summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2015-08-17Merge pull request #977 from richardmaw-codethink/machinectl-userns-login-v2Lennart Poettering
Fix machinectl login with containers in user namespaces (v2)
2015-08-17Merge pull request #976 from elfring/Remove_unnecessary_checks2Lennart Poettering
Delete unnecessary checks before some function calls
2015-08-17Merge pull request #958 from stefwalter/fix-journalctl-f-regressionLennart Poettering
Regression: 'journalctl -f -t unmatched' doesn't block properly
2015-08-17namespace helpers: Allow entering a UID namespaceRichard Maw
To be able to use `systemd-run` or `machinectl login` on a container that is in a private user namespace, the sub-process must have entered the user namespace before connecting to the container's D-Bus, otherwise the UID and GID in the peer credentials are garbage. So we extend namespace_open and namespace_enter to support UID namespaces, and we enter the UID namespace in bus_container_connect_{socket,kernel}. namespace_open will degrade to a no-op if user namespaces are not enabled in the kernel. Special handling is required for the setns call in namespace_enter with a user namespace, since transitioning to your own namespace is forbidden, as it would result in re-entering your user namespace as root. Arguably it may be valid to check this at the call site, rather than inside namespace_enter, but it is less code to do it inside, and if the intention of calling namespace_enter is to *be* in the target namespace, rather than to transition to the target namespace, it is a reasonable approach. The check for whether the user namespace is the same must happen before entering namespaces, as we may not be able to access /proc during the intermediate transition stage. We can't instead attempt to enter the user namespace and then ignore the failure from it being the same namespace, since the error code is not distinct, and we can't compare namespaces while mid-transition.
2015-08-17Bug #944: Deletion of unnecessary checks before a few calls of systemd functionsMarkus Elfring
The following functions return immediately if a null pointer was passed. * calendar_spec_free * link_address_free * manager_free * sd_bus_unref * sd_journal_close * udev_monitor_unref * udev_unref It is therefore not needed that a function caller repeats a corresponding check. This issue was fixed by using the software Coccinelle 1.0.1.
2015-08-17Merge pull request #953 from poettering/ebadfDaniel Mack
tree-wide: generate EBADF when we get invalid fds
2015-08-17Merge pull request #973 from poettering/sd-bus-error-retDaniel Mack
sd-bus: always fill in sd_bus_error paramters, on error
2015-08-17Merge pull request #974 from teg/resolved-fixes-2Daniel Mack
resolved: debugging improvements
2015-08-17journalctl: make sure 'journalctl -f -t unmatched' blocksStef Walter
Previously the following command: $ journalctl -f -t unmatchedtag12345 ... would block when called with criteria that did not match any journal lines. Once log lines appeared that matched the criteria they were displayed. Commit 02ab86c732576a71179ce12e97d44c289833236d broke this behavior and the journal was not followed, but the command exits with '-- No entries --' displayed. This commit fixes the issue. More information downstream: https://bugzilla.redhat.com/show_bug.cgi?id=1253649
2015-08-17Bug #944: Deletion of unnecessary checks before calls of the function "free"Markus Elfring
The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.1.
2015-08-17Bug #944: Replacement of a free() call by mfree()Markus Elfring
The function "mfree" should be called instead of "free" at a specific source code place.
2015-08-17resolved: cache - add more detailed cache debug loggingTom Gundersen
2015-08-16sd-bus: always fill in sd_bus_error paramters, on errorLennart Poettering
Whenever one of our calls is invoked with a non-NULL, writable sd_bus_error parameter, let's fill in some valid error on failure. We previously only filled in remote errors, but never local errors, which is hard to handle by users. Hence, let's clean this up to always fill in the error. This introduces a new bus_assert_return() macro that works like assert_return() but optionally also initializes a bus_error struct. Fixes #224. Based on a patch by Umut Tezduyar.
2015-08-16Merge pull request #908 from richardmaw-codethink/nspawn-path-escapes-v3Lennart Poettering
Allow arbitrary file paths to be passed to nspawn (v3)
2015-08-16resolve-host: print RTTTom Gundersen
2015-08-16resolved: packet - fix typo in read_rr()Tom Gundersen
2015-08-16Merge pull request #955 from poettering/resolved-localhost-xyzTom Gundersen
resolved: enable synthesizing of A, AAAA and PTR records for "localhost"
2015-08-16Merge pull request #954 from poettering/nss-myhostname-loopbackTom Gundersen
nss-myhostname: use LOOPBACK_IFINDEX instead of if_nametoindex("lo")
2015-08-16resolve-host: enable auto start of resolvedLennart Poettering
There's no reason to explicitly turn off bus activation for resolved here. The reason this was done before was that the code was copied from nss-resolve, which has a fallback to glibc's nss-dns if resolved is not reachable. However, such a logic makes no sense for resolve-host since such a fallback doesn't make sense here, which means we can actually turn on activation. Let's do it hence.
2015-08-16Merge pull request #932 from kaysievers/busLennart Poettering
sd-bus: do not connect to dbus-1 socket when kdbus is available
2015-08-14tree-wide: generate EBADF when we get invalid fdsLennart Poettering
This is a follow-up to #907, and makes the same change for all our other public APIs.
2015-08-14resolved: never allow routing of "localhost" queries to DNS or LLMNRLennart Poettering
We should never allow leaking of "localhost" queries onto the network, even if there's an explicit domain rotue set for this.
2015-08-14resolved: locally synthesize replies for "localhost"Lennart Poettering
Let's make sure that clients querying resolved via the bus for A, AAAA or PTR records for "localhost" get a synthesized, local reply, so that we do not hit the network. This makes part of nss-myhostname redundant, if used in conjunction. However, given that nss-resolve shall be optional we need to keep this code in both places for now.
2015-08-14nss-myhostname: use LOOPBACK_IFINDEX instead of if_nametoindex("lo")Lennart Poettering
Given that we already hardocde the loopback ifindex, following the kernel's own logic, we can replace the invocation of if_nametoindex("lo") with LOOPBACK_IFINDEX.
2015-08-13logind: actually fail on OOMThomas Hindoe Paaboel Andersen
Since dacd6cee76a08331b8c8616c5f30f70ee49aa2f9 the two OOM's are ignored as the value of r will be overwritten and we only log in the fail section anyway. This patch jumps to fail on OOM. Note that this is different behavior compared to both the current code and previous to dacd6cee76a08331b8c8616c5f30f70ee49aa2f9. Before that commit we would log that saving the inhibit data failed, but still write the file, though without the WHO/WHY section. CID# 1313545
2015-08-13Merge pull request #907 from keszybz/sd-daemon-badfLennart Poettering
sd-daemon: return EBADF for invalid fd numbers
2015-08-12Merge pull request #938 from tblume/fix-kexec-force-rebootKay Sievers
support reboot -f for kexec kernel
2015-08-12Merge pull request #939 from karelzak/smatchTom Gundersen
treewide: trivial issues detected by smatch
2015-08-12support reboot -f for kexec kernelThomas Blume
Fix error message: -->-- Code should not be reached 'Unknown action.' at src/systemctl/systemctl.c:6382, function halt_now(). Aborting. Aborted --<-- when executing 'reboot -f' from a system running a kexec kernel.
2015-08-11gpt-auto-generator: warn on ambiguous blkid probeTom Gundersen
2015-08-11gpt-auto-generator: don't warn on !ENABLE_EFITom Gundersen
add_automount() was only used on EFI systems, compile it conditionally to avoid the warning.
2015-08-11 sd-bus: do not connect to dbus-1 socket when kdbus is availableKay Sievers
We should not fall back to dbus-1 and connect to the proxy when kdbus returns an error that indicates that kdbus is running but just does not accept new connections because of quota limits or something similar. Using is_kdbus_available() in libsystemd/ requires it to move from shared/ to libsystemd/. Based on a patch from David Herrmann: https://github.com/systemd/systemd/pull/886
2015-08-11gpt-auto-generator: apply partition-type flags only to specific partition-typesKay Sievers
The partition-type flags are defined independently for every partition-type. Apply them only to the types where they are defined, and not to the ESP, which does not appear to share the same set of flags. https://github.com/systemd/systemd/issues/920
2015-08-08libsystemd-network: fix memory leakreverendhomer
2015-08-08Merge pull request #914 from reverendhomer/patch-2Daniel Mack
Coverity #1299013
2015-08-08Coverity #1299013reverendhomer
event cannot be NULL due to assert
2015-08-08Coverity #1299015reverendhomer
bus can never be NULL due to assert
2015-08-07nspawn: Allow : characters in overlay pathsRichard Maw
: characters can be entered with the \: escape sequence.
2015-08-07nspawn: escape paths in overlay mount optionsRichard Maw
Overlayfs uses , as an option separator and : as a list separator. These characters are both valid in file paths, so overlayfs allows file paths which contain these characters to backslash escape these values.
2015-08-07strv: Add strv_shell_escapeRichard Maw
This modifies the strv in-place, replacing strings with their escaped version. It's mostly just a convenience function for when you need to join a strv together because it's passed as a string to something, and the separator needs escaping.
2015-08-07util: Add shell_escapeRichard Maw
This is for shell-style \ escaping rather than quoting, which while it has the same effect in produced shell commands, is not exclusively useful for shell commands. shell_escape would be useful for producing sed commands, as you would be able to \ escape the normal special characters, plus whichever argument separator was chosen; or it could be used to escape arguments passed to the overlayfs mount command.
2015-08-07nspawn: Allow : characters in nspawn --bind pathsRichard Maw
: characters in bind paths can be entered as the \: escape sequence.
2015-08-07strv: convert strv_split_quotes into a generic strv_split_extractRichard Maw
strv_split_extract is to strv_split_quotes as extract_first_word was to unquote_first_word. Now there's extract_first_word for extracting a single argument, extract_many_words for extracting a bounded number of arguments, and strv_split_extract for extracting an arbitrary number of arguments.
2015-08-07nspawn: Allow : characters in --tmpfs pathRichard Maw
This now accepts : characters with the \: escape sequence. Other escape sequences are also interpreted, but having a \ in your file path is less likely than :, so this shouldn't break anyone's existing tools.
2015-08-07util: Allow non-separator coalescing parsing in extract_first_wordRichard Maw
If EXTRACT_DONT_COALESCE_SEPARATORS is passed, then leading separators, trailing separators and spans of multiple separators aren't skipped, and empty arguments from before, after or between separators may be extracted.
2015-08-07util: Don't interpret quotes by default in extract_first_wordRichard Maw
This adds an EXTRACT_QUOTES option to allow the previous behaviour, of not interpreting any character inside ' or " quotes as separators.
2015-08-07util: change unquote_*_word to extract_*_wordRichard Maw
It now takes a separators argument, which defaults to WHITESPACE if NULL is passed.
2015-08-07unquote_first_word: set *p=NULL on terminationRichard Maw
To add a flag to allow an empty string to be parsed as an argument, we need to be able to distinguish between the end of the string, and after the end of the string, so when we *do* reach the end, let's set *p to this state.
2015-08-07Convert unquote_*_word users to expect isempty(p) after the last entryRichard Maw
This is so that, when called in a loop, unquote_first_word can distinguish between reaching the end of a string because it has consumed all the input before the end, and consuming all the input. This is important because we later add a flag that allows char *in = ""; char *out; unquote_first_word(&in, &out, flags); To put "" in out, and set in = NULL, so the trailing empty string of the input can be consumed, and mark that the input has been consumed.
2015-08-07sd-daemon: return EBADF for invalid fd numbersZbigniew Jędrzejewski-Szmek
This matches what open(2) and other system functions do.