summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-06-22smack: add default smack process label configWaLyong Cho
Similar to SmackProcessLabel=, if this configuration is set, systemd executes processes with given SMACK label. If unit has SmackProcessLabel=, this config is overwritten. But, do NOT be confused with SMACK64EXEC of execute file. This default execute process label(and also label which is set by SmackProcessLabel=) is set fork-ed process SMACK subject label and used to access the execute file. If the execution file has also SMACK64EXEC, finally executed process has SMACK64EXEC subject. While if the execution file has no SMACK64EXEC, the executed process has label of this config(or label which is set by SmackProcessLabel=). Because if execution file has no SMACK64EXEC then excuted process inherits label from caller process(in this case, the caller is systemd).
2015-06-22smack: support smack access change-ruleWaLyong Cho
Smack is also able to have modification rules of existing rules. In this case, the rule has additional argument to modify previous rule. /sys/fs/smackfs/load2 node can only take three arguments: subject object access. So if modification rules are written to /sys/fs/smackfs/load2, EINVAL error is happen. Those modification rules have to be written to /sys/fs/smackfs/change-rule. To distinguish access with operation of cipso2, split write_rules() for each operation. And, in write access rules, parse the rule and if the rule has four argument then write into /sys/fs/smackfs/change-rule. https://lwn.net/Articles/532340/ fwrite() or fputs() are fancy functions to write byte stream such like regular file. But special files on linux such like proc, sysfs are not stream of bytes. Those special files on linux have to be written with specific size. By this reason, in some of many case, fputs() was failed to write buffer to smack load2 node. The write operation for the smack nodes should be performed with write().
2015-06-21pam_systemd: Properly check kdbus availabilityJan Alexander Steffens (heftig)
This properly avoids setting DBUS_SESSION_BUS_ADDRESS if kdbus is loaded (or built into the kernel) but not wanted.
2015-06-19networkd: vlan improve loggingSusant Sahani
Replaces strerror() usage with log_netdev_error_errno()
2015-06-18Merge pull request #294 from teg/hashmap-debug-locking-2David Herrmann
hashmap: debug - lock access to the global hashmap list
2015-06-18hashmap: debug - lock access to the global hashmap listTom Gundersen
This may be used from multi-threaded programs (say through nss-resolve), so we must protect the global list. This is still only relevant for debug builds, so we do not try to handle cases where the locking fail, but simply assert.
2015-06-18nspawn: suppress warning when /etc/resolv.conf is a valid symlinkLennart Poettering
In such a case let's suppress the warning (downgrade to LOG_DEBUG), under the assumption that the user has no config file to update in its place, but a symlink that points to something like resolved's automatically managed resolve.conf file. While we are at it, also stop complaining if we cannot write /etc/resolv.conf due to a read-only disk, given that there's little we could do about it.
2015-06-18Merge pull request #288 from phomes/cgroup-utilLennart Poettering
cgroup-util: actually use the path callback
2015-06-18Merge pull request #286 from jsynacek/fix-edit-v3Lennart Poettering
systemctl: fix edit when EDITOR contains arguments
2015-06-18Merge pull request #289 from michich/hashmap-small-cleanupLennart Poettering
a tiny hashmap cleanup
2015-06-18cgroup-util: actually use the path callbackThomas Hindoe Paaboel Andersen
We allow to specify a callback but then ignore the result. Looks like a trivial typo. From 7b3fd6313c4b07b6f822a9f979d0c22350a401d9#diff-f010fa21ba7b659b519c122743e55604
2015-06-18systemctl: fix edit when EDITOR contains argumentsJan Synacek
Correctly support cases when the EDITOR environment variable and friends also contain arguments. For example, to run emacs in terminal only, one can say: EDITOR="emacs -nw" systemctl edit myservice
2015-06-18Merge pull request #247 from shaded-enmity/origin/pullfixLennart Poettering
import/pull: fix for the name/reference overwrite
2015-06-18import/pull: fix pulling by image digestPavel Odvody
When pulling by image digest the identifiers that were produced by parsing image digest were later overwritten by code parsing image tag. This resulted in invalid identifiers being used when contacting the remote endpoint, resulting in 404. Reported here: http://lists.freedesktop.org/archives/systemd-devel/2015-June/033039.html
2015-06-18test: disable test-barrier by defaultDavid Herrmann
The test-barrier binary uses real-time alarms and timeouts to test for races in the thread-barrier implementation. Hence, if your system is under high load and your scheduler decides to not run test-barrier for >BASE_TIME, then the tests are likely to fail. Two options: 1) Increase BASE_TIME. This will make the test take significantly longer for no real good. Furthermore, it is still not guaranteed that the task is scheduled. 2) Don't rely on real-time timers, but use explicit synchronization. This would basically test one barrier implementation with another.. kinda ironic.. but maybe something worth looking into. 3) Disable test-barrier by default. This patch chooses option 3) and makes sure test-barrier only runs if you pass any argument. Side note: test-barrier is written in a way that if it fails under load, but does not on idle systems, then it is very _unlikely_ that the barrier implementation is the culprit. Hence, it makes little sense to run it under load, anyway. It will not improve the test coverage of barrier.c, but rather the coverage of the test itself.
2015-06-18exit-status: add missing include for SIG* definesMichael Olbrich
Otherwise building fails with glibc 2.16. It works with glibc >= 2.17 because it is implicitly included via macro.h -> sys/param.h -> signal.h
2015-06-18Merge pull request #272 from poettering/nspawn-flush-copy-fdDaniel Mack
nspawn: when exiting, flush all remaining bytes from the pty to stdout
2015-06-18Merge pull request #276 from poettering/dbus-search-pathKay Sievers
bus-proxy: add new dbus policy search paths from /usr
2015-06-18Merge pull request #277 from poettering/journal-interleaving-monotonicLennart Poettering
journal: make sure the clock increases strict monotonic
2015-06-17Merge pull request #270 from phomes/masterTom Gundersen
udevd: remove dead code
2015-06-17journal: make sure the clock increases strict monotonicLennart Poettering
Let's work around crappy clocks in test-journal-interleaving.c too. This does the same as 98d2a5341788b49e82d628dfdc2e241af6d70dcd but for test-journal-interlaving.c rather than test-journal-stream.c.
2015-06-17Merge pull request #275 from poettering/acl-fixesMartin Pitt
acl-util: various smaller fixes to parse_acl()
2015-06-17Merge pull request #271 from poettering/test-journal-stream-crappy-clockLennart Poettering
journal: ensure test-journal-stream doesn't get confused by crappy cl…
2015-06-17bus-proxy: add new dbus policy search paths from /usrLennart Poettering
D-Bus upstream is working on extending the configuration/policy search path, follow this. See #274 for details.
2015-06-17acl-util: various smaller fixes to parse_acl()Lennart Poettering
- Make string parameter const - Don't log some OOM errors, but not others - Don't eat up errors generated by acl_from_text() - Make sure check for success of every single strv_push() call
2015-06-17libudev: device - fix typo in udev_device_get_sysattr_list_entry()Tom Gundersen
We were adding the attributes to the wrong list.
2015-06-17nspawn: when exiting, flush all remaining bytes from the pty to stdoutLennart Poettering
This is a simpler fix for #210, it simply uses copy_bytes() for the copying.
2015-06-17Merge pull request #44 from filbranden/unquote_first_word1Lennart Poettering
Replace FOREACH_WORD_QUOTED with a loop using unquote_first_word in config_parse_exec()
2015-06-17journal: ensure test-journal-stream doesn't get confused by crappy clocksLennart Poettering
This ensures that we write strictly monotonic timestamps into the journal files, to ensure that we can properly interleave everything correctly. See #175 for details.
2015-06-17udved: remove dead codeThomas Hindoe Paaboel Andersen
Leftover from 6af5e6a4c918a68b196a04346732e094e5373a36
2015-06-17logs-show: print a debug message when we skip entries without MESSAGE= fieldsLennart Poettering
2015-06-17load-fragment: reset the list on an ExecStart= containing only whitespaceFilipe Brandenburger
This is consistent with how an empty string works in an ExecStart= statement. We should not differentiate between an empty string and whitespace only (since they look the same.) Update the test case with whitespace only to reflect that the list is reset. Tested that `test-unit-file` passes and other test cases are not affected. Installed the patched systemd binaries on a machine, booted it, looked for out of the usual behavior but did not find any.
2015-06-17load-fragment: use unquote_first_word in config_parse_execFilipe Brandenburger
Convert config_parse_exec() from using FOREACH_WORD_QUOTED into a loop of unquote_first_word. Loop through the arguments only once (the FOREACH_WORD_QUOTED implementation did it twice, once to count them and another time to process and store them.) Use newly introduced flag UNQUOTE_UNESCAPE_RELAX to preserve unrecognized escape sequences such as regexps matches such as "\w", "\d", etc. (Valid escape sequences such as "\s" or "\b" still need an extra backslash if literals are desired for regexps.) Differences in behavior: - Handle ; (command separator) in special, so that only ; on its own is valid for that purpose, an quoted semicolon ";" or ';' will now behave as a literal semicolon. This is probably what was initially intended. - Handle \; (to introduce a literal semicolon) in special, so that only \; is turned into a semicolon but not \\; or "\\;" or "\;" which are kept as a literal \; in the output. This is probably what was initially intended. Known issues: - Using an empty string (for example, ExecStartPre=<empty>) will empty the list and remove the existing commands, but using whitespace only (for example, ExecStartPre=<spaces>) will not. This is a pre-existing issue and will be dealt with in a follow up commit. Tested: - Unit tests passing. Also `make distcheck` still works as expected. - Installed it on a local machine and booted with it, checked console output, systemctl and journalctl output, did not notice any issues running the patched systemd binaries. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-06-17tests: additional cases in test-unit-fileFilipe Brandenburger
These tests will be useful to check the cases regarding quoted and escaped semicolon when we switch to using unquote_first_word. Additionally, convert some of the tests that have semicolons so that the argument after the semicolon looks like a path (starts with /) so that we can see the change of behavior when making config_parse_exec more strict about what it accepts as a command separator.
2015-06-17util: Introduce unquote_first_word_and_warnFilipe Brandenburger
It will try to unquot_first_word, but if it runs into escaping problems it will retry it adding UNQUOTE_CUNESCAPE_RELAX to the flags. If it succeeds on the second try, it will log a warning about it. If it fails both times, it will log an error. Add test cases to confirm it behaves as expected.
2015-06-17util: New flag UNQUOTE_UNESCAPE_RELAX for unquote_first_wordFilipe Brandenburger
The new flag UNQUOTE_UNESCAPE_RELAX preserves unrecognized escape sequences verbatim in unquote_first_word, either when it's a trailing backslash (similar to UNQUOTE_RELAX, but in this case keep the extra backslash in the output) or in the middle of a sequence string. Add unit test cases to ensure the new flag works as expected and to prevent regressions from being introduced. Tested with a follow up commit converting config_parse_exec() to start using unquote_first_word, in which case this flags makes it possible to preserve unrecognized escape sequences. Relevant bug: https://bugs.freedesktop.org/show_bug.cgi?id=90794
2015-06-17util: Refactor common cunescape block in unquote_first_wordFilipe Brandenburger
2015-06-17Merge pull request #267 from phomes/masterTom Gundersen
sd-dhcp-client: readd deleted error check
2015-06-17Merge pull request #265 from smcv/logind-runtimedir-race-write-earlierLennart Poettering
logind: save /run/systemd/users/UID before starting user@.service
2015-06-17bus: fix installing DRIVER matches on kdbusDavid Herrmann
In kdbus we still have to support org.freedesktop.DBus matches even though there is no real bus driver. The reason is that bus-control.c turns NameOwnerChanged matches into proper kdbus matches. If we drop DRIVER matches early, we will never match on name-changes for kdbus. Two ways to fix this: 1) Install DRIVER matches on kdbus (which is the simple way our and which is what this patch does). 2) Properly fix the scope-detection to let NameOwnerChanged matches through (or better: block anything with Member!=NameOwnerChanged).
2015-06-17sd-dhcp-client: readd deleted error checkThomas Hindoe Paaboel Andersen
Seems to have been removed by mistake in: 9021bb9f935c93b516b10c88db2a212a9e3a8140
2015-06-17Merge pull request #262 from teg/udev-dup-fds-2Kay Sievers
udevd: daemon - connect /dev/null to std{in,out,err} in debug mode
2015-06-17Merge pull request #263 from kaysievers/wipKay Sievers
turn kdbus support into a runtime option
2015-06-17watchdog: Don't require WDIOC_SETOPTIONS/WDIOS_ENABLECARDJean Delvare
Not all watchdog drivers implement WDIOC_SETOPTIONS. Drivers which do not implement it have their device always enabled. So it's fine to report an error if WDIOS_DISABLECARD is passed and the ioctl is not implemented, however failing when WDIOS_ENABLECARD is passed and the ioctl is not implemented is not good: if the device was already enabled then WDIOS_ENABLECARD was a no-op and wasn't needed in the first place. So we can just ignore the error and continue.
2015-06-17Merge pull request #259 from poettering/logind-label-fixTom Gundersen
logind: apply selinux label to XDG_RUNTIME_DIR
2015-06-17udevd: daemon - connect /dev/null to std{in,out,err} in debug modeTom Gundersen
This is essentially a revert of 5c67cf2 and fixes issue #190.
2015-06-17logind: save /run/systemd/users/UID before starting user@.serviceSimon McVittie
Previously, this had a race condition during a user's first login. Some component calls CreateSession (most likely by a PAM service other than 'systemd-user' running pam_systemd), with the following results: - logind: * create the user's XDG_RUNTIME_DIR * tell pid 1 to create user-UID.slice * tell pid 1 to start user@UID.service Then these two processes race: - logind: * save information including XDG_RUNTIME_DIR to /run/systemd/users/UID - the subprocess of pid 1 responsible for user@service: * start a 'systemd-user' PAM session, which reads XDG_RUNTIME_DIR and puts it in the environment * run systemd --user, which requires XDG_RUNTIME_DIR in the environment If logind wins the race, which usually happens, everything is fine; but if the subprocesses of pid 1 win the race, which can happen under load, then systemd --user exits unsuccessfully. To avoid this race, we have to write out /run/systemd/users/UID even though the service has not "officially" started yet; previously this did an early-return without saving anything. Record its state as OPENING in this case. Bug: https://github.com/systemd/systemd/issues/232 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
2015-06-17turn kdbus support into a runtime optionKay Sievers
./configure --enable/disable-kdbus can be used to set the default behavior regarding kdbus. If no kdbus kernel support is available, dbus-dameon will be used. With --enable-kdbus, the kernel command line option "kdbus=0" can be used to disable kdbus. With --disable-kdbus, the kernel command line option "kdbus=1" is required to enable kdbus support.
2015-06-17hashmap: allow NULL key in ordered_hashmap_next()Michal Schmidt
There is no reason to require key to be non-NULL. Change test_ordered_hashmap_next() to use trivial_hash_ops in order to test NULL key too.
2015-06-17hashmap: remove _IDX_ITERATOR_NIL definitionMichal Schmidt
It is unused and rightly so. Users of the hashmap API should not care about the idx values or any other Iterator internals. _IDX_ITERATOR_FIRST in hashmap.h is an exception. It is needed for ITERATOR_FIRST.