| Age | Commit message (Collapse) | Author |
|---|
|
|
|
hidden_file() is a bit more precise, since dot files usually shouldn't
be ignored, but certainly be considered hidden.
|
|
the verb in it
That way the dispatcher calls know how they got called.
|
|
This adds a new bus call to machined that enumerates /var/lib/container
and returns all trees stored in it, distuingishing three types:
- GPT disk images, which are files suffixed with ".gpt"
- directory trees
- btrfs subvolumes
|
|
extra "#" to the name
That way, we have a simple, somewhat reliable way to detect such
temporary files, by simply checking if they start with ".#".
|
|
containers and install them locally
This adds a simply but powerful tool for downloading container images
from the most popular container solution used today. Use it like
this:
# systemd-import pull-dck mattdm/fedora
# systemd-nspawn -M fedora
This will donwload the layers for "mattdm/fedora", and make them
available locally as /var/lib/container/fedora.
The tool is pretty complete, as long as it's only about pulling down
images, or updating them. Pushing or searching is not supported yet.
|
|
We should move loginctl, timedatectl, machinectl over to use this new
API instead of a manual one.
|
|
deleting it)
|
|
|
|
Commit a2a5291b3f5 changed the parser to reject unfinished quoted
strings. Unfortunately it introduced an error where a trailing
backslash would case an infinite loop. Of course this must fixed, but
the question is what to to instead. Allowing trailing backslashes and
treating them as normal characters would be one option, but this seems
suboptimal. First, there would be inconsistency between handling of
quoting and of backslashes. Second, a trailing backslash is most
likely an error, at it seems better to point it out to the user than
to try to continue.
Updated rules:
ExecStart=/bin/echo \\ → OK, prints a backslash
ExecStart=/bin/echo \ → error
ExecStart=/bin/echo "x → error
ExecStart=/bin/echo "x"y → error
|
|
|
|
This fixes 2 problems introduced by 6feeeab0bc:
1) If name_to_handle_at returns ENOSYS for the child, we'll wrongly
return -ENOSYS when it returns the same for the parent. Immediately
jump to the fallback logic when we get ENOSYS.
2) If name_to_handle_at returns EOPNOTSUPP for the child but suceeds
for the parent, we'll be comparing an uninitialized value (mount_id) to
an initialized value (mount_id_parent). Initialize the mount_id
variables to invalid mount_ids to avoid this.
|
|
fork() is not async-signal-safe and calling it from the signal handler
could result in a deadlock when at_fork() handlers are called. Using
the raw clone() syscall sidesteps that problem.
The tricky part is that raise() does not work, since getpid() does not
work. Add raw_getpid() to get the real pid, and use kill() instead of
raise().
https://bugs.freedesktop.org/show_bug.cgi?id=86604
|
|
If child supports, but the parent does not, or when the child does
not support, but the parent does, assume the child is a mount point.
Only if neither supports use the fallback.
|
|
c0e57ba9e22ee937722958d8b912ade2a37f206d fixed the fallback path.
We should do the same for name_to_handle_at().
|
|
|
|
dup3() allows setting O_CLOEXEC which we are not interested in. However,
it also fails if called with the same fd as input and output, which is
something we don't want. Hence use dup2().
Also, we need to explicitly turn off O_CLOEXEC for the fds, in case the
input fd was O_CLOEXEC and < 3.
|
|
Since the order of the first and second arguments of the raw clone() system
call is reversed on s390 and cris it needs to be invoked differently.
|
|
[zj: When we lstat the target path, symlinks above the last component
will be followed by both stat and lstat. So when we look at the
parent, we should follow symlinks.]
|
|
This frees the elements of the strv without freeing the strv itself.
|
|
|
|
src/shared/utf8.c:268:13: warning: unused variable 'd'
[-Wunused-variable]
int d;
|
|
The check for existing unit files and dropins is unified.
path_join() is updated to not insert duplicate separators.
|
|
No functional change. This is in preparation for using this in
systemctl in the future.
|
|
|
|
|
|
Commit 681f9718 introduced an additional null terminator for the zone names.
Increase the allocation of "transitions" to actually make room for this.
|
|
There will be more debugging options later.
--enable-debug will enable them all.
--enable-debug=hashmap will enable only hashmap debugging.
Also rename the C #define to ENABLE_DEBUG_* pattern.
|
|
An early version used underscore prefixes for internal functions, but
the current version uses the prefix "internal_".
|
|
system of the OS
This works now:
# systemd-nspawn -xb -D / -M foobar
Which boots up an ephemeral container, based on the host's root file
system. Or in other words: you can now run the very same host OS you
booted your system with also in a container, on top of it, without
having it interfere. Great for testing whether the init system you are
hacking on still boots without reboot the system!
|
|
|
|
This adds --template= to duplicate an OS tree as btrfs snpashot and run
it
This also adds --ephemeral or -x to create a snapshot of an OS tree and
boot that, removing it after exit.
|
|
|
|
|
|
definitions
|
|
|
|
|
|
|
|
|
|
resulting name is actually valid
Also, rename filename_is_safe() to filename_is_valid(), since it
actually does a full validation for what the kernel will accept as file
name, it's not just a heuristic.
|
|
|
|
|
|
|
|
|
|
src/libsystemd/sd-bus/bus-common-errors.h
Stuff in src/shared/ should not use stuff from src/libsystemd/ really.
|
|
check /proc/1/environ
This way, we should be in a slightly better situation if a container is
booted up with only a shell as PID 1. In that case
/run/systemd/container will not be populated, and a check for it hence
be ineffective.
Checking /proc/1/environ doesn't fully fix the problem though, as the
file is only accessible with privileges. This means if PID 1 is not
systemd, and if privileges have been dropped the container detection
will continue to fail.
|
|
loop_write() didn't follow the usual systemd rules and returned status
partially in errno and required extensive checks from callers. Some of
the callers dealt with this properly, but many did not, treating
partial writes as successful. Simplify things by conforming to usual rules.
|
|
This way, we can ensure we have a more complete, up-to-date list of
capabilities around, always.
|
|
Let's add some syntactic sugar for iterating through inotify events, and
use it everywhere.
|
|
When dbus client connects to systemd-bus-proxyd through
Unix domain socket proxy takes client's smack label and sets for itself.
It is done before and independent of dropping privileges.
The reason of such soluton is fact that tests of access rights
performed by lsm may take place inside kernel, not only
in userspace of recipient of message.
The bus-proxyd needs CAP_MAC_ADMIN to manipulate its label.
In case of systemd running in system mode, CAP_MAC_ADMIN
should be added to CapabilityBoundingSet in service file of bus-proxyd.
In case of systemd running in user mode ('systemd --user')
it can be achieved by addition
Capabilities=cap_mac_admin=i and SecureBits=keep-caps
to user@.service file
and setting cap_mac_admin+ei on bus-proxyd binary.
|
