summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-06-10sd-bus: store selinux context at connection timeZbigniew Jędrzejewski-Szmek
This appears to be the right time to do it for SOCK_STREAM unix sockets. Also: condition bus_get_owner_creds_dbus1 was reversed. Split it out to a separate variable for clarity and fix. https://bugzilla.redhat.com/show_bug.cgi?id=1224211
2015-06-10sd-bus: do not use per-datagram auxiliary informationZbigniew Jędrzejewski-Szmek
SELinux information cannot be retrieved this way, since we are using stream unix sockets and SCM_SECURITY does not work for them. SCM_CREDENTIALS use dropped to be consistent. We also should get this information at connection time. https://bugzilla.redhat.com/show_bug.cgi?id=1224211 "SCM_SECURITY was only added for datagram sockets."
2015-06-09bus-creds: always set SD_BUS_CREDS_PID when we set pid in the maskZbigniew Jędrzejewski-Szmek
Also reorder the code a bit to be easier to parse.
2015-06-09Revert "hwdb: actually search /run/udev/hwdb.d"Lennart Poettering
2015-06-09Merge pull request #118 from haraldh/set_consume2Lennart Poettering
util:bind_remount_recursive() fix "use after free" - 2
2015-06-09Merge pull request #77 from haraldh/cryptsetupLennart Poettering
cryptsetup: craft a unique ID with the source device
2015-06-09Merge pull request #116 from utezduyar/feat/async-api-for-method-callLennart Poettering
sd-bus: add async convenience method call API
2015-06-09Merge pull request #113 from mezcalero/address-familyLennart Poettering
networkd: actually always use AddressFamilyBoolean as the bit mask it is
2015-06-09util:bind_remount_recursive(): handle return 0 of set_consume()Harald Hoyer
set_consume() does not return -EEXIST, but 0, in case the key is already in the Set.
2015-06-09Revert "util:bind_remount_recursive() fix "use after free""Harald Hoyer
This reverts commit 46be6129d3e52556eb0f2ae4d07818f9f3f7af7a.
2015-06-09cryptsetup: craft a unique ID with the source deviceHarald Hoyer
If cryptsetup is called with a source device as argv[3], then craft the ID for the password agent with a unique device path. If possible "/dev/block/<maj>:<min>" is used, otherwise the original argv[3] is used. This enables password agents like petera [1] to provide a password according to the source device. The original ID did not carry enough information and was more targeted for a human readable string, which is specified in the "Message" field anyway. With this patch the ID of the ask.XXX ini file looks like this: ID=cryptsetup:/dev/block/<maj>:<min> [1] https://github.com/npmccallum/petera
2015-06-09sd-bus: add async convenience method call APIUmut Tezduyar Lindskog
2015-06-09hwdb: actually search /run/udev/hwdb.dPeter Hutterer
The documentation claims hwdb entries may be placed in the volatile /run/udev/hwdb.d directory but nothing actually looked at it.
2015-06-09networkd: actually always use AddressFamilyBoolean as the bit mask it isLennart Poettering
2015-06-08Merge pull request #108 from phomes/masterLennart Poettering
tree-wide: remove spurious space
2015-06-08Revert "networkd: create "kernel" setting for IPForwarding"Lennart Poettering
2015-06-08tree-wide: remove spurious spaceThomas Hindoe Paaboel Andersen
2015-06-08Merge pull request #101 from zonque/kmodLennart Poettering
kmod-setup: split warn flags
2015-06-08kmod-setup: split warn flagsDaniel Mack
Traditionally, we used to warn about ipv6 being a module or being unavailable. This was changed in b4aa82f16 ("kmod-setup: don't warn when ipv6 can't be loaded") in a way that neither of the two conditions will cause a log message. Now, while running a setup without any IPv6 is completely fine and shouldn't cause any warning, we should still warn about ipv6 being a module instead of built-in. To achieve this, split the boolean warn flag into two: one for a feature not being built-in but shipped as a module, and one to print an error when a module is entirely unavailable. We will, however, still warn if kmod returns anything else than -ENOENT in the attempt of loading the module, and at the very least, turn the message into a debug log.
2015-06-08util:bind_remount_recursive() fix "use after free"Harald Hoyer
set_consume(done, x) consumes x with free(x) but mount(…, x, …) uses it afterwards. coverity CID 1299006
2015-06-05Merge pull request #79 from zonque/fdo-87475Kay Sievers
kmod-setup: don't warn when ipv6 can't be loaded (FDO bug #87475)
2015-06-05systemd-bootchart: Trivial typo fix in warningGianpaolo Macario
Signed-off-by: Gianpaolo Macario <gmacario@gmail.com>
2015-06-05bus: don't force send-masks on kdbus busesDavid Herrmann
Right now we always pass KDBUS_ITEM_ATTACH_FLAGS_RECV to KDBUS_CMD_BUS_MAKE, effectively forcing every bus connection to do the same during KDBUS_CMD_HELLO. This used to be a workaround to make sure all metadata is always present. However, we refrained from that approach and intend to make all metadata collection solely rely on /proc access restrictions. Therefore, there is no need to force the send-flags mask on newly created buses.
2015-06-05kmod-setup: don't warn when ipv6 can't be loadedDaniel Mack
Not having IPv6 is a valid setup. Let's not print a warning in that case. Addresses: https://bugs.freedesktop.org/show_bug.cgi?id=87475
2015-06-05logind: Fix user_elect_display() to be more stablePhilip Withnall
The previous implementation of user_elect_display() could easily end up overwriting the user’s valid graphical session with a new TTY session. For example, consider the situation where there is one session: c1, type = SESSION_X11, !stopping, class = SESSION_USER it is initially elected as the user’s display (i.e. u->display = c1). If another session is started, on a different VT, the sessions_by_user list becomes: c1, type = SESSION_X11, !stopping, class = SESSION_USER c2, type = SESSION_TTY, !stopping, class = SESSION_USER In the previous code, graphical = c1 and text = c2, as expected. However, neither graphical nor text fulfil the conditions for setting u->display = graphical (because neither is better than u->display), so the code falls through to check the text variable. The conditions for this match, as u->display->type != SESSION_TTY (it’s actually SESSION_X11). Hence u->display is set to c2, which is incorrect, because session c1 is still valid. Refactor user_elect_display() to use a more explicit filter and pre-order comparison over the sessions. This can be demonstrated to be stable and only ever ‘upgrade’ the session to a more graphical one. https://bugs.freedesktop.org/show_bug.cgi?id=90769
2015-06-05Merge pull request #63 from arvidjaar/issue/50Daniel Mack
fstab-generator: cescape device name in root-fsck service
2015-06-05core: Remove "old kernel" warning if PR_SET_CHILD_SUBREAPER failsCristian Rodríguez
This made sense when systemd ran on older kernels, nowdays not so much.
2015-06-04bus: update kdbus.hDavid Herrmann
Sync with upstream.
2015-06-04Merge pull request #72 from teg/event-fork-unrefDavid Herrmann
sd-event: don't touch fd's accross forks
2015-06-04Merge pull request #73 from zonque/mountinfoDavid Herrmann
core/mount: skip incomplete mountinfo entries
2015-06-04sd-event: don't touch fd's accross forksTom Gundersen
We protect most of the API from use accross forks, but we still allow both sd_event and sd_event_source objects to be unref'ed. This would cause problems as it would unregister sources from the underlying eventfd, hence also affecting the original instance in the parent process. This fixes the issue by not touching the fds on unref when done accross a fork, but still free the memory. This fixes a regression introduced by "udevd: move main-loop to sd-event": 693d371d30fee where the worker processes were disabling the inotify event source in the main daemon.
2015-06-04core/mount: skip incomplete mountinfo entriesDaniel Mack
Skip /proc/mountinfo entries for which libmount returns a NULL pointer for 'source' or 'target'. This happened on Semaphore CI's build servers when the test suite is run.
2015-06-04Merge pull request #58 from pwithnall/wip/pwithnall/user-active-on-vt-switchDavid Herrmann
logind: Save the user’s state when a session enters SESSION_ACTIVE
2015-06-04Merge pull request #57 from pwithnall/wip/pwithnall/udev-virtualbox-rulesDavid Herrmann
logind: Add a udev rule to tag all DRM cards with master-of-seat
2015-06-04Partially revert "ma-setup: simplify"Zbigniew Jędrzejewski-Szmek
copy_bytes() tries to do the write in chunks, but ima kernel code needs every rule to be written in one write. Writing the whole file at once avoids the issue. http://lists.freedesktop.org/archives/systemd-devel/2015-June/032623.html http://sourceforge.net/p/linux-ima/mailman/message/34145236/ https://bugzilla.redhat.com/show_bug.cgi?id=1226948
2015-06-03Merge pull request #65 from teg/enumerate-accept-nullKay Sievers
libudev: enumerate - accept NULL parameters in add_match()
2015-06-03Merge pull request #52 from mbiebl/systemctl-edit-default-editorTom Gundersen
systemctl: Use /usr/bin/editor if available
2015-06-03kdbus: remove attach_flags_mask module parameter settingKay Sievers
2015-06-03libudev: enumerate - accept NULL parameters in add_match()Tom Gundersen
This was a regression introduced when moving to sd-device.
2015-06-03fstab-generator: cescape device name in root-fsck serviceAndrei Borzenkov
We unescape ExecStart line when parsing it, so escape device name before adding it to unit file. fixes #50
2015-06-03test-util: fix a memleakThomas Hindoe Paaboel Andersen
2015-06-03test-unit-file.c: fixup the test for commit 3b51f8ddd5Harald Hoyer
2015-06-03systemctl: Use /usr/bin/editor if availableMichael Biebl
If the EDITOR environment variable is not set, the Debian policy recommends to use the /usr/bin/editor program as default editor. This file is managed via the dpkg alternatives mechanism and typically used in Debian/Ubuntu and derivatives to configure the default editor. See section 11.4 of the Debian policy [1]. Therefor prefer /usr/bin/editor over specific editors if available. [1] https://www.debian.org/doc/debian-policy/ch-customized-programs.html
2015-06-03util: fix another cunescape() regressionDaniel Mack
Fix a regression caused by 4034a06d ("util: rework word parsing and c unescaping code") which broke octal escape sequences. The reason for this breakage is that cunescape_one() expects 4 characters in an octal encoding, which is a stray left-over from the old code which operated on different variables to make the length check. While at it, add a test case to prevent the same thing from happening again.
2015-06-03udevd: merge manager_new() and manager_listen() againTom Gundersen
Now that listen_fds() have been split out, we can safely move the allocation of the manager object after doing the forking (the fork is done to notify legcay init-systems that the fds are ready). Subsequently, we can merge manager_listen() back into managre_new(). This entails a minor behaviour change: the application of permissions to static device nodes now happens after the fork (but still before notifying systemd about being ready).
2015-06-03udevd: make sd_notify independent of forknig/notify modeTom Gundersen
This will simply silently fail on non-systemd systems, so there is no reason to make it conditional. Also make it clear that we notify systemd about being ready as the last step before starting the event loop, whereas the forking might need to happen earlier.
2015-06-03udevd: manager - split listen_fds() out of manager_new()Tom Gundersen
This will allow us in a follow-up commit to listen to fds before forking and still allocate the manager only after the fork.
2015-06-03udevd: unify fd handling in forking/notify modesTom Gundersen
Hide the differenec in listen_fds, by simply opening the fds here in case they are not passed in.
2015-06-03libudev: monitor - set nl_pid when reusing fd in ↵Tom Gundersen
udev_monitor_new_from_netlink_fd This allows a fd to be created and configured as part of one monitor, to be passed in to create a second monitor without having to redo any of the configuration.
2015-06-03udevd: make cgroup logic independent of socket passingTom Gundersen
This should have no behavioural change, but it is odd to tie the cgroup cleaning to whether or not we are passed sockets. The point really is if we are guaranteed to be in a dedicated cgroup, so instead check for our parent being PID1 (we already implicitly only do this on systemd systems).