap_set(a, 1);
bitmap_clear(a);
bitmap_set(a, 0);
bitmap_set(b, 0);
These two bitmaps should now have the same bits set and they should be
equal but bitmap_equal() will return false in this case because while
bitmap_clear() resets the number of elements in the array it does not
clear the array and bitmap_set() expects the array to be cleared.
GREEDY_REALLOC0 looks at the allocated size and not the actual size so
it does not clear any memory.
Fix this by freeing the allocated memory and resetting the whole Bitmap
to an initial state in bitmap_clear().
This also adds test code for this issue.
|
|
Given two bitmaps and the following code:
Bitmap *a = bitmap_new(), *b = bitmap_new();
bitmap_set(a, 0);
bitmap_unset(a, 0);
These two bitmaps should now have the same bits set and they should be
equal but bitmap_equal() will return false in this case because the
bitmaps array in a is larger because of the bit which was previously
set.
Fix this by comparing only the bits which exists in both bitmaps and
then check that the rest of the bits (if any) is all zero.
This also adds test code for this issue.
|
|
Probably a typo, checking 'ret' instead of the return value 'p'. This
might cause the function to return failure, even though it succeeded.
Furthermore, it might leak resources.
|
|
Fix a memory leak introduced by 2fc09a9c. 's' is used twice in this
function, and if free_and_strdup() fails, the pointer is left untouched.
|
|
Use free_and_strdup() where appropriate and replace equivalent,
open-coded versions.
|
|
Some places invoked fflush() directly with their own manual error
checking, let's unify all that by using fflush_and_check().
This also unifies the general error paths of fflush()+rename() file
writers.
|
|
Instead, make sure that all callers log properly.
|
|
|
|
unquote_first_word: parse ` '' ` as an empty argument instead of no arg
|
|
|
|
|
|
Fileio fixes
|
|
An empty env block is completely valid, hence return it as such, and
don't turn it into an error.
|
|
so far, when we read something from /proc/$PID we would pass on the
ENOENT from the kernel as error, if the process was missing. With this
change we systematically convert this to ESRCH, which is the more
appropriate error code, and what all the other glibc/syscalls like
kill() use.
All code that calls these functions should be fine with this change. In
fact, one invocation of get_process_exe() in bus-creds.c already assumed
ESRCH would be returned if a process is missing, and this assumption is
now validated after the change.
|
|
According to our coding style guidelines we shouldn't clobber
pass-by-ref arguments on failure, hence don't do so here either.
|
|
copy: when we recursively copy a directory tree, copy everything
|
|
Don't ignore hidden files and directories.
Fixes #386
|
|
Oracle kvm
|
|
Virtualbox 5.0 now supports kvm hypervisor. In this case cpuid
identidies as "kvm", which breaks units depending on
ConditionVirtualization=oracle.
So return "oracle" even with kvm hypervisor.
|
|
networkd: add bridge link properties
|
|
a) use memcmp() to compare bitmaps efficiently
b) use UINT64_C() macro instead of ULL suffixes to get right suffix for
uint64_t constants
c) add a few assert()s
d) when comparing integers with 0 we generally try to make this explicit
with "!= 0".
e) remove redundant bitmap_isset() if check, as we don't have it in
bitmap_isset() either.
f) It should be fine to invoke bitmap_unset() on a NULL bitmap
|
|
|
|
basic: bitmap: use uint64_t instead if long long unsigned
|
|
Hook up container userns with nss-mymachines
|
|
long long unsigned is always 64 bit wide, so use a more readable type.
|
|
No need to actually reset the bitmap, we can just truncate it back zero
size. That not only makes bitmap_clear() quicker, but also subsequent
bitmap_isclear().
|
|
improve IN_SET macro
|
|
Making the array static allows gcc -O2 to generate smaller code:
"size systemd" before:
text data bss dec hex filename
1377286 128608 2632 1508526 1704ae systemd
After:
text data bss dec hex filename
1374326 128572 2664 1505562 16f91a systemd
(IN_SET still results in worse generated code than using
"x == FOO || x == BAR || ...". I don't think we'll be able to match
that with the C preprocessor.)
This change limits the use of IN_SET to sets with constant elements. All
present callers use constants. The compiler would report an "initializer
element is not constant" error otherwise.
|
|
Putting the set elements in an array variable and using ELEMENTSOF makes
it clearer what's going on.
Incidentally, it also makes gcc -O2 generate slightly smaller code:
"size systemd", before:
text data bss dec hex filename
1378318 128608 2632 1509558 1708b6 systemd
After:
text data bss dec hex filename
1377286 128608 2632 1508526 1704ae systemd
|
|
|
|
|