1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-23 17:34:00 +03:00
Commit Graph

21845 Commits

Author SHA1 Message Date
Lennart Poettering
a1104deef0 machine: policykit string fixes 2015-08-25 18:37:16 +02:00
Tom Gundersen
498fb56739 Merge pull request #1022 from poettering/machinectl-shell
Add new "machinectl shell" command for su(1)-like behaviour
2015-08-25 16:46:27 +02:00
Lennart Poettering
3ad216b44f Merge pull request #1029 from jsynacek/unprivileged-wall-message-v2
logind/systemctl: introduce SetWallMessage and --message
2015-08-25 15:54:23 +02:00
Daniel Mack
ec5249a27a NEWS: preparations for v225 release 2015-08-25 15:01:51 +02:00
Tom Gundersen
1c76020aa5 Merge pull request #1030 from zonque/resolve
resolve: minor cleanups
2015-08-25 14:33:41 +02:00
Daniel Mack
eff91ee007 resolved: allow dns_cache_put() without a question
Currently, dns_cache_put() does a number of things:

1) It unconditionally removes all keys contained in the passed
   question before adding keys from the newly arrived answers.

2) It puts positive entries into the cache for all RRs contained
   in the answer.

3) It creates negative entries in the cache for all keys in the
   question that are not answered.

Allow passing q = NULL in the parameters and skip 1) and 3), so
we can use that function for mDNS responses. In this case, the
question is irrelevant, we are interested in all answers we got.
2015-08-25 14:26:18 +02:00
Daniel Mack
a7e5da6e33 sd-network: make LLMNR specific config parser generic
Rename the enum, the lookup functions and the parser for LLMNRSupport so
the type can be reused for mDNS.
2015-08-25 14:26:01 +02:00
Daniel Mack
9c56a6f3e2 resolved: move assertion
Make a scope with invalid protocol state fail as soon as possible.
2015-08-25 14:25:58 +02:00
Daniel Mack
106784ebb7 resolved: use switch-case statements for protocol details
With more protocols to come, switch repetitive if-else blocks with a
switch-case statements.
2015-08-25 14:25:56 +02:00
Jan Synacek
9ef15026c0 logind/systemctl: introduce SetWallMessage and --message
Enable unprivileged users to set wall message on a shutdown
operation. When the message is set via the --message option,
it is logged together with the default shutdown message.

$ systemctl reboot --message "Applied kernel updates."

$ journalctl -b -1
...
systemd-logind[27]: System is rebooting. (Applied kernel updates.)
...
2015-08-25 13:52:44 +02:00
Daniel Mack
8326c7f789 resolved: remove runtime check for previously asserted condition 2015-08-25 10:18:45 +02:00
Tom Gundersen
dd42560795 Merge pull request #1023 from poettering/resolved-fixes
A variety of resolved fixes
2015-08-25 10:18:16 +02:00
Lennart Poettering
337020515d sd-bus: introduce new SD_BUS_VTABLE_PROPERTY_EXPLICIT flag
This allows marking properties as "explicit". Properties marked like
this are included in the introspection, but are avoided in GetAll()
property queries, PropertiesChanged() signals and in in GetManaged()
object manager calls and InterfacesAdded() signals.

Expensive properties may be marked that way, and they will be
retrievable when explicitly being requested, but never in "blanket"
all-property queries and signals.

This flag may be combined with the flags for "const" and
"emit-validation" properties, but not with "emit-validation", as that
is only useful for properties whose value shall be sent in "blanket"
all-property signals.

The "explicit" flag is also exposed in the introspection data via a new
annotation.
2015-08-25 01:50:59 +02:00
Lennart Poettering
9318cdd374 resolved: change error code when trying to resolve direct LLMNR PTR RRs
If we try to resoolve an LLMNR PTR RR we shall connect via TCP directly
to the specified IP address. We already refuse to do this if the address
to resolve is of a different address family as the transaction's scope.
The error returned was EAFNOSUPPORT. Let's change this to ESRCH which is
how we indicate "not server available" when connecting for LLMNR or DNS,
since that's what this really is: we have no server we could connect to
in this address family.

This allows us to ensure that no server errors are always handled the same
way.
2015-08-24 23:47:28 +02:00
Lennart Poettering
3fa4999b5d resolve-host: support parsing numeric interface names
If the user specifies an interface by its ifindex we should handle this
nicely. Hence let's try to parse the ifindex as a number before we try
to resolve it as an interface name.
2015-08-24 23:46:24 +02:00
Lennart Poettering
d634711b26 resolved: remove duplicate handling of "no servers" query result
So far we handled immediate "no server" query results differently from
"no server" results we ran into during operation: the former would cause
the dns_query_go() call to fail with ESRCH, the later would result in
the query completion callback to be called.

Remove the duplicate codepaths, by always going through the completion
callback. This allows us to remove quite a number of lines for handling
the ESRCH.

This commit should not alter behaviour at all.
2015-08-24 23:44:33 +02:00
Lennart Poettering
da0c630e14 resolved: replace transaction list by hashmap
Right now we keep track of ongoing transactions in a linked listed for
each scope. Replace this by a hashmap that is indexed by the RR key.
Given that all ongoing transactions will be placed in pretty much the
same scopes usually this should optimize behaviour.

We used to require a list here, since we wanted to do "superset" query
checks, but this became obsolete since transactions are now single-key
instead of multi-key.
2015-08-24 23:15:51 +02:00
Lennart Poettering
ef3100e963 machinectl: extend the "shell" syntax to take user@container names
In order to make "machinectl shell" more similar to ssh, allow the
following syntax to connect to a container under a specific username:

        machinectl shell lennart@fedora

Also beefs up related man page documentation.
2015-08-24 22:46:46 +02:00
Lennart Poettering
91913f584a machinectl: make machine name parameters for "shell" and "login" optional
If no machine name is specified, imply that we connect to ".host", i.e.
the local host.
2015-08-24 22:46:45 +02:00
Lennart Poettering
4289c3a725 machined: beef up PolicyKit actions
Introduce separate actions for creating login or shell sessions for
the local host or a local container. By default allow local unprivileged
clients to create new login sessions (which is safe, since getty will
ask for username and authentication).

Also, imply login privs from shell privs, as well as shell and login
privs from manage privs.
2015-08-24 22:46:45 +02:00
Lennart Poettering
b04c25f9ef systemctl: properly handle empty control group paths in "status"
When showing the status of the "-.slice" slice root unit (whose reported
cgroup path is ""), we suppressed the cgroup tree so far, because
skipped it for all unit with an empty cgroup path. Let's fix that, and
properly handle the empty cgroup path.
2015-08-24 22:46:45 +02:00
Lennart Poettering
a79366e22a machined: userns is only supported for container-class machines
We do not support userns for VM machines or for the host itself.
2015-08-24 22:46:45 +02:00
Lennart Poettering
fee6d013d8 machinectl: don't show ".host" pseudo-machine in list by default
Let's hide all machines whose name begins with "." by default, thus
hiding the ".host" pseudo-machine, unless --all is specified. This
takes inspiration from the ".host" image handling in "machinectl
list-images" which also hides all images whose name starts with ".".
2015-08-24 22:46:45 +02:00
Lennart Poettering
fbe550738d machined: introduce pseudo-machine ".host" refererring to the host system
Some of the operations machined/machinectl implement are also very
useful when applied to the host system (such as machinectl login,
machinectl shell or machinectl status), hence introduce a pseudo-machine
by the name of ".host" in machined that refers to the host system, and
may be used top execute operations on the host system with.

This copies the pseudo-image ".host" machined already implements for
image related commands.

(This commit also adds a PK privilege for opening a PTY in a container,
which was previously not accessible for non-root.)
2015-08-24 22:46:45 +02:00
Lennart Poettering
b9a8d25081 machined: validate machine names at more places
When enumerating machines from /run, and when accepting machine names
for operations, be more strict and always validate.

Note that these checks are strictly speaking unnecessary, since
enumeration happens only on the trusted /run...
2015-08-24 22:46:45 +02:00
Lennart Poettering
25300b5a1f util: make machine_name_is_valid() a macro and move it to hostname-util.h
As it turns out machine_name_is_valid() does the exact same thing as
hostname_is_valid() these days, as it just invoked that and checked the
name length was < 64. However, hostname_is_valid() checks the length
against HOST_NAME_MAX anyway (which is 64 on Linux), hence any
additional check is redundant.

We hence replace machine_name_is_valid() by a macro that simply maps it
to hostname_is_valid() but sets the allow_trailing_dot parameter to
false. We also move this this call to hostname-util.h, to the same place
as the hostname_is_valid() declaration.
2015-08-24 22:46:45 +02:00
Lennart Poettering
b59abc4d1e util: make hostname_is_valid() easier to read
Add more comments, and rename some parameters and variables to be more
expressive.
2015-08-24 22:46:45 +02:00
Lennart Poettering
077c8c366b machined: always look for leader PID first
When looking for the machine belonging to a PID, always look for the
leader first, only then fall back to a cgroup check. We keep direct
track of the leader PID, but only indirectly of the cgroup, hence prefer
the PID.
2015-08-24 22:46:45 +02:00
Lennart Poettering
c454426c54 machinectl: add new "machinectl shell" command
This makes use of machined's new OpenShell() command and allows opening
a new interactive shell in any container.
2015-08-24 22:46:45 +02:00
Lennart Poettering
49af9e1368 machined: add new OpenShell() bus call
This new bus call opens an interactive shell in a container. It works
like the existing OpenLogin() call, but does not involve getty, and
instead opens an arbitrary command line.

This is similar to "systemd-run -t -M" but is controlled by a specific
PolicyKit privilege.
2015-08-24 22:46:45 +02:00
Lennart Poettering
506711fddd core: open up more executable properties via the bus
This is preparation for a later commit that makes use of these
properties for spawning an interactive shell in a container.
2015-08-24 22:46:45 +02:00
Lennart Poettering
023a4f6701 core: optionally create LOGIN_PROCESS or USER_PROCESS utmp entries
When generating utmp/wtmp entries, optionally add both LOGIN_PROCESS and
INIT_PROCESS entries or even all three of LOGIN_PROCESS, INIT_PROCESS
and USER_PROCESS entries, instead of just a single INIT_PROCESS entry.

With this change systemd may be used to not only invoke a getty directly
in a SysV-compliant way but alternatively also a login(1) implementation
or even forego getty and login entirely, and invoke arbitrary shells in
a way that they appear in who(1) or w(1).

This is preparation for a later commit that adds a "machinectl shell"
operation to invoke a shell in a container, in a way that is compatible
with who(1) and w(1).
2015-08-24 22:46:45 +02:00
Tom Gundersen
53496ca9ad Merge pull request #1012 from gentoo-root/master
sd-device: fix enumeration of devices without subsystem
2015-08-24 18:37:02 +02:00
David Herrmann
1105ea51a8 sd-bus: don't list activators as proper peers
If a connection passed KDBUS_HELLO_ACTIVATOR, it cannot do I/O on the
bus. Hence, we should not treat it as proper peer. To actually query it,
you have to explicitly ask for activators.

This makes kdbus in-line with what dbus-daemon does.
2015-08-24 13:41:03 +02:00
David Herrmann
f2196cf2e2 Revert "sd-bus: include queried path in GetManagedObjects"
This reverts commit 92d16a53e3. As it turns
out, this is not how ObjectManager is supposed to work. It is just a
special behavior of BlueZ, but no-one else implements it this way.

Revert the patch as discussed on github, and as such revert to the
previous behavior (as described in the spec).
2015-08-24 12:56:37 +02:00
Daniel Mack
1667eda96f Merge pull request #1014 from whot/hwdb-updates
hwdb: add more DPI entries
2015-08-24 10:46:59 +02:00
Peter Hutterer
fb8ab3c895 hwdb: add more DPI entries
Provided by Francois Marier
2015-08-24 15:30:46 +10:00
Maxim Mikityanskiy
9a9c7dc2cb sd-device: fix enumeration of devices without subsystem
Prior to commit c32eb440ba, libudev's
function udev_enumerate_scan_devices() had behaved differently. If
parent match was added with udev_enumerate_add_match_parent(),
udev_enumerate_scan_devices() did not return error if some child devices
had no subsystem symlink in sysfs. An example of such devices is USB
endpoints /sys/bus/usb/devices/*/ep_*. If there was a parent match
against USB device, old implementation of udev_enumerate_scan_devices()
did not treat ep_* device directories without subsystem symlink as error
and just ignored them, but new implementation returns -ENOENT (also
ignoring these devices) though correctly enumerates all other matching
devices.

To compare, you could look at 96df036fe3,
in src/libudev/libudev-enumerate.c, function parent_add_child():

    if (!match_subsystem(enumerate, udev_device_get_subsystem(dev)))
            goto nomatch;

udev_device_get_subsystem() was returning NULL, match_subsystem() was
returning false, and USB endpoint device was ignored.

New parent_add_child() from src/libsystemd/sd-device/device-enumerator.c
checks return value of sd_device_get_subsystem() and fails if subsystem
was not found. Absence of subsystem symlink should not be really treated
as error because all enumerations of children of USB devices will fail
with -ENOENT. This new behavior also breaks system-config-printer.

So restore old behavior and treat absence of subsystem symlink as no
match.
2015-08-22 11:33:32 +03:00
Tom Gundersen
72aa2c2a20 Merge pull request #1010 from poettering/resolved-question-key
only maintain one question RR key per transaction and other fixes
2015-08-22 01:57:58 +02:00
Lennart Poettering
28b967a87b Merge pull request #1009 from phomes/master
remove unused variables
2015-08-21 23:07:49 +02:00
Lennart Poettering
26b1c471cd resolved: always split up questions into per-RR transactions
We do so for Unicast DNS and LLMNR anyway, let's also do this for mDNS,
and simplify things.
2015-08-21 23:01:42 +02:00
Lennart Poettering
f52e61da04 resolved: only maintain one question RR key per transaction
Let's simplify things and only maintain a single RR key per transaction
object, instead of a full DnsQuestion. Unicast DNS and LLMNR don't
support multiple questions per packet anway, and Multicast DNS suggests
coalescing questions beyond a single dns query, across the whole system.
2015-08-21 22:55:01 +02:00
Lennart Poettering
9e08a6e0ce resolved: add extra check for family when doing LLMNR TCP connections
It shouldn't happen that we try to resolve IPv4 addresses via LLMNR on
IPv6 and vice versa, but let's explicitly verify that we don't turn an
IPv4 LLMNR lookup into an IPv6 TCP connection.
2015-08-21 22:51:05 +02:00
Lennart Poettering
0a18f3e59f resolved: add reference to negative caching RFC 2015-08-21 22:47:06 +02:00
Thomas Hindoe Paaboel Andersen
62f176068c remove unused variables 2015-08-21 22:19:10 +02:00
Tom Gundersen
932b06b8ff Merge pull request #1005 from poettering/resolved-refuse-compression
Don't do name compression when passing RRs across the bus
2015-08-21 16:23:02 +02:00
Tom Gundersen
37ebef9873 Merge pull request #1004 from poettering/systemd-run-man
man: rework systemd-run man page a bit
2015-08-21 16:21:21 +02:00
Lennart Poettering
09b1fe142b resolve-host: Minor wording improvement 2015-08-21 16:06:25 +02:00
Lennart Poettering
f6a5fec6b9 resolved: when passing RRs across the bus, make sure not to use name compression
We explicitly need to turn off name compression when marshalling or
demarshalling RRs for bus transfer, since they otherwise refer to packet
offsets that reference packets that are not transmitted themselves.
2015-08-21 16:04:59 +02:00
Lennart Poettering
dec896f851 man: rework systemd-run man page a bit 2015-08-21 16:04:16 +02:00