Age | Commit message (Collapse) | Author |
|
If we have the priviliges we will try SO_SNDBUFFORCE/SO_RCVBUFFORCE and
only fall back to SO_SNDBUF/SO_RCVBUF if that fails.
|
|
These specifiers require NSS lookups to work, and we really shouldn't do
them from PID 1 hence. With this change they are now only supported for
user systemd instance, or when the configured user for a unit is root.
|
|
Since numbers involved are all small, behaviour was correct already.
https://bugzilla.redhat.com/show_bug.cgi?id=1043304
|
|
|
|
the transition
|
|
Previously we'd open the connection in the originating namespace, which
meant most peers of the bus would not be able to make sense of the
PID/UID/... identity of us since we didn't exist in the namespace they
run in. However they require this identity for privilege decisions,
hence disallowing access to anything from the host.
Instead, when connecting to a container, create a temporary subprocess,
make it join the container's namespace and then connect from there to
the kdbus instance. This is similar to how we do it for socket
conections already.
THis also unifies the namespacing code used by machinectl and the bus
APIs.
|
|
|
|
|
|
Needed for socketpair, recv
|
|
% build/journalctl help
Assertion 'match_is_valid(data, size)' failed at ../src/journal/sd-journal.c:227, function sd_journal_add_match(). Ignoring.
Callers cannot be expect to check all arguments always.
|
|
log message
|
|
This adds the new library call sd_journal_open_container() and a new
"-M" switch to journalctl. Particular care is taken that journalctl's
"-b" switch resolves to the current boot ID of the container, not the
host.
|
|
|
|
It was calling cfmakeraw(3) on the properties for STDIN_FILENO; cfmakeraw
sets both input and output properties. If (and only if) stdin and stdout
are the same device is this correct. Otherwise, we must change only the
input properties of stdin, and only the output properties of stdout.
|
|
|
|
|
|
|
|
|
|
The only problem is that libgen.h #defines basename to point to it's
own broken implementation instead of the GNU one. This can be fixed
by #undefining basename.
|
|
|
|
- Add space between if/for and the opening parentheses
- Place the opening brace on same line as the function (not for udev)
From the CODING_STYLE
Try to use this:
void foo() {
}
instead of this:
void foo()
{
}
|
|
|
|
.service units
|
|
|
|
Introduce IN_SET() macro to nicely check whether a value a is one of a
few listed values.
This makes writing this:
if (a == 1 || a == 7 || a == 8 || a == 9)
nicer, by allowing this:
if (IN_SET(a, 1, 7, 8, 9))
This is particularly useful for state machine enums.
|
|
Compared to greedy_realloc(), this sets all newly allocated memory to 0.
As the old variant has been used a lot for string-handling, we avoid
changing it as clearing memory is not needed there.
|
|
my e93c33d4aa broke this stupidly
|
|
|
|
We must return a negative error code from getttyname_malloc but
that would not be the case if ttyname_r returned a negative value.
ttyname_r should only return EBADF, ENOTTY, or ERANGE so it should
be safe to change.
|
|
|
|
|
|
It didn't build on arm. Let's simplify it a bit by
splitting x86 specific parts out, which should also make
things easier when arm virtualization support is added.
|
|
This way we can unify handling of credentials that are attached to
messages, or can be queried for bus name owners or connection peers.
This also adds the ability to extend incomplete credential information
with data from /proc,
Also, provide a convenience call that will automatically determine the
most appropriate credential object for an incoming message, by using the
the attached information if possible, the sending name information if
available and otherwise the peer's credentials.
|
|
Inspired by a patch by Lukas Nykryn.
|
|
PrivateTmp= namespaces
|
|
Otherwise there is some memory corruption and undefined behavior,
e.g., in my case systemd-udev was always aborted at the
_cleanup_freep_ around that code blocks.
|
|
to deal with shells
This makes shutdown a bit faster if debug-shell.service is enabled.
|
|
Pass on the line on which a section was decleared to the parsers, so they
can distinguish between multiple sections (if they chose to). Currently
no parsers take advantage of this, but a follow-up patch will do that
to distinguish
[Address]
Address=192.168.0.1/24
Label=one
[Address]
Address=192.168.0.2/24
Label=two
from
[Address]
Address=192.168.0.1/24
Label=one
Address=192.168.0.2/24
Label=two
|
|
We expect the event on /proc/swaps before we expect the SIGCHILD,
reflect this in the state machine.
|
|
Use Description only internally, and allow Alias to be set
as a separate option. For instance SNMP uses ifalias for
a specific purpose, so let's not write to it by default.
|
|
|
|
|
|
David:
I already applied a fix for that, but this patch definitely looks nicer. I
changed CONCATENATE_HELPER() -> XCONCATENATE() similar to XSTRINGIFY and
added the UNIQUE() helper.
|
|
We need two-level macro-expansion, otherwise __LINE__ will not get
evaluated.
|
|
All calls that set a sd_bus_error structure will now return the same
error converted to a negative errno. This may be used as syntactic sugar
to return from a function and setting a bus_error structure in one go.
Also, translate all Linux Exyz (EIO, EINVAL, EUCLEAN, EPIPE, ...)
automatically into counterparts in the (new) "Posix.Error." namespace.
If we fail to allocate memory for the components of a sd_bus_error
automatically reset it to an OOM error which we always can write.
|
|
|
|
This patch converts PID 1 to libsystemd-bus and thus drops the
dependency on libdbus. The only remaining code using libdbus is a test
case that validates our bus marshalling against libdbus' marshalling,
and this dependency can be turned off.
This patch also adds a couple of things to libsystem-bus, that are
necessary to make the port work:
- Synthesizing of "Disconnected" messages when bus connections are
severed.
- Support for attaching multiple vtables for the same interface on the
same path.
This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus
calls which used an inappropriate signature.
As a side effect we will now generate PropertiesChanged messages which
carry property contents, rather than just invalidation information.
|
|
|
|
instead of a symlink, too
|
|
|