summaryrefslogtreecommitdiff
path: root/src/shared
AgeCommit message (Collapse)Author
2015-08-24core: optionally create LOGIN_PROCESS or USER_PROCESS utmp entriesLennart Poettering
When generating utmp/wtmp entries, optionally add both LOGIN_PROCESS and INIT_PROCESS entries or even all three of LOGIN_PROCESS, INIT_PROCESS and USER_PROCESS entries, instead of just a single INIT_PROCESS entry. With this change systemd may be used to not only invoke a getty directly in a SysV-compliant way but alternatively also a login(1) implementation or even forego getty and login entirely, and invoke arbitrary shells in a way that they appear in who(1) or w(1). This is preparation for a later commit that adds a "machinectl shell" operation to invoke a shell in a container, in a way that is compatible with who(1) and w(1).
2015-08-21dns-domain: add call for concatenating two domain namesLennart Poettering
This is specifically useful for appending the mDNS ".local" suffix to a single-label hostname in the most correct way. (used in later commit)
2015-08-18journal: fix json output of unicode charactersDaniel Mack
2015-08-17Merge pull request #977 from richardmaw-codethink/machinectl-userns-login-v2Lennart Poettering
Fix machinectl login with containers in user namespaces (v2)
2015-08-17namespace helpers: Allow entering a UID namespaceRichard Maw
To be able to use `systemd-run` or `machinectl login` on a container that is in a private user namespace, the sub-process must have entered the user namespace before connecting to the container's D-Bus, otherwise the UID and GID in the peer credentials are garbage. So we extend namespace_open and namespace_enter to support UID namespaces, and we enter the UID namespace in bus_container_connect_{socket,kernel}. namespace_open will degrade to a no-op if user namespaces are not enabled in the kernel. Special handling is required for the setns call in namespace_enter with a user namespace, since transitioning to your own namespace is forbidden, as it would result in re-entering your user namespace as root. Arguably it may be valid to check this at the call site, rather than inside namespace_enter, but it is less code to do it inside, and if the intention of calling namespace_enter is to *be* in the target namespace, rather than to transition to the target namespace, it is a reasonable approach. The check for whether the user namespace is the same must happen before entering namespaces, as we may not be able to access /proc during the intermediate transition stage. We can't instead attempt to enter the user namespace and then ignore the failure from it being the same namespace, since the error code is not distinct, and we can't compare namespaces while mid-transition.
2015-08-16Merge pull request #908 from richardmaw-codethink/nspawn-path-escapes-v3Lennart Poettering
Allow arbitrary file paths to be passed to nspawn (v3)
2015-08-11 sd-bus: do not connect to dbus-1 socket when kdbus is availableKay Sievers
We should not fall back to dbus-1 and connect to the proxy when kdbus returns an error that indicates that kdbus is running but just does not accept new connections because of quota limits or something similar. Using is_kdbus_available() in libsystemd/ requires it to move from shared/ to libsystemd/. Based on a patch from David Herrmann: https://github.com/systemd/systemd/pull/886
2015-08-07util: Don't interpret quotes by default in extract_first_wordRichard Maw
This adds an EXTRACT_QUOTES option to allow the previous behaviour, of not interpreting any character inside ' or " quotes as separators.
2015-08-07util: change unquote_*_word to extract_*_wordRichard Maw
It now takes a separators argument, which defaults to WHITESPACE if NULL is passed.
2015-08-06tree-wide: fix indentationThomas Hindoe Paaboel Andersen
2015-07-31tree-wide: introduce mfree()David Herrmann
Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-29tree-wide: port everything over to fflush_and_check()Lennart Poettering
Some places invoked fflush() directly with their own manual error checking, let's unify all that by using fflush_and_check(). This also unifies the general error paths of fflush()+rename() file writers.
2015-07-28Merge pull request #375 from msekletar/test-install-crashersLennart Poettering
install: make unit_file_get_list aware of UNIT_FILE_INDIRECT
2015-07-28shared: dns-name - add dns_name_between()Tom Gundersen
Given three DNS names this function indicates if the second argument lies strictly between the first and the third according to the canonical DNS name order. Note that the order is circular, so the last name is considered to be before the first.
2015-07-28shared: dns-name - use the canonical dns name orderingTom Gundersen
The canonical DNS name ordering considers the rightmost label the most significant, we were considering it the least significant. This is important when implementing NSEC, which relies on the correct order.
2015-07-28shared: dns-name - introduce dns_label_unescape_suffix()Tom Gundersen
Intended to be called repeatedly, and returns then successive unescaped labels from the most to the least significant (left to right). This is slightly inefficient as it scans the string three times (two would be sufficient): once to find the end of the string, once to find the beginning of each label and lastly once to do the actual unescaping. The latter two could be done in one go, but that seemed unnecessarily convoluted.
2015-07-23Merge pull request #537 from poettering/nss-mymachines-usernsDavid Herrmann
Hook up container userns with nss-mymachines
2015-07-11logind: some firmware implementations remove OsIndications if it is unsetLennart Poettering
We shouldn't fall over that, and just assume it is 0 in this case. Fixes #499.
2015-07-09nss-mymachines: map userns users of containers to real user namesLennart Poettering
Given a container "foo", that maps user id $UID to container user, using user namespaces, this NSS module extenstion will now map the $UID to a name "vu-foo-$TUID" for the translated UID $UID. Similar, userns groups are mapped to "vg-foo-$TGID" for translated GIDs of $GID. This simple change should make userns users more discoverable. Also, given that many tools like "adduser" check NSS before allocating a UID, should lower the chance of UID range conflicts between tools.
2015-07-06tree-wide: fix write_string_file() user that should not create filesDaniel Mack
The latest consolidation cleanup of write_string_file() revealed some users of that helper which should have used write_string_file_no_create() in the past but didn't. Basically, all existing users that write to files in /sys and /proc should not expect to write to a file which is not yet existant.
2015-07-06fileio: consolidate write_string_file*()Daniel Mack
Merge write_string_file(), write_string_file_no_create() and write_string_file_atomic() into write_string_file() and provide a flags mask that allows combinations of atomic writing, newline appending and automatic file creation. Change all users accordingly.
2015-07-03sd-bus: introduce new sd_bus_flush_close_unref() callLennart Poettering
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush() (which writes all unwritten messages out) + sd_bus_close() (which terminates the connection, releasing all unread messages) + sd_bus_unref() (which frees the connection). The combination of this call is used pretty frequently in systemd tools right before exiting, and should also be relevant for most external clients, and is hence useful to cover in a call of its own. Previously the combination of the three calls was already done in the _cleanup_bus_close_unref_ macro, but this was only available internally. Also see #327
2015-06-25install: make unit_file_get_list aware of UNIT_FILE_INDIRECTMichal Sekletar
Commit aedd401 introduced new unit file state, UNIT_FILE_INDIRECT. Unit file is said to have indirect state if it contains [Install] section which has only Also= directive. Thus, if enable of such unit file is requested then some other unit file gets enabled. Whether or not unit file is in indirect state can be determined by calling unit_file_can_install. Function unit_file_get_list populates list of unit files present in given lookup location. So far it did call unit_file_can_install in a way that would prevent finding out about unit files in indirect state. Such unit file would be incorrectly marked as static. Fixes following assertion in test-install, Assertion 'p->state == s' failed at src/test/test-install.c:59, function main(). Aborting. [1] 26868 abort (core dumped) ./test-install
2015-06-25install: explicitly return 0 on successMichal Sekletar
Maybe there is some left-over value stored in r from previous function call. Let's make sure we always return consistent error code when we reach end of the function body. Fixes following crash of test-install, Assertion 'r == 0' failed at src/test/test-install.c:52, function main(). Aborting. [1] 11703 abort (core dumped) ./test-install
2015-06-23install: fix bad memory accessLennart Poettering
2015-06-17acl-util: various smaller fixes to parse_acl()Lennart Poettering
- Make string parameter const - Don't log some OOM errors, but not others - Don't eat up errors generated by acl_from_text() - Make sure check for success of every single strv_push() call
2015-06-17logs-show: print a debug message when we skip entries without MESSAGE= fieldsLennart Poettering
2015-06-17Merge pull request #263 from kaysievers/wipKay Sievers
turn kdbus support into a runtime option
2015-06-17watchdog: Don't require WDIOC_SETOPTIONS/WDIOS_ENABLECARDJean Delvare
Not all watchdog drivers implement WDIOC_SETOPTIONS. Drivers which do not implement it have their device always enabled. So it's fine to report an error if WDIOS_DISABLECARD is passed and the ioctl is not implemented, however failing when WDIOS_ENABLECARD is passed and the ioctl is not implemented is not good: if the device was already enabled then WDIOS_ENABLECARD was a no-op and wasn't needed in the first place. So we can just ignore the error and continue.
2015-06-17turn kdbus support into a runtime optionKay Sievers
./configure --enable/disable-kdbus can be used to set the default behavior regarding kdbus. If no kdbus kernel support is available, dbus-dameon will be used. With --enable-kdbus, the kernel command line option "kdbus=0" can be used to disable kdbus. With --disable-kdbus, the kernel command line option "kdbus=1" is required to enable kdbus support.
2015-06-15Merge pull request #214 from poettering/signal-rework-2Lennart Poettering
everywhere: port everything to sigprocmask_many() and friends
2015-06-15everywhere: port everything to sigprocmask_many() and friendsLennart Poettering
This ports a lot of manual code over to sigprocmask_many() and friends. Also, we now consistly check for sigprocmask() failures with assert_se(), since the call cannot realistically fail unless there's a programming error. Also encloses a few sd_event_add_signal() calls with (void) when we ignore the return values for it knowingly.
2015-06-15util: when creating temporary file names, allow including extra id string in itLennart Poettering
This adds a "char *extra" parameter to tempfn_xxxxxx(), tempfn_random(), tempfn_ranomd_child(). If non-NULL this string is included in the middle of the newly created file name. This is useful for being able to distuingish the kind of temporary file when we see one. This also adds tests for the three call. For now, we don't make use of this at all, but port all users over.
2015-06-15firewall: rename fw-util.[ch] → firewall-util.[ch]Daniel Mack
The names fw-util.[ch] are too ambiguous, better rename the files to firewall-util.[ch]. Also rename the test accordingly.
2015-06-11build-sys: split internal basic/ library from shared/Kay Sievers
basic/ can be used by everything cannot use anything outside of basic/ libsystemd/ can use basic/ cannot use shared/ shared/ can use libsystemd/
2015-06-11Merge pull request #6 from xnox/drop-nameLennart Poettering
shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
2015-06-10shared: add convenience function for validating dns namesNick Owens
2015-06-10resolve: move dns routines into sharedNick Owens
2015-06-10util: introduce CMSG_FOREACH() macro and make use of it everywhereLennart Poettering
It's only marginally shorter then the usual for() loop, but certainly more readable.
2015-06-10tree-wide: whenever we fork off a foreign child process reset signal ↵Lennart Poettering
mask/handlers Also, when the child is potentially long-running make sure to set a death signal. Also, ignore the result of the reset operations explicitly by casting them to (void).
2015-06-10signal-util: modernize and share more codeLennart Poettering
2015-06-09path-util: Fix path_is_mount_point for parent mount points in symlink modeMartin Pitt
When we have a structure like this: /bin -> /usr/bin /usr is a mount point Then path_is_mount_point("/bin", AT_SYMLINK_FOLLOW) needs to look at the pair /usr/bin and /usr, not at the pair / and /usr/bin, as the latter have different mount IDs. But we only want to consider the base name, not any parent. Thus we have to resolve the given path first to get the real parent when allowing symlinks. Bug: https://github.com/systemd/systemd/issues/61
2015-06-09util:bind_remount_recursive(): handle return 0 of set_consume()Harald Hoyer
set_consume() does not return -EEXIST, but 0, in case the key is already in the Set.
2015-06-09Revert "util:bind_remount_recursive() fix "use after free""Harald Hoyer
This reverts commit 46be6129d3e52556eb0f2ae4d07818f9f3f7af7a.
2015-06-08tree-wide: remove spurious spaceThomas Hindoe Paaboel Andersen
2015-06-08util:bind_remount_recursive() fix "use after free"Harald Hoyer
set_consume(done, x) consumes x with free(x) but mount(…, x, …) uses it afterwards. coverity CID 1299006
2015-06-03fstab-generator: cescape device name in root-fsck serviceAndrei Borzenkov
We unescape ExecStart line when parsing it, so escape device name before adding it to unit file. fixes #50
2015-06-03util: fix another cunescape() regressionDaniel Mack
Fix a regression caused by 4034a06d ("util: rework word parsing and c unescaping code") which broke octal escape sequences. The reason for this breakage is that cunescape_one() expects 4 characters in an octal encoding, which is a stray left-over from the old code which operated on different variables to make the length check. While at it, add a test case to prevent the same thing from happening again.
2015-06-02Merge pull request #12 from ↵Tom Gundersen
systemd-mailing-devs/1433236104-9967-1-git-send-email-m.olbrich@pengutronix.de missing: add more btrfs defines
2015-06-02shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.Dimitri John Ledkov
In cgtop,mount-setup,nspawn the name= prefix is hard-coded in the mount options, and the define is not used. Everywhere else, we explicitly white-list allow 'name=' prefix to be used with all controllers, and strip it out to 'normalise' the controller name. That work is mostly inflicted on us due to 'name=' prefix in the define. Dropping this prefix makes everything more sane overall.