summaryrefslogtreecommitdiff
path: root/src/shared
AgeCommit message (Collapse)Author
2015-02-01shared/capability: go frugal on space for capsZbigniew Jędrzejewski-Szmek
2015-02-01Fix dropping of all capabilitiesZbigniew Jędrzejewski-Szmek
From fd.o bug 88898: systemd-resolved fails to start: Failed to drop capabilities: Operation not permitted Broken in f11943c53ec181829a821c6b27acf828bab71caa. Drop all capabilities: 1. prctl(PR_SET_KEEPCAPS, keep_capabilities != 0) // 0 when we drop all capabilities 2. setresuid() // bye bye capabilities 3. Add CAP_SETPCAP // fails because we have no capabilities 4. Reduce capability bounding set 5. Drop capabilities 6. prctl(PR_SET_KEEPCAPS, 0) Capabilites should always be kept after setresuid() so that the capability bounding set can be reduced. Based-on-a-patch-by: mustrumr97@gmail.com https://bugs.freedesktop.org/show_bug.cgi?id=88898 We must be careful not to leave PR_SET_KEEPCAPS on. We could use the setresuid() call to drop capabilities, but the rules when capabilities are dropped are fairly complex, since a transition to non-zero uid must happen. Let's instead keep the capabilities during setresuid(), and drop them later.
2015-02-01Add a snprinf wrapper which checks that the buffer was big enoughZbigniew Jędrzejewski-Szmek
If we scale our buffer to be wide enough for the format string, we should expect that the calculation was correct. char_array_0() invocations are removed, since snprintf nul-terminates the output in any case. A similar wrapper is used for strftime calls, but only in timedatectl.c.
2015-01-29coredump: drop caps while we are processing the coredumpLennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=87354
2015-01-28util: add comment explaining hostname_is_valid()Lennart Poettering
2015-01-28list: properly skip over first item in LIST_FOREACH_OTHERSLennart Poettering
2015-01-28list: add macro for iterating through a list an item is in, skipping the itemLennart Poettering
2015-01-27missing: define correct syscall numbers for memfd_create() and getrandom() ↵Michael Olbrich
on aarch64
2015-01-24tmpfiles: do not bump access times of directories we are cleaning upZbigniew Jędrzejewski-Szmek
Both plain opendir() and glob() will bump access time. Privileged option O_NOATIME can be used to prevent the access time from being updated. We already used it for subdirectories of the directories which we were cleaning up. But for the directories specified directly in the config files, we wouldn't do that. This means that, paradoxically, our own temporary directories for PrivateTmp would stay around forever, as long as one let systemd-tmpfiles-clean.service run regularly, because they had their own glob patterns specified. https://bugzilla.redhat.com/show_bug.cgi?id=1183684
2015-01-23#pragma once here and thereZbigniew Jędrzejewski-Szmek
2015-01-23build-sys: fix build on compilers without static_assertZbigniew Jędrzejewski-Szmek
Build would fail when assert was used on the same line in different files #included together. https://bugs.freedesktop.org/show_bug.cgi?id=87339
2015-01-23core: add a property that shows the current memory usage of a unitLennart Poettering
This is exposed the memory.usage_in_bytes cgroup property on the bus, and makes "systemctl status" show it in its default output.
2015-01-22cgroup-show: remove duplicated checkZbigniew Jędrzejewski-Szmek
After 3637713a20 it is not necessary anymore.
2015-01-23importd: when listing transfers, show progress percentageLennart Poettering
With this change the pull protocol implementation processes will pass progress data to importd which then passes this information on via the bus. We use sd_notify() as generic transport for this communication, making importd listen to them, while matching the incoming messages to the right transfer.
2015-01-22cgroup-show: don't hit assert, when the extra pids array is emptyLennart Poettering
2015-01-22import: only define the _to_string() enum mapping function, thus making gcc ↵Lennart Poettering
shut up
2015-01-22import: rename --verify=sum to --verify=checksumLennart Poettering
This is how we call it internally, and also a bit more descriptive.
2015-01-22shared/acl-util: add mask only when needed, always add base ACLsZbigniew Jędrzejewski-Szmek
For ACLs to be valid, a set of entries for user, group, and other must be always present. Always add those entries. While at it, only add the mask ACL if it is actually required, i.e. when at least on ACL for non-owner group or user exists.
2015-01-22tmpfiles: implement augmenting of existing ACLsZbigniew Jędrzejewski-Szmek
This is much more useful in practice (equivalent to setfacl -m).
2015-01-22tmpfiles: add 'a' type to set ACLsZbigniew Jędrzejewski-Szmek
2015-01-22shared/cgroup-show: simplify show_pid_array()Zbigniew Jędrzejewski-Szmek
int[] should not be used as pid_t[], even if happens to be same thing. Also deduplicating in a quadratic loop right before sorting is unnecessary. Remove custom greedy_realloc implementation.
2015-01-22Assorted format fixesZbigniew Jędrzejewski-Szmek
Types used for pids and uids in various interfaces are unpredictable. Too bad.
2015-01-22Fix some format strings for enums, they are signedZbigniew Jędrzejewski-Szmek
2015-01-22shared/util: use signed printf format for PIDsZbigniew Jędrzejewski-Szmek
gcc 5 started warning about this.
2015-01-22import: introduce new mini-daemon systemd-importd, and make machinectl a ↵Lennart Poettering
client to it The old "systemd-import" binary is now an internal tool. We still use it as asynchronous backend for systemd-importd. Since the import tool might require some IO and CPU resources (due to qcow2 explosion, and decompression), and because we might want to run it with more minimal priviliges we still keep it around as the worker binary to execute as child process of importd. machinectl now has verbs for pulling down images, cancelling them and listing them.
2015-01-22log: add new log output mode, that prints to console, but prefixes with ↵Lennart Poettering
syslog priority This is useful when we execute our own programs, reading output from its STDERR, and want to retain priority information.
2015-01-21util: Add some missing hidden_file() suffixesMartin Pitt
dpkg itself also uses *.dpkg-dist, while .dpkg-{bak,backup,remove} are being used by dpkg-maintscript-helper.
2015-01-21import: add image verification using gpgLennart Poettering
This also adds an initial keyring for the verification, that contains Ubuntu's and Fedora's key. We should probably add more entries sooner or later.
2015-01-20import: port pull-raw to helper tools implemented for pull-tarLennart Poettering
This allows us to reuse a lot more code, and simplify pull-raw drastically.
2015-01-20util: make http url validity checks more generic, and move them to util.cLennart Poettering
2015-01-19networkd: netdev - add ipvlan supportTom Gundersen
2015-01-19nspawn: support dissecting GPT images that contain only a single generic ↵Lennart Poettering
linux partition This should allow running Ubuntu UEFI GPT Images with nspawn, unmodified.
2015-01-19machined: refer to the disk space allocated for an image to "usage" rather ↵Lennart Poettering
than "size" After all, it's closer to the "du"-reported value than to the file sizes...
2015-01-19qcow2: when dissecting qcow2, use btrfs clone ioctls for reflinking blocks ↵Lennart Poettering
to target
2015-01-19import-raw: when downloading raw images, generate sparse files if we canLennart Poettering
2015-01-18Move DEFINE_TRIVIAL_CLEANUP_FUNC to macro.hZbigniew Jędrzejewski-Szmek
This remove the need for various header files to include the (relatively heavyweight) util.h.
2015-01-18Add initialization helper for file_handle_unionZbigniew Jędrzejewski-Szmek
2015-01-18util: replace RUN_WITH_LOCALE with extended locale functionsCristian Rodríguez
There were two callers, one can use strtod_l() and the other strptime_l(). (David: fix up commit-msg and coding-style)
2015-01-17missing: add macros for OFD locksMichael Marineau
2015-01-15nspawn,machined: change default container image location from ↵Lennart Poettering
/var/lib/container to /var/lib/machines Given that this is also the place to store raw disk images which are very much bootable with qemu/kvm it sounds like a misnomer to call the directory "container". Hence, let's change this sooner rather than later, and use the generic name, in particular since we otherwise try to use the generic "machine" preferably over the more specific "container" or "vm".
2015-01-15import: rename "gpt" disk image type to "raw"Lennart Poettering
After all, nspawn can now dissect MBR partition levels, too, hence ".gpt" appears a misnomer. Moreover, the the .raw suffix for these files is already pretty popular (the Fedora disk images use it for example), hence sounds like an OK scheme to adopt.
2015-01-14nspawn: add file system locks for controlling access to container imagesLennart Poettering
This adds three kinds of file system locks for container images: a) a file system lock next to the actual image, in a .lck file in the same directory the image is located. This lock has the benefit of usually being located on the same NFS share as the image itself, and thus allows locking container images across NFS shares. b) a file system lock in /run, named after st_dev and st_ino of the root of the image. This lock has the advantage that it is unique even if the same image is bind mounted to two different places at the same time, as the ino/dev stays constant for them. c) a file system lock that is only taken when a new disk image is about to be created, that ensures that checking whether the name is already used across the search path, and actually placing the image is not interrupted by other code taking the name. a + b are read-write locks. When a container is booted in read-only mode a read lock is taken, otherwise a write lock. Lock b is always taken after a, to avoid ABBA problems. Lock c is mostly relevant when renaming or cloning images.
2015-01-14pty: minor modernizationLennart Poettering
We initialize structs during declartion if possible
2015-01-14machined: use the FS_IMMUTABLE_FL file flag, if available, to implement a ↵Lennart Poettering
"read-only" concept for raw disk images, too
2015-01-14util: the chattr flags field is actually unsigned, judging by kernel sourcesLennart Poettering
Unlike some client code suggests...
2015-01-14ptyfw: add missing error checkLennart Poettering
2015-01-13networkd: make IP forwarding for IPv4 and IPv6 individually configurableLennart Poettering
2015-01-13fw-util: fix errno typo for !HAVE_LIBIPTCDaniel Mack
2015-01-13networkd: add minimal IP forwarding and masquerading support to .network filesLennart Poettering
This adds two new settings to networkd's .network files: IPForwarding=yes and IPMasquerade=yes. The former controls the "forwarding" sysctl setting of the interface, thus controlling whether IP forwarding shall be enabled on the specific interface. The latter controls whether a firewall rule shall be installed that exposes traffic coming from the interface as coming from the local host to all other interfaces. This also enables both options by default for container network interfaces, thus making "systemd-nspawn --network-veth" have network connectivity out of the box.
2015-01-13shared: add minimal firewall manipulation helpers for establishing NAT ↵Lennart Poettering
rules, using libiptc