1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-10-29 21:55:25 +03:00
Commit Graph

17817 Commits

Author SHA1 Message Date
Lennart Poettering
f5d8989ce5 bus-proxy: properly check for bus name prefixes when enforcing policy 2014-11-14 20:06:01 +01:00
Lennart Poettering
49d4b1eecf bus-proxy: drop broken access check in driver
The access check call was broken (as it tried to read a service name
from the UpdateActivationEnvironment() method call which doesn't carry
any). Also, it's unnecessary to make any access checks here, as we just
forward the call to PID 1 which should do the access checks necessary.
2014-11-14 18:47:59 +01:00
Lennart Poettering
5f68e74b6a kmod-setup: improve for "kdbus" word on the kernel cmdline
We really shouldn't check for words with "strstr()"...
2014-11-14 18:02:30 +01:00
Lennart Poettering
f84f9974d8 kmod: move #ifdef checks for kmod-setup out of main.c into kmod-setup.c 2014-11-14 17:58:32 +01:00
Lennart Poettering
264b807071 update TODO 2014-11-14 17:55:19 +01:00
Lennart Poettering
d55192add7 busctl: introduce busctl "get-property" command for reading and dumping object properties 2014-11-14 17:52:40 +01:00
Daniel Mack
2e75e2a8f5 mount-setup: remove mount_setup_late()
Turns out we can just do kmod_setup() earlier, before we do mount_setup(),
so there's no need for mount_setup_late() anymore. Instead, put kdbusfs in
mount_table[].
2014-11-14 15:18:56 +01:00
Lennart Poettering
56c8b52d4d busctl: various tweaks to "busctl tree" output 2014-11-14 13:18:51 +01:00
Lennart Poettering
86349ffe49 man: various tweaks for busctl(1) man page 2014-11-14 13:18:51 +01:00
Lennart Poettering
781fa93815 busctl: add new "call" command to invoke methods on a service 2014-11-14 13:18:51 +01:00
Lennart Poettering
8022212b3b sd-bus: add sd_bus_message_is_empty() for checking whether a message carries any body 2014-11-14 13:18:51 +01:00
Lennart Poettering
34b950a8d8 man: hostnamectl understands -M too 2014-11-14 13:18:51 +01:00
Daniel Mack
63cc4c3138 sd-bus: sync with kdbus upstream (ABI break)
kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:

 * Each time a file system of this type is mounted, a new kdbus
   domain is created.

 * The layout inside each mount point is the same as before, except
   that domains are not hierarchically nested anymore.

 * Domains are therefore also unnamed now.

 * Unmounting a kdbusfs will automatically also detroy the
   associated domain.

 * Hence, the action of creating a kdbus domain is now as
   privileged as mounting a filesystem.

 * This way, we can get around creating dev nodes for everything,
   which is last but not least something that is not limited by
   20-bit minor numbers.

The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.

A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().
2014-11-13 20:41:52 +01:00
Daniel Mack
c1ec25a063 bus-proxyd: temporarily disable policy checks again
There are issues to investigate on with policies shipped by some
packages, which we'll address later. Move that topic out of the
way for now to bring sd-bus in sync with upstream kdbus.
2014-11-13 20:41:51 +01:00
Kay Sievers
adeba5008e udev: support ENV{}=="" global property matches 2014-11-13 20:35:06 +01:00
Kay Sievers
41b848b0ea udev: move global property handling from libudev to udevd 2014-11-13 13:50:01 +01:00
Kay Sievers
25e773eeb4 udev: switch to systemd logging functions 2014-11-13 13:12:57 +01:00
Kay Sievers
a974cacd9a libudev: we do not log errors from libraries 2014-11-13 11:42:24 +01:00
Ronny Chevalier
281e05b6cb tests: add test-execute
add tests for the following directives:
- WorkingDirectory
- Personality
- IgnoreSIGPIPE
- PrivateTmp
- SystemCallFilter: It makes test/TEST-04-SECCOMP obsolete, so it has
  been removed.
- SystemCallErrorNumber
- User
- Group
- Environment
2014-11-13 10:39:51 +01:00
Ronny Chevalier
07aa32e31d manager: allow test run to catch SIGCHLD events
Otherwise we cannot know when a service exited
2014-11-13 10:39:51 +01:00
Bastien Nocera
b4c72e52d2 keymap: Fix special keys on ThinkPad X60/X61 Tablet
KEY_DIRECTION is mapped to XF86RotateWindows, to rotate the display:
http://cgit.freedesktop.org/xkeyboard-config/commit/symbols/inet?id=ec875f6f9b7c4028e11d32b071989c682e6502bd

And F13 is mapped to XF86Tools, which is closest to the original toolbox
usage:
http://cgit.freedesktop.org/xkeyboard-config/tree/symbols/inet?id=7a2c4bed212ebbcc05f3c959aef659ce7dd31fd8#n221
2014-11-13 09:02:12 +01:00
Bastien Nocera
71ed2d3871 keymap: Add support for IBM ThinkPad X41 Tablet
Scancode taken from:
http://www.thinkwiki.org/wiki/Tablet_Hardware_Buttons#Linux_Support

William Jon McCann provided the DMI match. IBM seems to have
swapped the version and model of the system:
        Manufacturer: IBM
        Product Name: 18666TU
        Version: ThinkPad X41 Tablet
2014-11-13 09:01:51 +01:00
Lennart Poettering
174299e35f man: fix typo 2014-11-12 23:46:47 +01:00
Lennart Poettering
c2d5b3c94d Update TODO 2014-11-12 23:46:47 +01:00
Ronny Chevalier
00b06165a1 udev: use properly the systemd logging functions 2014-11-12 21:44:38 +01:00
Kay Sievers
b12b78712e udev: use the systemd logging functions in udev tools 2014-11-12 18:35:18 +01:00
Daniel Mack
e9730b7690 sd-bus: pass attach flags to BUS_CREATOR_INFO
kdbus learned parsing the attach flags for the KDBUS_CMD_BUS_CREATOR_INFO
ioctl. Bits not set in this mask will not be exported. Set that field to
_KDBUS_ATTACH_ALL for now.

Signed-off-by: Daniel Mack <daniel@zonque.org>
2014-11-11 18:31:11 +01:00
Lennart Poettering
4ecd221425 update TODO 2014-11-11 18:12:48 +01:00
Lennart Poettering
fff1949960 sysuser: simplify access mode syncing by introducing helper function for it 2014-11-11 18:12:40 +01:00
Daniel Mack
ed6d629a34 bus-proxyd: explicitly address messages to unique and well-known name
In order to check for matching policy entries at message transfers, we
have to consider the following:

* check the currently owned names of both the sending and the receiving
peer. If the sending peer is connected via kdbus, the currently owned
names are already attached to the message. If it was originated by the
connection we're proxying for, we store the owned names in our own strv
so we can check against them.

* Walk the list of names to check which name would allow the message to
pass, and explicitly use that name as destination of the message. If the
destination is on kdbus, store both the connection's unique name and the
chosen well-known-name in the message. That way, the kernel will make sure
the supplied name is owned by the supplied unique name, at the time of
sending, and return -EREMCHG otherwise.

* Make the policy checks optional by retrieving the bus owner creds, and
when the uid matches the current user's uid and is non-null, don't check
the bus policy.
2014-11-11 16:51:45 +01:00
Kay Sievers
0b906b8d6f build-sys: move libsystemd-capability into libsystemd-shared 2014-11-11 16:27:42 +01:00
Michal Schmidt
15e9297ebf Revert "bus-proxyd: make policy checks optional"
This reverts commit 5bb24cccbc.

It does not even compile (unbalanced {)
2014-11-11 15:36:48 +01:00
Daniel Mack
5bb24cccbc bus-proxyd: make policy checks optional
Retrieve the bus owner creds, and when the uid matches the current user's
uid and is non-null, don't check the bus policy.
2014-11-11 14:14:01 +01:00
Daniel Mack
2a2be74654 bus-proxyd: move name list iteration to policy users
We need to figure out which of the possible names satisfied the policy,
so we cannot do the iteration in check_policy_item() but have to leave it
to the users.

Test cases amended accordingly.
2014-11-11 14:14:01 +01:00
Daniel Mack
9cd751d2d0 bus-proxyd: enforce policy for method calls 2014-11-11 14:14:01 +01:00
Daniel Mack
f0a4c7391c bus-proxyd: enforce policy for name ownership 2014-11-11 14:14:01 +01:00
Daniel Mack
8573b68fec bus-proxyd: enforce policy for Hello messages 2014-11-11 14:14:01 +01:00
Daniel Mack
ac4eaf6dd4 bus-proxyd: keep track of names acquired by legacy client
Store names successfully acquired by the legacy client into a hashmap.
We need to take these names into account when checking for send policies.
2014-11-11 14:14:01 +01:00
Daniel Mack
022fb8558e sd-bus: add sd_bus_message.verify_destination_id and .destination_ptr
kdbus learned to accept both a numerical destination ID as well as a
well-known-name. In that case, kdbus makes sure that the numerical ID is in
fact the owner of the provided name and fails otherwise.

This allows for race-free assertion of a bus name owner while sending a
message, which is a requirement for bus-proxyd.

Add two new fields to sd_bus_message, and set the numerical ID to
verify_destination_id if bus_message_setup_kmsg() is called for a
message with a well-known name.

Also, set the destination's name in the kdbus item to .destination_ptr
if it is non-NULL.

Normal users should not touch these fields, and they're not publicy
accessible.
2014-11-11 14:14:01 +01:00
Lennart Poettering
7e27f3121e update TODO 2014-11-10 23:45:31 +01:00
Lennart Poettering
f88e6be5ee strv: rework strv_split_quoted() to use unquote_first_word()
This should make the unquoting scheme a bit less naive.
2014-11-10 23:45:12 +01:00
Lennart Poettering
27e9c5af81 bus: when dumping string property values escape the chars we use as end-of-line and end-of-item marks 2014-11-10 20:54:45 +01:00
Ronny Chevalier
c73d180dc4 shared: explicitly ignore the return value of wait_for_terminate
CID#1237532
CID#1237523
CID#1237522
2014-11-10 20:18:49 +01:00
Lennart Poettering
39f76ad8d6 man: improve documentation for "indirect" unit file state a bit
Also, correct mentions of "units" instead of "unit files" in the table,
and terminate all sentences with a full stop.
2014-11-10 20:16:16 +01:00
Jan Synacek
aedd4012f4 shared/install: when unit contains only Also=, report 'indirect'
If a unit contains only Also=, with no Alias= or WantedBy=, it shouldn't
be reported as static. New 'indirect' status shall be introduced.

https://bugzilla.redhat.com/show_bug.cgi?id=864298
2014-11-10 19:58:21 +01:00
Lennart Poettering
f81e67f79f update TODO 2014-11-10 19:25:29 +01:00
Lennart Poettering
d9130355ee busctl: add "tree" command to explore object trees 2014-11-10 19:25:29 +01:00
Mantas Mikulėnas
ca5447c082 inhibit: allow filtering --list by mode
Usually there are a few delay inhibitors all the time (NetworkManager,
Telepathy, etc.), but I'm only interested in the block ones.
2014-11-10 19:25:29 +01:00
Kay Sievers
657bf5a162 build-sys: do not use "label" functions in libsystemd-shared 2014-11-10 18:59:03 +01:00
Kay Sievers
87cfe63da1 build-sys: test-fdset - add libsystemd-internal 2014-11-10 18:22:44 +01:00