Age | Commit message (Collapse) | Author |
|
logind: bring bus policy up-to-date
|
|
We shouldn't fall over that, and just assume it is 0 in this case.
Fixes #499.
|
|
A while back we opened up all of logind's bus calls to unprivileged
users, via PK. However, the dbus1 policy wasn't updated accordingly.
With this change, the dbus1 policy is opened up for all bus calls that
should be available to unprivileged clients.
(also rearranges some calls in the vtable, to make more sense, and be in
line with the order in the bus policy file)
Fixes #471.
|
|
util: make sure we don't clobber errno in error path
|
|
basic: simplify path_is_mount_point() a bit
|
|
This removes two uses of the ternary operator.
|
|
|
|
core: include unit in path state transition debug logging.
|
|
|
|
Spell out the proper name. Use 'pos' over 'position', and also update the
logind state file to do the same. Note that this breaks live updates.
However, we only save 'POSITION' on non-seat0, so this shouldn't bother
anyone for real. If you run multi-seat setups, you better restart a
machine on updates, anyway.
|
|
Make sure a greeter can forcefully spawn a session on a VT that is
in-use. A recent patch prevented this (this used to be possible for all
session types) as it is highly fragile. However, as it turns out,
greeters seem to rely on that feature. Therefore, make sure we allow it
explicitly for greeters.
|
|
boot: use BUILD_ID if VERSION_ID is not available
|
|
sd-bus: include queried path in GetManagedObjects
|
|
|
|
sd-bus: sd_bus_slot_get_description() should return const strings
|
|
If GetManagedObjects is called on /foo/bar, then it should also include
the object /foo/bar, if it exists. Right now, we only include objects
underneath /foo/bar/.
This follows the behavior of existing dbus implementations.
Obsoletes #527 and fixes #525. Reported by: Nathaniel McCallum
|
|
According to os-release(5), VERSION_ID is not mandatory and BUILD_ID only
needs to be unique underneath VERSION_ID. Therefore, assuming a missing
VERSION_ID field means 'empty', we can rely on BUILD_ID to be unique.
Use BUILD_ID if VERSION_ID is not present. This way, rolling-release
distros can still provide a proper os-release entry without crafting
random VERSION_ID strings.
This fixes #186.
|
|
There is no guarantee that the os-release section contains each key only
once, nor any guarantee that all keys are present. Make sure we properly
free memory in both cases.
Not that it matters much, as we're short-living, anyway. But correct code
is always nicer to read..
|
|
All other *_get_description() functions use 'const char**', so make sure
sd_bus_slot_get_description() does the same.
This changes API, but ABI stays stable. I think this is fine, but I
wouldn't mind bumping SONAME.
Reported in #528.
|
|
"systemctl daemon-reload" should also update the manager defaults from
/etc/systemd/system.conf.
For details, see:
http://lists.freedesktop.org/archives/systemd-devel/2015-June/033062.html
Amended to use manager_set_defaults() as common function.
|
|
|
|
property callback returns are consistent
|
|
fileio: consolidate write_string_file*()
|
|
resolved: fix marshalling of RRSIG records
|
|
journal-gatewayd: fix tmpfile logic
|
|
Remove python-systemd
|
|
It is no different to return 0 over 1 in the property
callback. It is confusing to return 1 which made me think
1 has a special purpose. This way code is consistent with
the rest of the tree.
|
|
The key tag is 16, not 8 bits.
|
|
"rw" is not a valid mode string for f*open(). This got broken in
cc02a7b33049 ("journal-gatewayd: factor out opening of temp
file").
|
|
Right now, if you're already in a session and call CreateSession, we
return information about the current session of yours. This is highy
confusing and a nasty hack. Avoid that, and instead return a commonly
known error, so the caller can detect that.
This has the side-effect, that we no longer override XDG_VTNR and XDG_SEAT
in pam_systemd, if you're already in a session. But this sounds like the
right thing to do, anyway.
|
|
Old gdm and lightdm start the user-session during login before they
destroy the greeter-session. Therefore, the user-session will take over
the VT from the greeter. We recently prevented this by never allowing
multiple sessions on the same VT. Fix this now, by explicitly allowing
this if the owning session is a GREETER.
Note that gdm no longer behaves like this. Instead, due to wayland, they
always use a different VT for each session. All other login-managers are
highly encouraged to destroy the greeter-session _before_ starting the
user-session. We now work around this, but this will probably not last
forever (and will already have nasty side-effects on the greeter-session).
|
|
|
|
Login small cleanup
|
|
python-system has moved to it's own repository:
https://github.com/systemd/python-systemd
|
|
|
|
! is supposed to be used for booleans and pointers.
|
|
The latest consolidation cleanup of write_string_file() revealed some users
of that helper which should have used write_string_file_no_create() in the
past but didn't. Basically, all existing users that write to files in /sys
and /proc should not expect to write to a file which is not yet existant.
|
|
Merge write_string_file(), write_string_file_no_create() and
write_string_file_atomic() into write_string_file() and provide a flags mask
that allows combinations of atomic writing, newline appending and automatic
file creation. Change all users accordingly.
|
|
Add a flag to control whether write_string_stream() should always enforce a
trailing newline character in the file.
|
|
|
|
richardmaw-codethink/nspawn-automatic-uid-shift-fix-v2
nspawn: Communicate determined UID shift to parent version 2
|
|
- Make sure that the IPv6PrivacyExtensions=yes results in
prefer-temporary, not prefer-public.
- Introduce special enum value "kernel" to leave setting unset, similar
how we have it for the IP forwarding settings.
- Bring the enum values in sync with the the strings we parse for them,
to the level this makes sense (specifically, rename "disabled" to
"no", and "prefer-temporary" to "yes").
- Make sure we really set the value to to "no" by default, the way it is
already documented in the man page.
- Fix whitespace error.
- Make sure link_ipv6_privacy_extensions() actually returns the correct
enum type, rather than implicitly casting it to "bool".
- properly size formatting buffer for ipv6 sysctl value
- Don't complain if /proc/sys isn't writable
- Document that the enum follows the kernel's own values (0 = off, 1 =
prefer-public, 2 = prefer-temporary)
- Drop redundant negating of error code passed to log_syntax()
- Manpage fixes
This fixes a number of issues from PR #417
|
|
networkd: be more defensive when writing to ipv4/ipv6 forwarding sett…
|
|
|
|
|
|
Right now, we never install destination matches on kdbus as the kernel did
not support MATCH rules on those. With the introduction of
KDBUS_ITEM_DST_ID we can now match on destination IDs, so add explicit
support for those.
This requires a recent kdbus module to work. However, there seems to be no
user-space that uses "Destination=''" matches, yet, so old kdbus modules
still work fine (we couldn't find any real user).
This is needed to match on unicast signals in bus-proxy. A followup will
add support for this.
|
|
There is logic to determine the UID shift from the file-system, rather
than having it be explicitly passed in.
However, this needs to happen in the child process that sets up the
mounts, as what's important is the UID of the mounted root, rather than
the mount-point.
Setting up the UID map needs to happen in the parent becuase the inner
child needs to have been started, and the outer child is no longer able
to access the uid_map file, since it lost access to it when setting up
the mounts for the inner child.
So we need to communicate the uid shift back out, along with the PID of
the inner child process.
Failing to communicate this means that the invalid UID shift, which is
the value used to specify "this needs to be determined from the file
system" is left invalid, so setting up the user namespace's UID shift
fails.
|
|
1) never bother with setting the flag for loopback devices
2) if we fail to write the flag due to EROFS (which is likely to happen
in containers where /proc/sys is read-only) or any other error, check
if the flag already has the right value. If so, don't complain.
Closes #469
|
|
|
|
|