Age | Commit message (Collapse) | Author |
|
The access check call was broken (as it tried to read a service name
from the UpdateActivationEnvironment() method call which doesn't carry
any). Also, it's unnecessary to make any access checks here, as we just
forward the call to PID 1 which should do the access checks necessary.
|
|
We really shouldn't check for words with "strstr()"...
|
|
|
|
object properties
|
|
Turns out we can just do kmod_setup() earlier, before we do mount_setup(),
so there's no need for mount_setup_late() anymore. Instead, put kdbusfs in
mount_table[].
|
|
|
|
|
|
any body
|
|
kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:
* Each time a file system of this type is mounted, a new kdbus
domain is created.
* The layout inside each mount point is the same as before, except
that domains are not hierarchically nested anymore.
* Domains are therefore also unnamed now.
* Unmounting a kdbusfs will automatically also detroy the
associated domain.
* Hence, the action of creating a kdbus domain is now as
privileged as mounting a filesystem.
* This way, we can get around creating dev nodes for everything,
which is last but not least something that is not limited by
20-bit minor numbers.
The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.
A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().
|
|
There are issues to investigate on with policies shipped by some
packages, which we'll address later. Move that topic out of the
way for now to bring sd-bus in sync with upstream kdbus.
|
|
|
|
|
|
|
|
|
|
add tests for the following directives:
- WorkingDirectory
- Personality
- IgnoreSIGPIPE
- PrivateTmp
- SystemCallFilter: It makes test/TEST-04-SECCOMP obsolete, so it has
been removed.
- SystemCallErrorNumber
- User
- Group
- Environment
|
|
Otherwise we cannot know when a service exited
|
|
|
|
|
|
kdbus learned parsing the attach flags for the KDBUS_CMD_BUS_CREATOR_INFO
ioctl. Bits not set in this mask will not be exported. Set that field to
_KDBUS_ATTACH_ALL for now.
Signed-off-by: Daniel Mack <daniel@zonque.org>
|
|
|
|
In order to check for matching policy entries at message transfers, we
have to consider the following:
* check the currently owned names of both the sending and the receiving
peer. If the sending peer is connected via kdbus, the currently owned
names are already attached to the message. If it was originated by the
connection we're proxying for, we store the owned names in our own strv
so we can check against them.
* Walk the list of names to check which name would allow the message to
pass, and explicitly use that name as destination of the message. If the
destination is on kdbus, store both the connection's unique name and the
chosen well-known-name in the message. That way, the kernel will make sure
the supplied name is owned by the supplied unique name, at the time of
sending, and return -EREMCHG otherwise.
* Make the policy checks optional by retrieving the bus owner creds, and
when the uid matches the current user's uid and is non-null, don't check
the bus policy.
|
|
This reverts commit 5bb24cccbce846c0d77e71b70a3be7f4b2ba6c0e.
It does not even compile (unbalanced {)
|
|
Retrieve the bus owner creds, and when the uid matches the current user's
uid and is non-null, don't check the bus policy.
|
|
We need to figure out which of the possible names satisfied the policy,
so we cannot do the iteration in check_policy_item() but have to leave it
to the users.
Test cases amended accordingly.
|
|
|
|
|
|
|
|
Store names successfully acquired by the legacy client into a hashmap.
We need to take these names into account when checking for send policies.
|
|
kdbus learned to accept both a numerical destination ID as well as a
well-known-name. In that case, kdbus makes sure that the numerical ID is in
fact the owner of the provided name and fails otherwise.
This allows for race-free assertion of a bus name owner while sending a
message, which is a requirement for bus-proxyd.
Add two new fields to sd_bus_message, and set the numerical ID to
verify_destination_id if bus_message_setup_kmsg() is called for a
message with a well-known name.
Also, set the destination's name in the kdbus item to .destination_ptr
if it is non-NULL.
Normal users should not touch these fields, and they're not publicy
accessible.
|
|
This should make the unquoting scheme a bit less naive.
|
|
end-of-line and end-of-item marks
|
|
CID#1237532
CID#1237523
CID#1237522
|
|
If a unit contains only Also=, with no Alias= or WantedBy=, it shouldn't
be reported as static. New 'indirect' status shall be introduced.
https://bugzilla.redhat.com/show_bug.cgi?id=864298
|
|
|
|
Usually there are a few delay inhibitors all the time (NetworkManager,
Telepathy, etc.), but I'm only interested in the block ones.
|
|
It is unused since cf1265e188e876dda906dca0029248a06dc80c33
|
|
It tests all available directives of Path units:
- PathChanged
- PathModified
- PathExists
- PathExisysGlob
- DirectoryNotEmpty
- MakeDirectory
- DirectoryMode
- Unit
|
|
IFLA_IPTUN_LINK -> VETH_INFO_PEER
|
|
Reads the basename of the target of a symlink.
|
|
CID# 1251163
|
|
utf8_is_printable_newline()
|
|
CID# 1251162
|
|
Use the same robust logic of mkdir + unlink of any existing AF_UNIX
socket, ignoring the return value, right before bind().
|
|
Also simplify the code a bit by moving mkdir to the common path.
|
|
|
|
it static
|
|
A timer configured with OnActiveSec will start its associated unit again
if the timer is stopped, then started. However, if the timer unit is
restarted -- with "systemctl restart", say -- this does not occur.
This commit ensures that TIMER_ACTIVE timers are re-enabled whenever the
timer is started, even if that's within a restart job.
|
|
|
|
Also, make all parsing of the kernel cmdline non-fatal.
|
|
|