summaryrefslogtreecommitdiff
path: root/src/shared
AgeCommit message (Collapse)Author
2014-10-23selinux: simplify and unify loggingLennart Poettering
Normally we shouldn#t log from "library" functions, but SELinux is weird, hence upgrade security messages uniformly to LOG_ERR when in enforcing mode.
2014-10-23selinux: rework label query APIsLennart Poettering
APIs that query and return something cannot silently fail, they must either return something useful, or an error. Fix that. Also, properly rollback socket unit fd creation when something goes wrong with the security framework.
2014-10-23smack: we don't need the special labels exported, hence don'tLennart Poettering
2014-10-23selinux: drop 3 unused function prototypesLennart Poettering
2014-10-23smack: rework SMACK label fixing code to follow more closely the semantics ↵Lennart Poettering
of the matching selinux code
2014-10-23smack: never follow symlinks when relabellingLennart Poettering
previously mac_smack_apply(path, NULL) would operate on the symlink itself while mac_smack_apply(path, "foo") would follow the symlink. Let's clean this up an always operate on the symlink, which appears to be the safer option.
2014-10-23smack: rework smack APIs a bitLennart Poettering
a) always return negative errno error codes b) always become a noop if smack is off c) always take a NULL label as a request to remove it
2014-10-23mac: rename all calls that apply a label mac_{selinux|smack}_apply_xyz(), ↵Lennart Poettering
and all that reset it to defaults mac_{selinux|smack}_fix() Let's clean up the naming schemes a bit and use the same one for SMACK and for SELINUX.
2014-10-23selinux: make use of cleanup gcc magicLennart Poettering
2014-10-23hashmap: allow hashmap_move() to failMichal Schmidt
It cannot fail in the current hashmap implementation, but it may fail in alternative implementations (unless a sufficiently large reservation has been placed beforehand).
2014-10-23install, cgtop: adjust hashmap_move_one() callers for -ENOMEM possibilityMichal Schmidt
That hashmap_move_one() currently cannot fail with -ENOMEM is an implementation detail, which is not possible to guarantee in general. Hashmap implementations based on anything else than chaining of individual entries may have to allocate. hashmap_move_one will not fail with -ENOMEM if a proper reservation has been made beforehand. Use reservations in install.c. In cgtop.c simply propagate the error instead of asserting.
2014-10-23hashmap: introduce hashmap_reserve()Michal Schmidt
With the current hashmap implementation that uses chaining, placing a reservation can serve two purposes: - To optimize putting of entries if the number of entries to put is known. The reservation allocates buckets, so later resizing can be avoided. - To avoid having very long bucket chains after using hashmap_move(_one). In an alternative hashmap implementation it will serve an additional purpose: - To guarantee a subsequent hashmap_move(_one) will not fail with -ENOMEM (this never happens in the current implementation).
2014-10-23hashmap: return more information from resize_buckets()Michal Schmidt
Return 0 if no resize was needed, 1 if successfully resized and negative on error.
2014-10-23shared: split mempool implementation from hashmapsMichal Schmidt
2014-10-23install: make InstallContext::{will_install,have_installed} OrderedHashmapsMichal Schmidt
It appears order may matter here. Use OrderedHashmaps to be safe.
2014-10-23hashmap: drop assert(h) from hashmap_next()Michal Schmidt
It's handled just fine by returning NULL.
2014-10-23hashmap: hashmap_move_one() should return -ENOENT when 'other' is NULLMichal Schmidt
-ENOENT is the same return value as if 'other' were an allocated hashmap that does not contain the key. A NULL hashmap is a possible way of expressing a hashmap that contains no key.
2014-10-23hashmap: add OrderedHashmap as a distinct typeMichal Schmidt
Few Hashmaps/Sets need to remember the insertion order. Most don't care about the order when iterating. It would be possible to use more compact hashmap storage in the latter cases. Add OrderedHashmap as a distinct type from Hashmap, with functions prefixed with "ordered_". For now, the functions are nothing more than inline wrappers for plain Hashmap functions.
2014-10-23mac: also rename use_{smack,selinux,apparmor}() calls so that they share the ↵Lennart Poettering
new mac_{smack,selinux,apparmor}_xyz() convention
2014-10-23mac: rename apis with mac_{selinux/smack}_ prefixWaLyong Cho
2014-10-23label: rearrange mandatory access control(MAC) apisWaLyong Cho
move label apis to selinux-util.ch or smack-util.ch appropriately.
2014-10-23shared/log: add log_trace as compile-time optional debuggingZbigniew Jędrzejewski-Szmek
Repetetive messages can be annoying when running with SYSTEMD_LOG_LEVEL=debug, but they are sometimes very useful when debugging problems. Add log_trace which is like log_debug but becomes a noop unless LOG_TRACE is defined during compilation. This makes it easy to enable very verbose logging for a subset of programs when compiling from source.
2014-10-23socket-util: use IP address when hostname is not foundZbigniew Jędrzejewski-Szmek
socknameinfo_pretty() would fail for addresses without reverse DNS, but we do not want that to happen.
2014-10-23systemd-upload: print paths in help()Zbigniew Jędrzejewski-Szmek
2014-10-22machine: validate machine names using machine_name_is_valid() instead of ↵Lennart Poettering
string_is_safe() After all, we know have this as generic validator, so let's be correct and use it wherver applicable.
2014-10-22resolved: simplify detection of packets from the loopback deviceLennart Poettering
We can simplify our code quite a bit if we explicitly check for the ifindex being 1 on Linux as a loopback check. Apparently, this is hardcoded on Linux on the kernel, and effectively exported to userspace via rtnl and such, hence we should be able to rely on it.
2014-10-21strv: use realloc_multiply() to check for multiplication overflowMichal Schmidt
This could overflow on 32bit, where size_t is the same as unsigned.
2014-10-21strv: add an additional overflow check when enlarging strv()sLennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=76745
2014-10-21shared: remove unused functionsRonny Chevalier
- mkdir_p_prefix: It has never been used - mkdir_parents_prefix_label: Unused since 1434ae6fd49f8377b0ddbd4c675736e0d3226ea6
2014-10-21util: avoid duplication of TIME_T_MAXRonny Chevalier
2014-10-17systemd: continue switch-root even if umount failsZbigniew Jędrzejewski-Szmek
Leaving the old root around seems better than aborting the switch.
2014-10-17environment: append unit_id to error messages regarding EnvironmentFileLukas Nykryn
2014-10-17missing: remove fanotifyZbigniew Jędrzejewski-Szmek
It was only used in readahead.
2014-10-15selinux: fix potential double free crash in child processMichal Sekletar
Before returning from function we should reset ret to NULL, thus cleanup function is nop. Also context_str() returns pointer to a string containing context but not a copy, hence we must make copy it explicitly.
2014-10-09util: avoid double close of fdThomas Hindoe Paaboel Andersen
We could end with a double close if we close the fd loop and flush_fd fails. That would make us goto fail and there we close the fd once again. This patch sets the fd to the return value for safe_close: -1 A fd with negative value will be ignored by the next call to safe_close. CID#996223
2014-10-08time: functions named "internal" really shouldn't be exportedLennart Poettering
Also, let's try to make function names descriptive, instead of using bools for flags.
2014-10-08systemctl: add add-wants and add-requires verbsLukas Nykryn
2014-10-08unit: move UnitDependency to unit-nameLukas Nykryn
2014-10-07core: don't allow enabling if unit is maskedJan Synacek
2014-10-05build-sys: use linux/memfd.h if availableZbigniew Jędrzejewski-Szmek
linux/memfd.h was added linux 3.17, so it might not be widely available for a while. Also, check if memfd_create is defined, for the HAVE_LINUX_MEMFD_H check to have a chance of succeeding. Also, collapse all ifdefs for memfd-related stuff, because they were all added together so there's no need to check separately.
2014-10-05ask-password: Add --echo to enable echoing the user inputDavid Sommerseth
Programs such as OpenVPN may use ask-password for not only retrieving passwords, but also usernames. Masking usernames with * seems just silly. v2 - Don't mess with termios flags, instead print the input instead of an asterix. Resolves issues with backspace and TAB input. v3 - Renamed 'do_echo' variables and argument to 'echo'. Also modified the ask_password_{tty,agent,auto} API instead of additional wrapper functions. [zj: undo changes to ask_password_auto, since no callers were using the new argument.]
2014-10-03pty: optimize read loopDavid Herrmann
As it turns out, I can actually send data to the pty faster than the terminal can read. Therefore, make sure we read as much data as possible but bail out early enough to not cause starvation. Kernel TTY buffers are 4k, so reduce the overall buffer size, but read more than once if possible (up to 8 times sounds reasonable).
2014-10-03fileio-label: return error when writing failsZbigniew Jędrzejewski-Szmek
The status of actually writing the file was totally ignored.
2014-10-03journalctl: make --utc work everywhereJan Synacek
The --utc option was introduced by commit 9fd290443f5f99fca0dcd4216b1de70f7d3b8db1. Howerver, the implementation was incomplete.
2014-10-02virt: detect that we are running inside the docker containerMichal Sekletar
2014-10-02Fix order and document user unit dirsZbigniew Jędrzejewski-Szmek
Fixup for 718880ba0d 'add a transient user unit directory'.
2014-10-02Rename user_runtime to user_runtime_dirZbigniew Jędrzejewski-Szmek
This makes this function name similar to user_config_home() and makes it match the name of the environment variable.
2014-10-02add a transient user unit directorySteven Allen
This patch adds a transient user unit directory under `$XDG_RUNTIME_DIR/systemd/user/` and stores transient user-instance units (such as those created by `systemd-run --user`) under there instead of putting them in $XDG_CONFIG_HOME/systemd/user/. Fixes https://bugs.freedesktop.org/show_bug.cgi?id=67331
2014-10-02journalctl: add --utc optionJan Synacek
Introduce option to display time in UTC.
2014-10-02barrier: fix up constructor error handlingDavid Herrmann
We cannot rely on "errno" to be non-zero on failure, if we perform multiple glibc calls. That is, if the first eventfd() call fails, but the second succeeds, we cleanup the barrier but return 0. Fix this by always testing the return value immediately. This should also fix all the coverity warnings.