summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-02-19nspawn: chown basic device nodes to userns rootLennart Poettering
2015-02-19nspawn: fix build on non-selinux systemsLennart Poettering
2015-02-19nspawn: add basic user namespacing supportLennart Poettering
(This is incomplete, /proc and /sys are still owned by root from outside the container, not inside)
2015-02-19sysv-generator: fix wrong "Overwriting existing symlink" warningsMartin Pitt
Fix result testing of is_symlink() to ignore negative results, which happen if the file name does not exist at all. In this case we do not want a warning and unlink the non-existing link. https://bugs.debian.org/778700
2015-02-18nspawn: when connected to pipes for stdin/stdout, pass them as-is to PID 1Lennart Poettering
Previously we always invoked the container PID 1 on /dev/console of the container. With this change we do so only if nspawn was invoked interactively (i.e. its stdin/stdout was connected to a TTY). In all other cases we directly pass through the fds unmodified. This has the benefit that nspawn can be added into shell pipelines. https://bugs.freedesktop.org/show_bug.cgi?id=87732
2015-02-18systemd-boot: fix alignment of version in tableThomas Hindoe Paaboel Andersen
2015-02-18everywhere: remove configurability of sysv runlevel to target mappingLennart Poettering
With this change runlevel 2, 3, 4 are mapped to multi-user.target for good, and 5 to graphical.target. This was already the previous mapping but is now no longer reconfigurable, but hard-coded into the core. This should generally simplify things, but also fix one bug: the sysv-generator previously generated symlinks to runlevel[2-5].target units, which possibly weren't picked up if these aliases were otherwise only referenced by the real names "multi-user.target" and "graphical.target". We keep compat aliases "runlevel[2345].target" arround for cases where this target name is explicitly requested.
2015-02-18run: if we fail to set a property assignment then really failLennart Poettering
2015-02-18nspawn: add support for --property= to set scope propertiesLennart Poettering
This is similar to systemd-run's --property= setting.
2015-02-18shared: introduce cmsg_close_all() callLennart Poettering
The call iterates through cmsg list and closes all fds passed via SCM_RIGHTS. This patch also ensures the call is used wherever appropriate, where we might get spurious fds sent and we should better close them, then leave them lying around.
2015-02-18systemctl: allow interactive authorization for all bus callsLennart Poettering
Make use of the new sd_bus_set_allow_interactive_authorization() call to globally enable interactive authorization. Also, turn on PK agent for more calls. This allows us to make use of the sd_bus_call_method() convencience helper at more places.
2015-02-18systemctl: let's make use of FOREACH_STRING() where we canLennart Poettering
2015-02-18core: rework policykit hookupLennart Poettering
- Always issue selinux access check as early as possible, and PK check as late as possible. - Introduce a new policykit action for altering environment - Open most remaining bus calls to unprivileged clients via PK
2015-02-18Translate fsckd messages for plymouthDidier Roche
For plymouth themes not supporting i18n (like .script), send translated messages to display to user, which is equivalent to the sent machine readable data.
2015-02-18Add gettext supportDidier Roche
2015-02-18Connect to plymouth and support cancellation of in progress fsckDidier Roche
Try to connect and send to plymouth (if running) some checked report progress, using direct plymouth protocole. Update message is the following: fsckd:<num_devices>:<progress>:<string> * num_devices corresponds to the current number of devices being checked (int) * progress corresponds to the current minimum percentage of all devices being checked (float, from 0 to 100) * string is a translated message ready to be displayed by the plymouth theme displaying the information above. It can be overriden by plymouth themes supporting i18n. Grab in fsckd plymouth watch key Control+C, and propagate this cancel request to systemd-fsck which will terminate fsck. Send a message to signal to user what key we are grabbing for fsck cancel. Message is: fsckd-cancel-msg:<string> Where string is a translated string ready to be displayed by the plymouth theme indicating that Control+C can be used to cancel current checks. It can be overriden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.
2015-02-18systemd-fsck: always connect to systemd-fsckdDidier Roche
Remove the plymouth running or show-status checks from systemd-fsck. Instead, always connect to systemd-fsckd socket, and let this one decide if we display progress or not.
2015-02-18fsckd daemon for inter-fsckd communicationDidier Roche
Add systemd-fsckd multiplexer which accepts multiple systemd-fsck instances to connect to it and sends progress report. systemd-fsckd then computes and writes to /dev/console the number of devices currently being checked and the minimum fsck progress. This will be used for interactive progress report and cancelling in plymouth. systemd-fsckd stops on idle when no systemd-fsck is connected. Make the necessary changes to systemd-fsck to connect to the systemd-fsckd socket.
2015-02-18test: utf8 - fix utf16 tests on BE machinesTom Gundersen
2015-02-18gummiboot/sd-boot/systemd-boot: rename galoreTom Gundersen
What used to be gummiboot, was renamed sd-boot when it was merged into systemd. Let's try to be a bit more consistent with the rest of systemd and rename it again as follows: The EFI bootloader is now called 'systemd-bootx64.efi', and its sources are in 'src/boot/efi/'. The drop-in directory where bootctl will find EFI loaders is now /usr/lib/systemd/boot/efi/.
2015-02-18logind: open up most bus calls for unpriviliged processes, using PolicyKitLennart Poettering
Also, allow clients to alter their own objects without any further priviliges. i.e. this allows clients to kill and lock their own sessions without involving PK.
2015-02-18machinectl: issue all bus commands while allowing interactive authLennart Poettering
2015-02-18machined: open up most of machined's commands to unprivileged clients via ↵Lennart Poettering
PolicyKit
2015-02-18sd-bus: allow setting a per-connection default value for the ↵Lennart Poettering
"allow-interactive-authentication" message flag Most of our client tools want to set this bit for all their method calls, even though it defaults to off in sd-bus, and rightfully so. Hence, to simplify thing, introduce a per sd_bus-object flag that sets the default value for all messages created on the connection.
2015-02-17import: remove unused variableThomas Hindoe Paaboel Andersen
2015-02-17machined: make "machinectl copy-to" and "machinectl copy-from" server side ↵Lennart Poettering
operations This way, any bus client can make use of these calls.
2015-02-17machined: various simplificationsLennart Poettering
2015-02-17bus: sync with kdbusDavid Herrmann
Pull in new kdbus changes, namely: - EOVERFLOW is replaces by KDBUS_RECV_RETURN_DROPPED_MSGS - ENOMSG is merged with EAGAIN for consistency
2015-02-17bus: don't rely on static IDs in testsDavid Herrmann
We should never put any constraints on the IDs returned by the kernel. Use sd_bus_get_unique_name() to retrieve the ID of a peer.
2015-02-17machined: move logic for bind mounting into containers from machinectl to ↵Lennart Poettering
machined This extends the bus interface, adding BindMountMachine() for bind mounting directories from the host into the container.
2015-02-17bootctl: add sd-boot supportKay Sievers
2015-02-17sd-boot: add EFI boot manager and stub loaderKay Sievers
2015-02-17tmpfiles: Fix parse_acl error messageMartin Pitt
parse_acl() returns the error instead of setting errno.
2015-02-17journal-remote: fix client_cert memory leakMichal Schmidt
Found by Valgrind while testing the previous memory leak fix.
2015-02-17journal-remote: fix certificate status memory leakMichal Schmidt
The output of gnutls_certificate_verification_status_print() needs to be freed. Noticed this while staring at verify_cert_authorized() to see what could possibly confuse gcc5 on armv7hl to segfault during compilation.
2015-02-16Revert "build-sys: re-add old symbols for abi compat"Michal Schmidt
This reverts commit 93a1e66efd4b0f4cda29c467d20d0f7510c0b3a8. It broke the builds for Walters. Kay hates it and "just knows" there are no actual users.
2015-02-16Transpose args in strv_fnmatch() to be more ooZbigniew Jędrzejewski-Szmek
2015-02-16test-network: fix segfault with NULL dev_path/driver/type/nameZbigniew Jędrzejewski-Szmek
2015-02-16analyze: change behaviour of combined --to/from--patternZbigniew Jędrzejewski-Szmek
We would require a match against all three: patterns specified with --to, with --from, and as positional arguments to show an edge. This does not seem useful. Let instead the positional args behave like they were specified in both --to and --from, which is fairly intuitive and should be more useful.
2015-02-16network-internal: chain matches with AND in net_match_config()Zbigniew Jędrzejewski-Szmek
The test would treat the first non-empty set of matches in match_paths, match_drivers, match_types, match_names as definitive (essentially chaining them with OR). Make those tests instead match like other tests and require all to pass if the set of patterns is nonempty.
2015-02-16Add helper for fnmatch over strvZbigniew Jędrzejewski-Szmek
2015-02-16timesync: Use UINT64_C for OFFSET_1900_1970Cristian Rodríguez
So it matches what the comment says in both 32 and 64 bit systems.
2015-02-16build-sys: re-add old symbols for abi compatZbigniew Jędrzejewski-Szmek
For two releases those exported with version 183 by mistake, and then they were fixed to have version 215 (015419c0df libudev: fix symbol version for udev_queue_flush() and udev_queue_get_fd()). But that breaks ABI compatibility for binaries compiled with udev from before that commit. There most likely very few such binaries, if any, but as a matter of principle we should export the old symbols too, in order to keep full compatibility.
2015-02-16sd-bus: add missing format attributeCristian Rodríguez
2015-02-16sd-bus: make sure we always serialize the reply cookie as 64bit on dbus2, ↵Lennart Poettering
and 32bit on dbus1
2015-02-16Revert "Revert "sd-bus: change serialization of kdbus messages to qualify in ↵Lennart Poettering
their entirety as gvariant objects"" This reverts commit 954871d8ba15911d014f76ed2c7a9492953cf39d.
2015-02-14core: make RuntimeDirectory honor SELinux labelsZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1192726
2015-02-14bus-proxy: be more verbose if messages cannot be forwardedDavid Herrmann
If we cannot forward messages, include information on the peer and message just like the xml-policy does. This helps debugging such situations and figuring out what exactly is going wrong.
2015-02-14bootchart: display each CPU utilization/waitWaLyong Cho
2015-02-14bus-proxy: don't fake data we don't haveDavid Herrmann
UDS sockets transmit EUID+EGID only. Don't try to fake data we don't know! Otherwise, this might be used to override user-limits by non-root setuid programs (by faking UID==EUID). Now that sd-bus is fixed to always use EUID even on UDS, we can safely set all other UID/GID fields to INVALID.