summaryrefslogtreecommitdiff
path: root/src/libsystemd
AgeCommit message (Collapse)Author
2015-01-18bus: fix typoDavid Herrmann
Fix comment typo and clarify that this is not about privileges but can have rather arbitrary reasons.
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
2015-01-14sd-bus: tell Coverity that it's OK not to care for return values in some casesLennart Poettering
2015-01-13refcnt: refcnt is unsigned, fix comparisonsTom Gundersen
This does not make a difference, but the code was confusing.
2015-01-13nspawn: add new option "--port=" for exposing container ports on the local hostLennart Poettering
This exposes an IP port on the container as local port using DNAT.
2015-01-12sd-bus: sync kdbus.h (API break)Daniel Mack
Just a simple variable rename, and a dropped flag that sd-bus didn't make use of.
2015-01-10kdbus.h: updateKay Sievers
2015-01-09sd-bus: even if we need a cookie when sending a message there's no need to ↵Lennart Poettering
needlessly send it if we don't actually need it
2015-01-09bus: append bloom-filter to all signalsDavid Herrmann
Make sure to append bloom-filters to all signal-messages, not only broadcasts.
2015-01-08sd-bus: fix copy-paste errorLukasz Skalski
2015-01-07bus-util: fix error number output when waiting for jobLennart Poettering
2015-01-07busctl: exit cleanly when the bus connection is severedLennart Poettering
2015-01-07sd-bus: when we synthesize messages, initialize timestamps ourselvesLennart Poettering
2015-01-07sd-bus: unify how we set the sender of synthetic messagesLennart Poettering
2015-01-07sd-bus: make use of the newly added timestamps on kdbus kernel messagesLennart Poettering
2015-01-07sd-bus: always catch name requests for the special names ↵Lennart Poettering
"org.freedesktop.DBus" and "org.freedesktop.DBus.Local" and refuse them
2015-01-06core: add new logic for services to store file descriptors in PID 1Lennart Poettering
With this change it is possible to send file descriptors to PID 1, via sd_pid_notify_with_fds() which PID 1 will store individually for each service, and pass via the usual fd passing logic on next invocation. This is useful for enable daemon reload schemes where daemons serialize their state to /run, push their fds into PID 1 and terminate, restoring their state on next start from the data in /run and passed in from PID 1. The fds are kept by PID 1 as long as no POLLHUP or POLLERR is seen on them, and the service they belong to are either not dead or failed, or have a job queued.
2015-01-05sd-bus: sync kdbus.hDaniel Mack
Catch up with latest changes in kdbus.ko: * Signals can be sent as unicast now, hence they need to be marked as such with the KDBUS_MSG_SIGNAL in the message flags. * Follow ioctl number change for KDBUS_CMD_FREE
2015-01-05systemctl: fix waiting for jobs when using direct connections to PID 1 for dbusLennart Poettering
2015-01-05machined,bus-proxy: fix connecting to containersLennart Poettering
2014-12-30tree-wide: spelling fixesVeres Lajos
https://github.com/vlajos/misspell_fixer https://github.com/torstehu/systemd/commit/b6fdeb618cf2f3ce1645b3315f15f482710c7ffa Thanks to Torstein Husebo <torstein@huseboe.net>.
2014-12-30bus: replace ENOSYS return codes with EBADR/ENOTSUPZbigniew Jędrzejewski-Szmek
ENOSYS is used to signify compiled-out functionality. Using it for different kinds of error is misleading. For BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, logind-action.c uses ENOTSUP already, so changing it to ENOTSUP makes the dbus and action paths behave the same.
2014-12-30bus: add sd_bus_emit_object_{added/removed}()David Herrmann
This implements two new helpers, discussed on systemd-devel about 1 year ago: sd_bus_emit_object_added() sd_bus_emit_object_removed() Both calls are equivalent to their respective counterpart sd_bus_emit_interfaces_{added/removed}(), but can figure out the list of interfaces themselves, instead of requiring the caller to provide them. Furthermore, both calls properly deal with builtin interfaces provided via org.freedesktop.DBus.* and alike. Both calls simply traverse a node and all its parent nodes to figure out a list of all interfaces registered as vtable or fallback. It then appends each of them, similar to the interfaces_{added/removed}() helpers. Note that interfaces_{added/removed}() runs a parent traversal for *each* passed interface. Therefore, it can simply bail out, once it found a parent node that implements a given interface. With object_{added/removed}() we cannot know the registered interfaces in advance, thus, we cannot run one traversal per node. Instead, we run a single traversal and remember all interfaces that we added. Therefore, a child-interface overrides all conflicting parent-interfaces. We keep a "Set *s" context to track those while climbing up the tree.
2014-12-30bus: fix capabilities on big-endianDavid Herrmann
The kernel provides capabilities as a u32 array, sd-bus uses an u8 array. This works fine on little-endian as both are encoded the same way. However, this fails on big-endian if we do not perform sufficient byte-swapping on each u32 entry. This patch makes sd-bus use u32, too. We avoid changing any kernel provided data so we can keep pointing into kdbus pool buffers which contain u32 arrays.
2014-12-30bus: drop creds->capability_sizeDavid Herrmann
The number of available caps can be read from /proc/sys/kernel/cap_last_cap during runtime. Our helper cap_last_cap() does that, so there's no reason to remember the size of any capability cache. We can just pre-allocate arrays with a suitable size for all available caps and reject any higher caps. The kernel capability API uses u32 as base so make sure we do the same. Note that this is specified by POSIX, so it's unlikely to change.
2014-12-29machinectl: add "enable" and "disable" verbs for enabling/disabling ↵Lennart Poettering
systemd-nspawn for containers This is basically just a shortcut for "systemctl enable systemd-nspawn@<foobar>.service", but does escaping.
2014-12-29machinectl: add new "start" verb to start a container as a service in nspawnLennart Poettering
2014-12-29bus: fix typoDavid Herrmann
Drop spurious 'we'.
2014-12-29rtnl: recv_message - don't enforce sender uidTom Gundersen
All we care about is that the kernel (pid==0) sent the message. Verifying the sender uid seems to break when using userns. Reported by Stéphane Graber.
2014-12-29sd-rtnl: rtnl_call - don't dispatch wqueue after timeout has passedTom Gundersen
Only a minor change as the timeout would be hit soon thereafetr at the next loop.
2014-12-29sd-rtnl: rtnl_poll - fix typoTom Gundersen
This caused rtnl_poll to always return true immediately in sd_rtnl_call().
2014-12-29sd-rtnl: recv_message - drop message when peeking failsTom Gundersen
Read the message form the socket or we will loop trying to read the same message repeatedly.
2014-12-29sd-rtnl: recv_message - don't fail on interruptTom Gundersen
We should just try again instead.
2014-12-29sd-rtnl: recv_message - log when dropping messageTom Gundersen
We drop messages received from the wrong uid/pid, log this at debug level.
2014-12-28libsystemd: Fix minor typo in commentSylvain Plantefève
2014-12-25bus: remove spurious include of <sys/capability.h>Filipe Brandenburger
They do not use any functions from libcap directly. The CAP_SYS_ADMIN constant in use by bus-objects.c comes from <linux/capability.h> imported through "missing.h". The "missing.h" header is imported through "util.h" which gets imported in "bus-util.h". Tested that everything builds cleanly after this change.
2014-12-24sd-bus: rename sd_bus_open_system_container() to sd_bus_open_system_machine()Lennart Poettering
Pretty much everywhere else we use the generic term "machine" when referring to containers in API, so let's do though in sd-bus too. In particular, since the concept of a "container" exists in sd-bus too, but as part of the marshalling system.
2014-12-23busctl: when introspecting objects, optionally limit output by interface nameLennart Poettering
2014-12-23sd-bus: teach x-container-unix: bus protoocol to connect to the namespace of ↵Lennart Poettering
a PID instead of a container name
2014-12-23core: rearrange code so that libsystemd/sd-bus/ does not include header ↵Lennart Poettering
files from core Stuff in src/shared or src/libsystemd should *never* include code from src/core or any of the tools, so don't do that here either. It's not OK!
2014-12-22sd-bus: ignore KDBUS_ITEM_TIMESTAMP in kernel messagesDaniel Mack
Kernel notifications carry a timestamp now, so make sure bus_kernel_translate_message() doesn't complain when it stumbles across them.
2014-12-20sd-bus: sync kdbus.h (ABI break)Daniel Mack
Sync kdbus.h with upstream changes: * Two optional cancellation points where added for synchronously blocking KDBUS_CMD_SEND commands: A sigmask to change the mask of accepted signals before the task is put to sleep, and a generic file descriptor that can be written to, in order to cancel the command. Both methods are currently unused. * The KDBUS_CMD_CANCEL ioctl was removed. sd-bus was never using that command, so there's no change needed. * Some kerneldoc fixes
2014-12-19machined: add new GetImage() bus call for retrieving the bus path for an imageLennart Poettering
2014-12-19LLDP: Add support for networkctlSusant Sahani
2014-12-18networkd: add FDB supportAlin Rauta
2014-12-12bus: send attach flags on BUS_MAKEDavid Herrmann
Make sure to set send-attach-flags on BUS_MAKE. These control which information is revealed about the bus-owner.
2014-12-12bus: fix assert() on HELLO error-pathDavid Herrmann
Make sure we don't call into any bus_kernel_*() functions before b->is_kernel is set to true. Hard-code the CMD_FREE just like the other helpers do.
2014-12-11bus: sync with kdbus.gitDavid Herrmann
Changes: * bloom parameters are returned in an offset via HELLO * FREE now takes items just like any other ioctl
2014-12-11treewide: correct spacing near eol in code commentsTorstein Husebø
2014-12-11sd-bus: correct spacing near eol in code commentsTorstein Husebø