IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Make sure we always check conditions before checking whether the unit
type is supported in unit_start(), since condition checks are "clean
errors", while "not supported" errors are fatal.
This cleans up the boot output of systemd in containers, where a lot of
NOTSUPP lines were shown befor this fix.
This partially reverts 8ff4d2ab0d which
reorder the checks.
Introduce a proper enum, and don't pass around string ids anymore. This
simplifies things quite a bit, and makes virtualization detection more
similar to architecture detection.
We expect the CPE_NAME to be formatted in URI binding syntax. Make that
clear in the documentation. Furthermore, the CPE-spec has been taken over
by NIST, so adjust the links as well.
Reported by: Ben Harris <bjh21@cam.ac.uk>
Commit 5f4c5fef6 introduced this new test case, but this does not work in
build chroots where cgroupfs is not mounted. So skip the test if systemd is not
running.
We should never access the "signal" part of the event source unless the
event source is actually for a signal. In this case it's a child pid
handler however, hence make sure to use the right signal.
This is a fix for PR #1177, which in turn was a fix for
9da4cb2be2.
If the root file system is located on an encrypted root disk, we'll not
find the GPT partition table for it. Let's fix that by following the
slaves/ symlinks in /sys for the device. We only handle devices having
exactly one backing device.
Also see: #1167
We generally try to support 2y old kernels, which allows us bump the
minimal required version to 3.11 now.
Also, clarify that support for the unified cgroup hierarchy requires 4.2
or newer.
.nspawn fiels are simple settings files that may accompany container
images and directories and contain settings otherwise passed on the
nspawn command line. This provides an efficient way to attach execution
data directly to containers.
This funciton is exposed via CanStart on the bus, and should be as
accurate as possible. Hence: make sure to return false for units of unit
types not supported on the system, and for unit types where
configuration failed to load.
Also see #1105.
Currently, our introspection data looks like this:
<node>
<interface name="org.freedesktop.DBus.Peer">
...
</interface>
<interface name="org.freedesktop.DBus.Introspectable">
...
</interface>
<interface name="org.freedesktop.DBus.Properties">
...
</interface>
<node name="org"/>
<node name="org/freedesktop"/>
<node name="org/freedesktop/login1"/>
<node name="org/freedesktop/login1/user"/>
<node name="org/freedesktop/login1/user/self"/>
<node name="org/freedesktop/login1/user/_1000"/>
<node name="org/freedesktop/login1/seat"/>
<node name="org/freedesktop/login1/seat/self"/>
<node name="org/freedesktop/login1/seat/seat0"/>
<node name="org/freedesktop/login1/session"/>
<node name="org/freedesktop/login1/session/self"/>
<node name="org/freedesktop/login1/session/c1"/>
</node>
(ordered alphabetically for better visibility)
This is grossly incorrect. The spec says that we're allowed to return
non-directed children, however, it does not allow us to return data
recursively in multiple parents. If we return "org", then we must not
return anything else that starts with "org/".
It is unclear, whether we can include child-nodes as a tree. Moreover, it
is usually not what the caller wants. Hence, this patch changes sd-bus to
never return introspection data recursively. Instead, only a single
child-layer is returned.
This patch relies on enumerators to never return hierarchies. If someone
registers an enumerator via sd_bus_add_enumerator, they better register
sub-enumerators if they support *TRUE* hierarchies. Each enumerator is
treated as a single layer and not filtered.
Enumerators are still allowed to return nested data. However, that data
is still required to be a single hierarchy. For instance, returning
"/org/foo" and "/com/bar" is fine, but including "/com" or "/org" in that
dataset is not.
This should be the default for enumerators and I see no reason to filter
in sd-bus. Moreover, filtering that data-set would require to sort the
strv by path and then do prefix-filtering. This is O(n log n), which
would be fine, but still better to avoid.
Fixes#664.
systemd-internal headers must not rely on include order. That means, they
either must contain forward-declarations of used types/functions, or they
must include all dependencies on their own. Therefore, there is no reason
to mandate an include order on the call-side.
However, global includes should always be ordered first. We don't want
local definitions to leak into global includes, possible changing their
behavior. Apparently, namespacing is a complex problem that people are
incapable of implementing properly..
Apart from "global before local", there is no reason to mandate a random
include order (which we happen to do right now). Instead, mandate
alphabetical ordering. The current rules do not have any benefit at all.
They neither reduce include-complexity, nor allow easy auditing of
include files. But with alphabetical ordering, we get duplicate-detection
for free, it gets *much much* easier to figure out whether a header is
already included, and it is trivial to add new headers.
Whenever we run in a user context, sd_bus_{default_user,open_user}() and
friends should always connect to the user-bus of the current context,
instead of deriving the uid from getuid(). This allows us running
programs via sudo/su, without the nasty side-effect of accidentally
connecting to the root user-bus.
This patch enforces the idea of making su/sudo *not* opening sessions by
default. That is, all they do is raising privileges, but keeping
everything set as before. You can still use su/sudo to open real sessions
by requesting a login-session (or loading pam_systemd otherwise).
However, in this case XDG_RUNTIME_DIR= will not be set (as usual in these
cases), hence, you will not be able to connect to *any* user-bus.
Long story short: With this patch applied, both:
- ./busctl --user
- sudo ./busctl --user
..will successfully connect to the user-bus of the local user.
Fixes#390.
The following details are passed:
- unit: the primary name of the unit upon which the action was
invoked (i.e. after resolving any aliases);
- verb: one of 'start', 'stop', 'reload', 'restart', 'try-restart',
'reload-or-restart', 'reload-or-try-restart', 'kill',
'reset-failed', or 'set-property', corresponding to the
systemctl verb used to invoke the action.
Typical use of these details in a polkit policy rule might be:
// Allow alice to manage example.service;
// fall back to implicit authorization otherwise.
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "example.service" &&
subject.user == "alice") {
return polkit.Result.YES;
}
});
We also supply a custom polkit message that includes the unit's name and
the requested operation.
Extra details for an action can be supplied when calling polkit's
CheckAuthorization method. Details are a list of key/value string pairs.
Custom policy can use these details when making authorization decisions.
This adds a new sd_pid_get_cgroup() call to sd-login which may be used
to query the control path of a process. This is useful for programs when
making use of delegation units, in order to figure out which subtree has
been delegated.
In light of the unified control group hierarchy this is finally safe to
do, hence let's add a proper API for it, to make it easier to use this.
