summaryrefslogtreecommitdiff
path: root/src/core/load-fragment.c
AgeCommit message (Collapse)Author
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2015-02-01config_parse_set_status: put signals in the correct setMichael Olbrich
This was broken when the code was rearranged in "1e2fd62d70ff core/load-fragment.c: correct argument sign and split up long lines"
2015-01-26treewide: fix multiple typosTorstein Husebø
2015-01-20util: make http url validity checks more generic, and move them to util.cLennart Poettering
2015-01-11core/load-fragment: avoid allocating 0 bytes when given an invalid commandZbigniew Jędrzejewski-Szmek
With a command line like "@/something" we would allocate an array with 0 elements. Avoid that, and add a test too.
2015-01-07conf-parse: don't accept invalid bus names as BusName= arguments in service ↵Lennart Poettering
units
2014-12-18load-fragment: allow quoting in command name and document allowed escapesZbigniew Jędrzejewski-Szmek
The handling of the command name and other arguments is unified. This simplifies things and should make them more predictable for users. Incidentally, this makes ExecStart handling match the .desktop file specification, apart for the requirment for an absolute path. https://bugs.freedesktop.org/show_bug.cgi?id=86171
2014-12-18tree-wide: make condition_free_list return NULLZbigniew Jędrzejewski-Szmek
2014-12-18core: make exec_command_free_list return NULLZbigniew Jędrzejewski-Szmek
2014-12-17load-fragment: properly unescape \;tomsod-m ya ru
https://bugs.freedesktop.org/show_bug.cgi?id=87393
2014-12-12wrap a few *_FOREACH macros in curly bracesThomas Hindoe Paaboel Andersen
cppcheck would give up with "syntax error" without them. This led to reports of syntax errors in unrelated locations and potentially hid other errors
2014-12-12util: when using basename() for creating temporary files, verify the ↵Lennart Poettering
resulting name is actually valid Also, rename filename_is_safe() to filename_is_valid(), since it actually does a full validation for what the kernel will accept as file name, it's not just a heuristic.
2014-12-10util: introduce our own gperf based capability listLennart Poettering
This way, we can ensure we have a more complete, up-to-date list of capabilities around, always.
2014-12-08load-fragment: remove wrong ifdef guardZbigniew Jędrzejewski-Szmek
config_parse_warn_compat is now always used for removed options. https://bugs.freedesktop.org/show_bug.cgi?id=87125
2014-11-30core: warn and ignore SysVStartPriority=Zbigniew Jędrzejewski-Szmek
Option was being parsed but not used for anything.
2014-11-30When warning about unsupported options, be more detailedZbigniew Jędrzejewski-Szmek
2014-11-30core: remove unused variablesRonny Chevalier
2014-11-24smack: introduce new SmackProcessLabel optionWaLyong Cho
In service file, if the file has some of special SMACK label in ExecStart= and systemd has no permission for the special SMACK label then permission error will occurred. To resolve this, systemd should be able to set its SMACK label to something accessible of ExecStart=. So introduce new SmackProcessLabel. If label is specified with SmackProcessLabel= then the child systemd will set its label to that. To successfully execute the ExecStart=, accessible label should be specified with SmackProcessLabel=. Additionally, by SMACK policy, if the file in ExecStart= has no SMACK64EXEC then the executed process will have given label by SmackProcessLabel=. But if the file has SMACK64EXEC then the SMACK64EXEC label will be overridden. [zj: reword man page]
2014-11-06core: introduce the concept of AssertXYZ= similar to ConditionXYZ=, but ↵Lennart Poettering
fatal for a start job if not met
2014-10-24calendar: make freeing a calendar spec object deal fine with NULLLennart Poettering
In order to make object destruction easier (in particular in combination with _cleanup_) we usually make destructors deal with NULL objects as NOPs. Change the calendar spec destructor to follow the same scheme.
2014-10-12ModernizationZbigniew Jędrzejewski-Szmek
2014-09-15hashmap: introduce hash_ops to make struct Hashmap smallerMichal Schmidt
It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-09-13core: use correct function to free CalendarSpecDave Reisner
2014-09-13core: fix a potential mem leakThomas Hindoe Paaboel Andersen
Found with Coverity. Fixes: CID#996438
2014-09-08bus: parse BusPolicy directive in service filesDaniel Mack
Add a new directive called BusPolicy to define custom endpoint policies. If one such directive is given, an endpoint object in the service's ExecContext is created and the given policy is added to it.
2014-09-08bus: factor out bus policy itemsDaniel Mack
In order to re-use the policy definitions, factor them out into their own files.
2014-07-31core/load-fragment.c: correct argument sign and split up long linesZbigniew Jędrzejewski-Szmek
With everything on one line they are just harder to read.
2014-07-31Properly report invalid quoted stringsZbigniew Jędrzejewski-Szmek
$ systemd-analyze verify trailing-g.service [./trailing-g.service:2] Trailing garbage, ignoring. trailing-g.service lacks ExecStart setting. Refusing. Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument. Failed to create trailing-g.service/start: Invalid argument
2014-07-31Reject invalid quoted stringsZbigniew Jędrzejewski-Szmek
String which ended in an unfinished quote were accepted, potentially with bad memory accesses. Reject anything which ends in a unfished quote, or contains non-whitespace characters right after the closing quote. _FOREACH_WORD now returns the invalid character in *state. But this return value is not checked anywhere yet. Also, make 'word' and 'state' variables const pointers, and rename 'w' to 'word' in various places. Things are easier to read if the same name is used consistently. mbiebl_> am I correct that something like this doesn't work mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"' mbiebl_> systemd seems to strip of the quotes mbiebl_> systemctl status shows mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint mbiebl_> which is pretty weird
2014-07-29time-util: add and use USEC/NSEC_INFINIYKay Sievers
2014-07-16Let config_parse open file where applicableZbigniew Jędrzejewski-Szmek
Special care is needed so that we get an error message if the file failed to parse, but not when it is missing. To avoid duplicating the same error check in every caller, add an additional 'warn' boolean to tell config_parse whether a message should be issued. This makes things both shorter and more robust wrt. to error reporting.
2014-07-15Constify ConfigTableItem tablesZbigniew Jędrzejewski-Szmek
2014-07-03exit-status: rename ExitStatusSet's "code" field to "status"Lennart Poettering
We should follow the naming scheme waitid() uses, not come up with our own reversed one...
2014-06-05kdbus: when uploading bus name policy, resolve users/groups out-of-processLennart Poettering
It's not safe invoking NSS from PID 1, hence fork off worker processes that upload the policy into the kernel for busnames.
2014-06-04core: rename ReadOnlySystem= to ProtectSystem= and add a third value for ↵Lennart Poettering
also mounting /etc read-only Also, rename ProtectedHome= to ProtectHome=, to simplify things a bit. With this in place we now have two neat options ProtectSystem= and ProtectHome= for protecting the OS itself (and optionally its configuration), and for protecting the user's data.
2014-06-04socket: add new Symlinks= option for socket unitsLennart Poettering
With Symlinks= we can manage one or more symlinks to AF_UNIX or FIFO nodes in the file system, with the same lifecycle as the socket itself. This has two benefits: first, this allows us to remove /dev/log and /dev/initctl from /dev, thus leaving only symlinks, device nodes and directories in the /dev tree. More importantly however, this allows us to move /dev/log out of /dev, while still making it accessible there, so that PrivateDevices= can provide /dev/log too.
2014-06-03core: add new ReadOnlySystem= and ProtectedHome= settings for service unitsLennart Poettering
ReadOnlySystem= uses fs namespaces to mount /usr and /boot read-only for a service. ProtectedHome= uses fs namespaces to mount /home and /run/user inaccessible or read-only for a service. This patch also enables these settings for all our long-running services. Together they should be good building block for a minimal service sandbox, removing the ability for services to modify the operating system or access the user's private data.
2014-05-22cgroups: simplify CPUQuota= logicLennart Poettering
Only accept cpu quota values in percentages, get rid of period definition. It's not clear whether the CFS period controllable per-cgroup even has a future in the kernel, hence let's simplify all this, hardcode the period to 100ms and only accept percentage based quota values.
2014-05-22cgroup: rework startup logicLennart Poettering
Introduce a (unsigned long) -1 as "unset" state for cpu shares/block io weights, and keep the startup unit set around all the time.
2014-05-22core: add startup resource control optionWaLyong Cho
Similar to CPUShares= and BlockIOWeight= respectively. However only assign the specified weight during startup. Each control group attribute is re-assigned as weight by CPUShares=weight and BlockIOWeight=weight after startup. If not CPUShares= or BlockIOWeight= be specified, then the attribute is re-assigned to each default attribute value. (default cpu.shares=1024, blkio.weight=1000) If only CPUShares=weight or BlockIOWeight=weight be specified, then that implies StartupCPUShares=weight and StartupBlockIOWeight=weight.
2014-05-19fix spelling of privilegeNis Martensen
2014-05-06load-fragment: minor cleanupLennart Poettering
2014-04-25core: expose CFS CPU time quota as high-level unit propertiesLennart Poettering
2014-04-24service: rename StartLimitAction enum to FailureActionMichael Olbrich
It's used for the FailureAction property as well.
2014-03-24core: remove tcpwrap supportLennart Poettering
tcpwrap is legacy code, that is barely maintained upstream. It's APIs are awful, and the feature set it exposes (such as DNS and IDENT access control) questionnable. We should not support this natively in systemd. Hence, let's remove the code. If people want to continue making use of this, they can do so by plugging in "tcpd" for the processes they start. With that scheme things are as well or badly supported as they were from traditional inetd, hence no functionality is really lost.
2014-03-24timer: support timers that can resume the system from suspendLennart Poettering
2014-03-20unit: turn off mount propagation for udevdLennart Poettering
Keep mounts done by udev rules private to udevd. Also, document how MountFlags= may be used for this.
2014-03-18util: replace close_nointr_nofail() by a more useful safe_close()Lennart Poettering
safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-03-07busname: add parser for bus name policiesDaniel Mack
There are three directives to specify bus name polices in .busname files: * AllowUser [username] [access] * AllowGroup [groupname] [access] * AllowWorld [access] Where [access] is one of * 'see': The user/group/world is allowed to see a name on the bus * 'talk': The user/group/world is allowed to talk to a name * 'own': The user/group/world is allowed to own a name There is no user added yet in this commit.
2014-03-05core: don't override NoNewPriviliges= from SystemCallFilter= if it is ↵Lennart Poettering
already explicitly set