summaryrefslogtreecommitdiff
path: root/src/libsystemd-bus
AgeCommit message (Collapse)Author
2013-12-15Fix a few resource leaks in error pathsZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1043304
2013-12-15bus: _printf_ attributes should be on prototypes not function definitions ↵Lennart Poettering
for non-static functions
2013-12-15bus: update kdbus monitoring interfaceKay Sievers
2013-12-14bus: return negative errno on errorZbigniew Jędrzejewski-Szmek
https://bugs.freedesktop.org/show_bug.cgi?id=72688
2013-12-14Add more _printf_'s for format-nonliteralsThomas Hindoe Paaboel Andersen
Clang is a bit more strict wrt format-nonliterals: http://clang.llvm.org/docs/LanguageExtensions.html#format-string-checking Adding these extra printf attributes also makes gcc able to find more problems. E.g. this patch uncovers a format issue in udev-builtin-path_id.c Some parts looked intetional about breaking the format-nonliteral check. I added some supression for warnings there.
2013-12-14event: some snake-oil to speed up impossible error checksLennart Poettering
2013-12-14event: instead of reset the revents field when we get new revents data from ↵Lennart Poettering
epoll, OR it in
2013-12-14event: dynamically adjust size of events array instead of pre-allocating it ↵Lennart Poettering
possibly too large or too small
2013-12-14bus: when connecting to a container's kdbus instance, enter namespace firstLennart Poettering
Previously we'd open the connection in the originating namespace, which meant most peers of the bus would not be able to make sense of the PID/UID/... identity of us since we didn't exist in the namespace they run in. However they require this identity for privilege decisions, hence disallowing access to anything from the host. Instead, when connecting to a container, create a temporary subprocess, make it join the container's namespace and then connect from there to the kdbus instance. This is similar to how we do it for socket conections already. THis also unifies the namespacing code used by machinectl and the bus APIs.
2013-12-13event: make gcc shut upLennart Poettering
2013-12-13libsystemd-bus: the same error codes for sd_bus_release_name() (for kdbus ↵Lukasz Skalski
and dbus1) Due to this patch, sd_bus_release_name() function returns the same code errors for kdbus and dbus1 if we try release non-existing name or foreign name.
2013-12-13update TODOLennart Poettering
2013-12-13bus: when a connection terminated use ECONNRESET as errorLennart Poettering
2013-12-13bus: rework how we attach fds to event loopsLennart Poettering
When trying a couple of addresses one after the other, make sure to reattach the fds to the event loop.
2013-12-13event: add ability to change fd of an active event sourceLennart Poettering
2013-12-13event: allow to query userdata and watchdog stateLennart Poettering
2013-12-13event: when unreffing an event source from its own handler, detach fd from epollLennart Poettering
The pattern of unreffing an IO event source and then closing its fd is frequently seen in even source callbacks. Previously this likely resultet in us removing the fd from the epoll after it was closed which is problematic, since while we were dispatching we always kept an extra reference to event source objects because we might still need it later.
2013-12-13event: rework sd-event exit logicLennart Poettering
With this change a failing event source handler will not cause the entire event loop to fail. Instead, we just disable the specific event source, log a message at debug level and go on. This also introduces a new concept of "exit code" which can be stored in the event loop and is returned by sd_event_loop(). We also rename "quit" to "exit" everywhere else. Altogether this should make things more robus and keep errors local while still providing a way to return event loop errors in a clear way.
2013-12-13bus: fix make checkLennart Poettering
2013-12-13bus: properly parse NameOwnerChanged messages when caller explicitly wants ↵Lennart Poettering
to match against names coming/going
2013-12-13bus: make sure exit-on-idle logic works on kdbus systems that do not ↵Lennart Poettering
generate NameLost
2013-12-13bus: fix parsing of matches against empty stringsLennart Poettering
2013-12-12bus: fix rewind logicLennart Poettering
2013-12-12bus: update kdbus.hKay Sievers
2013-12-12bus: always pass valid timeout to kdbusLennart Poettering
2013-12-12bus: enforce endianess and marshalling for messages we sendLennart Poettering
2013-12-12bus: add SD_BUS_NAME_REPLACE_EXISTING to all activatable services, fix one ↵Kay Sievers
flags conversion
2013-12-12bus: instead of exposing the dbus1 flags when acquiring a name use our own ↵Lennart Poettering
that are closer to kdbus This turns around DO_NOT_QUEUE into QUEUE which implies a more useful default. (And negative options are awful anyway.)
2013-12-12bus: properly return an error when we detect a method call timeoutLennart Poettering
2013-12-12timedated: make sure GetAll() succeeds in systems lacking /dev/rtc (such as ↵Lennart Poettering
containers)
2013-12-12bus: properly generate NameOwnerChanged messages when we take from/give back ↵Lennart Poettering
to queue/starter
2013-12-12bus: fix order in which we check credsLennart Poettering
2013-12-12bus: update name listing logic to current kernel interfaceLennart Poettering
2013-12-12bus: when checking whether a creds object contains some field, don't use ↵Lennart Poettering
assert_return() These are not programming errors, so they shouldn't use assert_return()
2013-12-12bus: connect directly via kdbus in sd_bus_open_system_container()Lennart Poettering
kdbus fortunately exposes the container's busses in the host fs, hence we can access it directly instead of doing the namespacing dance.
2013-12-11sd-event: try to move each wakeup to the same spot within every 10sLennart Poettering
In addition to the same spot within every 1min, every 1s, every 250s
2013-12-11journal: add ability to browse journals of running OS containersLennart Poettering
This adds the new library call sd_journal_open_container() and a new "-M" switch to journalctl. Particular care is taken that journalctl's "-b" switch resolves to the current boot ID of the container, not the host.
2013-12-11event: hook up sd-event with the service watchdog logicLennart Poettering
Adds a new call sd_event_set_watchdog() that can be used to hook up the event loop with the watchdog supervision logic of systemd. If enabled and $WATCHDOG_USEC is set the event loop will ping the invoking systemd daemon right after coming back from epoll_wait() but not more often than $WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than $WATCHDOG_USEC/4*3, to make sure the service manager is called in time. This means that setting WatchdogSec= in a .service file and calling sd_event_set_watchdog() in your daemon is enough to hook it up with the watchdog logic.
2013-12-11event: when handling SIGCHLD of a child process only reap after dispatching ↵Lennart Poettering
event source That way the even source callback is run with the zombie process still around so that it can access /proc/$PID/ and similar, and so that it can be sure that the PID has not been reused yet.
2013-12-11bus: kdbus - skip only STARTER and IN_QUEUE names for NameOwnerChangedKay Sievers
2013-12-10bus: do not dispatch incoming method calls that are broacasted to vtablesLennart Poettering
2013-12-10bus: don't generate assert warnings when we detach a detached bus from an eventLennart Poettering
2013-12-10bus: generate debug messages when we cannot deliver messages via kdbusLennart Poettering
2013-12-10bus: when we _unref() a NULL pointer, don't use assert_return()Lennart Poettering
We support unreffing NULL pointers just fine and we shouldn't pay the _unlikely_() price for it, not get a debug message if we do, hence let's not use assert_return() here.
2013-12-10bus: Add bus_kernel_monitor functionLukasz Skalski
2013-12-10Revert "libsystemd-bus: use assert_return"Lennart Poettering
This reverts commit f7e2bd5a8070ba86cba6bcbf7d1c9a8173d846d4. Most of these checks are not programming errors, but happen during normal runtime. For example bus_kernel_pop_memfd() is called all the time on non-kdbus systems and is supposed to quickly fail if kdbus is not available. However, assert_return() makes this failure expensive, and hence has no place here. With the most recent change to assert_return() it will even log a debug message, which should never happen here.
2013-12-10bus: update kdbus.hKay Sievers
2013-12-10macro: log assertion at debug level in assert_return()Lennart Poettering
2013-12-10bus: introduce new SD_BUS_VTABLE_HIDDEN flag for vtable membersLennart Poettering
When this flag is set then its member will not be shown in the introspection data. Also, properties with this flag set will not be included in GetAll() responses.
2013-12-10bus: introduce "trusted" bus concept and encode access control in object vtablesLennart Poettering
Introduces a new concept of "trusted" vs. "untrusted" busses. For the latter libsystemd-bus will automatically do per-method access control, for the former all access is automatically granted. Per-method access control is encoded in the vtables: by default all methods are only accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag is set for a method it is accessible to unprivileged clients too. By default whether a client is privileged is determined via checking for its CAP_SYS_ADMIN capability, but this can be altered via the SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field of the method. Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note however that read access is unrestricted, as PropertiesChanged messages might send out the values anyway as an unrestricted broadcast. By default the system bus is set to "untrusted" and the user bus is "trusted" since per-method access control on the latter is unnecessary. On dbus1 busses we check the UID of the caller rather than the configured capability since the capability cannot be determined without race. On kdbus the capability is checked if possible from the attached meta-data of a message and otherwise queried from the sending peer. This also decorates the vtables of the various daemons we ship with these flags.