summaryrefslogtreecommitdiff
path: root/src/shared
AgeCommit message (Collapse)Author
2014-06-16util: add realloc_multiply() helperDavid Herrmann
This is similar to malloc_multiply() and friends. It is realloc() with a multiplication-overflow check.
2014-06-16util: fix multiply-alloc helpers with size==0David Herrmann
Passing 0 to malloc() is not required to return NULL. Therefore, don't bail out if "b" is 0. This is not of importance to the existing helpers, but the upcoming realloc_multiply() requires this. To keep consistence, we keep the same behavior for the other helpers.
2014-06-16macro: add DISABLE_WARNING_SHADOWDavid Herrmann
As it turns out, we cannot use _Pragma in compound-statements. Therefore, constructs like MIN(MAX(a, b), x) will warn due to shadowed variable declarations. The DISABLE_WARNING_SHADOW macro can be used to suppress these. Note that using UNIQUE(_var) does not work either as GCC uses the last line of a macro-expansion for __LINE__, therefore, still causing both macros to have the same variables. We could use different variable-names for MIN and MAX, but that just hides the problem and still fails for MIN(something(MIN(a, b)), c). The only working solution is to use __COUNTER__ and pass it pre-evaluated as extra argument to a macro to use as name-prefix. This, however, makes all these macros much more complicated so I'll go with manual DISABLE_WARNING_SHADOW so far.
2014-06-16tmpfiles: add new "L+" command as stronger version of "L", that removes the ↵Lennart Poettering
destination before creating a symlink Also, make use of this for mtab as long as mount insists on creating it even if we invoke it with "-n".
2014-06-16tmpfiles: set up selinux label proeprly when creating fifosLennart Poettering
2014-06-13os-release: define /usr/lib/os-release as fallback for /etc/os-releaseLennart Poettering
The file should have been in /usr/lib/ in the first place, since it describes the OS container in /usr (and not the configuration in /etc), hence, let's support os-release files in /usr/lib as fallback if no version in /etc exists, following the usual override logic. A prior commit already enabled tmpfiles to create /etc/os-release as a symlink to /usr/lib/os-release should it be missing, thus providing nice compatibility with applications only checking in /etc. While it's probably a good idea if all apps check both locations via a fallback logic, it is only necessary in the early boot process, as long as the /etc/os-release symlink has not been restored, in case we boot with an empty /etc.
2014-06-13install: fix invalid free() in unit_file_mask()Andreas Henriksson
int unit_file_mask(...) in ./src/shared/install.c calls get_config_path(...) which can in 4 error cases return without setting "ret", and thus "prefix" can be uninitialized when unit_file_mask(...) finishes (which it does directly after the error is returned from get_config_path(...)).
2014-06-13core: add new ConditionNeedsUpdate= unit conditionLennart Poettering
This new condition allows checking whether /etc or /var are out-of-date relative to /usr. This is the counterpart for the update flag managed by systemd-update-done.service. Services that want to be started once after /usr got updated should use: [Unit] ConditionNeedsUpdate=/etc Before=systemd-update-done.service This makes sure that they are only run if /etc is out-of-date relative to /usr. And that it will be executed after systemd-update-done.service which is responsible for marking /etc up-to-date relative to the current /usr. ConditionNeedsUpdate= will also checks whether /etc is actually writable, and not trigger if it isn't, since no update is possible then.
2014-06-13condition: minor modernizationsLennart Poettering
2014-06-12sysusers: add minimal tool to reconstruct /etc/passwd and /etc/group from ↵Lennart Poettering
static files systemd-sysusers is a tool to reconstruct /etc/passwd and /etc/group from static definition files that take a lot of inspiration from tmpfiles snippets. These snippets should carry information about system users only. To make sure it is not misused for normal users these snippets only allow configuring UID and gecos field for each user, but do not allow configuration of the home directory or shell, which is necessary for real login users. The purpose of this tool is to enable state-less systems that can populate /etc with the minimal files necessary, solely from static data in /usr. systemd-sysuser is additive only, and will never override existing users. This tool will create these files directly, and not via some user database abtsraction layer. This is appropriate as this tool is supposed to run really early at boot, and is only useful for creating system users, and system users cannot be stored in remote databases anyway. The tool is also useful to be invoked from RPM scriptlets, instead of useradd. This allows moving from imperative user descriptions in RPM to declarative descriptions. The UID/GID for a user/group to be created can either be chosen dynamic, or fixed, or be read from the owner of a file in the file system, in order to support reconstructing the correct IDs for files that shall be owned by them. This also adds a minimal user definition file, that should be sufficient for most basic systems. Distributions are expected to patch these files and augment the contents, for example with fixed UIDs for the users where that's necessary.
2014-06-10tmpfiles: get rid of "m" lines, make them redundant by "z"Lennart Poettering
"m" so far has been a non-globbing version of "z". Since this makes it quite redundant, let's get rid of it. Remove "m" from the man pages, beef up "z" docs instead, and make "m" nothing more than a compatibility alias for "z".
2014-06-10tmpfiles: add new "C" line for copying files or directoriesLennart Poettering
2014-06-10label: when clearing selinux context, don't mangle errnoLennart Poettering
2014-06-10log: honour the kernel's quiet cmdline argumentRonny Chevalier
It was forgotten in b1e90ec515408aec2702522f6f68c4920b56375b See https://bugs.freedesktop.org/show_bug.cgi?id=79582
2014-06-10systemd-detect-virt: only discover Xen domUThomas Blume
The current vm detection lacks the distinction between Xen dom0 and Xen domU. Both, dom0 and domU are running inside the hypervisor. Therefore systemd-detect-virt and the ConditionVirtualization directive detect dom0 as a virtual machine. dom0 is not using virtual devices but is accessing the real hardware. Therefore dom0 should be considered the virtualisation host and not a virtual machine. https://bugs.freedesktop.org/show_bug.cgi?id=77271
2014-06-10bus-proxy: properly index policy by uid/gid when parsingLennart Poettering
2014-06-06bus: add basic dbus1 policy parserLennart Poettering
Enforcement is still missing, but at least we can parse it now.
2014-06-06namespace: beef up read-only bind mount logicLennart Poettering
Instead of blindly creating another bind mount for read-only mounts, check if there's already one we can use, and if so, use it. Also, recursively mark all submounts read-only too. Also, ignore autofs mounts when remounting read-only unless they are already triggered.
2014-06-05namespace: when setting up an inaccessible mount point, unmounting ↵Lennart Poettering
everything below This has the benefit of not triggering any autofs mount points unnecessarily.
2014-06-05util: fix fd_cloexec(), fd_nonblock()Lennart Poettering
2014-06-05sd-daemon: introduce sd_pid_notify() and sd_pid_notifyf()Lennart Poettering
sd_pid_notify() operates like sd_notify(), however operates on a different PID (for example the parent PID of a process). Make use of this in systemd-notify, so that message are sent from the PID specified with --pid= rather than the usually shortlived PID of systemd-notify itself. This should increase the likelyhood that PID 1 can identify the cgroup that the notification message was sent from properly.
2014-06-05kdbus: when uploading bus name policy, resolve users/groups out-of-processLennart Poettering
It's not safe invoking NSS from PID 1, hence fork off worker processes that upload the policy into the kernel for busnames.
2014-06-05socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file ↵Lennart Poettering
system This is relatively complex, as we cannot invoke NSS from PID 1, and thus need to fork a helper process temporarily.
2014-06-04socket: optionally remove sockets/FIFOs in the file system after useLennart Poettering
2014-06-04bus-proxy: drop priviliges if we canLennart Poettering
Either become uid/gid of the client we have been forked for, or become the "systemd-bus-proxy" user if the client was root. We retain CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
2014-06-03shared: capability - don't loop over the cap bits if they are all unsetTom Gundersen
2014-06-03shared: allow drop_priviliges to drop all privsTom Gundersen
2014-06-01timesyncd: split privilege dropping code out of timesyncd so that we can ↵Lennart Poettering
make use of it from other daemons too This is preparation to make networkd work as unpriviliged user.
2014-05-31util: ignore_file should not allow files ending with '~'Thomas Hindoe Paaboel Andersen
ignore_file currently allows any file ending with '~' while it seems that the opposite was intended: a228a22fda4faa9ecb7c5a5e499980c8ae5d2a08
2014-05-28virt: rework container detection logicLennart Poettering
Instead of accessing /proc/1/environ directly, trying to read the $container variable from it, let's make PID 1 save the contents of that variable to /run/systemd/container. This allows us to detect containers without the need for CAP_SYS_PTRACE, which allows us to drop it from a number of daemons and from the file capabilities of systemd-detect-virt. Also, don't consider chroot a container technology anymore. After all, we don't consider file system namespaces container technology anymore, and hence chroot() should be considered a container even less.
2014-05-28build-sys: use glibc's xattr support instead of requiring libattrKay Sievers
2014-05-26Do not unescape unit names in [Install] sectionMichal Sekletar
https://bugs.freedesktop.org/show_bug.cgi?id=49316
2014-05-25nspawn: make nspawn robust to container failureDjalal Harouni
nspawn and the container child use eventfd to wait and notify each other that they are ready so the container setup can be completed. However in its current form the wait/notify event ignore errors that may especially affect the child (container). On errors the child will jump to the "child_fail" label and terminate with _exit(EXIT_FAILURE) without notifying the parent. Since the eventfd is created without the "EFD_NONBLOCK" flag, this leaves the parent blocking on the eventfd_read() call. The container can also be killed at any moment before execv() and the parent will not receive notifications. We can fix this by using cheap mechanisms, the new high level eventfd API and handle SIGCHLD signals: * Keep the cheap eventfd and EFD_NONBLOCK flag. * Introduce eventfd states for parent and child to sync. Child notifies parent with EVENTFD_CHILD_SUCCEEDED on success or EVENTFD_CHILD_FAILED on failure and before _exit(). This prevents the parent from waiting on an event that will never come. * If the child is killed before execv() or before notifying the parent, we install a NOP handler for SIGCHLD which will interrupt blocking calls with EINTR. This gives a chance to the parent to call wait() and terminate in main(). * If there are no errors, parent will block SIGCHLD, restore default handler and notify child which will do execv(), then parent will pass control to process_pty() to do its magic. This was exposed in part by: https://bugs.freedesktop.org/show_bug.cgi?id=76193 Reported-by: Tobias Hunger tobias.hunger@gmail.com
2014-05-25path-util: fix missing terminating zeroTanu Kaskinen
There was this code: if (to_path_len > 0) memcpy(p, to_path, to_path_len); That didn't add the terminating zero, so the resulting string was corrupt if this code path was taken. Using strcpy() instead of memcpy() solves this issue, and also simplifies the code. Previously there was special handling for shortening "../../" to "../..", but that has now been replaced by a path_kill_slashes() call, which also makes the result prettier in case the input contains redundant slashes that would otherwise be copied to the result.
2014-05-25Use %m instead of strerror(errno) where appropiateCristian Rodríguez
2014-05-24detect-virt: Remove string for Microsoft virtualization detection in DMI ↵Reyad Attiyat
vendor string array. The string "Microsoft Corporation" is used in the Surface Tablet's DMI vendor ID. https://bugs.freedesktop.org/show_bug.cgi?id=78312
2014-05-24core: timer - switch to touch_file()Kay Sievers
2014-05-24timedated: refuse manual system time updates when automatic timesync is enabledKay Sievers
2014-05-24clock-util: clock_[sg]et_time() -> clock_[sg]et_hwclock()Kay Sievers
2014-05-24timesyncd: only update stamp file when we are synchronizedKay Sievers
Create initial stamp file with compiled-in time to prevent bootups with clocks in the future from storing invalid timestamps. At shutdown, only update the timestamp if we got an authoritative time to store.
2014-05-24shared: add touch_file() and let touch() always update timestampKay Sievers
2014-05-24shared: rename hwclock.[ch] to clock-util.[ch]Kay Sievers
2014-05-22conf-parser: never consider it an error if we cannot load a drop-in file ↵Lennart Poettering
because it is missing After all, we want to be able to boot with /etc empty one day...
2014-05-22time-util: make sure USEC_PER_SEC and friends are actually of type usec_tLennart Poettering
2014-05-21util: fix a gcc compiler warningLennart Poettering
2014-05-21logind: don't apply RemoveIPC= to system usersLennart Poettering
We shouldn't destroy IPC objects of system users on logout. http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html This introduces SYSTEM_UID_MAX defined to the maximum UID of system users. This value is determined compile-time, either as configure switch or from /etc/login.defs. (We don't read that file at runtime, since this is really a choice for a system builder, not the end user.) While we are at it we then also update journald to use SYSTEM_UID_MAX when we decide whether to split out log data for a specific client.
2014-05-18machined: add logic to query IP addresses of containersLennart Poettering
2014-05-18timesyncd: run timesyncd as unpriviliged user "systemd-timesync" (but still ↵Lennart Poettering
with CAP_SYS_TIME)
2014-05-17conf-parser: silently ignore sections starting with "X-"Michael Marineau
This allows external tools to keep additional unit information in a separate section without scaring users with a big warning.
2014-05-16path-lookup: don't hardcode .configTanu Kaskinen
If XDG_CONFIG_HOME is set, then we should respect that.