| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Fix machinectl login with containers in user namespaces (v2)
|
|
To be able to use `systemd-run` or `machinectl login` on a container
that is in a private user namespace, the sub-process must have entered
the user namespace before connecting to the container's D-Bus, otherwise
the UID and GID in the peer credentials are garbage.
So we extend namespace_open and namespace_enter to support UID namespaces,
and we enter the UID namespace in bus_container_connect_{socket,kernel}.
namespace_open will degrade to a no-op if user namespaces are not enabled
in the kernel.
Special handling is required for the setns call in namespace_enter with
a user namespace, since transitioning to your own namespace is forbidden,
as it would result in re-entering your user namespace as root.
Arguably it may be valid to check this at the call site, rather than
inside namespace_enter, but it is less code to do it inside, and if the
intention of calling namespace_enter is to *be* in the target namespace,
rather than to transition to the target namespace, it is a reasonable
approach.
The check for whether the user namespace is the same must happen before
entering namespaces, as we may not be able to access /proc during the
intermediate transition stage.
We can't instead attempt to enter the user namespace and then ignore
the failure from it being the same namespace, since the error code is
not distinct, and we can't compare namespaces while mid-transition.
|
|
Allow arbitrary file paths to be passed to nspawn (v3)
|
|
We should not fall back to dbus-1 and connect to the proxy when kdbus
returns an error that indicates that kdbus is running but just does not
accept new connections because of quota limits or something similar.
Using is_kdbus_available() in libsystemd/ requires it to move from
shared/ to libsystemd/.
Based on a patch from David Herrmann:
https://github.com/systemd/systemd/pull/886
|
|
This adds an EXTRACT_QUOTES option to allow the previous behaviour, of
not interpreting any character inside ' or " quotes as separators.
|
|
It now takes a separators argument, which defaults to WHITESPACE if NULL
is passed.
|
|
|
|
Pretty trivial helper which wraps free() but returns NULL, so we can
simplify this:
free(foobar);
foobar = NULL;
to this:
foobar = mfree(foobar);
|
|
Some places invoked fflush() directly with their own manual error
checking, let's unify all that by using fflush_and_check().
This also unifies the general error paths of fflush()+rename() file
writers.
|
|
install: make unit_file_get_list aware of UNIT_FILE_INDIRECT
|
|
Given three DNS names this function indicates if the second argument lies
strictly between the first and the third according to the canonical DNS
name order. Note that the order is circular, so the last name is
considered to be before the first.
|
|
The canonical DNS name ordering considers the rightmost label the most significant,
we were considering it the least significant. This is important when implementing
NSEC, which relies on the correct order.
|
|
Intended to be called repeatedly, and returns then successive unescaped labels
from the most to the least significant (left to right).
This is slightly inefficient as it scans the string three times (two would be
sufficient): once to find the end of the string, once to find the beginning
of each label and lastly once to do the actual unescaping. The latter two
could be done in one go, but that seemed unnecessarily convoluted.
|
|
Hook up container userns with nss-mymachines
|
|
We shouldn't fall over that, and just assume it is 0 in this case.
Fixes #499.
|
|
Given a container "foo", that maps user id $UID to container user, using
user namespaces, this NSS module extenstion will now map the $UID to a
name "vu-foo-$TUID" for the translated UID $UID.
Similar, userns groups are mapped to "vg-foo-$TGID" for translated GIDs
of $GID.
This simple change should make userns users more discoverable. Also,
given that many tools like "adduser" check NSS before allocating a UID,
should lower the chance of UID range conflicts between tools.
|
|
The latest consolidation cleanup of write_string_file() revealed some users
of that helper which should have used write_string_file_no_create() in the
past but didn't. Basically, all existing users that write to files in /sys
and /proc should not expect to write to a file which is not yet existant.
|
|
Merge write_string_file(), write_string_file_no_create() and
write_string_file_atomic() into write_string_file() and provide a flags mask
that allows combinations of atomic writing, newline appending and automatic
file creation. Change all users accordingly.
|
|
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush()
(which writes all unwritten messages out) + sd_bus_close() (which
terminates the connection, releasing all unread messages) +
sd_bus_unref() (which frees the connection).
The combination of this call is used pretty frequently in systemd tools
right before exiting, and should also be relevant for most external
clients, and is hence useful to cover in a call of its own.
Previously the combination of the three calls was already done in the
_cleanup_bus_close_unref_ macro, but this was only available internally.
Also see #327
|
|
Commit aedd401 introduced new unit file state, UNIT_FILE_INDIRECT. Unit file is
said to have indirect state if it contains [Install] section which has only
Also= directive. Thus, if enable of such unit file is requested then some other
unit file gets enabled.
Whether or not unit file is in indirect state can be determined by calling
unit_file_can_install. Function unit_file_get_list populates list of unit files
present in given lookup location. So far it did call unit_file_can_install in a
way that would prevent finding out about unit files in indirect state. Such unit
file would be incorrectly marked as static.
Fixes following assertion in test-install,
Assertion 'p->state == s' failed at src/test/test-install.c:59, function main(). Aborting.
[1] 26868 abort (core dumped) ./test-install
|
|
Maybe there is some left-over value stored in r from previous function
call. Let's make sure we always return consistent error code when we reach end of
the function body.
Fixes following crash of test-install,
Assertion 'r == 0' failed at src/test/test-install.c:52, function main(). Aborting.
[1] 11703 abort (core dumped) ./test-install
|
|
|
|
- Make string parameter const
- Don't log some OOM errors, but not others
- Don't eat up errors generated by acl_from_text()
- Make sure check for success of every single strv_push() call
|
|
|
|
turn kdbus support into a runtime option
|
|
Not all watchdog drivers implement WDIOC_SETOPTIONS. Drivers which do
not implement it have their device always enabled. So it's fine to
report an error if WDIOS_DISABLECARD is passed and the ioctl is not
implemented, however failing when WDIOS_ENABLECARD is passed and the
ioctl is not implemented is not good: if the device was already
enabled then WDIOS_ENABLECARD was a no-op and wasn't needed in the
first place. So we can just ignore the error and continue.
|
|
./configure --enable/disable-kdbus can be used to set the default
behavior regarding kdbus.
If no kdbus kernel support is available, dbus-dameon will be used.
With --enable-kdbus, the kernel command line option "kdbus=0" can
be used to disable kdbus.
With --disable-kdbus, the kernel command line option "kdbus=1" is
required to enable kdbus support.
|
|
everywhere: port everything to sigprocmask_many() and friends
|
|
This ports a lot of manual code over to sigprocmask_many() and friends.
Also, we now consistly check for sigprocmask() failures with
assert_se(), since the call cannot realistically fail unless there's a
programming error.
Also encloses a few sd_event_add_signal() calls with (void) when we
ignore the return values for it knowingly.
|
|
This adds a "char *extra" parameter to tempfn_xxxxxx(), tempfn_random(),
tempfn_ranomd_child(). If non-NULL this string is included in the middle
of the newly created file name. This is useful for being able to
distuingish the kind of temporary file when we see one.
This also adds tests for the three call.
For now, we don't make use of this at all, but port all users over.
|
|
The names fw-util.[ch] are too ambiguous, better rename the files to
firewall-util.[ch]. Also rename the test accordingly.
|
|
basic/ can be used by everything
cannot use anything outside of basic/
libsystemd/ can use basic/
cannot use shared/
shared/ can use libsystemd/
|
|
shared: Drop 'name=' prefix from SYSTEMD_CGROUP_CONTROLLER define.
|
|
|
|
|
|
It's only marginally shorter then the usual for() loop, but certainly
more readable.
|
|
mask/handlers
Also, when the child is potentially long-running make sure to set a
death signal.
Also, ignore the result of the reset operations explicitly by casting
them to (void).
|
|
|
|
When we have a structure like this:
/bin -> /usr/bin
/usr is a mount point
Then path_is_mount_point("/bin", AT_SYMLINK_FOLLOW) needs to look at the pair
/usr/bin and /usr, not at the pair / and /usr/bin, as the latter have different
mount IDs. But we only want to consider the base name, not any parent.
Thus we have to resolve the given path first to get the real parent when
allowing symlinks.
Bug: https://github.com/systemd/systemd/issues/61
|
|
set_consume() does not return -EEXIST, but 0, in case the key is already
in the Set.
|
|
This reverts commit 46be6129d3e52556eb0f2ae4d07818f9f3f7af7a.
|
|
|
|
set_consume(done, x) consumes x with free(x)
but
mount(…, x, …) uses it afterwards.
coverity CID 1299006
|
|
We unescape ExecStart line when parsing it, so escape device name
before adding it to unit file.
fixes #50
|
|
Fix a regression caused by 4034a06d ("util: rework word parsing and c
unescaping code") which broke octal escape sequences.
The reason for this breakage is that cunescape_one() expects 4 characters
in an octal encoding, which is a stray left-over from the old code which
operated on different variables to make the length check.
While at it, add a test case to prevent the same thing from happening
again.
|
|
systemd-mailing-devs/1433236104-9967-1-git-send-email-m.olbrich@pengutronix.de
missing: add more btrfs defines
|
|
In cgtop,mount-setup,nspawn the name= prefix is hard-coded in the
mount options, and the define is not used.
Everywhere else, we explicitly white-list allow 'name=' prefix to be
used with all controllers, and strip it out to 'normalise' the
controller name. That work is mostly inflicted on us due to 'name='
prefix in the define. Dropping this prefix makes everything more sane
overall.
|
|
|
|
|
