| Age | Commit message (Collapse) | Author |
|---|
|
|
|
SetProperties has signature "ba(sv)", but the bus_unit_set_properties()
helper already does a enter_container('a', "sv") so we have to skip it in
bus_unit_method_set_properties().
|
|
|
|
This reverts commit e775289d56ace2f8d23e62ed79316d71332d6d05.
We really should let the dependency logic add jobs for dependencies here
rather than manually adding in jobs, overtaping the real problem.
|
|
|
|
Introduces a new concept of "trusted" vs. "untrusted" busses. For the
latter libsystemd-bus will automatically do per-method access control,
for the former all access is automatically granted. Per-method access
control is encoded in the vtables: by default all methods are only
accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag
is set for a method it is accessible to unprivileged clients too. By
default whether a client is privileged is determined via checking for
its CAP_SYS_ADMIN capability, but this can be altered via the
SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field
of the method.
Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and
SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note
however that read access is unrestricted, as PropertiesChanged messages
might send out the values anyway as an unrestricted broadcast.
By default the system bus is set to "untrusted" and the user bus is
"trusted" since per-method access control on the latter is unnecessary.
On dbus1 busses we check the UID of the caller rather than the
configured capability since the capability cannot be determined without
race. On kdbus the capability is checked if possible from the attached
meta-data of a message and otherwise queried from the sending peer.
This also decorates the vtables of the various daemons we ship with
these flags.
|
|
The only problem is that libgen.h #defines basename to point to it's
own broken implementation instead of the GNU one. This can be fixed
by #undefining basename.
|
|
|
|
Unit is typedef'ed in both unit.h and execute.h. The typedef
existed first in unit.h and was later added to execute.h in
c17ec25e4d9bd6c8e8617416f813e25b2ebbafc5
It is no longer needed so let's just keep the one in unit.h to
avoid redefining it.
|
|
|
|
|
|
|
|
other calls
Instead of returning an enum of return codes, make them return error
codes like kdbus does internally.
Also, document this behaviour so that clients can stick to it.
(Also rework bus-control.c to always have to functions for dbus1 vs.
kernel implementation of the various calls.)
|
|
systemctl reload "suceeded" on stopped units, but it is documented
to fail in this case.
https://bugzilla.redhat.com/show_bug.cgi?id=1036845
|
|
|
|
|
|
|
|
Since we want to retain the ability to break kernel ←→ userspace ABI
after the next release, let's not make use by default of kdbus, so that
people with future kernels will not suddenly break with current systemd
versions.
kdbus support is left in all builds but must now be explicitly requested
at runtime (for example via setting $DBUS_SESSION_BUS). Via a configure
switch the old behaviour can be restored. In fact, we change autogen.sh
to do this, so that git builds (which run autogen.sh) get kdbus by
default, but tarball builds (which ue the configure defaults) do not get
it, and hence this stays out of the distros by default.
|
|
|
|
|
|
|
|
Since the backing ioctl for this on kdbus is the same we retain
atomicity this way.
|
|
|
|
|
|
This way we can unify handling of credentials that are attached to
messages, or can be queried for bus name owners or connection peers.
This also adds the ability to extend incomplete credential information
with data from /proc,
Also, provide a convenience call that will automatically determine the
most appropriate credential object for an incoming message, by using the
the attached information if possible, the sending name information if
available and otherwise the peer's credentials.
|
|
|
|
|
|
|
|
PrivateTmp= namespaces
|
|
Also for log_error() except where a specific error is specified
e.g. errno ? strerror(errno) : "Some user specified message"
|
|
|
|
setting and make use of it where applicable
|
|
|
|
|
|
|
|
when not active
This way, we can avoid executing two /bin/swapon jobs to be dispatched
for the same swap device if it is configured for two different paths.
Previously we were just tracking the device nodes of active swap
devices, which would not allow us to recognize the identity of two swap
devices before they are active.
https://bugs.freedesktop.org/show_bug.cgi?id=69835
|
|
to deal with shells
This makes shutdown a bit faster if debug-shell.service is enabled.
|
|
Pass on the line on which a section was decleared to the parsers, so they
can distinguish between multiple sections (if they chose to). Currently
no parsers take advantage of this, but a follow-up patch will do that
to distinguish
[Address]
Address=192.168.0.1/24
Label=one
[Address]
Address=192.168.0.2/24
Label=two
from
[Address]
Address=192.168.0.1/24
Label=one
Address=192.168.0.2/24
Label=two
|
|
|
|
|
|
|
|
|
|
We expect the event on /proc/swaps before we expect the SIGCHILD,
reflect this in the state machine.
|
|
|
|
Always read all external events before we decide what we do next.
|
|
|
|
|
|
TimeoutSec= means no timing out at all
|
|
|
|
|
