1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-08 11:27:32 +03:00
Commit Graph

18945 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
12f15e596a man: use one description of --no-legend 2015-01-19 21:44:53 -05:00
Tom Gundersen
4bbfe7ad22 nspawn: add ipvlan support 2015-01-20 00:46:13 +01:00
Tom Gundersen
c4a5ddc9f2 networkd: netdev - add ipvlan support 2015-01-19 23:25:16 +01:00
Zbigniew Jędrzejewski-Szmek
250ba6647b systemctl: do not show dots with --plain
Plain implies a ... "plain" output.

Also do not say "No jobs" with --no-legend. We skip
reporting the number of jobs with --no-legend if there
are any, and 0 is also a number, and should be skipped.
2015-01-19 15:41:03 -05:00
Lennart Poettering
f6c51a8136 nspawn: support dissecting GPT images that contain only a single generic linux partition
This should allow running Ubuntu UEFI GPT Images with nspawn,
unmodified.
2015-01-19 20:24:10 +01:00
Lennart Poettering
ec5cb56ee1 import: clarify when we are unpacking the qcow2 device 2015-01-19 20:24:10 +01:00
Lennart Poettering
2fbe4296c5 inspawn: wait until udev has probed a loopback device before making us of it 2015-01-19 20:24:10 +01:00
Lennart Poettering
0716faad4a import: make sure don't leak the LZMA context 2015-01-19 20:24:10 +01:00
Lennart Poettering
c19de71113 machined: refer to the disk space allocated for an image to "usage" rather than "size"
After all, it's closer to the "du"-reported value than to the file
sizes...
2015-01-19 20:24:09 +01:00
Lennart Poettering
1c7dd82563 qcow2: when dissecting qcow2, use btrfs clone ioctls for reflinking blocks to target 2015-01-19 20:24:09 +01:00
Lennart Poettering
1e20b41187 import: when downloading raw files, show simple progress reports 2015-01-19 20:24:09 +01:00
Lennart Poettering
2f64ba0e6e import: simplify the code a bit 2015-01-19 20:24:09 +01:00
Lennart Poettering
ff6a74609b import-raw: when downloading raw images, generate sparse files if we can 2015-01-19 20:24:09 +01:00
Lennart Poettering
47bc4fd86d import-raw: set NOCOW flag on all raw images we create 2015-01-19 20:24:09 +01:00
Zbigniew Jędrzejewski-Szmek
3fb90db2d6 systemctl: fix import-environment description, trim help to 80 cols 2015-01-19 13:55:59 -05:00
Zbigniew Jędrzejewski-Szmek
40f0b71b06 journalctl: trim --help to fit in 80 columns
Terminals tend to be 80 columns wide by default, and the help
text is only supposed to be a terse reminder anyway.

https://bugzilla.redhat.com/show_bug.cgi?id=1183771
2015-01-19 13:42:56 -05:00
Daniel Mack
71c2687360 cgroup: fix typo 2015-01-19 18:34:17 +01:00
Zbigniew Jędrzejewski-Szmek
a2341f6836 Move DEFINE_TRIVIAL_CLEANUP_FUNC to macro.h
This remove the need for various header files to include the
(relatively heavyweight) util.h.
2015-01-18 19:06:48 -05:00
Zbigniew Jędrzejewski-Szmek
2695c5c44e Add initialization helper for file_handle_union 2015-01-18 19:06:48 -05:00
Zbigniew Jędrzejewski-Szmek
302fbdf29e man: reindent tmpfiles.d(5)
Reindent to 2 spaces, use more markup.
2015-01-18 19:06:48 -05:00
Zbigniew Jędrzejewski-Szmek
42d8fafc4b man: mention "wheel" and "adm" in journalctl(1)
https://bugs.freedesktop.org/show_bug.cgi?id=70866
2015-01-18 19:06:47 -05:00
Zbigniew Jędrzejewski-Szmek
49fba678a0 man: reindent journalctl(1)
Reindent with two spaces, use non-breaking spaces, add <literal> tags.
2015-01-18 19:06:47 -05:00
David Herrmann
314808cea4 bus: drop systemd.kdbus_attach_flags_mask= cmdline
There is no reason to provide our own attach_flags_mask. We can simply
rely on kdbus.attach_flags_mask= which is read by the kernel *and* kmod.
If it's set, we assume the user wants to override our setting, so we
simply skip setting it.
2015-01-18 23:56:19 +01:00
David Herrmann
90b99192ad core: write kdbus.attach_flags_mask only on real boot
The kernel module system is not namespaced, so no container should ever
modify global options. Make sure we set the kdbus attach_flags_mask only
on a real boot as PID1.
2015-01-18 23:54:42 +01:00
Topi Miettinen
9c89c1cabd libudev: fix check for too long packet
Don't use recvmsg(2) return value to check for too long packets
(it doesn't work) but MSG_TRUNC flag.

(David: add parantheses around condition)
2015-01-18 23:31:11 +01:00
Cristian Rodríguez
0193ad26ba util: replace RUN_WITH_LOCALE with extended locale functions
There were two callers, one can use strtod_l() and the other strptime_l().

(David: fix up commit-msg and coding-style)
2015-01-18 22:08:44 +01:00
Topi Miettinen
43fcd650e5 timesyncd: consider too long packets as invalid
If the received NTP message from server didn't fit to our buffer, either
it is doing something nasty or we don't know the protocol. Consider the
packet as invalid.

(David: add parantheses around conditional)
2015-01-18 21:42:00 +01:00
David Herrmann
50efadb0ae bus-proxy: don't pretend everyone is root
While it's a lovely scenario, it's probably not really useful. Fix our
GetConnectionUnixUser() to return the actual 'euid' which we asked for,
not the possible uninitialized 'uid'.
2015-01-18 21:34:33 +01:00
David Herrmann
607ff5f95a Revert "test-exec: do not skip all the tests"
This reverts commit 68e68ca810. We *need*
root access to create cgroups. The only exception is if it is run from
within a cgroup with "Delegate=yes". However, this is not always true and
we really shouldn't rely on this.

If your terminal runs from within a systemd --user instance, you're fine.
Everyone else is not (like running from ssh, VTs, and so on..).
2015-01-18 20:07:51 +01:00
David Herrmann
21fce57b26 bus: fix SD_BUS_CREDS_AUGMENT on kdbus queries
If we set SD_BUS_CREDS_AUGMENT, we *need* the PID from the kernel so we
can lookup further information from /proc. However, we *must* set
SD_BUS_CREDS_PIDS in "mask", otherwise, our creds-collector will never
actually copy the pid into "sd_bus_creds". Fix this, so
SD_BUS_CREDS_AUGMENT works even if SD_BUS_CREDS_PID is not specified by
the caller.
2015-01-18 19:37:34 +01:00
David Herrmann
eea0b59193 bus: fix typo
Fix comment typo and clarify that this is not about privileges but can
have rather arbitrary reasons.
2015-01-18 19:28:30 +01:00
David Herrmann
05bae4a60c bus: use EUID over UID and fix unix-creds
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.

Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.

This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
2015-01-18 13:55:55 +01:00
David Herrmann
e23f4bb525 bus-proxy: fake all UIDs/GIDs, not just the real UID/GID
Make sure we tell the kernel to fake all UIDs/GIDs. Otherwise, the remote
side has no chance of querying our effective UID (which is usually what
they're interested in).
2015-01-18 13:54:46 +01:00
David Herrmann
d340f82032 bus-proxy: fix bus-uid tracking
We need to implicitly allow HELLO from users with the same uid as the bus.
Fix the bus-uid tracking to use the original uid, not the uid after
privilege-dropping.
2015-01-18 13:07:21 +01:00
David Herrmann
ca56b0a683 logind: hide 'self' links if not available
If the caller does not run in a session/seat or has no tracked user, hide
the /org/freedesktop/login1/.../self links in introspection data.
Otherwise, "busctl tree org.freedesktop.login1" tries to query those nodes
even though it cant.
2015-01-18 12:59:39 +01:00
David Herrmann
7447362c53 bus-proxy: don't print error-messages if we check multiple dests
If we test the policy against multiple destination names, we really should
not print warnings if one of the names results in DENY. Instead, pass the
whole array of names to the policy and let it deal with it.
2015-01-17 21:18:52 +01:00
David Herrmann
0d620e5336 bus-proxy: implement org.freedesktop.DBus.ReloadConfig()
Make sure to reload our xml policy configuration if requested via the bus.
2015-01-17 19:06:34 +01:00
David Herrmann
bae8352c1d bus-proxy: fix indentation
Fix whitespace indentation.
2015-01-17 18:54:09 +01:00
David Herrmann
a80a3a7543 bus-proxy: drop privileges if run as root
We cannot use "User=" in unit-files if we want to retain privileges. So
make bus-proxy.c explicitly drop privileges. However, only do that if
we're root, as there is no need to drop it on the user-bus.
2015-01-17 18:27:23 +01:00
David Herrmann
c4bc1a8434 bus-proxy: share policy between threads
This implements a shared policy cache with read-write locks. We no longer
parse the XML policy in each thread.

This will allow us to easily implement ReloadConfig().
2015-01-17 18:27:23 +01:00
David Herrmann
b58d857136 build: move stdio-bridge into $PATH
Make sure stdio-bridge can be found in $PATH. Otherwise, "xyzctl -H"
fails.
2015-01-17 18:27:23 +01:00
Maxim Mikityanskiy
288026bda9 hwdb: restore comments about MSI devices
Some time ago 95-keymap.rules was replaced by
60-keyboard.hwdb. Original comments for MSI laptops (that were in
95-keymap.rules) were removed, but I think they are important for
understanding what's going on.

https://bugs.freedesktop.org/show_bug.cgi?id=88412
2015-01-17 11:27:33 -05:00
David Herrmann
d3394ff47c bus-proxy: set custom thread names
Set thread-names to "p$PIDu$UID" and suffix with '*' if truncated. This
helps debugging bus-proxy issues if we want to figure out which
connections are currently open.
2015-01-17 14:32:58 +01:00
David Herrmann
a8a1a43f48 bus-proxy: turn into multi-threaded daemon
Instead of using Accept=true and running one proxy for each connection, we
now run one proxy-daemon with a thread per connection. This will enable us
to share resources like policies in the future.
2015-01-17 14:00:19 +01:00
Michael Marineau
f4a53250ac missing: add macros for OFD locks 2015-01-17 12:45:38 +01:00
Cristian Rodríguez
ecdacd4b2f remove unneeded libgen.h includes 2015-01-17 12:26:20 +01:00
Chris Atkinson
2057124e79 Grammar changes to catalog 2015-01-17 12:22:19 +01:00
Colin Guthrie
352e209804 random-seed: avoid errors when we cannot write random-seed file
When we call 'systemd-random-seed load' with a read-only /var/lib/systemd,
the cleanup code (which rewrites the random-seed file) will fail and exit.

Arguably, if the filesystem is read-only and the random-seed file exists
then this will be possibly be quite bad for entroy on subsequent reboots
but it should still not make the unit fail.
2015-01-17 11:55:14 +01:00
David Herrmann
f299e3e430 bus-proxy: bring back systemd-stdio-bridge
Now that we want to make bus-proxy multi-threaded, we have to bring back
the systemd-stdio-bridge for our TCP use-cases.
2015-01-17 11:55:14 +01:00
David Herrmann
c0395aeb90 bus-proxy: extract proxy into Proxy object
Move all the proxy code into a "struct Proxy" object that can be used
from multiple binaries.

We now dropped SMACK as we have to refactor it to work properly. We can
introduce it later on.
2015-01-17 11:55:14 +01:00