Age | Commit message (Collapse) | Author |
|
systemctl -H root@foobar:waldi
will now show a list of services running on container "waldi" on host
"foobar", using "root" for authenticating at "foobar".
Since entereing a container requires priviliges, this will only work
correctly for root logins.
|
|
bus-proxyd is not only the bridge between legacy dbus clients and kdbus
but is also used to access remote dbus servers via ssh. Let's make sure
it actually works for that.
|
|
|
|
Enforcement is still missing, but at least we can parse it now.
|
|
Either become uid/gid of the client we have been forked for, or become
the "systemd-bus-proxy" user if the client was root. We retain
CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
|
|
attached to a bus connection
This makes callback behaviour more like sd-event or sd-resolve, and
creates proper object for unregistering callbacks.
Taking the refernce to the slot is optional. If not taken life time of
the slot will be bound to the underlying bus object (or in the case of
an async call until the reply has been recieved).
|
|
|
|
|
|
patch the sender address
Otherwise old libdbus1 is confused and will not accept our replies.
|
|
Previously, AddMatch/RemoveMatch calls where processed exclusively in
the proxy. That's racy however, since subscribing to a signal might not
complete before the signal is sent due to some subsequent method call.
Hence, in order to expose the same ordering guarantees as dbus1 process
the AddMatch/RemoveMatch calls from the proxy, so that they are
dispatched synchronously to all following messages, thus fixing the
race.
Ultimately, we should probabably dissolve the driver entirely into the
proxy, as it is purely a compatibility feature anyway...
|
|
As pointed-out by clang -Wunreachable-code.
No behaviour changes.
|
|
first (or second)
Previously the returned object of constructor functions where sometimes
returned as last, sometimes as first and sometimes as second parameter.
Let's clean this up a bit. Here are the new rules:
1. The object the new object is derived from is put first, if there is any
2. The object we are creating will be returned in the next arguments
3. This is followed by any additional arguments
Rationale:
For functions that operate on an object we always put that object first.
Constructors should probably not be too different in this regard. Also,
if the additional parameters might want to use varargs which suggests to
put them last.
Note that this new scheme only applies to constructor functions, not to
all other functions. We do give a lot of freedom for those.
Note that this commit only changes the order of the new functions we
added, for old ones we accept the wrong order and leave it like that.
|
|
In trying to track down a stupid linker bug, I noticed a bunch of
memset() calls that should be using memzero() to make it more "obvious"
that the options are correct (i.e. 0 is not the length, but the data to
set). So fix up all current calls to memset(foo, 0, length) to
memzero(foo, length).
|
|
well-known name into the sender
|
|
(The kernel module got fixed, so let's reenable this again)
|
|
right now
|
|
|
|
Make sure we print a message when exiting with an error.
|
|
EOF is not an error so we should not print an error message about it.
|
|
It is nicer to predefine patterns using configure time check instead of
using casts everywhere.
Since we do not need to use any flags, include "%" in the format instead
of excluding it like PRI* macros.
|
|
|
|
gdm relies on the policy to deny its own requests to not deadlock. Given
that we currently do not enforce any policy in the dbus1 compat proxy
service this means that gdm will necessarily deadlock on our systems.
To work around this, enforce a fixed policy teomporarily, until we
interpret the legacy XML policy in full.
Booh, gdm, booh, for requring this and making me waste two days on
tracking this brokenness down.
|
|
|
|
|
|
including it in the log strings
|
|
Introduce new call getpeercred() which internally just uses SO_PEERCRED
but checks if the returned data is actually useful due to namespace
quirks.
|
|
|
|
|
|
|
|
This reverts commit 9818fa6d6d32d87a3e1b96934a54523ea6b02879.
The proxy does not work anymore with this patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|