summaryrefslogtreecommitdiff
path: root/src/libsystemd/sd-bus/bus-container.c
AgeCommit message (Collapse)Author
2015-10-25util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering
There are more than enough to deserve their own .c file, hence move them over.
2015-09-29tree-wide: port more code to use send_one_fd() and receive_one_fd()Lennart Poettering
Also, make it slightly more powerful, by accepting a flags argument, and make it safe for handling if more than one cmsg attribute happens to be attached.
2015-09-07sd-bus: when connecting to a container AF_UNIX bus, return errorLennart Poettering
When forking of a child process for connecting to a container, pass the preicse connection error to the calling process. We already did this correctly for kdbus busses, let's do so for dbus1 busses, too.
2015-09-01sd-bus: when connecting to a kdbus container bus pass error upLennart Poettering
We rely on the correct error used when opening the kdbus device node, hence let's make sure we pass it up from the namespaced child process to the process which actually wants to connect.
2015-08-17namespace helpers: Allow entering a UID namespaceRichard Maw
To be able to use `systemd-run` or `machinectl login` on a container that is in a private user namespace, the sub-process must have entered the user namespace before connecting to the container's D-Bus, otherwise the UID and GID in the peer credentials are garbage. So we extend namespace_open and namespace_enter to support UID namespaces, and we enter the UID namespace in bus_container_connect_{socket,kernel}. namespace_open will degrade to a no-op if user namespaces are not enabled in the kernel. Special handling is required for the setns call in namespace_enter with a user namespace, since transitioning to your own namespace is forbidden, as it would result in re-entering your user namespace as root. Arguably it may be valid to check this at the call site, rather than inside namespace_enter, but it is less code to do it inside, and if the intention of calling namespace_enter is to *be* in the target namespace, rather than to transition to the target namespace, it is a reasonable approach. The check for whether the user namespace is the same must happen before entering namespaces, as we may not be able to access /proc during the intermediate transition stage. We can't instead attempt to enter the user namespace and then ignore the failure from it being the same namespace, since the error code is not distinct, and we can't compare namespaces while mid-transition.
2015-06-10util: introduce CMSG_FOREACH() macro and make use of it everywhereLennart Poettering
It's only marginally shorter then the usual for() loop, but certainly more readable.
2015-04-10shared: add process-util.[ch]Ronny Chevalier
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
2014-12-23sd-bus: teach x-container-unix: bus protoocol to connect to the namespace of ↵Lennart Poettering
a PID instead of a container name
2014-05-18machined: add logic to query IP addresses of containersLennart Poettering
2014-03-24util: replace close_pipe() with new safe_close_pair()Lennart Poettering
safe_close_pair() is more like safe_close(), except that it handles pairs of fds, and doesn't make and misleading allusion, as it works similarly well for socketpairs() as for pipe()s...
2014-03-18util: replace close_nointr_nofail() by a more useful safe_close()Lennart Poettering
safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-01-21libsystemd: split up into subdirsTom Gundersen
We still only produce on .so, but let's keep the sources separate to make things a bit less messy.