summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-01-18bus: drop systemd.kdbus_attach_flags_mask= cmdlineDavid Herrmann
There is no reason to provide our own attach_flags_mask. We can simply rely on kdbus.attach_flags_mask= which is read by the kernel *and* kmod. If it's set, we assume the user wants to override our setting, so we simply skip setting it.
2015-01-18core: write kdbus.attach_flags_mask only on real bootDavid Herrmann
The kernel module system is not namespaced, so no container should ever modify global options. Make sure we set the kdbus attach_flags_mask only on a real boot as PID1.
2015-01-18libudev: fix check for too long packetTopi Miettinen
Don't use recvmsg(2) return value to check for too long packets (it doesn't work) but MSG_TRUNC flag. (David: add parantheses around condition)
2015-01-18util: replace RUN_WITH_LOCALE with extended locale functionsCristian Rodríguez
There were two callers, one can use strtod_l() and the other strptime_l(). (David: fix up commit-msg and coding-style)
2015-01-18timesyncd: consider too long packets as invalidTopi Miettinen
If the received NTP message from server didn't fit to our buffer, either it is doing something nasty or we don't know the protocol. Consider the packet as invalid. (David: add parantheses around conditional)
2015-01-18bus-proxy: don't pretend everyone is rootDavid Herrmann
While it's a lovely scenario, it's probably not really useful. Fix our GetConnectionUnixUser() to return the actual 'euid' which we asked for, not the possible uninitialized 'uid'.
2015-01-18Revert "test-exec: do not skip all the tests"David Herrmann
This reverts commit 68e68ca8106e7cd874682ae425843b48579c6539. We *need* root access to create cgroups. The only exception is if it is run from within a cgroup with "Delegate=yes". However, this is not always true and we really shouldn't rely on this. If your terminal runs from within a systemd --user instance, you're fine. Everyone else is not (like running from ssh, VTs, and so on..).
2015-01-18bus: fix SD_BUS_CREDS_AUGMENT on kdbus queriesDavid Herrmann
If we set SD_BUS_CREDS_AUGMENT, we *need* the PID from the kernel so we can lookup further information from /proc. However, we *must* set SD_BUS_CREDS_PIDS in "mask", otherwise, our creds-collector will never actually copy the pid into "sd_bus_creds". Fix this, so SD_BUS_CREDS_AUGMENT works even if SD_BUS_CREDS_PID is not specified by the caller.
2015-01-18bus: fix typoDavid Herrmann
Fix comment typo and clarify that this is not about privileges but can have rather arbitrary reasons.
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
2015-01-18bus-proxy: fake all UIDs/GIDs, not just the real UID/GIDDavid Herrmann
Make sure we tell the kernel to fake all UIDs/GIDs. Otherwise, the remote side has no chance of querying our effective UID (which is usually what they're interested in).
2015-01-18bus-proxy: fix bus-uid trackingDavid Herrmann
We need to implicitly allow HELLO from users with the same uid as the bus. Fix the bus-uid tracking to use the original uid, not the uid after privilege-dropping.
2015-01-18logind: hide 'self' links if not availableDavid Herrmann
If the caller does not run in a session/seat or has no tracked user, hide the /org/freedesktop/login1/.../self links in introspection data. Otherwise, "busctl tree org.freedesktop.login1" tries to query those nodes even though it cant.
2015-01-17bus-proxy: don't print error-messages if we check multiple destsDavid Herrmann
If we test the policy against multiple destination names, we really should not print warnings if one of the names results in DENY. Instead, pass the whole array of names to the policy and let it deal with it.
2015-01-17bus-proxy: implement org.freedesktop.DBus.ReloadConfig()David Herrmann
Make sure to reload our xml policy configuration if requested via the bus.
2015-01-17bus-proxy: fix indentationDavid Herrmann
Fix whitespace indentation.
2015-01-17bus-proxy: drop privileges if run as rootDavid Herrmann
We cannot use "User=" in unit-files if we want to retain privileges. So make bus-proxy.c explicitly drop privileges. However, only do that if we're root, as there is no need to drop it on the user-bus.
2015-01-17bus-proxy: share policy between threadsDavid Herrmann
This implements a shared policy cache with read-write locks. We no longer parse the XML policy in each thread. This will allow us to easily implement ReloadConfig().
2015-01-17bus-proxy: set custom thread namesDavid Herrmann
Set thread-names to "p$PIDu$UID" and suffix with '*' if truncated. This helps debugging bus-proxy issues if we want to figure out which connections are currently open.
2015-01-17bus-proxy: turn into multi-threaded daemonDavid Herrmann
Instead of using Accept=true and running one proxy for each connection, we now run one proxy-daemon with a thread per connection. This will enable us to share resources like policies in the future.
2015-01-17missing: add macros for OFD locksMichael Marineau
2015-01-17remove unneeded libgen.h includesCristian Rodríguez
2015-01-17random-seed: avoid errors when we cannot write random-seed fileColin Guthrie
When we call 'systemd-random-seed load' with a read-only /var/lib/systemd, the cleanup code (which rewrites the random-seed file) will fail and exit. Arguably, if the filesystem is read-only and the random-seed file exists then this will be possibly be quite bad for entroy on subsequent reboots but it should still not make the unit fail.
2015-01-17bus-proxy: bring back systemd-stdio-bridgeDavid Herrmann
Now that we want to make bus-proxy multi-threaded, we have to bring back the systemd-stdio-bridge for our TCP use-cases.
2015-01-17bus-proxy: extract proxy into Proxy objectDavid Herrmann
Move all the proxy code into a "struct Proxy" object that can be used from multiple binaries. We now dropped SMACK as we have to refactor it to work properly. We can introduce it later on.
2015-01-17bus-proxy: refactor bus-creationDavid Herrmann
Move local and destination bus creation into a helper function. This further reduces the line count of main().
2015-01-16import: support importing qcow2 imagesLennart Poettering
With this change the import tool will now unpack qcow2 images into normal raw disk images, suitable for usage with nspawn. This allows has the benefit of also allowing importing Ubuntu Cloud images for usage with nspawn.
2015-01-16import: support downloading .xz compressed imagesLennart Poettering
That way we can download fedora cloud raw images as-is and decompress them on-the-fly.
2015-01-15LLDP: Support locally assigned port subtypeSusant Sahani
The Zyxel switch sends port subtype as Locally assigned (7). Add LLDP_PORT_SUBTYPE_LOCALLY_ASSIGNED as supported type reported by Mantas Mikulėnas <grawity@gmail.com>
2015-01-15udev: merge evdev_id into input_idDavid Herrmann
There is no reason to keep both separated. We want to avoid API specific tools and instead keep generic terms like 'input'.
2015-01-15udev: fix NULL-ptr derefDavid Herrmann
Make sure we properly validate the return value of udev_device_get_sysattr_value(). It might be NULL for several reasons.
2015-01-15bus-proxyd: move synthesize_name_acquired()Daniel Mack
Move synthesize_name_acquired() to synthesize.c.
2015-01-15bus-proxy: factor out code for driver handling and message synthesisDaniel Mack
Move synthesize_*() into synthesize.c and bus_proxy_process_driver() into driver.c for better code separation.
2015-01-15nspawn: fix log typosJonathan Boulle
2015-01-15nspawn,machined: change default container image location from ↵Lennart Poettering
/var/lib/container to /var/lib/machines Given that this is also the place to store raw disk images which are very much bootable with qemu/kvm it sounds like a misnomer to call the directory "container". Hence, let's change this sooner rather than later, and use the generic name, in particular since we otherwise try to use the generic "machine" preferably over the more specific "container" or "vm".
2015-01-15import: rename "gpt" disk image type to "raw"Lennart Poettering
After all, nspawn can now dissect MBR partition levels, too, hence ".gpt" appears a misnomer. Moreover, the the .raw suffix for these files is already pretty popular (the Fedora disk images use it for example), hence sounds like an OK scheme to adopt.
2015-01-15test-path: do not skip tests if we are not rootRonny Chevalier
We can properly run the tests without being root
2015-01-15test-exec: do not skip all the testsRonny Chevalier
Only 5 tests cannot be executed if we are not root, so just skip them but not the whole set.
2015-01-15spawn: downgrade loopback detach errors to debugLennart Poettering
Sometimes udev or some other background daemon might keep the loopback devices busy while we already want to detach them. Downgrade the warning about it. Given that we use autodetach downgrading these messages should be with little risk.
2015-01-15nspawn: add support for limited dissecting of MBR disk images with nspawnLennart Poettering
With this change nspawn's -i switch now can now make sense of MBR disk images too - however only if there's only a single, bootable partition of type 0x83 on the image. For all other cases we cannot really make sense from the partition table alone. The big benefit of this change is that upstream Fedora Cloud Images can now be booted unmodified with systemd-nspawn: # wget http://download.fedoraproject.org/pub/fedora/linux/releases/21/Cloud/Images/x86_64/Fedora-Cloud-Base-20141203-21.x86_64.raw.xz # unxz Fedora-Cloud-Base-20141203-21.x86_64.raw.xz # systemd-nspawn -i Fedora-Cloud-Base-20141203-21.x86_64.raw -b Next stop: teach the import logic to automatically download these images, uncompress and verify them.
2015-01-14nspawn: pass the container's init PID out via sd_notify()Lennart Poettering
This is useful for nspawn managers that want to learn when nspawn is finished with initialiuzation, as well what the PID of the init system in the container is.
2015-01-14nspawn: fix an incorrect assert comparisonLennart Poettering
2015-01-14loginctl: fix misuse compound literalsLennart Poettering
The lifetime of compound literals is bound to the local scope, we hence cannot refernce them outside of it.
2015-01-14sd-bus: tell Coverity that it's OK not to care for return values in some casesLennart Poettering
2015-01-14nspawn: add file system locks for controlling access to container imagesLennart Poettering
This adds three kinds of file system locks for container images: a) a file system lock next to the actual image, in a .lck file in the same directory the image is located. This lock has the benefit of usually being located on the same NFS share as the image itself, and thus allows locking container images across NFS shares. b) a file system lock in /run, named after st_dev and st_ino of the root of the image. This lock has the advantage that it is unique even if the same image is bind mounted to two different places at the same time, as the ino/dev stays constant for them. c) a file system lock that is only taken when a new disk image is about to be created, that ensures that checking whether the name is already used across the search path, and actually placing the image is not interrupted by other code taking the name. a + b are read-write locks. When a container is booted in read-only mode a read lock is taken, otherwise a write lock. Lock b is always taken after a, to avoid ABBA problems. Lock c is mostly relevant when renaming or cloning images.
2015-01-14sysv-generator: always use fstatat() if we canLennart Poettering
2015-01-14sysv-generator: fix memory leak on failureLennart Poettering
This fixes a memory leak introduced by 1ed0c19f81fd13cdf283c6def0168ce122a853a9
2015-01-14machinectl: fix minor memory leakLennart Poettering
2015-01-14pty: minor modernizationLennart Poettering
We initialize structs during declartion if possible
2015-01-14machined: use the FS_IMMUTABLE_FL file flag, if available, to implement a ↵Lennart Poettering
"read-only" concept for raw disk images, too