summaryrefslogtreecommitdiff
path: root/src/shared
AgeCommit message (Collapse)Author
2014-06-12sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from ↵Lennart Poettering
static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-10tmpfiles: get rid of "m" lines, make them redundant by "z"Lennart Poettering
"m" so far has been a non-globbing version of "z". Since this makes it quite redundant, let's get rid of it. Remove "m" from the man pages, beef up "z" docs instead, and make "m" nothing more than a compatibility alias for "z".
2014-06-10tmpfiles: add new "C" line for copying files or directoriesLennart Poettering
2014-06-10label: when clearing selinux context, don't mangle errnoLennart Poettering
2014-06-10log: honour the kernel's quiet cmdline argumentRonny Chevalier
It was forgotten in b1e90ec515408aec2702522f6f68c4920b56375b See https://bugs.freedesktop.org/show_bug.cgi?id=79582
2014-06-10systemd-detect-virt: only discover Xen domUThomas Blume
The current vm detection lacks the distinction between Xen dom0 and Xen domU. Both, dom0 and domU are running inside the hypervisor. Therefore systemd-detect-virt and the ConditionVirtualization directive detect dom0 as a virtual machine. dom0 is not using virtual devices but is accessing the real hardware. Therefore dom0 should be considered the virtualisation host and not a virtual machine. https://bugs.freedesktop.org/show_bug.cgi?id=77271
2014-06-10bus-proxy: properly index policy by uid/gid when parsingLennart Poettering
2014-06-06bus: add basic dbus1 policy parserLennart Poettering
Enforcement is still missing, but at least we can parse it now.
2014-06-06namespace: beef up read-only bind mount logicLennart Poettering
Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.
2014-06-05namespace: when setting up an inaccessible mount point, unmounting ↵Lennart Poettering
everything below This has the benefit of not triggering any autofs mount points unnecessarily.
2014-06-05util: fix fd_cloexec(), fd_nonblock()Lennart Poettering
2014-06-05sd-daemon: introduce sd_pid_notify() and sd_pid_notifyf()Lennart Poettering
sd_pid_notify() operates like sd_notify(), however operates on a different PID (for example the parent PID of a process). Make use of this in systemd-notify, so that message are sent from the PID specified with --pid= rather than the usually shortlived PID of systemd-notify itself. This should increase the likelyhood that PID 1 can identify the cgroup that the notification message was sent from properly.
2014-06-05kdbus: when uploading bus name policy, resolve users/groups out-of-processLennart Poettering
It's not safe invoking NSS from PID 1, hence fork off worker processes that upload the policy into the kernel for busnames.
2014-06-05socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file ↵Lennart Poettering
system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.
2014-06-04socket: optionally remove sockets/FIFOs in the file system after useLennart Poettering
2014-06-04bus-proxy: drop priviliges if we canLennart Poettering
Either become uid/gid of the client we have been forked for, or become the "systemd-bus-proxy" user if the client was root. We retain CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
2014-06-03shared: capability - don't loop over the cap bits if they are all unsetTom Gundersen
2014-06-03shared: allow drop_priviliges to drop all privsTom Gundersen
2014-06-01timesyncd: split privilege dropping code out of timesyncd so that we can ↵Lennart Poettering
make use of it from other daemons too This is preparation to make networkd work as unpriviliged user.
2014-05-31util: ignore_file should not allow files ending with '~'Thomas Hindoe Paaboel Andersen
ignore_file currently allows any file ending with '~' while it seems that the opposite was intended: a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08
2014-05-28virt: rework container detection logicLennart Poettering
Instead of accessing /proc/1/environ directly, trying to read the $container variable from it, let's make PID 1 save the contents of that variable to /run/systemd/container. This allows us to detect containers without the need for CAP_SYS_PTRACE, which allows us to drop it from a number of daemons and from the file capabilities of systemd-detect-virt. Also, don't consider chroot a container technology anymore. After all, we don't consider file system namespaces container technology anymore, and hence chroot() should be considered a container even less.
2014-05-28build-sys: use glibc's xattr support instead of requiring libattrKay Sievers
2014-05-26Do not unescape unit names in [Install] sectionMichal Sekletar
https://bugs.freedesktop.org/show_bug.cgi?id=49316
2014-05-25nspawn: make nspawn robust to container failureDjalal Harouni
nspawn and the container child use eventfd to wait and notify each other that they are ready so the container setup can be completed. However in its current form the wait/notify event ignore errors that may especially affect the child (container). On errors the child will jump to the "child_fail" label and terminate with _exit(EXIT_FAILURE) without notifying the parent. Since the eventfd is created without the "EFD_NONBLOCK" flag, this leaves the parent blocking on the eventfd_read() call. The container can also be killed at any moment before execv() and the parent will not receive notifications. We can fix this by using cheap mechanisms, the new high level eventfd API and handle SIGCHLD signals: * Keep the cheap eventfd and EFD_NONBLOCK flag. * Introduce eventfd states for parent and child to sync. Child notifies parent with EVENTFD_CHILD_SUCCEEDED on success or EVENTFD_CHILD_FAILED on failure and before _exit(). This prevents the parent from waiting on an event that will never come. * If the child is killed before execv() or before notifying the parent, we install a NOP handler for SIGCHLD which will interrupt blocking calls with EINTR. This gives a chance to the parent to call wait() and terminate in main(). * If there are no errors, parent will block SIGCHLD, restore default handler and notify child which will do execv(), then parent will pass control to process_pty() to do its magic. This was exposed in part by: https://bugs.freedesktop.org/show_bug.cgi?id=76193 Reported-by: Tobias Hunger tobias.hunger@gmail.com
2014-05-25path-util: fix missing terminating zeroTanu Kaskinen
There was this code: if (to_path_len > 0) memcpy(p, to_path, to_path_len); That didn't add the terminating zero, so the resulting string was corrupt if this code path was taken. Using strcpy() instead of memcpy() solves this issue, and also simplifies the code. Previously there was special handling for shortening "../../" to "../..", but that has now been replaced by a path_kill_slashes() call, which also makes the result prettier in case the input contains redundant slashes that would otherwise be copied to the result.
2014-05-25Use %m instead of strerror(errno) where appropiateCristian Rodríguez
2014-05-24detect-virt: Remove string for Microsoft virtualization detection in DMI ↵Reyad Attiyat
vendor string array. The string "Microsoft Corporation" is used in the Surface Tablet's DMI vendor ID. https://bugs.freedesktop.org/show_bug.cgi?id=78312
2014-05-24core: timer - switch to touch_file()Kay Sievers
2014-05-24timedated: refuse manual system time updates when automatic timesync is enabledKay Sievers
2014-05-24clock-util: clock_[sg]et_time() -> clock_[sg]et_hwclock()Kay Sievers
2014-05-24timesyncd: only update stamp file when we are synchronizedKay Sievers
Create initial stamp file with compiled-in time to prevent bootups with clocks in the future from storing invalid timestamps. At shutdown, only update the timestamp if we got an authoritative time to store.
2014-05-24shared: add touch_file() and let touch() always update timestampKay Sievers
2014-05-24shared: rename hwclock.[ch] to clock-util.[ch]Kay Sievers
2014-05-22conf-parser: never consider it an error if we cannot load a drop-in file ↵Lennart Poettering
because it is missing After all, we want to be able to boot with /etc empty one day...
2014-05-22time-util: make sure USEC_PER_SEC and friends are actually of type usec_tLennart Poettering
2014-05-21util: fix a gcc compiler warningLennart Poettering
2014-05-21logind: don't apply RemoveIPC= to system usersLennart Poettering
We shouldn't destroy IPC objects of system users on logout. http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html This introduces SYSTEM_UID_MAX defined to the maximum UID of system users. This value is determined compile-time, either as configure switch or from /etc/login.defs. (We don't read that file at runtime, since this is really a choice for a system builder, not the end user.) While we are at it we then also update journald to use SYSTEM_UID_MAX when we decide whether to split out log data for a specific client.
2014-05-18machined: add logic to query IP addresses of containersLennart Poettering
2014-05-18timesyncd: run timesyncd as unpriviliged user "systemd-timesync" (but still ↵Lennart Poettering
with CAP_SYS_TIME)
2014-05-17conf-parser: silently ignore sections starting with "X-"Michael Marineau
This allows external tools to keep additional unit information in a separate section without scaring users with a big warning.
2014-05-16path-lookup: don't hardcode .configTanu Kaskinen
If XDG_CONFIG_HOME is set, then we should respect that.
2014-05-16path-util: add path_make_relative()Tanu Kaskinen
In user_dirs() in path-lookup.c, I want to replace this: symlink("../../../.config/systemd/user", data_home); with symlink(config_home, data_home); to avoid hardcoding .config when XDG_CONFIG_HOME is set. The problem is that config_home is an absolute path, and it's better to make the symlink relative. path_make_relative() is an utility function that converts an absolute path into a relative one.
2014-05-15Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek
No functional change expected :)
2014-05-15Make systemctl --root look for files in the proper placesZbigniew Jędrzejewski-Szmek
Running systemctl enable/disable/set-default/... with the --root option under strace reveals that it accessed various files and directories in the main fs, and not underneath the specified root. This can lead to correct results only when the layout and configuration in the container are identical, which often is not the case. Fix this by adding the specified root to all file access operations. This patch does not handle some corner cases: symlinks which point outside of the specified root might be interpreted differently than they would be by the kernel if the specified root was the real root. But systemctl does not create such symlinks by itself, and I think this is enough of a corner case not to be worth the additional complexity of reimplementing link chasing in systemd. Also, simplify the code in a few places and remove an hypothetical memory leak on error.
2014-05-15shared/install: do not prefix created symlink with root pathZbigniew Jędrzejewski-Szmek
Before: /var/tmp/inst1//etc/systemd/system/default.target -> /var/tmp/inst1//usr/lib/systemd/system/graphical.target After: /var/tmp/inst1/etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target
2014-05-15hashmap: add hashmap_remove2() to remove item from hashtable and return both ↵Lennart Poettering
value and key
2014-05-13shared: add ring bufferDavid Herrmann
New "struct ring" object that implements a basic ring buffer for arbitrary byte-streams. A new basic runtime test is also added. This will be needed for our pty helpers for systemd-console and friends.
2014-05-13shared: add ALIGN_POWER2 macroDavid Herrmann
Sounds easy, turns out to be horrible to implement: ALIGN_POWER2 returns the next higher power of 2. clz(0) is undefined, same is true for left-shift-overflows, yey, C rocks!
2014-05-13replace more dup() by F_DUPFD_CLOEXECLennart Poettering
2014-05-10rtnl: message - read group membership of incoming messagesTom Gundersen