summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-07-06nspawn: Communicate determined UID shift to parentRichard Maw
There is logic to determine the UID shift from the file-system, rather than having it be explicitly passed in. However, this needs to happen in the child process that sets up the mounts, as what's important is the UID of the mounted root, rather than the mount-point. Setting up the UID map needs to happen in the parent becuase the inner child needs to have been started, and the outer child is no longer able to access the uid_map file, since it lost access to it when setting up the mounts for the inner child. So we need to communicate the uid shift back out, along with the PID of the inner child process. Failing to communicate this means that the invalid UID shift, which is the value used to specify "this needs to be determined from the file system" is left invalid, so setting up the user namespace's UID shift fails.
2015-07-05core: fix missing bus-util.h includeDavid Herrmann
Whoopsy, forgot to 'git add' this, sorry.
2015-07-05core: don't mount kdbusfs if not wantedDavid Herrmann
Just like we conditionalize loading kdbus.ko, we should conditionalize mounting kdbusfs. Otherwise, we might run with kdbus if it is builtin, even though the user didn't want this.
2015-07-04bootctl: fix sdboot to systemd-bootMiguel Bernal Marin
sdboot was renamed to systemd-boot Fixes: e7dd673d1e0a ("gummiboot/sd-boot/systemd-boot: rename galore") Signed-off-by: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
2015-07-04Merge pull request #485 from poettering/sd-bus-flush-close-unrefDavid Herrmann
sd-bus: introduce new sd_bus_flush_close_unref() call
2015-07-04core: fix coding style in agent-handlingDavid Herrmann
Avoid late bail-out based on a condition. This makes code hard to read. Instead, reverse the forwarding-condition.
2015-07-04core: harden cgroups-agent forwardingDavid Herrmann
On dbus1, we receive systemd1.Agent signals via the private socket, hence it's trusted. However, on kdbus we receive it on the system bus. We must make sure it's sent by UID=0, otherwise unprivileged users can fake it. Furthermore, never forward broadcasts we sent ourself. This might happen on kdbus, as we forward the message on the same bus we received it on, thus ending up in an endless loop.
2015-07-04busctl: flush stdout after dumping dataDavid Herrmann
Running `busctl monitor` currently buffers data for several seconds / kilobytes before writing stdout. This is highly confusing if you dump in a file, ^C busctl and then end up with a file with data of the last few _seconds_ missing. Fix this by explicitly flushing after each signal.
2015-07-03Merge pull request #484 from xnox/persistent-journalLennart Poettering
journal: in persistent mode create /var/log/journal, with all parents.
2015-07-03sd-bus: introduce new sd_bus_flush_close_unref() callLennart Poettering
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush() (which writes all unwritten messages out) + sd_bus_close() (which terminates the connection, releasing all unread messages) + sd_bus_unref() (which frees the connection). The combination of this call is used pretty frequently in systemd tools right before exiting, and should also be relevant for most external clients, and is hence useful to cover in a call of its own. Previously the combination of the three calls was already done in the _cleanup_bus_close_unref_ macro, but this was only available internally. Also see #327
2015-07-03Merge pull request #478 from ↵Daniel Mack
systemd/revert-429-nspawn-userns-uid-shift-autodetection-fix Revert "nspawn: determine_uid_shift before forking"
2015-07-03journal: in persistent mode create /var/log/journal, with all parents.Dimitri John Ledkov
systemd-journald races with systemd-tmpfiles-setup, and hence both are started at about the same time. On a bare-bones system (e.g. with empty /var, or even non-existent /var), systemd-tmpfiles will create /var/log. But it can happen too late, that is systemd-journald already attempted to mkdir /var/log/journal, ignoring the error. Thus failing to create /var/log/journal. One option, without modifiying the dependency graph is to create /var/log/journal directory with parents, when persistent storage has been requested.
2015-07-03Revert "nspawn: determine_uid_shift before forking"Lennart Poettering
2015-07-03Fix error message for enumerate addressesrinrinne
Error message for enumerating addresses was not 'addresses' but 'links'. This patch fixes it.
2015-07-03Merge pull request #473 from ↵Lennart Poettering
richardmaw-codethink/machinectl-import-earlier-than-3-15 util: fall back in rename_noreplace when renameat2 isn't implemented
2015-07-02login: add rule for qemu's pci-bridge-seatGerd Hoffmann
Qemu provides a separate pci-bridge exclusively for multi-seat setups. The normal pci-pci bridge ("-device pci-bridge") has 1b36:0001. The new pci-bridge-seat was specifically added to simplify guest-side multiseat configuration. It is identical to the normal pci-pci bridge, except that it has a different id (1b36:000a) so we can match it and configure multiseating automatically. Make sure we always treat this as separate seat if we detect this, just like other "Pluggable" devices. (David: write commit-message)
2015-07-02util: fall back in rename_noreplace when renameat2 isn't implementedRichard Maw
According to README we only need 3.7, and while it may also make sense to bump that requirement when appropriate, it's trivial to fall back when renameat2 is not available.
2015-07-02Merge pull request #470 from marineam/escapeZbigniew Jędrzejewski-Szmek
escape: fix exit code
2015-07-02sd-bus: don't leak kdbus notificationsDavid Herrmann
When we get notifications from the kernel, we always turn them into synthetic dbus1 messages. This means, we do *not* consume the kdbus message, and as such have to free the offset. Right now, the translation-helpers told the caller that they consumed the message, which is wrong. Fix this by explicitly releasing all kernel messages that are translated.
2015-07-01escape: fix exit codeMichael Marineau
r == 0 indicates success, not failure
2015-07-01Merge pull request #409 from teg/networkd-enslave-segfaultDaniel Mack
fix segfault when cancelling enslaving of links by netdevs
2015-07-02timedatectl: trim non-local RTC warning to 80 chars wideVedran Miletić
2015-07-01Merge pull request #459 from ctrochalakis/reuse-port-before-bindDaniel Mack
socket: Set SO_REUSEPORT before bind()
2015-07-01Merge pull request #463 from dvdhrm/udev-runDaniel Mack
udev: destroy manager before cleaning environment
2015-07-01udev: destroy manager before cleaning environmentDavid Herrmann
Due to our _cleanup_ usage for the udev manager, it will be destroyed after the "exit:" label has finished. Therefore, it is the last destruction done in main(). This has two side-effects: - mac_selinux is destroyed before the udev manager is, possible causing use-after-free if the manager-cleanup accesses selinux data - log_close() is called *before* the manager is destroyed, possibly re-opening the log if you use --debug (and thus not re-applying the --debug option) Avoid this by moving the manager-handling into a new function called run(). This function will be left before we enter the "exit:" label in main(), hence, the manager object will be destroyed early.
2015-07-01udevd: force --debug mode to stderrKay Sievers
https://github.com/systemd/systemd/issues/462
2015-07-01bus-proxy: never apply policy when sending signalsDavid Herrmann
Unlike dbus-daemon, the bus-proxy does not know the receiver of a broadcast (as the kernel has exclusive access on the bus connections). Hence, and "destination=" matches in dbus1 policies cannot be applied. But kdbus does not place any restrictions on *SENDING* broadcasts, anyway. The kernel never returns EPERM to KDBUS_CMD_SEND if KDBUS_MSG_SIGNAL is set. Instead, receiver policies are checked. Hence, stop checking sender policies for signals in bus-proxy and leave it up to the kernel. This fixes some network-manager bus-proxy issues where NM uses weird dst-based matches against interface-based matches. As we cannot perform dst-based matches, our bus-proxy cannot properly implement this policy.
2015-07-01login: re-use VT-sessions if they already existDavid Herrmann
Right now, if you start a session via 'su' or 'sudo' from within a session, we make sure to re-use the existing session instead of creating a new one. We detect this by reading the session of the requesting PID. However, with gnome-terminal running as a busname-unit, and as such running outside the session of the user, this will no longer work. Therefore, this patch makes sure to return the existing session of a VT if you start a new one. This has the side-effect, that you will re-use a session which your PID is not part of. This works fine, but will break assumptions if the parent session dies (and as such close your session even though you think you're part of it). However, this should be perfectly fine. If you run multiple logins on the same session, you should really know what you're doing. The current way of silently accepting it but choosing the last registered session is just weird.
2015-07-01bootchart: do not report warning when disk is missing model.Dimitri John Ledkov
In VMs / virtio drives there is no model. Also don't print "Disk: (null)" in output if no model is available.
2015-07-01socket: Set SO_REUSEPORT before bind()Christos Trochalakis
bind() fails if it is called before setting SO_REUSEPORT and another process is already binded to the same addess. A new reuse_port option has been introduced to socket_address_listen() to set the option as part of socket initialization.
2015-07-01sysv-generator: fix coding-styleDavid Herrmann
Fix weird coding-style: - proper white-space - no if (func() >= 0) bail-outs - fix braces - avoid 'r' for anything but errno - init _cleanup_ variables unconditionally, even if not needed
2015-07-01Revert "kmod-setup: don't print warning on -ENOSYS"David Herrmann
This partially reverts commit 78d298bbc57e412574ea35e6e66f562d97fd9ebc. The changed coding-style is kept, but the ENOENT->ENOSYS conversion is reverted. kmod was fixed upstream to no longer return ENOSYS. Also see: https://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/?id=114ec87c85c35a2bd3682f9f891e494127be6fb5 The kmod fix is marked for backport, so no reason to bump the kmod version we depend on.
2015-06-30Merge pull request #411 from teg/udev-simplify-exec-envpKay Sievers
udev: event - simplify udev_event_spawn() logic
2015-06-30Merge pull request #398 from teg/netlink-container-reworkDavid Herrmann
netlink container rework Allocate containers as separate structs instead of individual arrays for each member field.
2015-06-30udev: remove WAIT_FOR keyKay Sievers
This facility was never a proper solution, but only papered over real bugs in the kernel. There are no known sysfs "timing bugs" since a long time.
2015-06-30Merge pull request #430 from gmacario/fix-issue404-v2Tom Gundersen
bootchart: Ensure that /proc/schedstat is read entirely (v2)
2015-06-30Merge pull request #429 from ↵Tom Gundersen
richardmaw-codethink/nspawn-userns-uid-shift-autodetection-fix nspawn: determine_uid_shift before forking
2015-06-30Merge pull request #428 from richardmaw-codethink/nspawn-userns-remount-failTom Gundersen
nspawn: Don't remount with fewer options
2015-06-30bootchart: Ensure that /proc/schedstat is read entirelyGianpaolo Macario
On multi-core systems file /proc/schedstat may be larger than 4096 bytes and pread() will only read part of it. Fix issue https://github.com/systemd/systemd/issues/404
2015-06-30nspawn: determine_uid_shift before forkingRichard Maw
It is needed in one branch of the fork, but calculated in another branch. Failing to do this means using --private-users without specifying a uid shift always fails because it tries to shift the uid to UID_INVALID.
2015-06-30nspawn: Don't remount with fewer optionsRichard Maw
When we do a MS_BIND mount, it inherits the flags of its parent mount. When we do a remount, it sets the flags to exactly what is specified. If we are in a user namespace then these mount points have their flags locked, so you can't reduce the protection. As a consequence, the default setup of mount_all doesn't work with user namespaces. However if we ensure we add the mount flags of the parent mount when remounting, then we aren't removing mount options, so we aren't trying to unlock an option that we aren't allowed to.
2015-06-30core: handle --log-target=null when calling systemd-shutdownIago López Galeiras
When shutting down, if systemd was started with --log-target=null, systemd-shutdown was being called with --log-target=console.
2015-06-29sysv-generator: escape names when translating from sysv nameFelipe Sateler
While the LSB suggests only [A-Za-z0-9], that doesn't prevent admins from doing the wrong thing. Lets not generate invalid names in that case.
2015-06-29sysv-generator: detect invalid provided unit namesFelipe Sateler
Do not assume that a non-service unit type is a target.
2015-06-29udev: event - simplify udev_event_spawn() logicTom Gundersen
Push the extraction of the envp + argv as close as possible to their use, to avoid code duplication. As a sideeffect fix logging when delaing execution.
2015-06-29Merge pull request #387 from kaysievers/wipTom Gundersen
udev: Remove accelerometer helper
2015-06-29networkd: netdev - avoid hanging transactions in failure casesTom Gundersen
If a link is attempted t obe enslaved by a netdev that has already failed, we must fail immediately and not save the callback for later, as it will then never get triggered.
2015-06-29networkd: fix segfault when cancelling callbacksTom Gundersen
This only happens when something has gone wrong, so is not easy to hit. However, if a bridge (say) is configured on a system without bridge support we will hit this. Fixes issue #299.
2015-06-29Merge pull request #402 from ↵Daniel Mack
systemd-mailing-devs/1435512180-3659-1-git-send-email-ebiggers3@gmail.com util: fix incorrect escape sequence in string_is_safe()
2015-06-28util: fix incorrect escape sequence in string_is_safe()Eric Biggers