summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2014-08-18core: Verify systemd1 DBus method callers via polkitStef Walter
DBus methods that retrieve information can be called by anyone. DBus methods that modify state of units are verified via polkit action: org.freedesktop.systemd1.manage-units DBus methods that modify state of unit files are verified via polkit action: org.freedesktop.systemd1.manage-unit-files DBus methods that reload the entire daemon state are verified via polkit action: org.freedesktop.systemd1.reload-daemon DBus methods that modify job state are callable from the clients that started the job. root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property access etc. There are several DBus methods that can only be called by root. Open up the dbus1 policy for the above methods. (Heavily modified by Lennart, making use of the new bus_verify_polkit_async() version that doesn't force us to always pass the original callback around. Also, interactive auhentication must be opt-in, not unconditional, hence I turned this off.)
2014-08-18bus-util: simplify bus_verify_polkit_async() a bitLennart Poettering
First, let's drop the "bus" argument, we can determine it from the message anyway. Secondly, determine the right callback/userdata pair automatically from what is currently is being dispatched. This should simplify things a lot for us, since it makes it unnecessary to pass pointers through the original handlers through all functions when we process messages, which might require authentication.
2014-08-18sd-bus: add API to query which handler/callback is currently being dispatchedLennart Poettering
2014-08-15Merge commit 'b39a2770ba55637da80e2e389222c59dbea73507'Lennart Poettering
2014-08-15sd-bus: add API to check if a client has privilegesLennart Poettering
This is a generalization of the vtable privilege check we already have, but exported, and hence useful when preparing for a polkit change. This will deal with the complexity that on dbus1 one cannot trust the capability field we retrieve via the bus, since it is read via /proc/$$/stat (and thus might be out-of-date) rather than directly from the message (like on kdbus) or bus connection (as for uid creds on dbus1). Also, port over all code to this new API.
2014-08-15cgroup: only generate warnings if actually writing to cgroup attributes failedLennart Poettering
2014-08-15main,log: parse the log related kernel command line parameters at one place ↵Lennart Poettering
only, and for all tools Previously, we ended up parsing some of them three times: in main.c when processing the kernel cmdline, in main.c when processing the process cmdline (only for containers), and in log.c again. Let's streamline this, and only parse them in log.c In PID 1 also make sure we parse "quiet" first, and then override this with the more specific checks in log.c
2014-08-15main: minor code modernization for initializing the consoleLennart Poettering
2014-08-15hostnamectl: actually implement location supportLennart Poettering
2014-08-15resolve: fix compilation on LLVM+clangDavid Herrmann
LLVM+clang does not allow statement-expressions inside of type-declarations (file-scope). Use CONST_MAX() to avoid this.
2014-08-15macro: add CONST_MAX() macroDavid Herrmann
The CONST_MAX() macro is similar to MAX(), but verifies that both arguments have the same type and are constant expressions. Furthermore, the result of CONST_MAX() is again a constant-expression. CONST_MAX() avoids any statement-expressions and other non-trivial expression-types. This avoids rather arbitrary restrictions in both GCC and LLVM, which both either fail with statement-expressions inside type-declarations or statement-expressions inside static-const initializations. If anybody knows how to circumvent this, please feel free to unify CONST_MAX() and MAX().
2014-08-15macro: const'ify MIN/MAX/... macrosDavid Herrmann
We must add 'const' to local variables in statement-expressions to guarantee that the macros can produce constant-expressions if given such. GCC seems to ignore this, but LLVM/clang requires it (understandably).
2014-08-15resolved: fix assertion when joining llmnr mcast groupLennart Poettering
2014-08-15networkd: print nice warnings if people configure invalid domain namesLennart Poettering
2014-08-15util: make is_localhost() check for 'localdomain' too, so that we can use it ↵Lennart Poettering
for both validating domains and host names
2014-08-15networkd: fix minor memory leakLennart Poettering
2014-08-15networkctl: show acquired system domainsLennart Poettering
2014-08-15sd-network: add system-wide sd_network_get_domains() APILennart Poettering
2014-08-15networkd: always write out locally configured settings first, dhcp-acquired ↵Lennart Poettering
ones later This is primarily important for the domains list, as we really should prefer the locally configured domain over the dhcp supplied ones when we use it as a search list.
2014-08-15networkd: remove "*" from domains listLennart Poettering
Also, simplify things a bit and make sure we don't forget looking at one of the entries.
2014-08-15networkctl: two OOM fixesLennart Poettering
2014-08-15sd-nework: be more careful with error codes, return ENODATA if you lack ↵Lennart Poettering
information
2014-08-15sd-network: add support for wildcard domainsTom Gundersen
2014-08-15networkd: add support for Domains= to .network filesTom Gundersen
This allows the search/routing domanis to be specified per link/network and be passed on to resolved.
2014-08-15kernel-install/90-loaderentry.install: fixed cmdline parsingHarald Hoyer
If /etc/kernel/cmdline is missing or empty, we read /proc/cmdline and want to filter out the initrd line. Due to a bug, the whole contents was filtered out.
2014-08-15core: Rename Job.subscribed field to Job.clientsStef Walter
This reflects how this field will be used, to not only track where to send signals, but also which callers (other than root) are allowed to call DBus methods on the Job.
2014-08-15core: Common code for DBus methods that Cancel a jobStef Walter
Both ofs.Job.Cancel() and ofs.Manager.CancelJob() now use same implementation. So we can add caller verify logic appropriately.
2014-08-15sd-bus: Remove bus arg from bus_verify_polkit_async_registry_free()Stef Walter
It's unneccessary, not used, and complicates callers of the function.
2014-08-15test: fix strtod test for realDavid Herrmann
The "0,5" syntax was actually right. The real problem is, the test should only run if the local system has the de_DE.UTF-8 locale. Therefore, skip the tests if setlocale() fails. This is kinda ugly, as it is done silently, but we cannot skip partial tests with the current infrastructure. Should be fine this way.
2014-08-15util: never use ether_ntoa(), since it formats with %x, not %02x, which ↵Lennart Poettering
makes ethernet addresses look funny
2014-08-15networkctl: increase column width for link type to 18, to accomodate for ↵Lennart Poettering
'ieee80211_radiotap'
2014-08-15networkd: rename UseDomainName to UseDomainsTom Gundersen
This option will also apply to the search domains, so make it plural.
2014-08-15cgroup: downgrade log messages about non-existant cgroup attributes to LOG_DEBUGLennart Poettering
2014-08-15cgroup: never try to create files in cgroupfs, only open them for writingLennart Poettering
This should have the benefit that cg_set_attribute() returns ENOENT instead of EACCESS when we use it for non-existing attributes.
2014-08-15test: fix strtod() testDavid Herrmann
One strtod() test is broken since: commit 8e211000025940b770794abf5754de61b4add0af Author: Thomas Hindoe Paaboel Andersen <phomes@gmail.com> Date: Mon Aug 4 23:13:31 2014 +0200 test: use fabs on doubles The commit was right, so no reason to revert it, but the test was broken before and only worked by coincidence. Convert "0,5" to "0.5" so we don't depend on locales for double conversion (or well, we depend on "C" which seems reasonable).
2014-08-15networkctl: print local domain name in status outputLennart Poettering
2014-08-15dhcp: the localhost isn't valid as hostname eitherLennart Poettering
2014-08-15coredump: display libdw fail string on stack trace failUmut Tezduyar Lindskog
- systemd[1]: hello.service: main process exited, code= dumped, status=3/QUIT - systemd-coredump[2541]: Failed to generate stack trace: Unwinding not supported for this architecture - systemd-coredump[2541]: Process 1024 (hello) of user 154 dumped core.
2014-08-14socket: add bus property for bus property NoDelaySusant Sahani
Missed to add the SD_BUS_PROPERTY for no_delay.
2014-08-14socket: Add support for TCP defer acceptSusant Sahani
TCP_DEFER_ACCEPT Allow a listener to be awakened only when data arrives on the socket. If TCP_DEFER_ACCEPT set on a server-side listening socket, the TCP/IP stack will not to wait for the final ACK packet and not to initiate the process until the first packet of real data has arrived. After sending the SYN/ACK, the server will then wait for a data packet from a client. Now, only three packets will be sent over the network, and the connection establishment delay will be significantly reduced.
2014-08-14socket: Add Support for TCP keep alive variablesSusant Sahani
The tcp keep alive variables now can be configured via conf parameter. Follwing variables are now supported by this patch. tcp_keepalive_intvl: The number of seconds between TCP keep-alive probes tcp_keepalive_probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end. tcp_keepalive_time: The number of seconds a connection needs to be idle before TCP begins sending out keep-alive probes.
2014-08-15core: Refuse mount on symlinkTimofey Titovets
2014-08-15networkd: don't respect domainname from DHCP by defaultTom Gundersen
Most routers will send garbage, so make this opt-in only.
2014-08-15sd-dhcp-lease: verify hostname and domainnames we receiveTom Gundersen
2014-08-14resolved: pull in domain names from sd-networkTom Gundersen
2014-08-14sd-network: add sd_network_linkg_get_domains()Tom Gundersen
For now this only exposes the domain name (DHCP Option 15), and not the search string (DHCP Option 119), which will be implemented in a follow-up patch.
2014-08-14machine_kill(): Don't kill the unit when killing the leaderEelco Dolstra
If "machinectl poweroff" or "machinectl reboot" is used on a systemd-nspawn container started with --keep-unit and --register, it should *only* send the appropriate signal to the leader PID (i.e. the container's systemd process). It shouldn't fall through to manager_kill_unit() to also send the signal to the unit. The latter ends up killing systemd-nspawn, which takes down the container prematurely.
2014-08-14resolved: clarify that LLMNR scopes must have a link assignedLennart Poettering
This is supposed to remove some compiler warnings: http://lists.freedesktop.org/archives/systemd-devel/2014-July/021393.html
2014-08-14core: do not add default dependencies to /usr mount unitJon Severinsson
This makes no difference if /usr was mounted in the initrd, and brings the behaviour of legacy systems closer to those with a propper initrd.
2014-08-14core: move status line ellipsation to 50% of the lineLennart Poettering
http://lists.freedesktop.org/archives/systemd-devel/2014-July/021591.html