Age | Commit message (Collapse) | Author |
|
This makes llvm happy when we assign an error code to the variable.
|
|
|
|
If -flto is used then gcc will generate a lot more warnings than before,
among them a number of use-without-initialization warnings. Most of them
without are false positives, but let's make them go away, because it
doesn't really matter.
|
|
|
|
With this change a failing event source handler will not cause the
entire event loop to fail. Instead, we just disable the specific event
source, log a message at debug level and go on.
This also introduces a new concept of "exit code" which can be stored in
the event loop and is returned by sd_event_loop(). We also rename "quit"
to "exit" everywhere else.
Altogether this should make things more robus and keep errors local
while still providing a way to return event loop errors in a clear way.
|
|
|
|
flags conversion
|
|
that are closer to kdbus
This turns around DO_NOT_QUEUE into QUEUE which implies a more useful
default. (And negative options are awful anyway.)
|
|
Adds a new call sd_event_set_watchdog() that can be used to hook up the
event loop with the watchdog supervision logic of systemd. If enabled
and $WATCHDOG_USEC is set the event loop will ping the invoking systemd
daemon right after coming back from epoll_wait() but not more often than
$WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than
$WATCHDOG_USEC/4*3, to make sure the service manager is called in time.
This means that setting WatchdogSec= in a .service file and calling
sd_event_set_watchdog() in your daemon is enough to hook it up with the
watchdog logic.
|
|
Introduces a new concept of "trusted" vs. "untrusted" busses. For the
latter libsystemd-bus will automatically do per-method access control,
for the former all access is automatically granted. Per-method access
control is encoded in the vtables: by default all methods are only
accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag
is set for a method it is accessible to unprivileged clients too. By
default whether a client is privileged is determined via checking for
its CAP_SYS_ADMIN capability, but this can be altered via the
SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field
of the method.
Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and
SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note
however that read access is unrestricted, as PropertiesChanged messages
might send out the values anyway as an unrestricted broadcast.
By default the system bus is set to "untrusted" and the user bus is
"trusted" since per-method access control on the latter is unnecessary.
On dbus1 busses we check the UID of the caller rather than the
configured capability since the capability cannot be determined without
race. On kdbus the capability is checked if possible from the attached
meta-data of a message and otherwise queried from the sending peer.
This also decorates the vtables of the various daemons we ship with
these flags.
|
|
|
|
other calls
Instead of returning an enum of return codes, make them return error
codes like kdbus does internally.
Also, document this behaviour so that clients can stick to it.
(Also rework bus-control.c to always have to functions for dbus1 vs.
kernel implementation of the various calls.)
|
|
Message handler callbacks can be simplified drastically if the
dispatcher automatically replies to method calls if errors are returned.
Thus: add an sd_bus_error argument to all message handlers. When we
dispatch a message handler and it returns negative or a set sd_bus_error
we send this as message error back to the client. This means errors
returned by handlers by default are given back to clients instead of
rippling all the way up to the event loop, which is desirable to make
things robust.
As a side-effect we can now easily turn the SELinux checks into normal
function calls, since the method call dispatcher will generate the right
error replies automatically now.
Also, make sure we always pass the error structure to all property and
method handlers as last argument to follow the usual style of passing
variables for return values as last argument.
|
|
|
|
|
|
everywhere
We want to emphasize bus connections as per-thread communication
primitives, hence introduce a concept of a per-thread default bus, and
make use of it everywhere.
|
|
it everywhere
Try to emphasize a bit that there should be a mapping between event
loops and threads, hence introduce a logic that there's one "default"
event loop for each thread, that can be queried via
"sd_event_default()".
|
|
|
|
bus_log_parse_error()
|
|
|
|
|
|
Among other things this makes sure we always expose a --version command
and show it in the help texts.
|
|
|
|
This reverts commit 95b015de3849d8d8d03d9441ae1682a04c38833b.
"bus: handle serialization of NULL strings" (cd6f997f71c3aba16aa08226d423d14cbc787f82)
should fix this issue.
|
|
When fallback_chassis would return null it led to a crash and an
empty result in hostnamectl. Only seen after the sd-port.
|
|
|
|
|
|
Kay:
- rebase to new transport logic
- replaced iteration macro with property map
|
|
Just use an unsigned int as a bool type to avoid issues in the public
message reading API; sizeof(bool) == 1, but the code copies 4 bytes at
the pointers destination.
|
|
This way, we do not have to call it manually
|
|
|
|
Since the invention of read-only memory, write-only memory has been
considered deprecated. Where appropriate, either make use of the
value, or avoid writing it, to make it clear that it is not used.
|
|
bash allows them, and so should we.
string_has_cc is changed to allow tabs, and if they are not wanted,
they must be now checked for explicitly. There are two other callers,
apart from the env file loaders, and one already checked anyway, and
the other is changed to check.
https://bugs.freedesktop.org/show_bug.cgi?id=68592
https://bugs.gentoo.org/show_bug.cgi?id=481554
|
|
Existing --pretty, --transient, --static options, used previously
for 'set-hostname' verb, are reused for the 'status' verb. If one
of them is given, only the specified hostname is printed. This
way there's no need to employ awk to get the hostname in a script.
|
|
Without this you have to use %40 with the -H flag because dbus doesn't
like the @ sign being unescaped.
|
|
POSIX_ME_HARDER mode is disabled for localectl. It doesn't
make much sense in case of localectl, and there's little reason
for localectl to behave specially.
|
|
|
|
|
|
static hostname and if the static hostname is set, too
https://bugzilla.redhat.com/show_bug.cgi?id=957814
|
|
Before, we would initialize many fields twice: first
by filling the structure with zeros, and then a second
time with the real values. We can let the compiler do
the job for us, avoiding one copy.
A downside of this patch is that text gets slightly
bigger. This is because all zero() calls are effectively
inlined:
$ size build/.libs/systemd
text data bss dec hex filename
before 897737 107300 2560 1007597 f5fed build/.libs/systemd
after 897873 107300 2560 1007733 f6075 build/.libs/systemd
… actually less than 1‰.
A few asserts that the parameter is not null had to be removed. I
don't think this changes much, because first, it is quite unlikely
for the assert to fail, and second, an immediate SEGV is almost as
good as an assert.
|
|
internet hostname unset the pretty name
If people are unaware or uninterested in the concept of pretty host
names, and simply invoke "hostnamectl set-hostname" for a valid internet
host name, then use this as indication to unset the pretty host name and
only set the static/dynamic one.
This also allows fqdn, hence "hostnamectl set-hostname www.foobar.com"
will just work if people really insist on using fqdns as hostnames.
|
|
Implement this with a proper state machine, so that newlines and
escaped chars can appear in string assignments. This should bring the
parser much closer to shell.
|
|
You can write much more than just one line with this call (and we
frequently do), so let's correct the naming.
|
|
that
|
|
This is a followup to: commit 1a37b9b9043ef83e9900e460a9a1fccced3acf89
It will fix denial messages from dbus-daemon between gdm and
systemd-logind on logging into GNOME due to this.
See the previous commit for more details.
|
|
this addresses the bug at:
https://bugs.freedesktop.org/show_bug.cgi?id=59311
https://bugzilla.redhat.com/show_bug.cgi?id=895299
hostnamectl is supposed to allow a range of special characters for
the 'pretty' hostname:
$ hostnamectl set-hostname --pretty "Nathaniels Desktop !@#$%"
..however, it rejects apostrophes, double quotes, and backslashes.
The manual for hostnamectl suggests that this should be allowed.
It makes sense to reject \0, \n, etc. pretty_string_is_safe() is
the same as string_is_safe(), but allows more special characters.
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
Now, actually check if the environment variable names and values used
are valid, before accepting them. With this in place are at some places
more rigid than POSIX, and less rigid at others. For example, this code
allows lower-case environment variables (which POSIX suggests not to
use), but it will not allow non-UTF8 variable values.
All in all this should be a good middle ground of what to allow and what
not to allow as environment variables.
(This also splits out all environment related calls into env-util.[ch])
|
|
Yay, we now have a completely generic systemd. No distribution specific checks anymore!
|
|
|