summaryrefslogtreecommitdiff
path: root/src/shared
AgeCommit message (Collapse)Author
2014-06-10bus-proxy: properly index policy by uid/gid when parsingLennart Poettering
2014-06-06bus: add basic dbus1 policy parserLennart Poettering
Enforcement is still missing, but at least we can parse it now.
2014-06-06namespace: beef up read-only bind mount logicLennart Poettering
Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.
2014-06-05namespace: when setting up an inaccessible mount point, unmounting ↵Lennart Poettering
everything below This has the benefit of not triggering any autofs mount points unnecessarily.
2014-06-05util: fix fd_cloexec(), fd_nonblock()Lennart Poettering
2014-06-05sd-daemon: introduce sd_pid_notify() and sd_pid_notifyf()Lennart Poettering
sd_pid_notify() operates like sd_notify(), however operates on a different PID (for example the parent PID of a process). Make use of this in systemd-notify, so that message are sent from the PID specified with --pid= rather than the usually shortlived PID of systemd-notify itself. This should increase the likelyhood that PID 1 can identify the cgroup that the notification message was sent from properly.
2014-06-05kdbus: when uploading bus name policy, resolve users/groups out-of-processLennart Poettering
It's not safe invoking NSS from PID 1, hence fork off worker processes that upload the policy into the kernel for busnames.
2014-06-05socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file ↵Lennart Poettering
system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.
2014-06-04socket: optionally remove sockets/FIFOs in the file system after useLennart Poettering
2014-06-04bus-proxy: drop priviliges if we canLennart Poettering
Either become uid/gid of the client we have been forked for, or become the "systemd-bus-proxy" user if the client was root. We retain CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
2014-06-03shared: capability - don't loop over the cap bits if they are all unsetTom Gundersen
2014-06-03shared: allow drop_priviliges to drop all privsTom Gundersen
2014-06-01timesyncd: split privilege dropping code out of timesyncd so that we can ↵Lennart Poettering
make use of it from other daemons too This is preparation to make networkd work as unpriviliged user.
2014-05-31util: ignore_file should not allow files ending with '~'Thomas Hindoe Paaboel Andersen
ignore_file currently allows any file ending with '~' while it seems that the opposite was intended: a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08
2014-05-28virt: rework container detection logicLennart Poettering
Instead of accessing /proc/1/environ directly, trying to read the $container variable from it, let's make PID 1 save the contents of that variable to /run/systemd/container. This allows us to detect containers without the need for CAP_SYS_PTRACE, which allows us to drop it from a number of daemons and from the file capabilities of systemd-detect-virt. Also, don't consider chroot a container technology anymore. After all, we don't consider file system namespaces container technology anymore, and hence chroot() should be considered a container even less.
2014-05-28build-sys: use glibc's xattr support instead of requiring libattrKay Sievers
2014-05-26Do not unescape unit names in [Install] sectionMichal Sekletar
https://bugs.freedesktop.org/show_bug.cgi?id=49316
2014-05-25nspawn: make nspawn robust to container failureDjalal Harouni
nspawn and the container child use eventfd to wait and notify each other that they are ready so the container setup can be completed. However in its current form the wait/notify event ignore errors that may especially affect the child (container). On errors the child will jump to the "child_fail" label and terminate with _exit(EXIT_FAILURE) without notifying the parent. Since the eventfd is created without the "EFD_NONBLOCK" flag, this leaves the parent blocking on the eventfd_read() call. The container can also be killed at any moment before execv() and the parent will not receive notifications. We can fix this by using cheap mechanisms, the new high level eventfd API and handle SIGCHLD signals: * Keep the cheap eventfd and EFD_NONBLOCK flag. * Introduce eventfd states for parent and child to sync. Child notifies parent with EVENTFD_CHILD_SUCCEEDED on success or EVENTFD_CHILD_FAILED on failure and before _exit(). This prevents the parent from waiting on an event that will never come. * If the child is killed before execv() or before notifying the parent, we install a NOP handler for SIGCHLD which will interrupt blocking calls with EINTR. This gives a chance to the parent to call wait() and terminate in main(). * If there are no errors, parent will block SIGCHLD, restore default handler and notify child which will do execv(), then parent will pass control to process_pty() to do its magic. This was exposed in part by: https://bugs.freedesktop.org/show_bug.cgi?id=76193 Reported-by: Tobias Hunger tobias.hunger@gmail.com
2014-05-25path-util: fix missing terminating zeroTanu Kaskinen
There was this code: if (to_path_len > 0) memcpy(p, to_path, to_path_len); That didn't add the terminating zero, so the resulting string was corrupt if this code path was taken. Using strcpy() instead of memcpy() solves this issue, and also simplifies the code. Previously there was special handling for shortening "../../" to "../..", but that has now been replaced by a path_kill_slashes() call, which also makes the result prettier in case the input contains redundant slashes that would otherwise be copied to the result.
2014-05-25Use %m instead of strerror(errno) where appropiateCristian Rodríguez
2014-05-24detect-virt: Remove string for Microsoft virtualization detection in DMI ↵Reyad Attiyat
vendor string array. The string "Microsoft Corporation" is used in the Surface Tablet's DMI vendor ID. https://bugs.freedesktop.org/show_bug.cgi?id=78312
2014-05-24core: timer - switch to touch_file()Kay Sievers
2014-05-24timedated: refuse manual system time updates when automatic timesync is enabledKay Sievers
2014-05-24clock-util: clock_[sg]et_time() -> clock_[sg]et_hwclock()Kay Sievers
2014-05-24timesyncd: only update stamp file when we are synchronizedKay Sievers
Create initial stamp file with compiled-in time to prevent bootups with clocks in the future from storing invalid timestamps. At shutdown, only update the timestamp if we got an authoritative time to store.
2014-05-24shared: add touch_file() and let touch() always update timestampKay Sievers
2014-05-24shared: rename hwclock.[ch] to clock-util.[ch]Kay Sievers
2014-05-22conf-parser: never consider it an error if we cannot load a drop-in file ↵Lennart Poettering
because it is missing After all, we want to be able to boot with /etc empty one day...
2014-05-22time-util: make sure USEC_PER_SEC and friends are actually of type usec_tLennart Poettering
2014-05-21util: fix a gcc compiler warningLennart Poettering
2014-05-21logind: don't apply RemoveIPC= to system usersLennart Poettering
We shouldn't destroy IPC objects of system users on logout. http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html This introduces SYSTEM_UID_MAX defined to the maximum UID of system users. This value is determined compile-time, either as configure switch or from /etc/login.defs. (We don't read that file at runtime, since this is really a choice for a system builder, not the end user.) While we are at it we then also update journald to use SYSTEM_UID_MAX when we decide whether to split out log data for a specific client.
2014-05-18machined: add logic to query IP addresses of containersLennart Poettering
2014-05-18timesyncd: run timesyncd as unpriviliged user "systemd-timesync" (but still ↵Lennart Poettering
with CAP_SYS_TIME)
2014-05-17conf-parser: silently ignore sections starting with "X-"Michael Marineau
This allows external tools to keep additional unit information in a separate section without scaring users with a big warning.
2014-05-16path-lookup: don't hardcode .configTanu Kaskinen
If XDG_CONFIG_HOME is set, then we should respect that.
2014-05-16path-util: add path_make_relative()Tanu Kaskinen
In user_dirs() in path-lookup.c, I want to replace this: symlink("../../../.config/systemd/user", data_home); with symlink(config_home, data_home); to avoid hardcoding .config when XDG_CONFIG_HOME is set. The problem is that config_home is an absolute path, and it's better to make the symlink relative. path_make_relative() is an utility function that converts an absolute path into a relative one.
2014-05-15Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek
No functional change expected :)
2014-05-15Make systemctl --root look for files in the proper placesZbigniew Jędrzejewski-Szmek
Running systemctl enable/disable/set-default/... with the --root option under strace reveals that it accessed various files and directories in the main fs, and not underneath the specified root. This can lead to correct results only when the layout and configuration in the container are identical, which often is not the case. Fix this by adding the specified root to all file access operations. This patch does not handle some corner cases: symlinks which point outside of the specified root might be interpreted differently than they would be by the kernel if the specified root was the real root. But systemctl does not create such symlinks by itself, and I think this is enough of a corner case not to be worth the additional complexity of reimplementing link chasing in systemd. Also, simplify the code in a few places and remove an hypothetical memory leak on error.
2014-05-15shared/install: do not prefix created symlink with root pathZbigniew Jędrzejewski-Szmek
Before: /var/tmp/inst1//etc/systemd/system/default.target -> /var/tmp/inst1//usr/lib/systemd/system/graphical.target After: /var/tmp/inst1/etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target
2014-05-15hashmap: add hashmap_remove2() to remove item from hashtable and return both ↵Lennart Poettering
value and key
2014-05-13shared: add ring bufferDavid Herrmann
New "struct ring" object that implements a basic ring buffer for arbitrary byte-streams. A new basic runtime test is also added. This will be needed for our pty helpers for systemd-console and friends.
2014-05-13shared: add ALIGN_POWER2 macroDavid Herrmann
Sounds easy, turns out to be horrible to implement: ALIGN_POWER2 returns the next higher power of 2. clz(0) is undefined, same is true for left-shift-overflows, yey, C rocks!
2014-05-13replace more dup() by F_DUPFD_CLOEXECLennart Poettering
2014-05-10rtnl: message - read group membership of incoming messagesTom Gundersen
2014-05-06list: make LIST_FIND_TAIL work for empty listsLennart Poettering
2014-05-05timesyncd: lookup name server via sd-resolve, support IPv6, react to ↵Lennart Poettering
SIGINT/SITERM
2014-05-05build-sys: move async.[ch] to src/sharedLennart Poettering
So that we can use it at multiple places.
2014-04-28conf-parser: Fix typo in commentJonathan Boulle
Fix minor typo in conf parser
2014-04-24Add more password agent informationDavid Härdeman
Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
2014-04-24util: make sure all our name_to_handle_at() code makes use of file_handle_unionLennart Poettering