Age | Commit message (Collapse) | Author |
|
To be able to use `systemd-run` or `machinectl login` on a container
that is in a private user namespace, the sub-process must have entered
the user namespace before connecting to the container's D-Bus, otherwise
the UID and GID in the peer credentials are garbage.
So we extend namespace_open and namespace_enter to support UID namespaces,
and we enter the UID namespace in bus_container_connect_{socket,kernel}.
namespace_open will degrade to a no-op if user namespaces are not enabled
in the kernel.
Special handling is required for the setns call in namespace_enter with
a user namespace, since transitioning to your own namespace is forbidden,
as it would result in re-entering your user namespace as root.
Arguably it may be valid to check this at the call site, rather than
inside namespace_enter, but it is less code to do it inside, and if the
intention of calling namespace_enter is to *be* in the target namespace,
rather than to transition to the target namespace, it is a reasonable
approach.
The check for whether the user namespace is the same must happen before
entering namespaces, as we may not be able to access /proc during the
intermediate transition stage.
We can't instead attempt to enter the user namespace and then ignore
the failure from it being the same namespace, since the error code is
not distinct, and we can't compare namespaces while mid-transition.
|
|
|
|
Coverity #1299013
|
|
event cannot be NULL due to assert
|
|
bus can never be NULL due to assert
|
|
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1251334
|
|
Fix for #376, plus some other fixes
|
|
This splits up the stopping logic for machines into two steps: first on
machine_stop() we begin with the shutdown of a machine by queuing the
stop method call for it. Then, in machine_finalize() we actually remove
the rest of its runtime context. This mimics closely how sessions are
handled in logind.
This also reworks the GC logic to strictly check the current state of
the machine unit, rather than shortcutting a few cases, like for example
assuming that UnitRemoved really means a machine is gone (which it isn't
since Reloading might trigger it, see #376).
Fixes #376.
|
|
We never made use of it, let's get rid of it.
|
|
Use mfree() where we can.
Drop unnecessary {}.
Drop unnecessary variable declarations.
Cast syscall invocations where explicitly don't care for the return
value to (void).
Reword a comment.
|
|
If we get a weird signal, then we should log about it, but not return an
error, since sd-bus will not call us again then anymore, but for these
signals we match here we actually do want to be called on the next
invocation.
|
|
The kernel nowadays sends these along, and that's OK, hence don't even
debug log about it, but completely ignore it.
|
|
execute: don't fail if we create the runtime directory from two proce…
|
|
simultaneously
If a service has both ExecStart= and ExecStartPost= set with
Type=simple, then it might happen that we have two children create the
runtime directory of a service (as configured with RuntimeDirectory=) at
the same time. Previously we did this with mkdir_safe() which will
create the dir only if it is missing, but if it already exists will at
least verify the access mode and ownership to match the right values.
This is problematic in this case, since it creates and then adjusts the
settings, thus it might happen that one child creates the directory with
root owner, another one then verifies it, and only afterwards the
directory ownership is fixed by the original child, while the second
child already failed.
With this change we'll now always adjust the access mode, so that we
know that it is right. In the worst case this means we adjust the
mode/ownership even though its unnecessary, but this should have no
negative effect.
https://bugzilla.redhat.com/show_bug.cgi?id=1226509
|
|
|
|
The ->done callback in the unit's vtable might call into
unit_unwatch_bus_name() and corrupt memory by that.
Move the call down, and clean up the bus slot in case it hasn't been done
yet.
|
|
The kernel may return EBADSLT if a reply slot cannot be found. Make sure
to ignore it just like we ignore EPERM (the comment still applies).
|
|
Currently, PID1 installs an unfiltered NameOwnerChanged signal match, and
dispatches the signals itself. This does not scale, as right now, PID1
wakes up every time a bus client connects.
To fix this, install individual matches once they are requested by
unit_watch_bus_name(), and remove the watches again through their slot in
unit_unwatch_bus_name().
If the bus is not available during unit_watch_bus_name(), just store
name in the 'watch_bus' hashmap, and let bus_setup_api() do the installing
later.
|
|
Coverity #1315324
|
|
Manual merge of https://github.com/systemd/systemd/pull/751.
|
|
|
|
All users are now setting lowercase=false.
|
|
When the user requests to set hostname, and we are setting both
pretty and static hostnames, and the name is a valid FQDN, we
use it as the static hostname, and unset the pretty hostname.
The change is that a FQDN with a trailing dot is accepted and ignored.
https://bugzilla.redhat.com/show_bug.cgi?id=1238246
Lowercasing of the static name is not done anymore.
$ hostnamectl set-hostname Foobar.
=> static is "Foobar", pretty is "Foobar."
$ hostnamectl set-hostname Foobar.org.
=> static is "Foobar.org", pretty is unset
$ hostnamectl set-hostname Foobar.org..
=> static is "Foobar.org", pretty is "Foobar.org.."
|
|
|
|
|
|
Tests are modified to check behaviour with relax and without relax.
New tests are added for hostname_cleanup().
Tests are moved a new file (test-hostname-util) because there's
now a bunch of them.
New parameter is not used anywhere, except in tests, so there should
be no observable change.
|
|
tree-wide: do not return error codes as bool
|
|
|
|
|
|
Follow-up for PR #877.
|
|
networkd: save private-zone DHCP options
|
|
https://github.com/systemd/systemd/issues/875
|
|
|
|
Save the private options along side the rest of the options in the lease
files.
|
|
This stores private-zone DHCP options inside of their respective DHCP
lease. These options aren't used by networkd (what would it do with
them?), but saving them will allow other programs to query the values.
To improve performance, the options are stored in ascending order by
tag.
|
|
Let logind use the sd_bus_track helper object to track the controllers of
sessions. This does not only remove quite some code but also kills the
unconditional matches for all NameOwnerChanged signals.
The latter is something we should never ever do, as it wakes up the daemon
every time a client connects, which doesn't scale.
|
|
journald: fix count of object meta fields
|
|
hwdb: add Logitech LX8 DPI and wheel click settings
|
|
There are 12 object meta fields created in dispatch_message_real(), but
we only allocated space for 11. Fix this.
Fixes #866.
|
|
Let's make this less dramatic, in order to not confuse people too much
making them think that this was something to actually fix.
|
|
sysctl: bump loglevel when attempting to write invalid values [v2]
|
|
|
|
Alpha does not have a getpid syscall, but rather has getxpid to match
OSF/1.
|
|
richardmaw-codethink/machinectl-copy-to-from-relative-paths-v2
Allow relative paths in `machinectl copy-{from,to}` (v2)
|
|
|
|
Smack v11: set only the default smack process label if the command path has no execute label
|
|
When command path has access label and no SmackProcessLabel= is not
set, default process label will be set. But if the default process
label has no rule for the access label of the command path then smack
access error will be occurred.
So, if the command path has execute label then the child have to set
its label to the same of execute label of command path instead of
default process label.
|
|
- Add smack xattr lookup table
- Unify all of mac_smack_apply_xxx{_fd}() to mac_smack_apply() and
mac_smack_apply_fd().
- Add smack xattr read apis similar with apply apis as
mac_smack_read{_fd}().
|
|
To get xattr of given path or fd on newly allocated buffer, add new
helper api getxattr_malloc() and fgetxattr_malloc().
|