summaryrefslogtreecommitdiff
path: root/src/shared
AgeCommit message (Collapse)Author
2014-06-04bus-proxy: drop priviliges if we canLennart Poettering
Either become uid/gid of the client we have been forked for, or become the "systemd-bus-proxy" user if the client was root. We retain CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
2014-06-03shared: capability - don't loop over the cap bits if they are all unsetTom Gundersen
2014-06-03shared: allow drop_priviliges to drop all privsTom Gundersen
2014-06-01timesyncd: split privilege dropping code out of timesyncd so that we can ↵Lennart Poettering
make use of it from other daemons too This is preparation to make networkd work as unpriviliged user.
2014-05-31util: ignore_file should not allow files ending with '~'Thomas Hindoe Paaboel Andersen
ignore_file currently allows any file ending with '~' while it seems that the opposite was intended: a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08
2014-05-28virt: rework container detection logicLennart Poettering
Instead of accessing /proc/1/environ directly, trying to read the $container variable from it, let's make PID 1 save the contents of that variable to /run/systemd/container. This allows us to detect containers without the need for CAP_SYS_PTRACE, which allows us to drop it from a number of daemons and from the file capabilities of systemd-detect-virt. Also, don't consider chroot a container technology anymore. After all, we don't consider file system namespaces container technology anymore, and hence chroot() should be considered a container even less.
2014-05-28build-sys: use glibc's xattr support instead of requiring libattrKay Sievers
2014-05-26Do not unescape unit names in [Install] sectionMichal Sekletar
https://bugs.freedesktop.org/show_bug.cgi?id=49316
2014-05-25nspawn: make nspawn robust to container failureDjalal Harouni
nspawn and the container child use eventfd to wait and notify each other that they are ready so the container setup can be completed. However in its current form the wait/notify event ignore errors that may especially affect the child (container). On errors the child will jump to the "child_fail" label and terminate with _exit(EXIT_FAILURE) without notifying the parent. Since the eventfd is created without the "EFD_NONBLOCK" flag, this leaves the parent blocking on the eventfd_read() call. The container can also be killed at any moment before execv() and the parent will not receive notifications. We can fix this by using cheap mechanisms, the new high level eventfd API and handle SIGCHLD signals: * Keep the cheap eventfd and EFD_NONBLOCK flag. * Introduce eventfd states for parent and child to sync. Child notifies parent with EVENTFD_CHILD_SUCCEEDED on success or EVENTFD_CHILD_FAILED on failure and before _exit(). This prevents the parent from waiting on an event that will never come. * If the child is killed before execv() or before notifying the parent, we install a NOP handler for SIGCHLD which will interrupt blocking calls with EINTR. This gives a chance to the parent to call wait() and terminate in main(). * If there are no errors, parent will block SIGCHLD, restore default handler and notify child which will do execv(), then parent will pass control to process_pty() to do its magic. This was exposed in part by: https://bugs.freedesktop.org/show_bug.cgi?id=76193 Reported-by: Tobias Hunger tobias.hunger@gmail.com
2014-05-25path-util: fix missing terminating zeroTanu Kaskinen
There was this code: if (to_path_len > 0) memcpy(p, to_path, to_path_len); That didn't add the terminating zero, so the resulting string was corrupt if this code path was taken. Using strcpy() instead of memcpy() solves this issue, and also simplifies the code. Previously there was special handling for shortening "../../" to "../..", but that has now been replaced by a path_kill_slashes() call, which also makes the result prettier in case the input contains redundant slashes that would otherwise be copied to the result.
2014-05-25Use %m instead of strerror(errno) where appropiateCristian Rodríguez
2014-05-24detect-virt: Remove string for Microsoft virtualization detection in DMI ↵Reyad Attiyat
vendor string array. The string "Microsoft Corporation" is used in the Surface Tablet's DMI vendor ID. https://bugs.freedesktop.org/show_bug.cgi?id=78312
2014-05-24core: timer - switch to touch_file()Kay Sievers
2014-05-24timedated: refuse manual system time updates when automatic timesync is enabledKay Sievers
2014-05-24clock-util: clock_[sg]et_time() -> clock_[sg]et_hwclock()Kay Sievers
2014-05-24timesyncd: only update stamp file when we are synchronizedKay Sievers
Create initial stamp file with compiled-in time to prevent bootups with clocks in the future from storing invalid timestamps. At shutdown, only update the timestamp if we got an authoritative time to store.
2014-05-24shared: add touch_file() and let touch() always update timestampKay Sievers
2014-05-24shared: rename hwclock.[ch] to clock-util.[ch]Kay Sievers
2014-05-22conf-parser: never consider it an error if we cannot load a drop-in file ↵Lennart Poettering
because it is missing After all, we want to be able to boot with /etc empty one day...
2014-05-22time-util: make sure USEC_PER_SEC and friends are actually of type usec_tLennart Poettering
2014-05-21util: fix a gcc compiler warningLennart Poettering
2014-05-21logind: don't apply RemoveIPC= to system usersLennart Poettering
We shouldn't destroy IPC objects of system users on logout. http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html This introduces SYSTEM_UID_MAX defined to the maximum UID of system users. This value is determined compile-time, either as configure switch or from /etc/login.defs. (We don't read that file at runtime, since this is really a choice for a system builder, not the end user.) While we are at it we then also update journald to use SYSTEM_UID_MAX when we decide whether to split out log data for a specific client.
2014-05-18machined: add logic to query IP addresses of containersLennart Poettering
2014-05-18timesyncd: run timesyncd as unpriviliged user "systemd-timesync" (but still ↵Lennart Poettering
with CAP_SYS_TIME)
2014-05-17conf-parser: silently ignore sections starting with "X-"Michael Marineau
This allows external tools to keep additional unit information in a separate section without scaring users with a big warning.
2014-05-16path-lookup: don't hardcode .configTanu Kaskinen
If XDG_CONFIG_HOME is set, then we should respect that.
2014-05-16path-util: add path_make_relative()Tanu Kaskinen
In user_dirs() in path-lookup.c, I want to replace this: symlink("../../../.config/systemd/user", data_home); with symlink(config_home, data_home); to avoid hardcoding .config when XDG_CONFIG_HOME is set. The problem is that config_home is an absolute path, and it's better to make the symlink relative. path_make_relative() is an utility function that converts an absolute path into a relative one.
2014-05-15Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek
No functional change expected :)
2014-05-15Make systemctl --root look for files in the proper placesZbigniew Jędrzejewski-Szmek
Running systemctl enable/disable/set-default/... with the --root option under strace reveals that it accessed various files and directories in the main fs, and not underneath the specified root. This can lead to correct results only when the layout and configuration in the container are identical, which often is not the case. Fix this by adding the specified root to all file access operations. This patch does not handle some corner cases: symlinks which point outside of the specified root might be interpreted differently than they would be by the kernel if the specified root was the real root. But systemctl does not create such symlinks by itself, and I think this is enough of a corner case not to be worth the additional complexity of reimplementing link chasing in systemd. Also, simplify the code in a few places and remove an hypothetical memory leak on error.
2014-05-15shared/install: do not prefix created symlink with root pathZbigniew Jędrzejewski-Szmek
Before: /var/tmp/inst1//etc/systemd/system/default.target -> /var/tmp/inst1//usr/lib/systemd/system/graphical.target After: /var/tmp/inst1/etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target
2014-05-15hashmap: add hashmap_remove2() to remove item from hashtable and return both ↵Lennart Poettering
value and key
2014-05-13shared: add ring bufferDavid Herrmann
New "struct ring" object that implements a basic ring buffer for arbitrary byte-streams. A new basic runtime test is also added. This will be needed for our pty helpers for systemd-console and friends.
2014-05-13shared: add ALIGN_POWER2 macroDavid Herrmann
Sounds easy, turns out to be horrible to implement: ALIGN_POWER2 returns the next higher power of 2. clz(0) is undefined, same is true for left-shift-overflows, yey, C rocks!
2014-05-13replace more dup() by F_DUPFD_CLOEXECLennart Poettering
2014-05-10rtnl: message - read group membership of incoming messagesTom Gundersen
2014-05-06list: make LIST_FIND_TAIL work for empty listsLennart Poettering
2014-05-05timesyncd: lookup name server via sd-resolve, support IPv6, react to ↵Lennart Poettering
SIGINT/SITERM
2014-05-05build-sys: move async.[ch] to src/sharedLennart Poettering
So that we can use it at multiple places.
2014-04-28conf-parser: Fix typo in commentJonathan Boulle
Fix minor typo in conf parser
2014-04-24Add more password agent informationDavid Härdeman
Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
2014-04-24util: make sure all our name_to_handle_at() code makes use of file_handle_unionLennart Poettering
2014-04-23delta: draw arrows with draw_special_char()Lennart Poettering
Let's unify generation of unicode chars at one place. Also, don't add an extra space into chars we print, except for the tree chars where this is really necessary.
2014-04-23install: simplificationLennart Poettering
2014-04-23label: there is no label_retest_selinux() callLennart Poettering
2014-04-21systemctl: delete REBOOT_PARAM_FILE if no parameter is specifiedMichael Olbrich
And move it to sperate function.
2014-04-21implement a union to pad out file_handleDave Reisner
Cases where name_to_handle_at is used allocated the full struct to be MAX_HANDLE_SZ, and assigned this size to handle_bytes. This is wrong since handle_bytes should describe the length of the flexible array member and not the whole struct. Define a union type which includes sufficient padding to allow assignment of MAX_HANDLE_SZ to be correct.
2014-04-21condense assignment and path_kill_slashes callsDave Reisner
2014-04-20Remove duplicate includesBas van den Berg
2014-04-16install: create_symlink() check unlink() return valueDjalal Harouni
create_symlink() do not check the return value of unlink(), this may confuse the user. Before the unlink() call we check the 'force' argument. If it is not set we fail with -EEXIST, otherwise we unlink() the file, therefore the next symlink() should not fail with -EEXIST (do not count races...). However since callers may not have appropriate privileges to unlink() the file we lose the -EPERM or any other errno code of unlink(), and return the -EEXIST of the next symlink(). Fix this by checking unlink() results. Before: $ systemctl --force --root=~/container-03 set-default multi-user.target Failed to set default target: File exists After: $ systemctl --force --root=~/container-03 set-default multi-user.target Failed to set default target: Permission denied
2014-04-13util: ignore kernel errors reported via close(), unless it is EBADFLennart Poettering
The kernel can return pretty much anything there, even though the fd is closed. Let's not get confused by that.