summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-01-21import: add image verification using gpgLennart Poettering
This also adds an initial keyring for the verification, that contains Ubuntu's and Fedora's key. We should probably add more entries sooner or later.
2015-01-20nspawn: work around kernel bug with partition table probing on loopback devicesLennart Poettering
When we set up a loopback device with partition probing, the udev "change" event about the configured device is first passed on to userspace, only the the in-kernel partition prober is started. Since partition probing fails with EBUSY when somebody has the device open, the probing frequently fails since udev starts probing/opening the device as soon as it gets the notification about it, and it might do so earlier than the kernel probing. This patch adds a (hopefully temporary) work-around for this, that compares the number of probed partitions of the kernel with those of blkid and synchronously asks for reprobing until the numebrs are in sync. This really deserves a proper kernel fix.
2015-01-20import: add a couple of additional suffixes to remove from raw imagesLennart Poettering
2015-01-20import: make image verification optionalLennart Poettering
2015-01-20sd-dhcp6-client: Remove unnecessary debug printoutPatrik Flykt
2015-01-20import: add a simple scheme for validating the SHA256 sums of downloaded raw ↵Lennart Poettering
files
2015-01-20import: be less aggressive when allocating memory for downloaded payloadLennart Poettering
2015-01-20import: improve logging a bitLennart Poettering
2015-01-20import: port pull-raw to helper tools implemented for pull-tarLennart Poettering
This allows us to reuse a lot more code, and simplify pull-raw drastically.
2015-01-20import: add support for pulling raw tar balls as containersLennart Poettering
Ubuntu provides their cloud images optionally as tarball, hence also support downloading those.
2015-01-20util: make http url validity checks more generic, and move them to util.cLennart Poettering
2015-01-20networkd: fix a typo in networkd-wait-online-manager.Rami Rosen
subscibe->subscribe
2015-01-19man: add networkctl(1)Zbigniew Jędrzejewski-Szmek
2015-01-20nspawn: add ipvlan supportTom Gundersen
2015-01-19networkd: netdev - add ipvlan supportTom Gundersen
2015-01-19systemctl: do not show dots with --plainZbigniew Jędrzejewski-Szmek
Plain implies a ... "plain" output. Also do not say "No jobs" with --no-legend. We skip reporting the number of jobs with --no-legend if there are any, and 0 is also a number, and should be skipped.
2015-01-19nspawn: support dissecting GPT images that contain only a single generic ↵Lennart Poettering
linux partition This should allow running Ubuntu UEFI GPT Images with nspawn, unmodified.
2015-01-19import: clarify when we are unpacking the qcow2 deviceLennart Poettering
2015-01-19inspawn: wait until udev has probed a loopback device before making us of itLennart Poettering
2015-01-19import: make sure don't leak the LZMA contextLennart Poettering
2015-01-19machined: refer to the disk space allocated for an image to "usage" rather ↵Lennart Poettering
than "size" After all, it's closer to the "du"-reported value than to the file sizes...
2015-01-19qcow2: when dissecting qcow2, use btrfs clone ioctls for reflinking blocks ↵Lennart Poettering
to target
2015-01-19import: when downloading raw files, show simple progress reportsLennart Poettering
2015-01-19import: simplify the code a bitLennart Poettering
2015-01-19import-raw: when downloading raw images, generate sparse files if we canLennart Poettering
2015-01-19import-raw: set NOCOW flag on all raw images we createLennart Poettering
2015-01-19systemctl: fix import-environment description, trim help to 80 colsZbigniew Jędrzejewski-Szmek
2015-01-19journalctl: trim --help to fit in 80 columnsZbigniew Jędrzejewski-Szmek
Terminals tend to be 80 columns wide by default, and the help text is only supposed to be a terse reminder anyway. https://bugzilla.redhat.com/show_bug.cgi?id=1183771
2015-01-19cgroup: fix typoDaniel Mack
2015-01-18Move DEFINE_TRIVIAL_CLEANUP_FUNC to macro.hZbigniew Jędrzejewski-Szmek
This remove the need for various header files to include the (relatively heavyweight) util.h.
2015-01-18Add initialization helper for file_handle_unionZbigniew Jędrzejewski-Szmek
2015-01-18bus: drop systemd.kdbus_attach_flags_mask= cmdlineDavid Herrmann
There is no reason to provide our own attach_flags_mask. We can simply rely on kdbus.attach_flags_mask= which is read by the kernel *and* kmod. If it's set, we assume the user wants to override our setting, so we simply skip setting it.
2015-01-18core: write kdbus.attach_flags_mask only on real bootDavid Herrmann
The kernel module system is not namespaced, so no container should ever modify global options. Make sure we set the kdbus attach_flags_mask only on a real boot as PID1.
2015-01-18libudev: fix check for too long packetTopi Miettinen
Don't use recvmsg(2) return value to check for too long packets (it doesn't work) but MSG_TRUNC flag. (David: add parantheses around condition)
2015-01-18util: replace RUN_WITH_LOCALE with extended locale functionsCristian Rodríguez
There were two callers, one can use strtod_l() and the other strptime_l(). (David: fix up commit-msg and coding-style)
2015-01-18timesyncd: consider too long packets as invalidTopi Miettinen
If the received NTP message from server didn't fit to our buffer, either it is doing something nasty or we don't know the protocol. Consider the packet as invalid. (David: add parantheses around conditional)
2015-01-18bus-proxy: don't pretend everyone is rootDavid Herrmann
While it's a lovely scenario, it's probably not really useful. Fix our GetConnectionUnixUser() to return the actual 'euid' which we asked for, not the possible uninitialized 'uid'.
2015-01-18Revert "test-exec: do not skip all the tests"David Herrmann
This reverts commit 68e68ca8106e7cd874682ae425843b48579c6539. We *need* root access to create cgroups. The only exception is if it is run from within a cgroup with "Delegate=yes". However, this is not always true and we really shouldn't rely on this. If your terminal runs from within a systemd --user instance, you're fine. Everyone else is not (like running from ssh, VTs, and so on..).
2015-01-18bus: fix SD_BUS_CREDS_AUGMENT on kdbus queriesDavid Herrmann
If we set SD_BUS_CREDS_AUGMENT, we *need* the PID from the kernel so we can lookup further information from /proc. However, we *must* set SD_BUS_CREDS_PIDS in "mask", otherwise, our creds-collector will never actually copy the pid into "sd_bus_creds". Fix this, so SD_BUS_CREDS_AUGMENT works even if SD_BUS_CREDS_PID is not specified by the caller.
2015-01-18bus: fix typoDavid Herrmann
Fix comment typo and clarify that this is not about privileges but can have rather arbitrary reasons.
2015-01-18bus: use EUID over UID and fix unix-credsDavid Herrmann
Whenever a process performs an action on an object, the kernel uses the EUID of the process to do permission checks and to apply on any newly created objects. The UID of a process is only used if someone *ELSE* acts on the process. That is, the UID of a process defines who owns the process, the EUID defines what privileges are used by this process when performing an action. Process limits, on the other hand, are always applied to the real UID, not the effective UID. This is, because a process has a user object linked, which always corresponds to its UID. A process never has a user object linked for its EUID. Thus, accounting (and limits) is always done on the real UID. This commit fixes all sd-bus users to use the EUID when performing privilege checks and alike. Furthermore, it fixes unix-creds to be parsed as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone using UID (eg., to do user-accounting) has to fall back to the EUID as UDS does not transmit the UID.
2015-01-18bus-proxy: fake all UIDs/GIDs, not just the real UID/GIDDavid Herrmann
Make sure we tell the kernel to fake all UIDs/GIDs. Otherwise, the remote side has no chance of querying our effective UID (which is usually what they're interested in).
2015-01-18bus-proxy: fix bus-uid trackingDavid Herrmann
We need to implicitly allow HELLO from users with the same uid as the bus. Fix the bus-uid tracking to use the original uid, not the uid after privilege-dropping.
2015-01-18logind: hide 'self' links if not availableDavid Herrmann
If the caller does not run in a session/seat or has no tracked user, hide the /org/freedesktop/login1/.../self links in introspection data. Otherwise, "busctl tree org.freedesktop.login1" tries to query those nodes even though it cant.
2015-01-17bus-proxy: don't print error-messages if we check multiple destsDavid Herrmann
If we test the policy against multiple destination names, we really should not print warnings if one of the names results in DENY. Instead, pass the whole array of names to the policy and let it deal with it.
2015-01-17bus-proxy: implement org.freedesktop.DBus.ReloadConfig()David Herrmann
Make sure to reload our xml policy configuration if requested via the bus.
2015-01-17bus-proxy: fix indentationDavid Herrmann
Fix whitespace indentation.
2015-01-17bus-proxy: drop privileges if run as rootDavid Herrmann
We cannot use "User=" in unit-files if we want to retain privileges. So make bus-proxy.c explicitly drop privileges. However, only do that if we're root, as there is no need to drop it on the user-bus.
2015-01-17bus-proxy: share policy between threadsDavid Herrmann
This implements a shared policy cache with read-write locks. We no longer parse the XML policy in each thread. This will allow us to easily implement ReloadConfig().
2015-01-17bus-proxy: set custom thread namesDavid Herrmann
Set thread-names to "p$PIDu$UID" and suffix with '*' if truncated. This helps debugging bus-proxy issues if we want to figure out which connections are currently open.