| Age | Commit message (Collapse) | Author |
|---|
|
On dbus1, we receive systemd1.Agent signals via the private socket, hence
it's trusted. However, on kdbus we receive it on the system bus. We must
make sure it's sent by UID=0, otherwise unprivileged users can fake it.
Furthermore, never forward broadcasts we sent ourself. This might happen
on kdbus, as we forward the message on the same bus we received it on,
thus ending up in an endless loop.
|
|
Running `busctl monitor` currently buffers data for several seconds /
kilobytes before writing stdout. This is highly confusing if you dump in a
file, ^C busctl and then end up with a file with data of the last few
_seconds_ missing.
Fix this by explicitly flushing after each signal.
|
|
journal: in persistent mode create /var/log/journal, with all parents.
|
|
systemd/revert-429-nspawn-userns-uid-shift-autodetection-fix
Revert "nspawn: determine_uid_shift before forking"
|
|
systemd-journald races with systemd-tmpfiles-setup, and hence both are
started at about the same time. On a bare-bones system (e.g. with
empty /var, or even non-existent /var), systemd-tmpfiles will create
/var/log. But it can happen too late, that is systemd-journald already
attempted to mkdir /var/log/journal, ignoring the error. Thus failing
to create /var/log/journal. One option, without modifiying the
dependency graph is to create /var/log/journal directory with parents,
when persistent storage has been requested.
|
|
|
|
Error message for enumerating addresses was not 'addresses' but 'links'.
This patch fixes it.
|
|
richardmaw-codethink/machinectl-import-earlier-than-3-15
util: fall back in rename_noreplace when renameat2 isn't implemented
|
|
Qemu provides a separate pci-bridge exclusively for multi-seat setups.
The normal pci-pci bridge ("-device pci-bridge") has 1b36:0001. The new
pci-bridge-seat was specifically added to simplify guest-side
multiseat configuration. It is identical to the normal pci-pci bridge,
except that it has a different id (1b36:000a) so we can match it and
configure multiseating automatically.
Make sure we always treat this as separate seat if we detect this, just
like other "Pluggable" devices.
(David: write commit-message)
|
|
According to README we only need 3.7, and while it may also make sense
to bump that requirement when appropriate, it's trivial to fall back
when renameat2 is not available.
|
|
escape: fix exit code
|
|
When we get notifications from the kernel, we always turn them into
synthetic dbus1 messages. This means, we do *not* consume the kdbus
message, and as such have to free the offset.
Right now, the translation-helpers told the caller that they consumed the
message, which is wrong. Fix this by explicitly releasing all kernel
messages that are translated.
|
|
r == 0 indicates success, not failure
|
|
fix segfault when cancelling enslaving of links by netdevs
|
|
|
|
socket: Set SO_REUSEPORT before bind()
|
|
udev: destroy manager before cleaning environment
|
|
Due to our _cleanup_ usage for the udev manager, it will be destroyed
after the "exit:" label has finished. Therefore, it is the last
destruction done in main(). This has two side-effects:
- mac_selinux is destroyed before the udev manager is, possible causing
use-after-free if the manager-cleanup accesses selinux data
- log_close() is called *before* the manager is destroyed, possibly
re-opening the log if you use --debug (and thus not re-applying the
--debug option)
Avoid this by moving the manager-handling into a new function called
run(). This function will be left before we enter the "exit:" label in
main(), hence, the manager object will be destroyed early.
|
|
https://github.com/systemd/systemd/issues/462
|
|
Unlike dbus-daemon, the bus-proxy does not know the receiver of a
broadcast (as the kernel has exclusive access on the bus connections).
Hence, and "destination=" matches in dbus1 policies cannot be applied.
But kdbus does not place any restrictions on *SENDING* broadcasts, anyway.
The kernel never returns EPERM to KDBUS_CMD_SEND if KDBUS_MSG_SIGNAL is
set. Instead, receiver policies are checked. Hence, stop checking sender
policies for signals in bus-proxy and leave it up to the kernel.
This fixes some network-manager bus-proxy issues where NM uses weird
dst-based matches against interface-based matches. As we cannot perform
dst-based matches, our bus-proxy cannot properly implement this policy.
|
|
Right now, if you start a session via 'su' or 'sudo' from within a
session, we make sure to re-use the existing session instead of creating a
new one. We detect this by reading the session of the requesting PID.
However, with gnome-terminal running as a busname-unit, and as such
running outside the session of the user, this will no longer work.
Therefore, this patch makes sure to return the existing session of a VT if
you start a new one.
This has the side-effect, that you will re-use a session which your PID is
not part of. This works fine, but will break assumptions if the parent
session dies (and as such close your session even though you think you're
part of it). However, this should be perfectly fine. If you run multiple
logins on the same session, you should really know what you're doing. The
current way of silently accepting it but choosing the last registered
session is just weird.
|
|
In VMs / virtio drives there is no model. Also don't print "Disk:
(null)" in output if no model is available.
|
|
bind() fails if it is called before setting SO_REUSEPORT and another
process is already binded to the same addess.
A new reuse_port option has been introduced to socket_address_listen()
to set the option as part of socket initialization.
|
|
Fix weird coding-style:
- proper white-space
- no if (func() >= 0) bail-outs
- fix braces
- avoid 'r' for anything but errno
- init _cleanup_ variables unconditionally, even if not needed
|
|
This partially reverts commit 78d298bbc57e412574ea35e6e66f562d97fd9ebc.
The changed coding-style is kept, but the ENOENT->ENOSYS conversion is
reverted.
kmod was fixed upstream to no longer return ENOSYS. Also see:
https://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/?id=114ec87c85c35a2bd3682f9f891e494127be6fb5
The kmod fix is marked for backport, so no reason to bump the kmod
version we depend on.
|
|
udev: event - simplify udev_event_spawn() logic
|
|
netlink container rework
Allocate containers as separate structs instead of individual arrays for each member field.
|
|
This facility was never a proper solution, but only papered over
real bugs in the kernel. There are no known sysfs "timing bugs"
since a long time.
|
|
bootchart: Ensure that /proc/schedstat is read entirely (v2)
|
|
richardmaw-codethink/nspawn-userns-uid-shift-autodetection-fix
nspawn: determine_uid_shift before forking
|
|
nspawn: Don't remount with fewer options
|
|
On multi-core systems file /proc/schedstat may be
larger than 4096 bytes and pread() will only read part of it.
Fix issue https://github.com/systemd/systemd/issues/404
|
|
It is needed in one branch of the fork, but calculated in another
branch.
Failing to do this means using --private-users without specifying a uid
shift always fails because it tries to shift the uid to UID_INVALID.
|
|
When we do a MS_BIND mount, it inherits the flags of its parent mount.
When we do a remount, it sets the flags to exactly what is specified.
If we are in a user namespace then these mount points have their flags
locked, so you can't reduce the protection.
As a consequence, the default setup of mount_all doesn't work with user
namespaces. However if we ensure we add the mount flags of the parent
mount when remounting, then we aren't removing mount options, so we
aren't trying to unlock an option that we aren't allowed to.
|
|
When shutting down, if systemd was started with --log-target=null,
systemd-shutdown was being called with --log-target=console.
|
|
While the LSB suggests only [A-Za-z0-9], that doesn't prevent admins
from doing the wrong thing. Lets not generate invalid names in
that case.
|
|
Do not assume that a non-service unit type is a target.
|
|
Push the extraction of the envp + argv as close as possible to their use, to avoid code
duplication. As a sideeffect fix logging when delaing execution.
|
|
udev: Remove accelerometer helper
|
|
If a link is attempted t obe enslaved by a netdev that has already failed, we
must fail immediately and not save the callback for later, as it will then
never get triggered.
|
|
This only happens when something has gone wrong, so is not easy to hit. However,
if a bridge (say) is configured on a system without bridge support we will hit
this.
Fixes issue #299.
|
|
systemd-mailing-devs/1435512180-3659-1-git-send-email-ebiggers3@gmail.com
util: fix incorrect escape sequence in string_is_safe()
|
|
|
|
Until commit 1f2ecb0 ("bootchart: kill a bunch of global variables")
variable "head" was declared global and this action was performed by svg_header.
Now that "head" is local and passed to each function called by svg_do(...)
move the code at the beginning of svg_do(...) to restore the correct behaviour.
|
|
This was a left-over from before we supported containers.
|
|
Instead of representing containers as several arrays, make a new
netlink_container struct and keep one array of these structs. We
also introduce netlink_attribute structs that in the future will
hold meta-information about each atribute.
|
|
Also rename from rtnl_* to netlink_*.
|
|
This was an oversight, they are no different from regular containers in this respect.
|
|
It's moved to the iio-sensor-proxy D-Bus service.
|
|
Commit c0f32805 ("logind: use sd_event timer source for inhibitor
logic") reworked the main loop logic of logind so that it uses a
real timeout callback handler to execute delayed functions.
What the old code did, however, was to call those functions on
every iteration in the main loop, not only when the timeout
expired.
Restore that behavior by bringing back manager_dispatch_delayed(),
and call it from manager_run(). The internal event source callback
manager_inhibit_timeout_handler() was turned into a wrapper of
manager_dispatch_delayed() now.
|
