| Age | Commit message (Collapse) | Author |
|---|
|
Introduces a new concept of "trusted" vs. "untrusted" busses. For the
latter libsystemd-bus will automatically do per-method access control,
for the former all access is automatically granted. Per-method access
control is encoded in the vtables: by default all methods are only
accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag
is set for a method it is accessible to unprivileged clients too. By
default whether a client is privileged is determined via checking for
its CAP_SYS_ADMIN capability, but this can be altered via the
SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field
of the method.
Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and
SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note
however that read access is unrestricted, as PropertiesChanged messages
might send out the values anyway as an unrestricted broadcast.
By default the system bus is set to "untrusted" and the user bus is
"trusted" since per-method access control on the latter is unnecessary.
On dbus1 busses we check the UID of the caller rather than the
configured capability since the capability cannot be determined without
race. On kdbus the capability is checked if possible from the attached
meta-data of a message and otherwise queried from the sending peer.
This also decorates the vtables of the various daemons we ship with
these flags.
|
|
other calls
Instead of returning an enum of return codes, make them return error
codes like kdbus does internally.
Also, document this behaviour so that clients can stick to it.
(Also rework bus-control.c to always have to functions for dbus1 vs.
kernel implementation of the various calls.)
|
|
Message handler callbacks can be simplified drastically if the
dispatcher automatically replies to method calls if errors are returned.
Thus: add an sd_bus_error argument to all message handlers. When we
dispatch a message handler and it returns negative or a set sd_bus_error
we send this as message error back to the client. This means errors
returned by handlers by default are given back to clients instead of
rippling all the way up to the event loop, which is desirable to make
things robust.
As a side-effect we can now easily turn the SELinux checks into normal
function calls, since the method call dispatcher will generate the right
error replies automatically now.
Also, make sure we always pass the error structure to all property and
method handlers as last argument to follow the usual style of passing
variables for return values as last argument.
|
|
|
|
everywhere
We want to emphasize bus connections as per-thread communication
primitives, hence introduce a concept of a per-thread default bus, and
make use of it everywhere.
|
|
it everywhere
Try to emphasize a bit that there should be a mapping between event
loops and threads, hence introduce a logic that there's one "default"
event loop for each thread, that can be queried via
"sd_event_default()".
|
|
|
|
This reverts commit 36f9f99556b2fd90705a9eda2e8f182b1e63a15e.
The ntp unit information is only needed by timedated which runs in late
boot only, where all disks are around. Hence there's no point in
allowing them to be located in the rootprefix.
|
|
This allow querying the RTC time from the unprivileged timedatectl.
|
|
|
|
and thus blocks out everybody else
chrony is appears to keep the RTC open continuously these days which is
a bad idea, and /dev/rtc is a single-user device, which is a bad idea
too. Together both bad ideas mean that nobody else can access the RTC
anymore. That's something to fix, but in the meantime we should handle
this more gracefully.
|
|
Just use an unsigned int as a bool type to avoid issues in the public
message reading API; sizeof(bool) == 1, but the code copies 4 bytes at
the pointers destination.
|
|
This way, we do not have to call it manually
|
|
|
|
This way, timedatectl can be run over the network and determine all
properties correctly from the server rather than the client.
|
|
Since access to the RTC is privileged expose the current RTC time as bus
property so that unprivileged clients can read it.
|
|
Among other things this also adds a few things necessary for the change:
- Considerably more powerful error returning APIs in libsystemd-bus
- Adapter for connecting an sd_bus to an sd_event
- As I reworked the PolicyKit logic to the new library I also made it
asynchronous, so that PolicyKit requests of one user cannot block out
another user anymore.
- We always use the macro names for common bus error. That way it is
harder to mistype them since the compiler will notice
|
|
Use proper grammar, word usage, adjective hyphenation, commas,
capitalization, spelling, etc.
To improve readability, some run-on sentences or sentence fragments were
revised.
[zj: remove the space from 'file name', 'host name', and 'time zone'.]
|
|
http://lists.freedesktop.org/archives/systemd-devel/2013-April/010510.html
|
|
|
|
Contents of /etc/adjtime and more.
|
|
You can write much more than just one line with this call (and we
frequently do), so let's correct the naming.
|
|
Based on coverity report.
|
|
Ensure clients don't overflow usec_t when doing relative time changes.
This is mostly just paranoia and protection against accidents, after all
clients are already authenticated, and they can se the time to any
value they wish anyway, but better be safe than sorry.
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1152187/comments/14
|
|
This is a followup to: commit 1a37b9b9043ef83e9900e460a9a1fccced3acf89
It will fix denial messages from dbus-daemon between gdm and
systemd-logind on logging into GNOME due to this.
See the previous commit for more details.
|
|
If we can't successfully query any ntpd units, set CanNTP to false.
GNOME wants to use this to grey out the NTP switch in the UI.
https://bugs.freedesktop.org/show_bug.cgi?id=61816
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
|
|
|
|
hostname, locale, timezone
This simplifies the upstream system code quite a bit. If downstream distributions want to maintain compatibility with their old configuration files, they are welcome to do so, but need to maintain this as patches downstream. The burden needs to be on the distributions to maintain differences here. Our suggestion however is to just convert the old configuration files on upgrade, as multiple distributions already do.
|
|
Fix the fallowing error when no system dbus available:
Failed to get system D-Bus connection: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
process 14920: arguments to dbus_connection_close() were incorrect, assertion "connection != NULL" failed in file ../../dbus/dbus-connection.c line 2889.
This is normally a bug in some application using the D-Bus library.
process 14920: arguments to dbus_connection_unref() were incorrect, assertion "connection != NULL" failed in file ../../dbus/dbus-connection.c line 2776.
This is normally a bug in some application using the D-Bus library.
|
|
The MESSAGE_ID=... stanza will appear in countless number of places.
It is just too long to write it out in full each time.
Incidentally, this also fixes a typo of MESSSAGE is three places.
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=858771
|
|
Properly tell the kernel at bootup, and any later time zone changes,
the actual system time zone.
Things like the kernel's FAT filesystem driver needs the actual time
zone to calculate the proper local time to use for the on-disk time
stamps.
https://bugzilla.redhat.com/show_bug.cgi?id=802198
|
|
|
|
- Make writing/reading of /etc/timezone dependendent of HAVE_SYSV_COMPAT
- Introduce symlink_atomic() after all, and use it
- Use relative symlink for /etc/localtime
|
|
/etc/localtime -> /usr/share/zoneinfo/...
or
/etc/localtime -> ../usr/share/zoneinfo/...
(note, ../usr is not the same if /etc is a symlink, as this isn't
using canonicalize_file_name())
keep other method for now, consider dropping later.
Supporting relative links here are problematic as timezones in
/usr/share/zoneinfo are often themselves symlinks (and symlinks to
symlinks), so this implamentation only supports absolute symlinks
"/usr/share/zoneinfo/" and relative symlinks starting with
"../usr/share/zoneinfo/"
>From TODO (kay sievers):
* kill /etc/timezone handling entirely? What does it provide?
- /etc/localtime carries the same information already:
$ ls -l /etc/localtime; cat /etc/timezone
lrwxrwxrwx 1 root root 33 Jul 27 09:55 /etc/localtime -> /usr/share/zoneinfo/Europe/Berlin
Europe/Berlin
- systemd enforces /usr to be available at bootup, so we can
enforce the use of the symlink
|
|
|
|
also a number of minor fixups and bug fixes: spelling, oom errors
that didn't print errors, not properly forwarding error codes,
few more consistency issues, et cetera
|
|
glibc/glib both use "out of memory" consistantly so maybe we should
consider that instead of this.
Eliminates one string out of a number of binaries. Also fixes extra newline
in udev/scsi_id
|
|
|
|
To be considered by timedated for NTP a package simply has to drop in
/usr/lib/systemd/ntp-units.d/foobar.list and write one or more unit
names into it. The first one listed is the one that is enabled.
|
|
The previous systemd-timedated-ntp.target was suffering by the problem
that NTP implementations enabled via the machanism could not be disabled
the obvious way on the "systemctl disable" command line. Replace
systemd-timedated-ntp.target by a list of implementations we try in
turn. The list is encoded in $pkgdatadir/ntp-units.
|
|
|
|
timedated's NTP setting
We shouldn't hardcode the name of the NTP implementation in the
timedated mechanism, especially since Fedora currently switched from NTP
to chrony.
This patch introduces a new target that is enabled/disabled instead of
the actual NTP implementation. The various NTP implementations should
then add .wants/ symlinks to their services and BindTo back to the
target, so that their implementations are started/stopped jointly with
the target.
https://bugzilla.redhat.com/show_bug.cgi?id=815748
|
|
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.
Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.
The bits that used to be MIT continue to be MIT.
The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=790260
|
|
|
|
The way the various properties[] arrays are initialized is inefficient:
- only the .data members change at runtime, yet the whole arrays of
properties with all the fields are constructed on the stack one by
one by the code.
- there's duplication, eg. the properties of "org.freedesktop.systemd1.Unit"
are repeated in several unit types.
Fix it by moving the information about properties into static const
sections. Instead of storing the .data directly in the property, store
a constant offset from a run-time base.
The small arrays of struct BusBoundProperties bind together the constant
information with the right runtime information (the base pointer).
On my system the code shrinks by 60 KB, data increases by 10 KB.
|
