Age | Commit message (Collapse) | Author |
|
it passes with the bus proxy enforcement
|
|
creds to make security decisions
|
|
Let's ask for the security relevant bits in a race-free way, and augment
the rest from /proc.
|
|
need to FREE them after all
|
|
When checking if the transaction is destructive, we need to check if the
previously installed job is a superset of the new job (and hence the new
job will fold into the installed one without changing it), not the other
way around.
|
|
job_type_is_conflicting(X, JOB_NOP) correctly gives: false.
job_type_allows_late_merge(JOB_NOP) && job_type_is_superset(X, JOB_NOP)
correctly gives: true.
|
|
Several functions called from transaction_activate() need to correctly
handle the case where a JOB_NOP job is being checked against a unit's
pending job. The assumption that JOB_NOP never merges with other job
types was correct, but since the job_type_is_*() functions are
implemented using the merge lookup, they need to special-case JOB_NOP
to avoid hitting assertion failures.
|
|
|
|
|
|
to us, no need to convert to uid_t manually
This way, we can save one allocation and avoid copying the array
unnecesarily.
|
|
We changed creds to u32, so fix systemd sd-bus to acknowledge that.
|
|
This makes udevadm trigger mirror udevadm info, except that multiple
device names can be specified. Instructions in 60-keyboard.hwdb should
now actually work.
udevadm(8) is updated, but it could use a bit more polishing.
https://bugs.freedesktop.org/show_bug.cgi?id=82311
|
|
The idea is to unify the way that devices can be specified.
|
|
attached to incoming messages
We don't know what the activated service might want in the end, hence
enable everything current and future, just to be sure.
|
|
|
|
On the system and user busses we create it's the receiver that chooses
which metadata is attched, not the sender, hence set the requirement
mask to ANY, to allow any current of future credential bit to be
attached.
|
|
|
|
This simplifies things a bit and makes sure we free any previously set
creds component before writing in a new one.
|
|
|
|
|
|
dropped broadcast messages and proceeding
|
|
|
|
|
|
|
|
Also, properly keep track of incoming additional service names.
|
|
kernel messages
|
|
creds object
|
|
|
|
bus owner
|
|
|
|
selinux context
|
|
credential data shall be augment with data from /proc
|
|
KDBUS_ITEM_PIDS structure from KDBUS_ITEM_CREDS
Also:
- adds support for euid, suid, fsuid, egid, sgid, fsgid fields.
- makes augmentation of creds with data from /proc explicitly
controllable to give apps better control over this, given that this is
racy.
- enables augmentation for kdbus connections (previously we only did it
for dbus1). This is useful since with recent kdbus versions it is
possible for clients to control the metadata they want to send.
- changes sd_bus_query_sender_privilege() to take the euid of the client
into consideration, if known
- when we don't have permissions to read augmentation data from /proc,
don't fail, just don't add the data in
|
|
|
|
|
|
|
|
constructing message
|
|
Make sure not to run xkb-keymap validation twice if pk-queries are used.
Move it below pk-checks.
|
|
Properly forward all XKB messages. You can use XKB_LOG_VERBOSITY= to
control the amount of messages sent by XKB. We explicitly set
XKB_LOG_LEVEL to 7 you can use SYSTEMD_LOG_LEVEL to control the log-level
generically.
|
|
Use XKB_CONTEXT_NO_FLAGS instead of magic 0.
|
|
Before forwarding keyboard events, feed them into possible compose tables.
This enables Compose-key and Dead-key features.
Few notes:
* REPEAT events are never fed into compose tables. It just doesn't make
sense and is usually not wanted. Compose-sequences are usually hard to
remember and take time to type. Thus, the REPEAT event of the
Compose-key itself would often cancel the compose sequence already.
* Stop resolving symbols for UP events. Anything but keycodes is never
associated to a physical key, but is a one-time action. There is
nothing like UP events for key-symbols!
* Cancel compose-sequences on Multi-Key UP. See the inline comment. We
should make this configurable!
|
|
Add support for compose files to idev-keyboard. This requires
libxkbcommon-0.5.0, which is pretty new, but should be fine.
We don't use the compose-files, yet. Further commits will put life into
them.
|
|
In service file, if the file has some of special SMACK label in
ExecStart= and systemd has no permission for the special SMACK label
then permission error will occurred. To resolve this, systemd should
be able to set its SMACK label to something accessible of ExecStart=.
So introduce new SmackProcessLabel. If label is specified with
SmackProcessLabel= then the child systemd will set its label to
that. To successfully execute the ExecStart=, accessible label should
be specified with SmackProcessLabel=.
Additionally, by SMACK policy, if the file in ExecStart= has no
SMACK64EXEC then the executed process will have given label by
SmackProcessLabel=. But if the file has SMACK64EXEC then the
SMACK64EXEC label will be overridden.
[zj: reword man page]
|
|
A negative return code was treated as a true value.
|
|
Introduce a new optional dependency on libxkbcommon for systemd-localed.
Whenever the x11 keymap settings are changed, use libxkbcommon to compile
the keymap. If the compilation fails, print a warning so users will get
notified.
On compilation failure, we still update the keymap settings for now. This
patch just introduces the xkbcommon infrastructure to have keymap
validation in place. We can later decide if/how we want to enforce this.
|
|
For plain dm-crypt devices, the behavior of cryptsetup package is to
ignore the hash algorithm when a key file is provided. It seems wrong
to ignore a hash when it is explicitly specified, but we should default
to no hash if the keyfile is specified.
https://bugs.freedesktop.org/show_bug.cgi?id=52630
|
|
If for any reason the check failed (selinux?), we would still issue
the warning. Check the return status.
|
|
This makes the calling code a bit simpler.
|
|
strv_extend returns 0 in the case of success which means that
else if (bus_track_deserialize_item(&m->deserialized_subscribed, l) == 0)
log_warning("Unknown serialization item '%s'", l);
will be printed when value is added correctly.
|
|
Also update TODO, empty environment variables in Environment= and
EnvironmentFile= options work.
|