summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2014-08-19memfd: simplify APILennart Poettering
Now, that the memfd stuff is not exported anymore, we can simplify a few things: Use assert() instead of assert_return(), since this is used internally only, and we should be less permissive then. No need to pass an allocated fd back by call-by-reference, we can just directly return it.
2014-08-19Revert "socket: introduce SELinuxLabelViaNet option"Lennart Poettering
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec. Needs more discussion on the mailing list.
2014-08-19tmpfiles: add new 'r' line type to add UIDs/GIDs to the pool to allocate ↵Lennart Poettering
UIDs/GIDs from This way we can guarantee a limited amount of compatibility with login.defs, by generate an appopriate "r" line out of it, on package installation.
2014-08-19networkd: don't consider deprecated or tentative addresses when determining ↵Tom Gundersen
operstate https://bugs.freedesktop.org/show_bug.cgi?id=81287
2014-08-19socket: introduce SELinuxLabelViaNet optionMichal Sekletar
This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
2014-08-19networkd: netdev - add missing callback when adding stacked devicesTom Gundersen
As the comment says, the passed in callback must always be invoked, or the underlying link will hang. This was missed when reworking the code, so add it back in.
2014-08-19networkd: link - don't enforce ENSLAVING stateTom Gundersen
We are only guaranteed to stay in ENSLAVING state whilst enslaving by bridges/bonds, not when adding stacked devices (as then the underlying device can be IFF_UP'ed and configured in parallel), so drop these asserts.
2014-08-19util: remove unused FOREACH_WORD_SEPARATOR_QUOTEDLennart Poettering
2014-08-19sysusers: add another column to sysusers files for the home directoryLennart Poettering
2014-08-19networkd: fix use-after-freeTom Gundersen
Elements must be removed from the hashtable before they are freed.
2014-08-19sysusers: add a new RPM macro for creating users directly from data passed ↵Lennart Poettering
in via stdin This allows encoding users to create directly in %pre, which is necessary so that files owned by the RPM can be assigned to the right users/groups. This new macro does create a redundancy, as user definitions for all users that shall own files need to to be listed twice, once with this new macro, and then secondly, in the sysusers file shipped with the package. But there's little way around that, as the users of this type need to exist before we install the first file, but we actually want to ship the user information in a file.
2014-08-19sysusers: optionally, read sysuers configuration from standard inputLennart Poettering
2014-08-19sysusers: also update /etc/shadow and /etc/gshadow when creating new system ↵Lennart Poettering
users This should resolve problems with tools like "grpck" and suchlike.
2014-08-19hashmap: try to use the existing 64bit hash functions for dev_t if it is 64bitLennart Poettering
2014-08-18bus: map sealed memfds as MAP_PRIVATEDavid Herrmann
Mapping files as MAP_SHARED is handled by the kernel as 'writable' mapping. Always! Even with PROT_READ. Reason for that is, mprotect(PROT_WRITE) could change the mapping underneath and currently there is no kernel infrastructure to add protection there. This might change in the future, but until then, map sealed files as MAP_PRIVATE so we don't get EPERM.
2014-08-18util: try to be a bit more NFS compatible when checking whether an FS is ↵Lennart Poettering
writable https://bugs.freedesktop.org/show_bug.cgi?id=81169
2014-08-18core: minor modernizationsLennart Poettering
2014-08-18units: fix BindsTo= logic when applied relative to services with Type=oneshotLennart Poettering
Start jobs for Type=oneshot units are successful when the unit state transition activating → inactive took place. In such a case all units that BindsTo= on it previously would continue to run, even though the unit they dependet on was actually already gone.
2014-08-18bootchart: use NSEC_PER_SECRonny Chevalier
2014-08-18bus-control: Fix cgroup handlingDenis Kenzior
On systems without properly setup systemd, cg_get_root_path returns -ENOENT. This means that busctl doesn't display much information. busctl monitor also fails whenever it intercepts messages. This fix fakes creates a fake "/" root cgroup which lets busctl work on such systems.
2014-08-18networkd: fix how we generate lists in link_save()Lennart Poettering
https://bugs.freedesktop.org/show_bug.cgi?id=82721
2014-08-18tests: add missing entry to test-tablesRonny Chevalier
2014-08-18tests: add tests for time-util.cRonny Chevalier
add tests for: - timezone_is_valid - get_timezones
2014-08-18tests: add test-condition-utilRonny Chevalier
2014-08-18tests: add tests for util.cRonny Chevalier
add tests for: - is_symlink - pid_is_unwaited - pid_is_alive - search_and_fopen - search_and_fopen_nulstr - glob_exists - execute_directory
2014-08-18tests: add test for fdset_iterateRonny Chevalier
2014-08-18tests: add tests for fileio.cRonny Chevalier
add tests for: - write_string_stream - write_string_file - sendfile_full
2014-08-18tests: add missing unlinkRonny Chevalier
2014-08-18tests: add tests for socket-util.cRonny Chevalier
add tests for: - socket_address_is - socket_address_is_netlink - sockaddr_equal
2014-08-18tmpfiles: only execute chmod()/chown() when neededMichael Olbrich
This avoids errors like this, when the paths are already there with the correct permissions and owner: chmod(/var/spool) failed: Read-only file system
2014-08-18Merge remote-tracking branch 'origin/master'Lennart Poettering
2014-08-18networkd: warn when ignoring unsupported tuntap optionsTom Gundersen
The interface for creating tuntap devices should be ported to rtnl so it would support the same settings as other kinds. In the meantime, the best one can do is to drop in a .link file to set the desired options.
2014-08-18core: Verify systemd1 DBus method callers via polkitStef Walter
DBus methods that retrieve information can be called by anyone. DBus methods that modify state of units are verified via polkit action: org.freedesktop.systemd1.manage-units DBus methods that modify state of unit files are verified via polkit action: org.freedesktop.systemd1.manage-unit-files DBus methods that reload the entire daemon state are verified via polkit action: org.freedesktop.systemd1.reload-daemon DBus methods that modify job state are callable from the clients that started the job. root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property access etc. There are several DBus methods that can only be called by root. Open up the dbus1 policy for the above methods. (Heavily modified by Lennart, making use of the new bus_verify_polkit_async() version that doesn't force us to always pass the original callback around. Also, interactive auhentication must be opt-in, not unconditional, hence I turned this off.)
2014-08-18bus-util: simplify bus_verify_polkit_async() a bitLennart Poettering
First, let's drop the "bus" argument, we can determine it from the message anyway. Secondly, determine the right callback/userdata pair automatically from what is currently is being dispatched. This should simplify things a lot for us, since it makes it unnecessary to pass pointers through the original handlers through all functions when we process messages, which might require authentication.
2014-08-18sd-bus: add API to query which handler/callback is currently being dispatchedLennart Poettering
2014-08-18memfd: internalize functions, drop sd_memfd typeDaniel Mack
Remove the sd_ prefix from internal functions and get rid of the sd_memfd type. As a memfd is now just a native file descriptor, we can get rid of our own wrapper type, and also use close() and dup() on them directly.
2014-08-18memfd: use _cleanup_ if applicableDavid Herrmann
We now have a sd_memfd_freep helper, use it if applicable.
2014-08-18memfd: map unsealed files as MAP_SHAREDDavid Herrmann
We need to map sealed files as MAP_PRIVATE so far as the kernel treats MAP_SHARED as writable mapping (you can run mprotect(PROT_WRITE) at any time on those). However, unsealed files must be mapped as MAP_SHARED. Otherwise, we never end up writing to the real file.
2014-08-18memfd: disallow importing memfds without sealingDavid Herrmann
We use memfds for sealing. Lets not bother with memfds created without MFD_ALLOW_SEALING for now. They're equivalent to random shmem files, so don't bother treating them as sealable memfds.
2014-08-18memfd: don't open kdbus for memfdDavid Herrmann
No reason to open /dev/kdbus/control if we want memfds. memfd_create() is always available.
2014-08-18memfd: internalize headerDavid Herrmann
Fix the memfd.h header to use handy features like #pragma, cleanup-funcs and util.h. Also drop the EXTERN-C macros.
2014-08-18memfd: fix memfd_create() syscall wrapperDaniel Mack
Unlike earlier versions, the syscall only takes 2 arguments in its final version, not 3.
2014-08-18memfd: move code from public library to src/sharedDaniel Mack
Don't expose generic kernel API via libsystemd, but keep the code internal for our own usage.
2014-08-17kdbus: switch over to generic memfd implementation (ABI+API break)Daniel Mack
2014-08-16networkctl: use safe_qsort in case no links are presentThomas Hindoe Paaboel Andersen
Unlikely to happen but still...
2014-08-16sd-bus,log: remove unused variablesThomas Hindoe Paaboel Andersen
2014-08-15sd-event: return 'r' rather than '-errno'Tom Gundersen
2014-08-15Merge commit 'b39a2770ba55637da80e2e389222c59dbea73507'Lennart Poettering
2014-08-15sd-event: fix missing needs_rearmTom Gundersen
2014-08-15sd-bus: add API to check if a client has privilegesLennart Poettering
This is a generalization of the vtable privilege check we already have, but exported, and hence useful when preparing for a polkit change. This will deal with the complexity that on dbus1 one cannot trust the capability field we retrieve via the bus, since it is read via /proc/$$/stat (and thus might be out-of-date) rather than directly from the message (like on kdbus) or bus connection (as for uid creds on dbus1). Also, port over all code to this new API.