summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2013-12-10bus: introduce "trusted" bus concept and encode access control in object vtablesLennart Poettering
Introduces a new concept of "trusted" vs. "untrusted" busses. For the latter libsystemd-bus will automatically do per-method access control, for the former all access is automatically granted. Per-method access control is encoded in the vtables: by default all methods are only accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag is set for a method it is accessible to unprivileged clients too. By default whether a client is privileged is determined via checking for its CAP_SYS_ADMIN capability, but this can be altered via the SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field of the method. Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note however that read access is unrestricted, as PropertiesChanged messages might send out the values anyway as an unrestricted broadcast. By default the system bus is set to "untrusted" and the user bus is "trusted" since per-method access control on the latter is unnecessary. On dbus1 busses we check the UID of the caller rather than the configured capability since the capability cannot be determined without race. On kdbus the capability is checked if possible from the attached meta-data of a message and otherwise queried from the sending peer. This also decorates the vtables of the various daemons we ship with these flags.
2013-12-10libudev: hwdb - use libudev not systemd loggingKay Sievers
2013-12-10Bring bootchart code in line with CODING_STYLEDan McGee
Use double and not float, as there is little to no benefit.
2013-12-10Ensure unit is journaled for short-lived or oneshot processesDan McGee
In the time it takes to process incoming log messages, the process we are logging details for may exit. This means the cgroup data is no longer available from '/proc'. Unfortunately, the way the code was structured before, we never log _SYSTEMD_UNIT if we don't have this cgroup information. Add an else if case that allows the passed in unit_id to be logged even if we couldn't capture cgroup information. This ensures a command like `journalctl -u run-XXX` will return all log messages from a oneshot process.
2013-12-10correct name of Tajik kbd layout in kbd-model-mapAdam Williamson
2013-12-10drop several entries from kbd-model-map whose kbd layouts do not existAdam Williamson
kbd-model-map was generated from system-config-keyboard's keyboard_models.py. Several of the kbd layouts referred in that file do not exist and, so far as I can tell, never did. I believe these entries existed simply to provide the xkb configuration information for those layouts, and there never were matching kbd entries; the kbd names were entirely notional, to satisfy the need for some entry or other in that field. For systemd, the only function of kbd-model-map is to 'match' kbd and xkb configurations, so it does not make any sense to maintain entries for cases where only one or the other exists in this context.
2013-12-09libsystemd-bus: use assert_returnLukasz Skalski
2013-12-09kernel-install: fix help outputSébastien Luttringer
Kernel install doesn't need the second argument on his command line when removing. This is correctly documented in the man page.
2013-12-10test: add gvariant test for empty messagesLennart Poettering
2013-12-10bus: properly handle empty messagesLennart Poettering
2013-12-10bus: empty gvariant arrays should at least get size 1Lennart Poettering
2013-12-10bus: it's OK to send messages with an empty payload but non-empty signatureLennart Poettering
THis might happen when sending arrays with 0 enttries, hence this is not an indication for a problem.
2013-12-10bus: update kdbus.hLennart Poettering
2013-12-10bus: make gcc shut upLennart Poettering
2013-12-10bus: beef up zero copy test caseLennart Poettering
2013-12-10bus: only accept gvariant native endian messages via kdbusLennart Poettering
2013-12-10bus: fix rewinding in gvariant messagesLennart Poettering
2013-12-10bus: fix signature handling when exiting containerLennart Poettering
2013-12-10bus: properly deserialize gvariant fixed size arraysLennart Poettering
2013-12-10bus: handler empty messages correctly when using gvariant marshallingLennart Poettering
2013-12-10bus: suppress creating empty parts in messagesLennart Poettering
2013-12-09bus: rely on explicit eof check instead of checking when mapping payloadLennart Poettering
This allows us to drop quite a bit of code.
2013-12-09bus: rearrange bus-message.c function order to keep read and write calls ↵Lennart Poettering
together
2013-12-09bus: demarshal gvariantLennart Poettering
2013-12-08systemctl: fix 'is-enabled'Zbigniew Jędrzejewski-Szmek
2013-12-08systemctl: simplify argument parsingZbigniew Jędrzejewski-Szmek
2013-12-08Help output spring cleaningZbigniew Jędrzejewski-Szmek
Use [brackets] only for optional elements. Use <optional> in XML sources.
2013-12-08kernel-install: add -h/--helpZbigniew Jędrzejewski-Szmek
2013-12-08bootchart: remove dead assignmentThomas Hindoe Paaboel Andersen
2013-12-08Fix memory leak in stdout journal streamsDan McGee
Just as 'identifier' is strdup-ed and freed, we need to do the same for unit_id.
2013-12-08test: cgroup-util - do not fail if cpu controller is not availableKay Sievers
2013-12-07systemctl: fix and refactor wait_for_jobsThomas Hindoe Paaboel Andersen
wait_for_jobs was ignoring the errors from the jobs stored in r. It would only ever return whether the call to sd_bus_remove_filter went ok. This patch changes it to return the first job related error encountered. If a job related error is found, then the result of the call to sd_bus_remove_filter is ignored. wait_for_jobs was a bit hard to read so I split it up to avoid the goto and deep nesting.
2013-12-06systemctl: allow globbing in list-<whatever> commandsZbigniew Jędrzejewski-Szmek
It is nicer to say 'systemctl list-units ssh\*' then to use grep, because colouring is preserved and it is easier to match just against the unit name.
2013-12-06Get rid of our reimplementation of basenameZbigniew Jędrzejewski-Szmek
The only problem is that libgen.h #defines basename to point to it's own broken implementation instead of the GNU one. This can be fixed by #undefining basename.
2013-12-06systemctl: check the value from start_unit_oneThomas Hindoe Paaboel Andersen
introduced in f459b6025f9368116d8c410376546c157314c205
2013-12-06bus: catch up with latest kdbus changesKay Sievers
2013-12-06bus: catch up with latest kdbus changesKay Sievers
2013-12-06rfkill: Avoid error when state restore is disabledBastien Nocera
When the state restore is disabled, we would print: "Unknown verb: load" instead of simply skipping loading the state.
2013-12-06bus: catch up with latest kdbus changesKay Sievers
2013-12-06busctl: remove ','; it's all one stringKay Sievers
2013-12-06nspawn: fix buggy mount_binds, now works for bind-mounted filesShawn Landden
2013-12-05util: fix misuse of memcmpYuxuan Shui
2013-12-05shell-completion: busctlZbigniew Jędrzejewski-Szmek
2013-12-06bus: update kdbus.hKay Sievers
2013-12-05systemd: add a start job for all units in SYSTEMD_[USER_]WANTS=Zbigniew Jędrzejewski-Szmek
2013-12-05execute.h: remove redefinition of UnitThomas Hindoe Paaboel Andersen
Unit is typedef'ed in both unit.h and execute.h. The typedef existed first in unit.h and was later added to execute.h in c17ec25e4d9bd6c8e8617416f813e25b2ebbafc5 It is no longer needed so let's just keep the one in unit.h to avoid redefining it.
2013-12-05test-bus-gvariant: remove unused variableThomas Hindoe Paaboel Andersen
2013-12-05bus: start maintaining a list of difference between kdbus/dbus1Lennart Poettering
2013-12-05bus: add missing LE meta data enforcement for gvariant serializerLennart Poettering
2013-12-05busname: improve condition checkLennart Poettering