summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-08-17namespace helpers: Allow entering a UID namespaceRichard Maw
To be able to use `systemd-run` or `machinectl login` on a container that is in a private user namespace, the sub-process must have entered the user namespace before connecting to the container's D-Bus, otherwise the UID and GID in the peer credentials are garbage. So we extend namespace_open and namespace_enter to support UID namespaces, and we enter the UID namespace in bus_container_connect_{socket,kernel}. namespace_open will degrade to a no-op if user namespaces are not enabled in the kernel. Special handling is required for the setns call in namespace_enter with a user namespace, since transitioning to your own namespace is forbidden, as it would result in re-entering your user namespace as root. Arguably it may be valid to check this at the call site, rather than inside namespace_enter, but it is less code to do it inside, and if the intention of calling namespace_enter is to *be* in the target namespace, rather than to transition to the target namespace, it is a reasonable approach. The check for whether the user namespace is the same must happen before entering namespaces, as we may not be able to access /proc during the intermediate transition stage. We can't instead attempt to enter the user namespace and then ignore the failure from it being the same namespace, since the error code is not distinct, and we can't compare namespaces while mid-transition.
2015-08-08libsystemd-network: fix memory leakreverendhomer
2015-08-08Merge pull request #914 from reverendhomer/patch-2Daniel Mack
Coverity #1299013
2015-08-08Coverity #1299013reverendhomer
event cannot be NULL due to assert
2015-08-08Coverity #1299015reverendhomer
bus can never be NULL due to assert
2015-08-07core: s/reexection/reexecution/ typo fixJan Pokorný
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
2015-08-07load-fragment: fix segv on parse errorZbigniew Jędrzejewski-Szmek
https://bugzilla.redhat.com/show_bug.cgi?id=1251334
2015-08-06Merge pull request #898 from poettering/machined-fix-reloadDaniel Mack
Fix for #376, plus some other fixes
2015-08-06machined: rework state tracking logic for machinesLennart Poettering
This splits up the stopping logic for machines into two steps: first on machine_stop() we begin with the shutdown of a machine by queuing the stop method call for it. Then, in machine_finalize() we actually remove the rest of its runtime context. This mimics closely how sessions are handled in logind. This also reworks the GC logic to strictly check the current state of the machine unit, rather than shortcutting a few cases, like for example assuming that UnitRemoved really means a machine is gone (which it isn't since Reloading might trigger it, see #376). Fixes #376.
2015-08-06machine: drop state variable from Machine objectLennart Poettering
We never made use of it, let's get rid of it.
2015-08-06logind,machined: various smaller cleanupsLennart Poettering
Use mfree() where we can. Drop unnecessary {}. Drop unnecessary variable declarations. Cast syscall invocations where explicitly don't care for the return value to (void). Reword a comment.
2015-08-06machined,logind: don't generate errors on signal match functionsLennart Poettering
If we get a weird signal, then we should log about it, but not return an error, since sd-bus will not call us again then anymore, but for these signals we match here we actually do want to be called on the next invocation.
2015-08-06sd-bus: ignore BLOOM_FILTER kdbus itemsLennart Poettering
The kernel nowadays sends these along, and that's OK, hence don't even debug log about it, but completely ignore it.
2015-08-06Merge pull request #896 from poettering/runtimedir-execTom Gundersen
execute: don't fail if we create the runtime directory from two proce…
2015-08-06execute: don't fail if we create the runtime directory from two processes ↵Lennart Poettering
simultaneously If a service has both ExecStart= and ExecStartPost= set with Type=simple, then it might happen that we have two children create the runtime directory of a service (as configured with RuntimeDirectory=) at the same time. Previously we did this with mkdir_safe() which will create the dir only if it is missing, but if it already exists will at least verify the access mode and ownership to match the right values. This is problematic in this case, since it creates and then adjusts the settings, thus it might happen that one child creates the directory with root owner, another one then verifies it, and only afterwards the directory ownership is fixed by the original child, while the second child already failed. With this change we'll now always adjust the access mode, so that we know that it is right. In the worst case this means we adjust the mode/ownership even though its unnecessary, but this should have no negative effect. https://bugzilla.redhat.com/show_bug.cgi?id=1226509
2015-08-06bus-proxy: add comment to remove -EPERM checkKay Sievers
2015-08-06core: unit: remove bus slot after calling unit_done()Daniel Mack
The ->done callback in the unit's vtable might call into unit_unwatch_bus_name() and corrupt memory by that. Move the call down, and clean up the bus slot in case it hasn't been done yet.
2015-08-06bus-proxy: fix error code for invalid reply-slotsDavid Herrmann
The kernel may return EBADSLT if a reply slot cannot be found. Make sure to ignore it just like we ignore EPERM (the comment still applies).
2015-08-06core: dbus: track bus names per unitDaniel Mack
Currently, PID1 installs an unfiltered NameOwnerChanged signal match, and dispatches the signals itself. This does not scale, as right now, PID1 wakes up every time a bus client connects. To fix this, install individual matches once they are requested by unit_watch_bus_name(), and remove the watches again through their slot in unit_unwatch_bus_name(). If the bus is not available during unit_watch_bus_name(), just store name in the 'watch_bus' hashmap, and let bus_setup_api() do the installing later.
2015-08-06libsystemd-network: plug memory leakDaniel Mack
Coverity #1315324
2015-08-05Merge branch 'hostnamectl-dot-v2'Zbigniew Jędrzejewski-Szmek
Manual merge of https://github.com/systemd/systemd/pull/751.
2015-08-05hostname-util: ignore case when checking if hostname is localhostZbigniew Jędrzejewski-Szmek
2015-08-05hostname-util: get rid of unused parameter of hostname_cleanup()Zbigniew Jędrzejewski-Szmek
All users are now setting lowercase=false.
2015-08-05hostnamectl: allow trailing dot on fqdnZbigniew Jędrzejewski-Szmek
When the user requests to set hostname, and we are setting both pretty and static hostnames, and the name is a valid FQDN, we use it as the static hostname, and unset the pretty hostname. The change is that a FQDN with a trailing dot is accepted and ignored. https://bugzilla.redhat.com/show_bug.cgi?id=1238246 Lowercasing of the static name is not done anymore. $ hostnamectl set-hostname Foobar. => static is "Foobar", pretty is "Foobar." $ hostnamectl set-hostname Foobar.org. => static is "Foobar.org", pretty is unset $ hostnamectl set-hostname Foobar.org.. => static is "Foobar.org", pretty is "Foobar.org.."
2015-08-05networkd: allow trailing dot on fqdn in config fileZbigniew Jędrzejewski-Szmek
2015-08-05firstboot: allow a trailing dot on fqdnZbigniew Jędrzejewski-Szmek
2015-08-05hostname-util: add relax parameter to hostname_is_validZbigniew Jędrzejewski-Szmek
Tests are modified to check behaviour with relax and without relax. New tests are added for hostname_cleanup(). Tests are moved a new file (test-hostname-util) because there's now a bunch of them. New parameter is not used anywhere, except in tests, so there should be no observable change.
2015-08-06Merge pull request #883 from phomes/bool_vs_error_codesDaniel Mack
tree-wide: do not return error codes as bool
2015-08-06tree-wide: do not return error codes as boolThomas Hindoe Paaboel Andersen
2015-08-06tree-wide: fix indentationThomas Hindoe Paaboel Andersen
2015-08-05network: make enough space for stringLennart Poettering
Follow-up for PR #877.
2015-08-05Merge pull request #877 from crawford/dhcp-private-options-v4Lennart Poettering
networkd: save private-zone DHCP options
2015-08-05udev: uaccess - do not log error when device node disappearsKay Sievers
https://github.com/systemd/systemd/issues/875
2015-08-05networkd: clean up duplicate codeAlex Crawford
2015-08-05networkd: serialize the private optionsAlex Crawford
Save the private options along side the rest of the options in the lease files.
2015-08-05networkd: add private options to lease structAlex Crawford
This stores private-zone DHCP options inside of their respective DHCP lease. These options aren't used by networkd (what would it do with them?), but saving them will allow other programs to query the values. To improve performance, the options are stored in ascending order by tag.
2015-08-05logind: switch to sd_bus_track helperDaniel Mack
Let logind use the sd_bus_track helper object to track the controllers of sessions. This does not only remove quite some code but also kills the unconditional matches for all NameOwnerChanged signals. The latter is something we should never ever do, as it wakes up the daemon every time a client connects, which doesn't scale.
2015-08-05Merge pull request #871 from poettering/journald-meta-fieldsDaniel Mack
journald: fix count of object meta fields
2015-08-05Merge pull request #864 from phomes/masterLennart Poettering
hwdb: add Logitech LX8 DPI and wheel click settings
2015-08-05journald: fix count of object meta fieldsLennart Poettering
There are 12 object meta fields created in dispatch_message_real(), but we only allocated space for 11. Fix this. Fixes #866.
2015-08-05sysctl: reword warning message a bitLennart Poettering
Let's make this less dramatic, in order to not confuse people too much making them think that this was something to actually fix.
2015-08-05Merge pull request #868 from jsynacek/jsynacek/sysctlLennart Poettering
sysctl: bump loglevel when attempting to write invalid values [v2]
2015-08-05sysctl: bump loglevel when attempting to write invalid valuesJan Synacek
2015-08-04Use getxpid syscall on alpha for raw_getpid()Matt Turner
Alpha does not have a getpid syscall, but rather has getxpid to match OSF/1.
2015-08-05Merge pull request #855 from ↵Lennart Poettering
richardmaw-codethink/machinectl-copy-to-from-relative-paths-v2 Allow relative paths in `machinectl copy-{from,to}` (v2)
2015-08-04gpt-auto-generator: remove unused variableThomas Hindoe Paaboel Andersen
2015-08-04Merge pull request #860 from walyong/smack_v11Daniel Mack
Smack v11: set only the default smack process label if the command path has no execute label
2015-08-04core: set default process label only exec label is noneWaLyong Cho
When command path has access label and no SmackProcessLabel= is not set, default process label will be set. But if the default process label has no rule for the access label of the command path then smack access error will be occurred. So, if the command path has execute label then the child have to set its label to the same of execute label of command path instead of default process label.
2015-08-04smack-util: revise smack-util apis and add read smack attr apisWaLyong Cho
- Add smack xattr lookup table - Unify all of mac_smack_apply_xxx{_fd}() to mac_smack_apply() and mac_smack_apply_fd(). - Add smack xattr read apis similar with apply apis as mac_smack_read{_fd}().
2015-08-04util: add getxattr helper apisWaLyong Cho
To get xattr of given path or fd on newly allocated buffer, add new helper api getxattr_malloc() and fgetxattr_malloc().