| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Got this one wrong, it is not a union, just a nested container.
|
|
|
|
So far we only supported selecting them by sibling attributes.
(This stuff is all a bit crazy, but there seems to be no other way...)
|
|
Still parse the CMSG data, and most importantly make sure we drop the message when peeking.
|
|
causes EOF. Seems like a kernel bug. Ignoring it seems to work be the best we
can do for now...
See https://bugs.freedesktop.org/show_bug.cgi?id=88397
|
|
|
|
|
|
|
|
|
|
After all it is now much more like strjoin() than strappend(). At the
same time, add support for NULL sentinels, even if they are normally not
necessary.
|
|
Still keep the non-socket activation code around for starting from the commandline, but
will likely drop that too in the future.
|
|
|
|
In both cases exit the event loop.
|
|
If we scale our buffer to be wide enough for the format string, we
should expect that the calculation was correct.
char_array_0() invocations are removed, since snprintf nul-terminates
the output in any case.
A similar wrapper is used for strftime calls, but only in timedatectl.c.
|
|
As in sd-bus, simply log at debug level when a callback fails, but don't fail the event handler.
Otherwise any error returned by any callback will disable the rtnl event handler. We should
only do that on serious internal errors in sd-rtnl that we know cannot be recovered from.
|
|
entirety as gvariant objects"
This breaks booting with kdbus.
This reverts commit b381de4197157748ed96e469fcc372c23f842ae1.
|
|
as gvariant objects
Previously, we only minimally altered the dbus1 framing for kdbus, and
while the header and its fields where compliant Gvariant objects, and so
was the body, the entire message together was not.
As result of discussions with Ryan Lortie this is now changed, so that
the messages in there entirely are fully compliant GVariants. This
follows the framing description described here:
https://wiki.gnome.org/Projects/GLib/GDBus/Version2
Note that this change changes the framing of *all* messages sent via
kdbus, this means you have to reboot your kdbus system, after compiling
and installing this new version.
|
|
|
|
|
|
|
|
We really need to use va_arg() with the right type here as uint64_t and
double might have the same size, but are passed differently as
arguments.
|
|
Otherwise they can be optimized away with -DNDEBUG
|
|
This patch introduces ipv6 gre and gretap.
test:
ip6gre.netdev:
[NetDev]
Name=ip6gretap
Kind=ip6gretap
[Tunnel]
Local=2a00:ffde:4567:edde::4987
Remote=2001:473:fece:cafe::5179
ip6gre.network:
[Match]
Name=eno16777736
[Network]
Tunnel=ip6gretap
ip link
6: ip6gre@eno16777736: <POINTOPOINT,NOARP> mtu 1448 qdisc noop state
DOWN mode DEFAULT group default
link/gre6 2a:00:ff:de:45:67:ed:de:00:00:00:00:00:00:49:87 peer
20:01:04:73:fe:ce:ca:fe:00:00:00:00:00:00:51:79
|
|
This patch enables networkd to create IP6 tunnels
example conf:
ipip6.netdev:
[NetDev]
Name=ipip6-tunnel
Kind=ip6tnl
[Tunnel]
Mode=ip4ipv6
Local=2a00:ffde:4567:edde::4987
Remote=2001:473:fece:cafe::5179
ipip6.network
[Match]
Name=wlan0
[Network]
Tunnel=ipip6-tunnel
23: ipip6-tunnel@wlan0: <POINTOPOINT,NOARP> mtu 1452 qdisc noop state
DOWN mode DEFAULT group default
link/tunnel6 2a00:ffde:4567:edde::4987 peer 2001:473:fece:cafe::5179
|
|
This patch introdeces gretap to networkd
|
|
|
|
Types used for pids and uids in various interfaces are unpredictable.
Too bad.
|
|
|
|
client to it
The old "systemd-import" binary is now an internal tool. We still use it
as asynchronous backend for systemd-importd. Since the import tool might
require some IO and CPU resources (due to qcow2 explosion, and
decompression), and because we might want to run it with more minimal
priviliges we still keep it around as the worker binary to execute as
child process of importd.
machinectl now has verbs for pulling down images, cancelling them and
listing them.
|
|
|
|
There is no reason to provide our own attach_flags_mask. We can simply
rely on kdbus.attach_flags_mask= which is read by the kernel *and* kmod.
If it's set, we assume the user wants to override our setting, so we
simply skip setting it.
|
|
If we set SD_BUS_CREDS_AUGMENT, we *need* the PID from the kernel so we
can lookup further information from /proc. However, we *must* set
SD_BUS_CREDS_PIDS in "mask", otherwise, our creds-collector will never
actually copy the pid into "sd_bus_creds". Fix this, so
SD_BUS_CREDS_AUGMENT works even if SD_BUS_CREDS_PID is not specified by
the caller.
|
|
Fix comment typo and clarify that this is not about privileges but can
have rather arbitrary reasons.
|
|
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
|
|
|
|
This does not make a difference, but the code was confusing.
|
|
This exposes an IP port on the container as local port using DNAT.
|
|
Just a simple variable rename, and a dropped flag that sd-bus didn't make
use of.
|
|
|
|
needlessly send it if we don't actually need it
|
|
Make sure to append bloom-filters to all signal-messages, not only
broadcasts.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
"org.freedesktop.DBus" and "org.freedesktop.DBus.Local" and refuse them
|
|
With this change it is possible to send file descriptors to PID 1, via
sd_pid_notify_with_fds() which PID 1 will store individually for each
service, and pass via the usual fd passing logic on next invocation.
This is useful for enable daemon reload schemes where daemons serialize
their state to /run, push their fds into PID 1 and terminate, restoring
their state on next start from the data in /run and passed in from PID
1.
The fds are kept by PID 1 as long as no POLLHUP or POLLERR is seen on
them, and the service they belong to are either not dead or failed, or
have a job queued.
|
