Age | Commit message (Collapse) | Author |
|
First, let's drop the "bus" argument, we can determine it from the
message anyway.
Secondly, determine the right callback/userdata pair automatically from
what is currently is being dispatched. This should simplify things a lot
for us, since it makes it unnecessary to pass pointers through the
original handlers through all functions when we process messages, which
might require authentication.
|
|
|
|
|
|
This is a generalization of the vtable privilege check we already have,
but exported, and hence useful when preparing for a polkit change.
This will deal with the complexity that on dbus1 one cannot trust the
capability field we retrieve via the bus, since it is read via
/proc/$$/stat (and thus might be out-of-date) rather than directly from
the message (like on kdbus) or bus connection (as for uid creds on
dbus1).
Also, port over all code to this new API.
|
|
It's unneccessary, not used, and complicates callers of the
function.
|
|
i is being used incorrectly. It is used to refer to the number of
indexes calculated so far (out of k). However, it is also incremented
when a new hash key is being used. This means that the results are
inconsistent with the desired behavior described in PORTING-DBUS1
document.
The expected result is that for the default values of m and k (512, 8)
the 1st hash key should produce 4 indexes. The second hash key is used
for the next 4 and overall 8 indexes into m are calculated.
The current behavior results in 6 indexes being calculated, 4 coming
from hash key 1 and 2 others from hash key 5.
|
|
In the long run this should become a full fledged client to networkd
(but not before networkd learns bus support). For now, just pull
interesting data out of networkd, udev, and rtnl and present it to the
user, in a simple but useful output.
|
|
|
|
Since b5eca3a2059f9399d1dc52cbcf9698674c4b1cf0 we don't attempt to GC
busses anymore when unsent messages remain that keep their reference,
when they otherwise are not referenced anymore. This means that if we
explicitly want connections to go away, we need to close them.
With this change we will no do so explicitly wherver we connect to the
bus from a main program (and thus know when the bus connection should go
away), or when we create a private bus connection, that really should go
away after our use.
This fixes connection leaks in the NSS and PAM modules.
|
|
getopt is usually good at printing out a nice error message when
commandline options are invalid. It distinguishes between an unknown
option and a known option with a missing arg. It is better to let it
do its job and not use opterr=0 unless we actually want to suppress
messages. So remove opterr=0 in the few places where it wasn't really
useful.
When an error in options is encountered, we should not print a lengthy
help() and overwhelm the user, when we know precisely what is wrong
with the commandline. In addition, since help() prints to stdout, it
should not be used except when requested with -h or --help.
Also, simplify things here and there.
|
|
|
|
|
|
This makes it easier to debug what is going on.
|
|
|
|
|
|
|
|
systemctl -H root@foobar:waldi
will now show a list of services running on container "waldi" on host
"foobar", using "root" for authenticating at "foobar".
Since entereing a container requires priviliges, this will only work
correctly for root logins.
|
|
This makes sure we actually release the bus and all the messages it
references.
|
|
When a caller drops all references to a bus and its messages while the
messages where still queue, this causes the bus to reference the
messages, and the messages to reference the bus, without anybody else
keeping a reference, which is something we so far considered a leak, and
tried to fix with a GC logic that would recognize cases like this, and
drop the reference.
This GC logic has been broken sofar, and remained unfixed. This commit
removes it altogther, replacing it with nothing. The rationale is that
simply because all refs to the bus have been dropped its queued messages
should *still* be written to the bus, even if the caller doesn't retain
any reference to either bus nor message. This means it was actually
wrong to attempt to clean up the bus in this case.
The proper way how applications should handle this is by explicitly
invoking sd_bus_close(), when they want busses to go away. This is
probably want they want to do anyway to avoid getting spurious
callbacks after they stopped using a bus.
|
|
It seems unnecessary to support this, and we rather should avoid
allowing this at all, so that people don't program against this
sloppily and we end up remarshalling all the time...
|
|
|
|
It's not safe invoking NSS from PID 1, hence fork off worker processes
that upload the policy into the kernel for busnames.
|
|
|
|
Only accept cpu quota values in percentages, get rid of period
definition.
It's not clear whether the CFS period controllable per-cgroup even has a
future in the kernel, hence let's simplify all this, hardcode the period
to 100ms and only accept percentage based quota values.
|
|
|
|
|
|
|
|
|
|
|
|
Also, make sure we automatically destroy reply callbacks that are
floating.
|
|
These are the counterpart of "floating" bus slots, i.e. event sources
that are bound to the lifetime of the event object itself, and thus
don't require an explicit reference to be kept.
|
|
No functional change expected :)
|
|
attached to a bus connection
This makes callback behaviour more like sd-event or sd-resolve, and
creates proper object for unregistering callbacks.
Taking the refernce to the slot is optional. If not taken life time of
the slot will be bound to the underlying bus object (or in the case of
an async call until the reply has been recieved).
|
|
|
|
sd-bus and sd-event
|
|
|
|
|
|
Let's unify generation of unicode chars at one place.
Also, don't add an extra space into chars we print, except for the tree
chars where this is really necessary.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The bug was introducted in a3d59cd1 ("sd-bus: don't use assert_return()
to check for disconnected bus connections")
|
|
safe_close_pair() is more like safe_close(), except that it handles
pairs of fds, and doesn't make and misleading allusion, as it works
similarly well for socketpairs() as for pipe()s...
|
|
CLOCK_BOOTTIME_ALARM, too
|
|
If you allocate a message with bus==NULL and then unref the main bus,
it will free your message underneath and your program will go boom!
To fix that, we really need to figure out what the semantics for
self-references (m->bus) should be and when/where/what accesses are
actually allowed.
Same is true for the pseudo-thread-safety we employ..
|
|
In sd_bus_unref() we check for self-reference loops and destruct our
queues in case we're the only reference holders. However, we do _not_
modify our own ref-count, thus effectively causing the
message-destructions to enter with the same reference count as we did.
The only reason this doesn't cause an endless recursion (or trigger
assert(m->n_ref > 0) in sd_bus_message_unref()) is the fact that we
decrease queue-counters _before_ calling _unref(). That's not obvious at
all, so add a big fat note in bus_reset_queues() to everyone touching that
code.
|
|
A terminated connection is a runtime error and not a developer mistake,
hence don't use assert_return() to check for it.
|