1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-08 11:27:32 +03:00
Commit Graph

18031 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
4104970ef7 manager: log some fatal errors at emergency level
This adds a new log_emergency() function, which is equivalent to
log_error() for non-PID-1, and logs at the highest priority for PID 1.
Some messages which occur before freezing are converted to use it.
2014-11-26 15:16:53 -05:00
Lennart Poettering
278ebf8d26 bus-policy: actually test messages against the newly added test.conf 2014-11-26 21:15:39 +01:00
Lennart Poettering
55e189007c bus-policy: also add in other bus policy tests from dbus1
dbus1 only checks if these files parse correctly so let's do the same for now.
2014-11-26 20:58:34 +01:00
Lennart Poettering
3a9cca1104 bus-policy: steal a test case for prefix ownership from dbus1, and make sure it passes with the bus proxy enforcement 2014-11-26 20:22:22 +01:00
Lennart Poettering
cf226cfc24 sd-bus: make sure that when we connect to the system bus we have enough creds to make security decisions 2014-11-26 18:59:31 +01:00
Lennart Poettering
8fd0019380 core: make sure we have enough information when doing selinux decisions
Let's ask for the security relevant bits in a race-free way, and augment
the rest from /proc.
2014-11-26 18:57:39 +01:00
Lennart Poettering
6dae84cbdd update TODO 2014-11-26 17:27:59 +01:00
Lennart Poettering
dcc2fc01fa sd-bus: update peeking into receieved messages, with recent kernel change we need to FREE them after all 2014-11-26 17:27:59 +01:00
Michal Schmidt
e0312f4db0 core: fix check for transaction destructiveness
When checking if the transaction is destructive, we need to check if the
previously installed job is a superset of the new job (and hence the new
job will fold into the installed one without changing it), not the other
way around.
2014-11-26 16:33:46 +01:00
Michal Schmidt
61da906a74 core: drop now-redundant special-casing of JOB_NOP
job_type_is_conflicting(X, JOB_NOP) correctly gives: false.

job_type_allows_late_merge(JOB_NOP) && job_type_is_superset(X, JOB_NOP)
correctly gives: true.
2014-11-26 16:33:45 +01:00
Michal Schmidt
7e803f5ecf core: fix assertion failure in checking a transaction with a JOB_NOP
Several functions called from transaction_activate() need to correctly
handle the case where a JOB_NOP job is being checked against a unit's
pending job. The assumption that JOB_NOP never merges with other job
types was correct, but since the job_type_is_*() functions are
implemented using the merge lookup, they need to special-case JOB_NOP
to avoid hitting assertion failures.
2014-11-26 16:33:43 +01:00
Michal Schmidt
06c1c4f98c test: add test for crash when adding a JOB_NOP 2014-11-26 16:33:40 +01:00
Lennart Poettering
d108ddf172 sd-bus: update kdbus.h from upstream 2014-11-26 15:43:50 +01:00
Lennart Poettering
68d4c45263 core: reindent mount/kmod tables 2014-11-26 15:43:20 +01:00
Lennart Poettering
0ad68f8743 update TODO 2014-11-26 15:42:54 +01:00
Lennart Poettering
7212c6083a update TODO 2014-11-26 15:01:50 +01:00
Lennart Poettering
e12d81ae80 sd-bus: given that the kernel now passes the auxgroups list as 32bit array to us, no need to convert to uid_t manually
This way, we can save one allocation and avoid copying the array
unnecesarily.
2014-11-26 14:59:12 +01:00
Lennart Poettering
8514b67754 update TODO 2014-11-26 14:14:17 +01:00
Lennart Poettering
b568ef14a7 update TODO 2014-11-26 12:11:39 +01:00
David Herrmann
affc7fe9e1 bus: update kdbus.h (ABI break)
We changed creds to u32, so fix systemd sd-bus to acknowledge that.
2014-11-26 11:11:54 +01:00
Lennart Poettering
279f036675 reorder TODO a bit 2014-11-26 03:23:48 +01:00
Zbigniew Jędrzejewski-Szmek
80877656a5 udevadm trigger: allow matching by device name
This makes udevadm trigger mirror udevadm info, except that multiple
device names can be specified. Instructions in 60-keyboard.hwdb should
now actually work.

udevadm(8) is updated, but it could use a bit more polishing.

https://bugs.freedesktop.org/show_bug.cgi?id=82311
2014-11-25 21:16:47 -05:00
Zbigniew Jędrzejewski-Szmek
d6170d27b2 udevadm: split out find_device helper
The idea is to unify the way that devices can be specified.
2014-11-25 21:16:47 -05:00
Lennart Poettering
6c78f43c7b update TODO 2014-11-26 03:06:50 +01:00
Lennart Poettering
38813cc824 bus-kernel: when installing an activator, ask for any kind of metadata to be attached to incoming messages
We don't know what the activated service might want in the end, hence
enable everything current and future, just to be sure.
2014-11-26 03:06:50 +01:00
Lennart Poettering
8aee3fc7ea sd-bus: don't clobber return values on failure in bus_kernel_open_bus_fd() 2014-11-26 03:06:50 +01:00
Lennart Poettering
fa7796e97b sd-bus: set per-bus attach flag requirement mask to ANY
On the system and user busses we create it's the receiver that chooses
which metadata is attched, not the sender, hence set the requirement
mask to ANY, to allow any current of future credential bit to be
attached.
2014-11-26 03:06:50 +01:00
Lennart Poettering
1dfac061ce update TODO 2014-11-26 02:21:15 +01:00
Lennart Poettering
b5dae4c7f7 sd-bus: add suppot for renegotiating message credential attach flags 2014-11-26 02:20:55 +01:00
Lennart Poettering
f3c0588651 sd-bus: use free_and_strdup() where appropriate
This simplifies things a bit and makes sure we free any previously set
creds component before writing in a new one.
2014-11-26 02:20:55 +01:00
Tom Gundersen
b37d45c9ab resolved: fix typo in sd_notify() call 2014-11-25 22:30:52 +01:00
Lennart Poettering
6363357378 update TODO 2014-11-25 20:55:28 +01:00
Lennart Poettering
bd5f920f12 core: show log message about process triggering kdbus service activation 2014-11-25 20:52:48 +01:00
Lennart Poettering
f9a458c666 sd-bus: react properly to EOVERFLOW by generating a log message about dropped broadcast messages and proceeding 2014-11-25 20:42:31 +01:00
Lennart Poettering
48eaba354e kdbus: update header file to current upstream version 2014-11-25 19:25:33 +01:00
Lennart Poettering
0a9f1fd79b kdbus: minor simplification 2014-11-25 19:25:19 +01:00
Lennart Poettering
54e2e63dd2 update TODO 2014-11-25 19:25:03 +01:00
Lennart Poettering
2e8574290d util: mark page_size() as pure 2014-11-25 19:24:45 +01:00
Lennart Poettering
3c575b6417 update TODO 2014-11-25 14:28:34 +01:00
Lennart Poettering
9f6dfd0624 sd-bus: fix error handling when receiving invalid service name
Also, properly keep track of incoming additional service names.
2014-11-25 14:28:34 +01:00
Lennart Poettering
6dfcc64bb5 sd-bus: properly handle non-initialized audit records attached to incoming kernel messages 2014-11-25 14:28:34 +01:00
Lennart Poettering
a6ede528c4 sd-bus: properly copy selinux label and description field when duplicating creds object 2014-11-25 14:28:34 +01:00
Lennart Poettering
0258159049 sd-bus: add supplementary groups list to creds object 2014-11-25 14:28:34 +01:00
Lennart Poettering
2e9efd22ce busctl: if no parameter is specified for "busctl status" show credentials of bus owner 2014-11-25 14:28:34 +01:00
Lennart Poettering
becca6eaaf sd-bus: properly handle uninitialized audit creds from kdbus 2014-11-25 14:28:34 +01:00
Lennart Poettering
359c09b1c1 sd-bus: don't fail when querying creds and dbus1 refuses to tell us the selinux context 2014-11-25 14:28:34 +01:00
Lennart Poettering
40ed1a4574 busctl: add new --augment-creds= switch for controlling whether shown credential data shall be augment with data from /proc 2014-11-25 14:28:34 +01:00
Lennart Poettering
705a415f68 sd-bus: update to current kernel version, by splitting off the extended KDBUS_ITEM_PIDS structure from KDBUS_ITEM_CREDS
Also:

- adds support for euid, suid, fsuid, egid, sgid, fsgid fields.

- makes augmentation of creds with data from /proc explicitly
  controllable to give apps better control over this, given that this is
  racy.

- enables augmentation for kdbus connections (previously we only did it
  for dbus1). This is useful since with recent kdbus versions it is
  possible for clients to control the metadata they want to send.

- changes sd_bus_query_sender_privilege() to take the euid of the client
  into consideration, if known

- when we don't have permissions to read augmentation data from /proc,
  don't fail, just don't add the data in
2014-11-25 14:28:34 +01:00
Lennart Poettering
1d58a1fe13 busctl: improve readability a bit 2014-11-25 14:28:34 +01:00
Lennart Poettering
5cf4f2d176 bus: change creds dumping order to be more close to internal storage order 2014-11-25 14:28:34 +01:00