summaryrefslogtreecommitdiff
path: root/src/core/execute.c
AgeCommit message (Collapse)Author
2014-12-23env-util: don't include files from src/core/Lennart Poettering
2014-12-23core: rearrange code so that libsystemd/sd-bus/ does not include header ↵Lennart Poettering
files from core Stuff in src/shared or src/libsystemd should *never* include code from src/core or any of the tools, so don't do that here either. It's not OK!
2014-12-19execute: the runtime directory can only be on tmpfs, hence don't use ↵Lennart Poettering
rm_rf_dangerous() needlessly
2014-12-18core: make exec_command_free_list return NULLZbigniew Jędrzejewski-Szmek
2014-12-11core: correct spacing near eol in code commentsTorstein Husebø
2014-12-10scope: make attachment of initial PIDs a bit more robustLennart Poettering
2014-12-10util: introduce our own gperf based capability listLennart Poettering
This way, we can ensure we have a more complete, up-to-date list of capabilities around, always.
2014-12-04selinux: figure out selinux context applied on exec() before closing all fdsMichal Sekletar
We need original socket_fd around otherwise mac_selinux_get_child_mls_label fails with -EINVAL return code. Also don't call setexeccon twice but rather pass context value of SELinuxContext option as an extra argument.
2014-11-28treewide: introduce UID_INVALID (and friends) as macro for (uid_t) -1Lennart Poettering
2014-11-28treewide: use log_*_errno whenever %m is in the format stringMichal Schmidt
If the format string contains %m, clearly errno must have a meaningful value, so we might as well use log_*_errno to have ERRNO= logged. Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\((".*%m.*")/log_\1_errno(errno, \2/' Plus some whitespace, linewrap, and indent adjustments.
2014-11-28core: convert log_unit_*() to log_unit_*_errno()Michal Schmidt
Using: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_unit_(debug|info|notice|warning|error|emergency)\(([^"]+), "(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_unit_\1_errno(\2, \5, "\3%m"\4);/'
2014-11-28treewide: no need to negate errno for log_*_errno()Michal Schmidt
It corrrectly handles both positive and negative errno values.
2014-11-28treewide: auto-convert the simple cases to log_*_errno()Michal Schmidt
As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().
2014-11-28log: fix order of log_unit_struct() to match other logging callsLennart Poettering
Also, while we are at it, introduce some syntactic sugar for creating ERRNO= and MESSAGE= structured logging fields.
2014-11-27log: rearrange log function namingLennart Poettering
- Rename log_meta() → log_internal(), to follow naming scheme of most other log functions that are usually invoked through macros, but never directly. - Rename log_info_object() to log_object_info(), simply because the object should be before any other parameters, to follow OO-style programming style.
2014-11-24smack: introduce new SmackProcessLabel optionWaLyong Cho
In service file, if the file has some of special SMACK label in ExecStart= and systemd has no permission for the special SMACK label then permission error will occurred. To resolve this, systemd should be able to set its SMACK label to something accessible of ExecStart=. So introduce new SmackProcessLabel. If label is specified with SmackProcessLabel= then the child systemd will set its label to that. To successfully execute the ExecStart=, accessible label should be specified with SmackProcessLabel=. Additionally, by SMACK policy, if the file in ExecStart= has no SMACK64EXEC then the executed process will have given label by SmackProcessLabel=. But if the file has SMACK64EXEC then the SMACK64EXEC label will be overridden. [zj: reword man page]
2014-11-05core: introduce new Delegate=yes/no property controlling creation of cgroup ↵Lennart Poettering
subhierarchies For priviliged units this resource control property ensures that the processes have all controllers systemd manages enabled. For unpriviliged services (those with User= set) this ensures that access rights to the service cgroup is granted to the user in question, to create further subgroups. Note that this only applies to the name=systemd hierarchy though, as access to other controllers is not safe for unpriviliged processes. Delegate=yes should be set for container scopes where a systemd instance inside the container shall manage the hierarchies below its own cgroup and have access to all controllers. Delegate=yes should also be set for user@.service, so that systemd --user can run, controlling its own cgroup tree. This commit changes machined, systemd-nspawn@.service and user@.service to set this boolean, in order to ensure that container management will just work, and the user systemd instance can run fine.
2014-10-23mac: also rename use_{smack,selinux,apparmor}() calls so that they share the ↵Lennart Poettering
new mac_{smack,selinux,apparmor}_xyz() convention
2014-10-23mac: rename apis with mac_{selinux/smack}_ prefixWaLyong Cho
2014-10-17environment: append unit_id to error messages regarding EnvironmentFileLukas Nykryn
2014-10-17execute: downgrade namespace error to "warning"Lennart Poettering
Also, extend the printed warning a bit, explaining the situation more verbosely.
2014-10-17execute: don't fail child when we don't have privileges to setup namespacesMichal Sekletar
If we don't have privileges to setup the namespaces then we are most likely running inside some sort of unprivileged container, hence not being able to create namespace is not a problem because spawned service can't access host system anyway.
2014-10-11Report aa_change_onexec error codeMichael Scherer
Since aa_change_onexec return the error code in errno, and return -1, the current code do not give any useful information when something fail. This make apparmor easier to debug, as seen on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760526
2014-09-30core: execute - don't leak strvTom Gundersen
2014-09-29swap: introduce Discard propertyJan Synacek
Process possible "discard" values from /etc/fstab.
2014-09-19socket: introduce SELinuxContextFromNet optionMichal Sekletar
This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
2014-09-08execute: silence warningsThomas Hindoe Paaboel Andersen
Mark two function parameters as const
2014-09-08service: hook up custom endpoint logicDaniel Mack
If BusPolicy= was passed, the parser function will have created an ExecContext->bus_endpoint object, along with policy information. In that case, create a kdbus endpoint, and pass its path name to the namespace logic, to it will be mounted over the actual 'bus' node. At endpoint creation time, no policy is updloaded. That is done after fork(), through a separate call. This is necessary because we don't know the real uid of the process earlier than that.
2014-09-08namespace: add support for custom kdbus endpointDaniel Mack
If a path to a previously created custom kdbus endpoint is passed in, bind-mount a new devtmpfs that contains a 'bus' node, which in turn in bind-mounted with the custom endpoint. This tmpfs then mounted over the kdbus subtree that refers to the current bus. This way, we can fake the bus node in order to lock down services with a kdbus custom endpoint policy.
2014-09-08bus: add kdbus endpoint typesDaniel Mack
Add types to describe endpoints and associated policy entries, and add a BusEndpoint instace to ExecContext.
2014-09-05exec: move code executed after fork into exec_child()Daniel Mack
This factors out one conditional branch that has grown way too big, and makes the code more readable by using return statements rather than jump labels.
2014-09-05exec: factor out most function arguments of exec_spawn() to ExecParametersDaniel Mack
This way, the list of arguments to that function gets more comprehensive, and we can get around passing lots of NULL and 0 arguments from socket.c, swap.c and mount.c. It also allows for splitting up the code in exec_spawn(). While at it, make ExecContext const in execute.c.
2014-08-26util: make use of newly added reset_signal_mask() call wherever appropriateLennart Poettering
2014-08-21execute: explain in a comment, why close_all_fds() is invoked the second ↵Lennart Poettering
time differently
2014-08-21core: unify how we generate the prefix string when dumping unit stateLennart Poettering
2014-08-19Revert "socket: introduce SELinuxLabelViaNet option"Lennart Poettering
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec. Needs more discussion on the mailing list.
2014-08-19socket: introduce SELinuxLabelViaNet optionMichal Sekletar
This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
2014-07-29time-util: add and use USEC/NSEC_INFINIYKay Sievers
2014-07-07firstboot: add new component to query basic system settings on first boot, ↵Lennart Poettering
or when creating OS images offline A new tool "systemd-firstboot" can be used either interactively on boot, where it will query basic locale, timezone, hostname, root password information and set it. Or it can be used non-interactively from the command line when prepareing disk images for booting. When used non-inertactively the tool can either copy settings from the host, or take settings on the command line. $ systemd-firstboot --root=/path/to/my/new/root --copy-locale --copy-root-password --hostname=waldi The tool will be automatically invoked (interactively) now on first boot if /etc is found unpopulated. This also creates the infrastructure for generators to be notified via an environment variable whether they are running on the first boot, or not.
2014-07-03machinectl: show /etc/os-release information of container in status outputLennart Poettering
2014-06-24use more _cleanup_ macroRonny Chevalier
2014-06-04core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering
also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-05-15Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek
No functional change expected :)
2014-03-24core: remove tcpwrap supportLennart Poettering
tcpwrap is legacy code, that is barely maintained upstream. It's APIs are awful, and the feature set it exposes (such as DNS and IDENT access control) questionnable. We should not support this natively in systemd. Hence, let's remove the code. If people want to continue making use of this, they can do so by plugging in "tcpd" for the processes they start. With that scheme things are as well or badly supported as they were from traditional inetd, hence no functionality is really lost.
2014-03-24util: replace close_pipe() with new safe_close_pair()Lennart Poettering
safe_close_pair() is more like safe_close(), except that it handles pairs of fds, and doesn't make and misleading allusion, as it works similarly well for socketpairs() as for pipe()s...
2014-03-18util: replace close_nointr_nofail() by a more useful safe_close()Lennart Poettering
safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-03-05missing: if RLIMIT_RTTIME is not defined by the libc, then we need a new ↵Lennart Poettering
define for the max number of rlimits, too
2014-03-03core: introduce new RuntimeDirectory= and RuntimeDirectoryMode= unit settingsLennart Poettering
As discussed on the ML these are useful to manage runtime directories below /run for services.
2014-03-03execute: free directory path if we fail to remove it because we cannot ↵Lennart Poettering
allocate a thread