Age | Commit message (Collapse) | Author |
|
Also, when we do permissions checks using creds, verify that we don't do
so based on augmented creds, as extra safety check.
|
|
We are talking about one member of a group of things (resource limits, signals,
timeouts), without specifying which one. An indenfinite article is in order.
When we are talking about the control process, it's a specific one, so the
definite article is used.
|
|
Whenever we provide a bus API that allows clients to create and manage
server-side objects, we need to provide a unique name for these objects.
There are two ways to provide them:
1) Let the server choose a name and return it as method reply.
2) Let the client pass its name of choice in the method arguments.
The first method is the easiest one to implement. However, it suffers from
a race condition: If a client creates an object asynchronously, it cannot
destroy that object until it received the method reply. It cannot know the
name of the new object, thus, it cannot destroy it. Furthermore, this
method enforces a round-trip. If the client _depends_ on the method call
to succeed (eg., it would close() the connection if it failed), the client
usually has no reason to wait for the method reply. Instead, the client
can immediately schedule further method calls on the newly created object
(in case the API guarantees in-order method-call handling).
The second method fixes both problems: The client passes an object name
with the method-call. The server uses it to create the object. Therefore,
the client can schedule object destruction even if the object-creation
hasn't finished, yet (again, requiring in-order method-call handling).
Furthermore, the client can schedule further method calls on the newly
created object, before the constructor returned.
There're two problems to solve, though:
1) Object names are usually defined via dbus object paths, which are
usually globally namespaced. Therefore, multiple clients must be able
to choose unique object names without interference.
2) If multiple libraries share the same bus connection, they must be
able to choose unique object names without interference.
The first problem is solved easily by prefixing a name with the
unique-bus-name of a connection. The server side must enforce this and
reject any other name.
The second problem is solved by providing unique suffixes from within
sd-bus. As long as sd-bus always returns a fresh new ID, if requested,
multiple libraries will never interfere. This implementation re-uses
bus->cookie as ID generator, which already provides unique IDs for each
bus connection.
This patch introduces two new helpers:
bus_path_encode_unique(sd_bus *bus,
const char *prefix,
const char *sender_id,
const char *external_id,
char **ret_path);
This creates a new object-path via the template
'/prefix/sender_id/external_id'. That is, it appends two new labels to
the given prefix. If 'sender_id' is NULL, it will use
bus->unique_name, if 'external_id' is NULL, it will allocate a fresh,
unique cookie from bus->cookie.
bus_path_decode_unique(const char *path,
const char *prefix,
char **ret_sender,
char **ret_external);
This reverses what bus_path_encode_unique() did. It parses 'path' from
the template '/prefix/sender/external' and returns both suffix-labels
in 'ret_sender' and 'ret_external'. In case the template does not
match, 0 is returned and both output arguments are set to NULL.
Otherwise, 1 is returned and the output arguments contain the decoded
labels.
Note: Client-side allocated IDs are inspired by the Wayland protocol
(which itself was inspired by X11). Wayland uses those IDs heavily
to avoid round-trips. Clients can create server-side objects and
send method calls without any round-trip and waiting for any object
IDs to be returned. But unlike Wayland, DBus uses gobally namespaced
object names. Therefore, we have to add the extra step by adding the
unique-name of the bus connection.
|
|
Users might have hard time figuring out why exactly their systemctl request
failed. If dbus job fails try to figure out more details about failure by
examining Result property of the service.
https://bugzilla.redhat.com/show_bug.cgi?id=1016680
|
|
Save some LOCs by replacing strdup()+error-handling+free+assign with
free_and_strdup().
|
|
inclusion
If necessary the passed string is enclosed in "", and all special
characters escapes.
This also ports over usage in bus-util.c and job.c to use this, instead
of a incorrect local implementation that forgets to properly escape.
|
|
non-interactive
Interactive authorization should only happen asynchronously, hence
disallow it in synchronous bus_verify_polkit(), and rename it to
bus_test_polkit(). This way even if the bus message header asks for
interactive authorization, we'll ask for non-interactive authorization
which is actually the desired behaviour if CanSuspend, CanHibernate and
friends, which call this function.
|
|
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
|
|
|
|
Also, allow clients to alter their own objects without any further
priviliges. i.e. this allows clients to kill and lock their own sessions
without involving PK.
|
|
sd_event_wait() returning 0 usually means that it timed out, which means it must
have been idle. However, sd_event_wait() may return 0 in case an event was triggered
but it turned out there was nothing to do. Make the check for idle explicit to avoid
this edge-case.
|
|
|
|
|
|
|
|
systemd-nspawn for containers
This is basically just a shortcut for "systemctl enable
systemd-nspawn@<foobar>.service", but does escaping.
|
|
|
|
They do not use any functions from libcap directly. The CAP_SYS_ADMIN constant
in use by bus-objects.c comes from <linux/capability.h> imported through
"missing.h". The "missing.h" header is imported through "util.h" which gets
imported in "bus-util.h".
Tested that everything builds cleanly after this change.
|
|
Pretty much everywhere else we use the generic term "machine" when
referring to containers in API, so let's do though in sd-bus too. In
particular, since the concept of a "container" exists in sd-bus too, but
as part of the marshalling system.
|
|
Support timer options --on-active=, --on-boot=, --on-startup=,
--on-unit-active=, --on-unit-inactive=, --on-calendar=. Each options
corresponding with OnActiveSec=, OnBootSec=, OnStartupSec=,
OnUnitActiveSec=, OnUnitInactiveSec=, OnCalendar= of timer
respectively. And OnCalendar= and WakeSystem= supported by
--timer-property= option like --property= of systemd-run.
And if --unit= option and timer options are specified the command can
be omitted. In this case, systemd-run assumes the target service is
already loaded. And just try to generate transient timer unit only.
|
|
|
|
"addresses"
|
|
It corrrectly handles both positive and negative errno values.
|
|
As a followup to 086891e5c1 "log: add an "error" parameter to all
low-level logging calls and intrdouce log_error_errno() as log calls
that take error numbers", use sed to convert the simple cases to use
the new macros:
find . -name '*.[ch]' | xargs sed -r -i -e \
's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/'
Multi-line log_*() invocations are not covered.
And we also should add log_unit_*_errno().
|
|
end-of-line and end-of-item marks
|
|
right occasions
|
|
|
|
We always use "int" if we retrieve boolean values from sd-bus, as "bool"
is only a single byte, but full int on va-args.
Thanks to Werner Fink for the report!
|
|
It is redundant to store 'hash' and 'compare' function pointers in
struct Hashmap separately. The functions always comprise a pair.
Store a single pointer to struct hash_ops instead.
systemd keeps hundreds of hashmaps, so this saves a little bit of
memory.
|
|
Skipping interfaces randomly without the caller specifying it is nasty.
Avoid this and let the caller do that themselves.
|
|
The bus_map_all_properties() helper calls
org.freedesktop.DBus.Properties.GetAll() on a given target and parses the
result according to a given property-table. This simplifies dealing with
DBus.Properties significantly. However, the function is blocking and thus
not really useful in many situations.
This patch extracts the core of this function and adds two new helpers
which directly take dbus-messages as arguments. This way, you can issue
asynchronous requests and parse the result via these helpers:
bus_message_map_all_properties():
This is the same as bus_map_all_properties() but takes the result
message from a GetAll() request as argument. You can thus issue an
asynchronous GetAll() request and then use this helper once you got
the result.
bus_message_map_properties_changed():
This function takes a signal-message that was retrieved via a
PropertiesChanged signal and then parses it like if you retrieved
it via GetAll(). Furthermore, this function returns the number of
matched properties that got invalidated by the PropertiesChanged
signal, but didn't carry the new value. This way, the caller can
issue a new GetAll() request and then parse the result.
The old function bus_map_all_properties() is functionally unchanged, but
now uses bus_message_map_all_properties() internally.
|
|
STOPPING=1 via sd_notify()
This should fix a race where a service thatis idle drops its name, and
is immediately requested by another client, which causes dbus-daemon to
ask systemd to activate it again, but since systemd still assumes it is
running it won't do anything.
|
|
|
|
First, let's drop the "bus" argument, we can determine it from the
message anyway.
Secondly, determine the right callback/userdata pair automatically from
what is currently is being dispatched. This should simplify things a lot
for us, since it makes it unnecessary to pass pointers through the
original handlers through all functions when we process messages, which
might require authentication.
|
|
|
|
This is a generalization of the vtable privilege check we already have,
but exported, and hence useful when preparing for a polkit change.
This will deal with the complexity that on dbus1 one cannot trust the
capability field we retrieve via the bus, since it is read via
/proc/$$/stat (and thus might be out-of-date) rather than directly from
the message (like on kdbus) or bus connection (as for uid creds on
dbus1).
Also, port over all code to this new API.
|
|
It's unneccessary, not used, and complicates callers of the
function.
|
|
In the long run this should become a full fledged client to networkd
(but not before networkd learns bus support). For now, just pull
interesting data out of networkd, udev, and rtnl and present it to the
user, in a simple but useful output.
|
|
|
|
|
|
|
|
Only accept cpu quota values in percentages, get rid of period
definition.
It's not clear whether the CFS period controllable per-cgroup even has a
future in the kernel, hence let's simplify all this, hardcode the period
to 100ms and only accept percentage based quota values.
|
|
No functional change expected :)
|
|
attached to a bus connection
This makes callback behaviour more like sd-event or sd-resolve, and
creates proper object for unregistering callbacks.
Taking the refernce to the slot is optional. If not taken life time of
the slot will be bound to the underlying bus object (or in the case of
an async call until the reply has been recieved).
|
|
|
|
addition to the host
|
|
|
|
|
|
for the unit that is created
The code for parsing these properties is shared with "systemctl
set-property", which means all the resource control settings are
immediately available.
|
|
first (or second)
Previously the returned object of constructor functions where sometimes
returned as last, sometimes as first and sometimes as second parameter.
Let's clean this up a bit. Here are the new rules:
1. The object the new object is derived from is put first, if there is any
2. The object we are creating will be returned in the next arguments
3. This is followed by any additional arguments
Rationale:
For functions that operate on an object we always put that object first.
Constructors should probably not be too different in this regard. Also,
if the additional parameters might want to use varargs which suggests to
put them last.
Note that this new scheme only applies to constructor functions, not to
all other functions. We do give a lot of freedom for those.
Note that this commit only changes the order of the new functions we
added, for old ones we accept the wrong order and leave it like that.
|
|
This matches the API of previous headers, such as sd-journal.h.
|