summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-06-30Merge pull request #429 from ↵Tom Gundersen
richardmaw-codethink/nspawn-userns-uid-shift-autodetection-fix nspawn: determine_uid_shift before forking
2015-06-30Merge pull request #428 from richardmaw-codethink/nspawn-userns-remount-failTom Gundersen
nspawn: Don't remount with fewer options
2015-06-30nspawn: determine_uid_shift before forkingRichard Maw
It is needed in one branch of the fork, but calculated in another branch. Failing to do this means using --private-users without specifying a uid shift always fails because it tries to shift the uid to UID_INVALID.
2015-06-30nspawn: Don't remount with fewer optionsRichard Maw
When we do a MS_BIND mount, it inherits the flags of its parent mount. When we do a remount, it sets the flags to exactly what is specified. If we are in a user namespace then these mount points have their flags locked, so you can't reduce the protection. As a consequence, the default setup of mount_all doesn't work with user namespaces. However if we ensure we add the mount flags of the parent mount when remounting, then we aren't removing mount options, so we aren't trying to unlock an option that we aren't allowed to.
2015-06-30core: handle --log-target=null when calling systemd-shutdownIago López Galeiras
When shutting down, if systemd was started with --log-target=null, systemd-shutdown was being called with --log-target=console.
2015-06-29sysv-generator: escape names when translating from sysv nameFelipe Sateler
While the LSB suggests only [A-Za-z0-9], that doesn't prevent admins from doing the wrong thing. Lets not generate invalid names in that case.
2015-06-29sysv-generator: detect invalid provided unit namesFelipe Sateler
Do not assume that a non-service unit type is a target.
2015-06-29Merge pull request #387 from kaysievers/wipTom Gundersen
udev: Remove accelerometer helper
2015-06-29Merge pull request #402 from ↵Daniel Mack
systemd-mailing-devs/1435512180-3659-1-git-send-email-ebiggers3@gmail.com util: fix incorrect escape sequence in string_is_safe()
2015-06-28util: fix incorrect escape sequence in string_is_safe()Eric Biggers
2015-06-28bootchart: reset list_sample_data head before generating SVGGianpaolo Macario
Until commit 1f2ecb0 ("bootchart: kill a bunch of global variables") variable "head" was declared global and this action was performed by svg_header. Now that "head" is local and passed to each function called by svg_do(...) move the code at the beginning of svg_do(...) to restore the correct behaviour.
2015-06-27udev: Remove accelerometer helperBastien Nocera
It's moved to the iio-sensor-proxy D-Bus service.
2015-06-25logind: fix delayed execution regressionDaniel Mack
Commit c0f32805 ("logind: use sd_event timer source for inhibitor logic") reworked the main loop logic of logind so that it uses a real timeout callback handler to execute delayed functions. What the old code did, however, was to call those functions on every iteration in the main loop, not only when the timeout expired. Restore that behavior by bringing back manager_dispatch_delayed(), and call it from manager_run(). The internal event source callback manager_inhibit_timeout_handler() was turned into a wrapper of manager_dispatch_delayed() now.
2015-06-25Merge pull request #367 from msekletar/install-unit-file-list-assertDaniel Mack
install: explicitly return 0 on success
2015-06-25install: explicitly return 0 on successMichal Sekletar
Maybe there is some left-over value stored in r from previous function call. Let's make sure we always return consistent error code when we reach end of the function body. Fixes following crash of test-install, Assertion 'r == 0' failed at src/test/test-install.c:52, function main(). Aborting. [1] 11703 abort (core dumped) ./test-install
2015-06-25bootchart: Account CPU time spent in non-main threads of processes (v5)Gianpaolo Macario
Fix for issue https://github.com/systemd/systemd/issues/139 - Implement fixes suggested by @teg to -v2 - Implement fixes suggested by @zonque to -v3 and -v4
2015-06-25Merge pull request #363 from zonque/proxyKay Sievers
bus-proxy: ignore 'log' attributes in XML policy
2015-06-25bus-proxy: ignore 'log' attributes in XML policyDaniel Mack
'log' is unsupported but nothing to warn about. Ignore it just like we ignore 'eavesdrop'.
2015-06-25Merge pull request #355 from dvdhrm/netlinkTom Gundersen
sd-netlink cleanups
2015-06-24Merge pull request #335 from aroig/gh/fix_check_unneededLennart Poettering
core: fix reversed dependency check in unit_check_unneeded
2015-06-24sd-netlink: don't export internal type-system detailsDavid Herrmann
The kernel bonding layer allows passing an array of ARP IP targets as bond-configuration. Due to the weird implementation of arrays in netlink (which we haven't figure out a generic way to support, yet), we usually hard-code the supported array-sizes. However, this should not be exported from sd-netlink. Instead, make sure the caller just uses it's current hack of enumerating the types, and the sd-netlink core will have it's own list of supported array-sizes (to be removed in future extensions, btw!). If either does not match, we will just return a normal error. Note that we provide 2 constants for ARP_IP_TARGETS_MAX now. However, both have very different reasons: - the constant in netdev-bond.c is used to warn the user that the given number of targets might not be supported by the kernel (even though the kernel might increase that number at _any_ time) - the constant in sd-netlink is solely used due to us missing a proper array implementation. Once that's supported in the type-system, it can be removed without notice Last but not least, this patch turns the log_error() into a log_warning(). Given that the previous condition was off-by-one, anyway, it never hit at the right time. Thus, it was probably of no real use.
2015-06-24sd-netlink: don't treat NULL as root type-systemDavid Herrmann
Explicitly export the root type-system to the type-system callers. This avoids treating NULL as root, which for one really looks backwards (NULL is usually a leaf, not root), and secondly prevents us from properly debugging calling into non-nested types. Also rename the root to "type_system_root". Once we support more than rtnl, well will have to revisit that, anyway.
2015-06-24sd-netlink: don't treat type_system->count==0 as invalidDavid Herrmann
Empty type-systems are just fine. Avoid the nasty hack in union-type-systems that treat empty type-systems as invalid. Instead check for the actual types-array and make sure it's non-NULL (which is even true for empty type-systems, due to "empty_types" array).
2015-06-24sd-netlink: make sure the root-level type is nestedDavid Herrmann
In sd-netlink-message, we always guarantee that the currently selected type-system is non-NULL. Otherwise, we would be unable to parse any types in the current container level. Hence, this assertion must be true: message->container_type_system[m->n_containers] != NULL During message_new() we currently do not verify that this assertion is true. Instead, we blindly access nl_type->type_system and use it (which might be NULL for basic types and unions). Fix this, by explicitly checking that the root-level type is nested. Note that this is *not* a strict requirement of netlink, but it's a strict requirement for all message types we currently support. Furthermore, all the callers of message_new() already verify that only supported types are passed, therefore, this is a pure cosmetic check. However, it might be needed on the future, so make sure we don't trap into this once we change the type-system.
2015-06-24sd-netlink: drop NETLINK_TYPE_METADavid Herrmann
The NETLINK_TYPE_META pseudo-type is actually equivalent to an empty nested type. Drop it and define an empty type-system instead. This also has the nice side-effect that m->container_type_system[0] is never NULL (which has really nasty side-effects if you try to read attributes).
2015-06-24sd-netlink: turn 'max' into 'count' to support empty type-systemsDavid Herrmann
Right now we store the maximum type-ID of a type-system. This prevents us from creating empty type-systems. Store the "count" instead, which should be treated as max+1. Note that type_system_union_protocol_get_type_system() currently has a nasty hack to treat empty type-systems as invalid. This might need some modification later on as well.
2015-06-24sd-netlink: avoid casting size_t into intDavid Herrmann
size_t is usually 64bit and int 32bit on a 64bit machine. This probably does not matter for netlink message sizes, but nevertheless, avoid hard-coding it anywhere.
2015-06-24sd-netlink: make NLTypeSystem internalDavid Herrmann
Same as NLType, move NLTypeSystem into netlink-types.c and hide it from the outside. Provide an accessor function for the 'max' field that is used to allocate suitable array sizes. Note that this will probably be removed later on, anyway. Once we support bigger type-systems, it just seems impractical to allocate such big arrays for each container entry. An RBTree would probably do just fine.
2015-06-24sd-netlink: make NLType internalDavid Herrmann
If we extend NLType to support arrays and further extended types, we really want to avoid hard-coding the type-layout outside of netlink-types.c. We already avoid accessing nl_type->type_system outside of netlink-types.c, extend this to also avoid accessing any other fields. Provide accessor functions for nl_type->type and nl_type->size and then move NLType away from the type-system header. With this in place, follow-up patches can safely turn "type_system" and "type_system_union" into a real "union { }", and then add another type for arrays.
2015-06-24sd-netlink: don't access type->type_system[_union] directlyDavid Herrmann
Make sure we never access type->type_system or type->type_system_union directly. This is an implementation detail of the type-system and we should always use the accessors. Right now, they only exist for 2-level accesses (type-system to type-system). This patch introduces the 1-level accessors (type to type-system) and makes use of it. This patch makes sure the proper assertions are in place, so we never accidentally access sub-type-systems for non-nested/union types. Note that this places hard-asserts on the accessors. This should be fine, as we expect callers to only access sub type-systems if they *know* they're dealing with nested types.
2015-06-24sd-netlink: rename NLA_ to NETLINK_TYPE_David Herrmann
The NLA_ names are used to name real datatypes we extract out of netlink messages. The kernel has an internal enum with the same names (NLA_foobar), which is *NOT* binary compatible to our types. Furthermore, we support a different set of types than the kernel (as we try to treat some kernel peculiarities as our own types to simplify the API). Rename NLA_ to NETLINK_TYPE_ to make clear that this is our own set of types.
2015-06-24Merge pull request #346 from poettering/install-bad-memoryDaniel Mack
install: fix minor bad memory access
2015-06-24ata_id: unbotch format specifierJan Engelhardt
Commit v218-247-g11c6f69 broke the output of the utility. "%1$" PRIu64 "x" expands to "%1$lux", essentially "%lux", which shows the problem. u and x cannot be combined, u wins as the type character, and x gets emitted verbatim to stdout. References: https://bugzilla.redhat.com/show_bug.cgi?id=1227503
2015-06-23install: fix bad memory accessLennart Poettering
2015-06-24Merge pull request #339 from teg/udev-coverityDaniel Mack
coverity fixes in udev
2015-06-23test: fix test-copy without /etc/os-release.Dimitri John Ledkov
2015-06-23udevadm: trigger - check return valuesTom Gundersen
Fixes CID#1296243.
2015-06-23udev: worker - check return value of udev_monitor_enable_receiving()Tom Gundersen
Fixes CID#1297430.
2015-06-23udev: event - check return code of dup2()Tom Gundersen
This fixes CID#1304688.
2015-06-23udev: bulitin-hwdb - fix memory leakTom Gundersen
This fixes CID#1292782.
2015-06-23Merge pull request #332 from xnox/bootchart-scalesDaniel Mack
bootchart: fix per-cpu & small scales.
2015-06-23bootchart: fix per-cpu scales.Dimitri John Ledkov
Closes systemd/systemd#330
2015-06-23core: fix reversed dependency check in unit_check_unneededAbdo Roig-Maranges
This was introduced by commit be7d9ff730cb88d7c6a8 and breaks StopWhenUnneeded=true in the presence of a Requisite dependency.
2015-06-23Merge pull request #318 from walyong/smack_v02Daniel Mack
SMACK v02: support modify rules and add default executed process label
2015-06-23build-sys: add all source files and no built files to the tar ballKay Sievers
This fully synchronizes the content of a "make dist" and a "git archive" tar ball. http://lists.freedesktop.org/archives/systemd-devel/2015-June/033214.html
2015-06-22Merge pull request #314 from geertj/missing-exportsLennart Poettering
export sd_bus_object_added() / _removed()
2015-06-22udevd: suppress warning if we don't find cgroupTom Gundersen
This is expected on non-systemd systems, so just log it at debug level. This fixes issue #309.
2015-06-22smack: add default smack process label configWaLyong Cho
Similar to SmackProcessLabel=, if this configuration is set, systemd executes processes with given SMACK label. If unit has SmackProcessLabel=, this config is overwritten. But, do NOT be confused with SMACK64EXEC of execute file. This default execute process label(and also label which is set by SmackProcessLabel=) is set fork-ed process SMACK subject label and used to access the execute file. If the execution file has also SMACK64EXEC, finally executed process has SMACK64EXEC subject. While if the execution file has no SMACK64EXEC, the executed process has label of this config(or label which is set by SmackProcessLabel=). Because if execution file has no SMACK64EXEC then excuted process inherits label from caller process(in this case, the caller is systemd).
2015-06-22smack: support smack access change-ruleWaLyong Cho
Smack is also able to have modification rules of existing rules. In this case, the rule has additional argument to modify previous rule. /sys/fs/smackfs/load2 node can only take three arguments: subject object access. So if modification rules are written to /sys/fs/smackfs/load2, EINVAL error is happen. Those modification rules have to be written to /sys/fs/smackfs/change-rule. To distinguish access with operation of cipso2, split write_rules() for each operation. And, in write access rules, parse the rule and if the rule has four argument then write into /sys/fs/smackfs/change-rule. https://lwn.net/Articles/532340/ fwrite() or fputs() are fancy functions to write byte stream such like regular file. But special files on linux such like proc, sysfs are not stream of bytes. Those special files on linux have to be written with specific size. By this reason, in some of many case, fputs() was failed to write buffer to smack load2 node. The write operation for the smack nodes should be performed with write().
2015-06-21export sd_bus_object_added() / _removed()Geert Jansen
Fixes #306.