summaryrefslogtreecommitdiff
path: root/src/libsystemd/sd-bus/bus-common-errors.h
AgeCommit message (Collapse)Author
2016-10-07core: add "invocation ID" concept to service managerLennart Poettering
This adds a new invocation ID concept to the service manager. The invocation ID identifies each runtime cycle of a unit uniquely. A new randomized 128bit ID is generated each time a unit moves from and inactive to an activating or active state. The primary usecase for this concept is to connect the runtime data PID 1 maintains about a service with the offline data the journal stores about it. Previously we'd use the unit name plus start/stop times, which however is highly racy since the journal will generally process log data after the service already ended. The "invocation ID" kinda matches the "boot ID" concept of the Linux kernel, except that it applies to an individual unit instead of the whole system. The invocation ID is passed to the activated processes as environment variable. It is additionally stored as extended attribute on the cgroup of the unit. The latter is used by journald to automatically retrieve it for each log logged message and attach it to the log entry. The environment variable is very easily accessible, even for unprivileged services. OTOH the extended attribute is only accessible to privileged processes (this is because cgroupfs only supports the "trusted." xattr namespace, not "user."). The environment variable may be altered by services, the extended attribute may not be, hence is the better choice for the journal. Note that reading the invocation ID off the extended attribute from journald is racy, similar to the way reading the unit name for a logging process is. This patch adds APIs to read the invocation ID to sd-id128: sd_id128_get_invocation() may be used in a similar fashion to sd_id128_get_boot(). PID1's own logging is updated to always include the invocation ID when it logs information about a unit. A new bus call GetUnitByInvocationID() is added that allows retrieving a bus path to a unit by its invocation ID. The bus path is built using the invocation ID, thus providing a path for referring to a unit that is valid only for the current runtime cycleof it. Outlook for the future: should the kernel eventually allow passing of cgroup information along AF_UNIX/SOCK_DGRAM messages via a unique cgroup id, then we can alter the invocation ID to be generated as hash from that rather than entirely randomly. This way we can derive the invocation race-freely from the messages.
2016-08-22core: add Ref()/Unref() bus calls for unitsLennart Poettering
This adds two (privileged) bus calls Ref() and Unref() to the Unit interface. The two calls may be used by clients to pin a unit into memory, so that various runtime properties aren't flushed out by the automatic GC. This is necessary to permit clients to race-freely acquire runtime results (such as process exit status/code or accumulated CPU time) on successful service termination. Ref() and Unref() are fully recursive, hence act like the usual reference counting concept in C. Taking a reference is a privileged operation, as this allows pinning units into memory which consumes resources. Transient units may also gain a reference at the time of creation, via the new AddRef property (that is only defined for transient units at the time of creation).
2016-07-22core: add a concept of "dynamic" user ids, that are allocated as long as a ↵Lennart Poettering
service is running This adds a new boolean setting DynamicUser= to service files. If set, a new user will be allocated dynamically when the unit is started, and released when it is stopped. The user ID is allocated from the range 61184..65519. The user will not be added to /etc/passwd (but an NSS module to be added later should make it show up in getent passwd). For now, care should be taken that the service writes no files to disk, since this might result in files owned by UIDs that might get assigned dynamically to a different service later on. Later patches will tighten sandboxing in order to ensure that this cannot happen, except for a few selected directories. A simple way to test this is: systemd-run -p DynamicUser=1 /bin/sleep 99999
2016-04-12core: make sure we generate a nicer error when a linked unit is attempted to ↵Lennart Poettering
be enabled We don't allow using config symlinks to enable units, but the error message we printed was awful. Fix that, and generate a more readable error. Fixes #3010.
2016-04-12core: when enabling a generated unit file, return a clean errorLennart Poettering
Let's be precise when the user tries to invoke an "enable" operation on a generated unit file.
2016-02-13resolved: drop references to two bus error codes no longer usedLennart Poettering
2016-02-10tree-wide: remove Emacs lines from all filesDaniel Mack
This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
2016-01-25resolve: generate a nice clean error when clients try to resolve a name when ↵Lennart Poettering
the network is down
2016-01-19resolved: add bus API for configuring per-link DNS settingsLennart Poettering
This is useful for alternative network management solutions (such as NetworkManager) to push DNS configuration data into resolved. The calls will fail should networkd already have taken possesion of a link, so that the bus API is only available if we don't get the data from networkd.
2016-01-11resolved: don't attempt to send queries for DNSSEC RR types to servers not ↵Lennart Poettering
supporting them If we already degraded the feature level below DO don't bother with sending requests for DS, DNSKEY, RRSIG, NSEC, NSEC3 or NSEC3PARAM RRs. After all, we cannot do DNSSEC validation then anyway, and we better not press a legacy server like this with such modern concepts. This also has the benefit that when we try to validate a response we received using DNSSEC, and we detect a limited server support level while doing so, all further auxiliary DNSSEC queries will fail right-away.
2016-01-04resolved: explicitly handle case when the trust anchor is emptyLennart Poettering
Since we honour RFC5011 revoked keys it might happen we end up with an empty trust anchor, or one where there's no entry for the root left. With this patch the logic is changed what to do in this case. Before this patch we'd end up requesting the root DS, which returns with NODATA but a signed NSEC we cannot verify, since the trust anchor is empty after all. Thus we'd return a DNSSEC result of "missing-key", as we lack a verified version of the key. With this patch in place, look-ups for the root DS are explicitly recognized, and not passed on to the DNS servers. Instead, if downgrade-ok mode is on an unsigned NODATA response is synthesized, so that the validator code continues under the assumption the root zone was unsigned. If downgrade-ok mode is off a new transaction failure is generated, that makes this case recognizable.
2016-01-04resolved: introduce a proper bus error for DNSSEC validation errorsLennart Poettering
2015-12-29resolved: properly handle SRV RRs with the DNS root as hostnameLennart Poettering
2015-12-26resolved: generate an explicit transaction error when we cannot reach server ↵Lennart Poettering
via TCP Previously, if we couldn't reach a server via UDP we'd generate an MAX_ATTEMPTS transaction result, but if we couldn't reach it via TCP we'd generate a RESOURCES transaction result. While it is OK to generate two different errors I think, "RESOURCES" is certainly a misnomer. Introduce a new transaction result "CONNECTION_FAILURE" instead.
2015-07-09nss-mymachines: map userns users of containers to real user namesLennart Poettering
Given a container "foo", that maps user id $UID to container user, using user namespaces, this NSS module extenstion will now map the $UID to a name "vu-foo-$TUID" for the translated UID $UID. Similar, userns groups are mapped to "vg-foo-$TGID" for translated GIDs of $GID. This simple change should make userns users more discoverable. Also, given that many tools like "adduser" check NSS before allocating a UID, should lower the chance of UID range conflicts between tools.
2015-07-07logind: fail on CreateSession if already in sessionDavid Herrmann
Right now, if you're already in a session and call CreateSession, we return information about the current session of yours. This is highy confusing and a nasty hack. Avoid that, and instead return a commonly known error, so the caller can detect that. This has the side-effect, that we no longer override XDG_VTNR and XDG_SEAT in pam_systemd, if you're already in a session. But this sounds like the right thing to do, anyway.
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2015-01-22import: introduce new mini-daemon systemd-importd, and make machinectl a ↵Lennart Poettering
client to it The old "systemd-import" binary is now an internal tool. We still use it as asynchronous backend for systemd-importd. Since the import tool might require some IO and CPU resources (due to qcow2 explosion, and decompression), and because we might want to run it with more minimal priviliges we still keep it around as the worker binary to execute as child process of importd. machinectl now has verbs for pulling down images, cancelling them and listing them.
2014-12-19machined: add new GetImage() bus call for retrieving the bus path for an imageLennart Poettering
2014-12-10sd-bus: move common errors src/shared/bus-errors.h → ↵Lennart Poettering
src/libsystemd/sd-bus/bus-common-errors.h Stuff in src/shared/ should not use stuff from src/libsystemd/ really.