Age | Commit message (Collapse) | Author |
|
If we spawn a unit with a non-empty 'PAMName=', we fork off a
child-process _inside_ the unit, known as '(sd-pam)', which watches the
session. It waits for the main-process to exit and then finishes it via
pam_close_session(3).
However, the '(sd-pam)' setup is highly asynchronous. There is no
guarantee that process gets spawned before we finish the unit setup.
Therefore, there might be a root-owned process inside of the cgroup of
the unit, thus causing cg_migrate() to error-out with EPERM.
This patch makes setup_pam() synchronous and waits for the '(sd-pam)'
setup to finish before continuing. This guarantees that setresuid(2) was
at least tried before we continue with the child setup of the real unit.
Note that if setresuid(2) fails, we already warn loudly about it. You
really must make sure that you own the passed user if using 'PAMName='.
It seems very plausible to rely on that assumption.
|
|
pam: systemd-user - call selinux module
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1262933
|
|
sd-bus: introduce new sd_bus_default_flush_close() call
|
|
Fixup WWN bytes for big-endian systems
|
|
A variety of mostly unrelated fixes
|
|
core: add support for usb functionfs v3
|
|
Fixes #1330
|
|
By using these parameters functionfs service can specify ffs descriptors
and strings which should be written to ep0.
|
|
For handling functionfs endpoints additional socket type is added.
|
|
|
|
No need to keep both functions, settle on uid_is_valid() for everything.
|
|
Of course, because Linux is broken we cannot actually really order it,
and must keep linux/fs.h after sys/mount.h... Yay for Linux!
|
|
Never log when we fail due to OOM when translating enums, let the caller
do that. Translating basic types like enums should be something where
the caller logs, not the translatior functions.
Return -1 when NULL is passed to all enum parser functions.
The non-fallback versions of the enum translator calls already handle
NULL as failure, instead of hitting an assert, and we should do this
here, too.
|
|
Let's always keep space for the full help text. (We used to do that, but
recently another line of help was added which broke this.)
|
|
When 0 bytes are to be written, make sure to go into read() at least
once, in order to validate the parameters, such as the passed fd.
Return error on huge values, add a couple of asserts and casts where
appropriate.
|
|
Let's underline the header line of the table shown by cgtop, how it is
customary for tables. In order to do this, let's introduce new ANSI
underline macros, and clean up the existing ones as side effect.
|
|
|
|
|
|
|
|
|
|
If code enqueues a message on one of the default busses, but doesn't
sync on it, and immediately drops the reference to the bus again, it
will stay queued and consume memory. Intrdouce a new call
sd_bus_default_flush_close() that can be invoked at the end of programs
(or threads) and flushes out all unsent messages on any of the default
busses.
|
|
Adding additional keys prevents this gpio-keys powerswitch from working,
e.g. this wouldn't poweroff:
button@23 {
label = "power-switch";
linux,code = <116>;
gpios = <&gpio 23 1>;
};
button@25 {
label = "KEY_A";
linux,code = <30>;
gpios = <&gpio 25 1>;
};
Changing ATTRS{keys}=="116" to ATTRS{keys}=="*116*" makes the
power-switch and the A key both work properly.
(David: rephrase and merge-commits)
|
|
sd-network: random API cleanups
|
|
Currently, sd-lldp.h exports "UPDATE_INFO".. and defines it to a magic
constant '10'. This is completely bogus, so fix it to follow our coding
standards:
- Prefix exported symbols by SD_LLDP_*
- Define a separate event-enum for event types
- Translate internal state to external event-types
|
|
Don't export constant that are only used internally.
|
|
Prefix all exported constants by SD_PPPOE_* to avoid namespacing
conflicts.
|
|
Prefix all exported constants with SD_IPV4LL_* to avoid namespacing
conflicts.
|
|
Prefix all exported constants with SD_IPV4ACD to prevent namespacing
conflicts.
|
|
Prefix all exported constants by SD_ICMP6_ND_* to avoid any namespacing
conflicts.
|
|
Prefix all exported constants with SD_DHCP6_CLIENT_* to avoid any
namespacing conflicts.
|
|
Prefix all constants with SD_DHCP_CLIENT_* to avoid namespacing
conflicts.
|
|
mount: use libmount to monitor mountinfo & utab
|
|
A bunch of "Client -> Child" fixes and one barrier-enumerator fix.
(David: rebased on master)
|
|
(David: Note, this is just a cleanup and doesn't fix any bugs)
|
|
Introduce two new helpers that send/receive a single fd via a unix
transport. Also make nspawn use them instead of hard-coding it.
Based on a patch by Krzesimir Nowak.
|
|
Some additional files related to single socket may appear in the
filesystem and they should be opened and passed to related service.
This commit adds optional list of file descriptors, which are
dynamically discovered and opened.
|
|
mount: propagate error codes correctly
|
|
|
|
sd-ipv4ll: do not assert_return when seed == 0
|
|
Make sure to propagate error codes from mount-loops correctly. Right now,
we return the return-code of the first mount that did _something_. This is
not what we want. Make sure we return an error if _any_ mount fails (and
then make sure to return the first error to not hide proper errors due to
consequential errors like -ENOTDIR).
Reported by cee1 <fykcee1@gmail.com>.
|
|
sysv-generator: follow symlinks in /etc/rc.d/init.d
|
|
When Group is set in the unit, the runtime directories are owned by
this group and not the default group of the user (same for cgroup paths
and standard outputs)
Fix #1231
|
|
|
|
systemd-mailing-devs/1442692671-10134-1-git-send-email-dev@benjarobin.fr
systemd-notify: Always pass a valid pid to sd_pid_notify
|
|
When a systemd service running in a container exits with a non-zero
code, it can be useful to terminate the container immediately and get
the exit code back to the host, when systemd-nspawn returns. This was
not possible to do. This patch adds the following to make it possible:
- Add a read-only "ExitCode" property on PID 1's "Manager" bus object.
By default, it is 0 so the behaviour stays the same as previously.
- Add a method "SetExitCode" on the same object. The method fails when
called on baremetal: it is only allowed in containers or in user
session.
- Add support in systemctl to call "systemctl exit 42". It reuses the
existing code for user session.
- Add exit.target and systemd-exit.service to the system instance.
- Change main() to actually call systemd-shutdown to exit() with the
correct value.
- Add verb 'exit' in systemd-shutdown with parameter --exit-code
- Update systemctl manpage.
I used the following to test it:
| $ sudo rkt --debug --insecure-skip-verify run \
| --mds-register=false --local docker://busybox \
| --exec=/bin/chroot -- /proc/1/root \
| systemctl --force exit 42
| ...
| Container rkt-895a0cba-5c66-4fa5-831c-e3f8ddc5810d failed with error code 42.
| $ echo $?
| 42
Fixes https://github.com/systemd/systemd/issues/1290
|
|
ipv4ll use an unsigned instead of an uint8_t array. Hence, use an
unsigned seed instead of declaring an array and then dereferencing it
later.
|
|
Now that seed is an unsigned and not an array, we do not need to assert
on it.
|
|
sd-ipv4acd: split out as separate library from sd-ipv4ll
|