Age | Commit message (Collapse) | Author |
|
DBus methods that retrieve information can be called by anyone.
DBus methods that modify state of units are verified via polkit
action: org.freedesktop.systemd1.manage-units
DBus methods that modify state of unit files are verified via polkit
action: org.freedesktop.systemd1.manage-unit-files
DBus methods that reload the entire daemon state are verified via polkit
action: org.freedesktop.systemd1.reload-daemon
DBus methods that modify job state are callable from the clients
that started the job.
root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property
access etc. There are several DBus methods that can only be
called by root.
Open up the dbus1 policy for the above methods.
(Heavily modified by Lennart, making use of the new
bus_verify_polkit_async() version that doesn't force us to always
pass the original callback around. Also, interactive auhentication must
be opt-in, not unconditional, hence I turned this off.)
|
|
First, let's drop the "bus" argument, we can determine it from the
message anyway.
Secondly, determine the right callback/userdata pair automatically from
what is currently is being dispatched. This should simplify things a lot
for us, since it makes it unnecessary to pass pointers through the
original handlers through all functions when we process messages, which
might require authentication.
|
|
|
|
|
|
This is a generalization of the vtable privilege check we already have,
but exported, and hence useful when preparing for a polkit change.
This will deal with the complexity that on dbus1 one cannot trust the
capability field we retrieve via the bus, since it is read via
/proc/$$/stat (and thus might be out-of-date) rather than directly from
the message (like on kdbus) or bus connection (as for uid creds on
dbus1).
Also, port over all code to this new API.
|
|
|
|
only, and for all tools
Previously, we ended up parsing some of them three times: in main.c when
processing the kernel cmdline, in main.c when processing the process
cmdline (only for containers), and in log.c again.
Let's streamline this, and only parse them in log.c
In PID 1 also make sure we parse "quiet" first, and then override this
with the more specific checks in log.c
|
|
|
|
|
|
LLVM+clang does not allow statement-expressions inside of
type-declarations (file-scope). Use CONST_MAX() to avoid this.
|
|
The CONST_MAX() macro is similar to MAX(), but verifies that both
arguments have the same type and are constant expressions. Furthermore,
the result of CONST_MAX() is again a constant-expression.
CONST_MAX() avoids any statement-expressions and other non-trivial
expression-types. This avoids rather arbitrary restrictions in both GCC
and LLVM, which both either fail with statement-expressions inside
type-declarations or statement-expressions inside static-const
initializations.
If anybody knows how to circumvent this, please feel free to unify
CONST_MAX() and MAX().
|
|
We must add 'const' to local variables in statement-expressions to
guarantee that the macros can produce constant-expressions if given such.
GCC seems to ignore this, but LLVM/clang requires it (understandably).
|
|
|
|
|
|
for both validating domains and host names
|
|
|
|
|
|
|
|
ones later
This is primarily important for the domains list, as we really should
prefer the locally configured domain over the dhcp supplied ones when we
use it as a search list.
|
|
Also, simplify things a bit and make sure we don't forget looking at one
of the entries.
|
|
|
|
information
|
|
|
|
This allows the search/routing domanis to be specified per link/network and be passed
on to resolved.
|
|
If /etc/kernel/cmdline is missing or empty, we read /proc/cmdline and
want to filter out the initrd line. Due to a bug, the whole contents was
filtered out.
|
|
This reflects how this field will be used, to not only track where
to send signals, but also which callers (other than root) are allowed
to call DBus methods on the Job.
|
|
Both ofs.Job.Cancel() and ofs.Manager.CancelJob() now use same
implementation. So we can add caller verify logic appropriately.
|
|
It's unneccessary, not used, and complicates callers of the
function.
|
|
The "0,5" syntax was actually right. The real problem is, the test should
only run if the local system has the de_DE.UTF-8 locale. Therefore, skip
the tests if setlocale() fails. This is kinda ugly, as it is done
silently, but we cannot skip partial tests with the current
infrastructure. Should be fine this way.
|
|
makes ethernet addresses look funny
|
|
'ieee80211_radiotap'
|
|
This option will also apply to the search domains, so make it plural.
|
|
|
|
This should have the benefit that cg_set_attribute() returns ENOENT
instead of EACCESS when we use it for non-existing attributes.
|
|
One strtod() test is broken since:
commit 8e211000025940b770794abf5754de61b4add0af
Author: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
Date: Mon Aug 4 23:13:31 2014 +0200
test: use fabs on doubles
The commit was right, so no reason to revert it, but the test was broken
before and only worked by coincidence. Convert "0,5" to "0.5" so we don't
depend on locales for double conversion (or well, we depend on "C" which
seems reasonable).
|
|
|
|
|
|
- systemd[1]: hello.service: main process exited, code= dumped, status=3/QUIT
- systemd-coredump[2541]: Failed to generate stack trace: Unwinding not supported for this architecture
- systemd-coredump[2541]: Process 1024 (hello) of user 154 dumped core.
|
|
Missed to add the SD_BUS_PROPERTY for no_delay.
|
|
TCP_DEFER_ACCEPT Allow a listener to be awakened only when data
arrives on the socket. If TCP_DEFER_ACCEPT set on a server-side
listening socket, the TCP/IP stack will not to wait for the final
ACK packet and not to initiate the process until the first packet
of real data has arrived. After sending the SYN/ACK, the server will
then wait for a data packet from a client. Now, only three packets
will be sent over the network, and the connection establishment delay
will be significantly reduced.
|
|
The tcp keep alive variables now can be configured via conf
parameter. Follwing variables are now supported by this patch.
tcp_keepalive_intvl: The number of seconds between TCP keep-alive probes
tcp_keepalive_probes: The maximum number of TCP keep-alive probes to
send before giving up and killing the connection if no response is
obtained from the other end.
tcp_keepalive_time: The number of seconds a connection needs to be
idle before TCP begins sending out keep-alive probes.
|
|
|
|
Most routers will send garbage, so make this opt-in only.
|
|
|
|
|
|
For now this only exposes the domain name (DHCP Option 15), and not
the search string (DHCP Option 119), which will be implemented in
a follow-up patch.
|
|
If "machinectl poweroff" or "machinectl reboot" is used on a
systemd-nspawn container started with --keep-unit and --register, it
should *only* send the appropriate signal to the leader PID (i.e. the
container's systemd process). It shouldn't fall through to
manager_kill_unit() to also send the signal to the unit. The latter
ends up killing systemd-nspawn, which takes down the container
prematurely.
|
|
This is supposed to remove some compiler warnings:
http://lists.freedesktop.org/archives/systemd-devel/2014-July/021393.html
|
|
This makes no difference if /usr was mounted in the initrd,
and brings the behaviour of legacy systems closer to those
with a propper initrd.
|
|
http://lists.freedesktop.org/archives/systemd-devel/2014-July/021591.html
|