summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-09-23core: make setup_pam() synchronousDavid Herrmann
If we spawn a unit with a non-empty 'PAMName=', we fork off a child-process _inside_ the unit, known as '(sd-pam)', which watches the session. It waits for the main-process to exit and then finishes it via pam_close_session(3). However, the '(sd-pam)' setup is highly asynchronous. There is no guarantee that process gets spawned before we finish the unit setup. Therefore, there might be a root-owned process inside of the cgroup of the unit, thus causing cg_migrate() to error-out with EPERM. This patch makes setup_pam() synchronous and waits for the '(sd-pam)' setup to finish before continuing. This guarantees that setresuid(2) was at least tried before we continue with the child setup of the real unit. Note that if setresuid(2) fails, we already warn loudly about it. You really must make sure that you own the passed user if using 'PAMName='. It seems very plausible to rely on that assumption.
2015-09-22Merge pull request #1338 from kaysievers/pamLennart Poettering
pam: systemd-user - call selinux module
2015-09-22udev: ata_id - ATA_ID_SATA_CAPABILITY == 76Kay Sievers
2015-09-22pam: systemd-user - call selinux moduleKay Sievers
https://bugzilla.redhat.com/show_bug.cgi?id=1262933
2015-09-22Merge pull request #1334 from poettering/sd-bus-default-flush-closeDavid Herrmann
sd-bus: introduce new sd_bus_default_flush_close() call
2015-09-22Merge pull request #1324 from pugs/masterKay Sievers
Fixup WWN bytes for big-endian systems
2015-09-22Merge pull request #1335 from poettering/some-fixesDaniel Mack
A variety of mostly unrelated fixes
2015-09-22Merge pull request #1336 from pszewczyk/functionfs_sockets_v3Lennart Poettering
core: add support for usb functionfs v3
2015-09-22importd: make sure we don't accidentally close fd 0Lennart Poettering
Fixes #1330
2015-09-22core: Add FFSDescriptors and FFSStrings service parametersPawel Szewczyk
By using these parameters functionfs service can specify ffs descriptors and strings which should be written to ep0.
2015-09-22core: Add socket type for usb functionfs endpointsPawel Szewczyk
For handling functionfs endpoints additional socket type is added.
2015-09-22notify: sort header files, follow CODING_STYLELennart Poettering
2015-09-22util: drop UID_IS_INVALID() in favour of uid_is_valid()Lennart Poettering
No need to keep both functions, settle on uid_is_valid() for everything.
2015-09-22util.h: order includes, as suggested by CODING_STYLELennart Poettering
Of course, because Linux is broken we cannot actually really order it, and must keep linux/fs.h after sys/mount.h... Yay for Linux!
2015-09-22util: clean-ups to enum parsersLennart Poettering
Never log when we fail due to OOM when translating enums, let the caller do that. Translating basic types like enums should be something where the caller logs, not the translatior functions. Return -1 when NULL is passed to all enum parser functions. The non-fallback versions of the enum translator calls already handle NULL as failure, instead of hitting an assert, and we should do this here, too.
2015-09-22cgtop: make sure help text doesn't cause main contents to moveLennart Poettering
Let's always keep space for the full help text. (We used to do that, but recently another line of help was added which broke this.)
2015-09-22util: minor cleanups for loop_read() and friendsLennart Poettering
When 0 bytes are to be written, make sure to go into read() at least once, in order to validate the parameters, such as the passed fd. Return error on huge values, add a couple of asserts and casts where appropriate.
2015-09-22cgtop: underline table headerLennart Poettering
Let's underline the header line of the table shown by cgtop, how it is customary for tables. In order to do this, let's introduce new ANSI underline macros, and clean up the existing ones as side effect.
2015-09-22sd-id128: make size constraints a bit more obviousLennart Poettering
2015-09-22util: add safe_closedir() similar to safe_fclose()Lennart Poettering
2015-09-22copy: make copy_bytes() return whether we hit EOF or notLennart Poettering
2015-09-22copy: be more careful when trying to reflinkLennart Poettering
2015-09-22sd-bus: introduce new sd_bus_default_flush_close() callLennart Poettering
If code enqueues a message on one of the default busses, but doesn't sync on it, and immediately drops the reference to the bus again, it will stay queued and consume memory. Intrdouce a new call sd_bus_default_flush_close() that can be invoked at the end of programs (or threads) and flushes out all unsent messages on any of the default busses.
2015-09-22login: support more than just power-gpio-keydoubleodoug
Adding additional keys prevents this gpio-keys powerswitch from working, e.g. this wouldn't poweroff: button@23 { label = "power-switch"; linux,code = <116>; gpios = <&gpio 23 1>; }; button@25 { label = "KEY_A"; linux,code = <30>; gpios = <&gpio 25 1>; }; Changing ATTRS{keys}=="116" to ATTRS{keys}=="*116*" makes the power-switch and the A key both work properly. (David: rephrase and merge-commits)
2015-09-22Merge pull request #1333 from dvdhrm/sd-network-cleanupLennart Poettering
sd-network: random API cleanups
2015-09-22sd-lldp: hide internal detailsDavid Herrmann
Currently, sd-lldp.h exports "UPDATE_INFO".. and defines it to a magic constant '10'. This is completely bogus, so fix it to follow our coding standards: - Prefix exported symbols by SD_LLDP_* - Define a separate event-enum for event types - Translate internal state to external event-types
2015-09-22sd-lldp: hide internal informationDavid Herrmann
Don't export constant that are only used internally.
2015-09-22sd-pppoe: fix namespacingDavid Herrmann
Prefix all exported constants by SD_PPPOE_* to avoid namespacing conflicts.
2015-09-22sd-ipv4ll: fix namespacingDavid Herrmann
Prefix all exported constants with SD_IPV4LL_* to avoid namespacing conflicts.
2015-09-22sd-ipv4acd: fix namespacingDavid Herrmann
Prefix all exported constants with SD_IPV4ACD to prevent namespacing conflicts.
2015-09-22sd-icmp6-nd: fix namespacingDavid Herrmann
Prefix all exported constants by SD_ICMP6_ND_* to avoid any namespacing conflicts.
2015-09-22sd-dhcp6: fix namespacingDavid Herrmann
Prefix all exported constants with SD_DHCP6_CLIENT_* to avoid any namespacing conflicts.
2015-09-22sd-dhcp: fix namespacingDavid Herrmann
Prefix all constants with SD_DHCP_CLIENT_* to avoid namespacing conflicts.
2015-09-22Merge pull request #986 from karelzak/monitorLennart Poettering
mount: use libmount to monitor mountinfo & utab
2015-09-22nspawn, machined: fix comments and error messagesKrzesimir Nowak
A bunch of "Client -> Child" fixes and one barrier-enumerator fix. (David: rebased on master)
2015-09-22nspawn: close unneeded sockets in outer childKrzesimir Nowak
(David: Note, this is just a cleanup and doesn't fix any bugs)
2015-09-22util: introduce {send,receive}_one_fd()David Herrmann
Introduce two new helpers that send/receive a single fd via a unix transport. Also make nspawn use them instead of hard-coding it. Based on a patch by Krzesimir Nowak.
2015-09-22core: Add list of additional file descriptors to socket portPawel Szewczyk
Some additional files related to single socket may appear in the filesystem and they should be opened and passed to related service. This commit adds optional list of file descriptors, which are dynamically discovered and opened.
2015-09-22Merge pull request #1323 from dvdhrm/mount-propagateLennart Poettering
mount: propagate error codes correctly
2015-09-21Fixup WWN bytes for big-endian systemsTom Lyon
2015-09-21Merge pull request #1317 from ronnychevalier/rc/ipv4ll_seedDaniel Mack
sd-ipv4ll: do not assert_return when seed == 0
2015-09-21mount: propagate error codes correctlyDavid Herrmann
Make sure to propagate error codes from mount-loops correctly. Right now, we return the return-code of the first mount that did _something_. This is not what we want. Make sure we return an error if _any_ mount fails (and then make sure to return the first error to not hide proper errors due to consequential errors like -ENOTDIR). Reported by cee1 <fykcee1@gmail.com>.
2015-09-21Merge pull request #1249 from lnykryn/sysv-symlinksLennart Poettering
sysv-generator: follow symlinks in /etc/rc.d/init.d
2015-09-21core: fix group ownership when Group is setRonny Chevalier
When Group is set in the unit, the runtime directories are owned by this group and not the default group of the user (same for cgroup paths and standard outputs) Fix #1231
2015-09-21test-execute: add tests for RuntimeDirectoryRonny Chevalier
2015-09-21Merge pull request #1315 from ↵Lennart Poettering
systemd-mailing-devs/1442692671-10134-1-git-send-email-dev@benjarobin.fr systemd-notify: Always pass a valid pid to sd_pid_notify
2015-09-21containers: systemd exits with non-zero codeAlban Crequy
When a systemd service running in a container exits with a non-zero code, it can be useful to terminate the container immediately and get the exit code back to the host, when systemd-nspawn returns. This was not possible to do. This patch adds the following to make it possible: - Add a read-only "ExitCode" property on PID 1's "Manager" bus object. By default, it is 0 so the behaviour stays the same as previously. - Add a method "SetExitCode" on the same object. The method fails when called on baremetal: it is only allowed in containers or in user session. - Add support in systemctl to call "systemctl exit 42". It reuses the existing code for user session. - Add exit.target and systemd-exit.service to the system instance. - Change main() to actually call systemd-shutdown to exit() with the correct value. - Add verb 'exit' in systemd-shutdown with parameter --exit-code - Update systemctl manpage. I used the following to test it: | $ sudo rkt --debug --insecure-skip-verify run \ | --mds-register=false --local docker://busybox \ | --exec=/bin/chroot -- /proc/1/root \ | systemctl --force exit 42 | ... | Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42. | $ echo $? | 42 Fixes https://github.com/systemd/systemd/issues/1290
2015-09-21test-ipv4ll: use unsigned instead of an array for a seedRonny Chevalier
ipv4ll use an unsigned instead of an uint8_t array. Hence, use an unsigned seed instead of declaring an array and then dereferencing it later.
2015-09-21sd-ipv4ll: do not assert_return when seed == 0Ronny Chevalier
Now that seed is an unsigned and not an array, we do not need to assert on it.
2015-09-21Merge pull request #1288 from teg/ipv4acd-3Tom Gundersen
sd-ipv4acd: split out as separate library from sd-ipv4ll