1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-14 15:21:37 +03:00
Commit Graph

13694 Commits

Author SHA1 Message Date
Lennart Poettering
33649f58af shared: fix getpeername_pretty() for AF_UNIX sockets 2013-12-25 01:29:55 +01:00
Lennart Poettering
79a98c609d unit: include peer identity in description of per-connection socket-activated services 2013-12-25 01:29:55 +01:00
Dave Reisner
db69869f26 sleep-config: fix useless check for swapfile type
Since 0c6f1f4ea4 the check was useless, because the kernel will
ever only write "partition" or "file" there.

OTOH, it is possible that "\\040(deleted)" (escaped " (deleted)")
will be added for removed files. This should not happen, so add
a warning to detect those cases.
2013-12-24 16:43:33 -05:00
Zbigniew Jędrzejewski-Szmek
c4708f1323 tmpfiles: introduce the concept of unsafe operations
Various operations done by systemd-tmpfiles may only be safely done at
boot (e.g. removal of X lockfiles in /tmp, creation of /run/nologin).
Other operations may be done at any point in time (e.g. setting the
ownership on /{run,var}/log/journal). This distinction is largely
orthogonal to the type of operation.

A new switch --unsafe is added, and operations which should only be
executed during bootup are marked with an exclamation mark in the
configuration files. systemd-tmpfiles.service is modified to use this
switch, and guards are added so it is hard to re-start it by mistake.

If we install a new version of systemd, we actually want to enforce
some changes to tmpfiles configuration immediately. This should now be
possible to do safely, so distribution packages can be modified to
execute the "safe" subset at package installation time.

/run/nologin creation is split out into a separate service, to make it
easy to override.

https://bugzilla.redhat.com/show_bug.cgi?id=1043212
https://bugzilla.redhat.com/show_bug.cgi?id=1045849
2013-12-24 15:48:06 -05:00
Zbigniew Jędrzejewski-Szmek
ef72c1f06e man,units: tmpfiles.d(5) cleanup
Condition for /lib (necessary for split /usr) was missing from the unit.

Some changes which were done in tmpfiles.d(5) were not carried over to
systemd-tmpfiles(1).

Also use markup where possible.
2013-12-24 15:48:06 -05:00
Lennart Poettering
751bc6ac79 bus: properly shift cgroup data returned from kdbus by the container's root before parsing 2013-12-24 19:31:44 +01:00
Lennart Poettering
4e6a9570b6 bus: fix return message if StartServiceByName() in the driver fails due
to non-existing service
2013-12-24 18:42:38 +01:00
Lennart Poettering
56e61788c5 busctl: show service/session a name belongs to in the list of names
Also, don't show machine name by default as this might cause timeouts on
non-responding peers.
2013-12-24 18:15:38 +01:00
Lennart Poettering
9f6445e34a log: log_error() and friends add a newline after each line anyway, so avoid including it in the log strings 2013-12-24 16:39:37 +01:00
Lennart Poettering
ae98841e63 util: don't accept an empty peer label as valid 2013-12-24 16:21:59 +01:00
Lennart Poettering
2dc9970bed bus: only accept kdbus creds if they are valid
This allows userspace to fake kdbus creds via struct ucred in the proxy,
without making the recieving side choke on the missing fields of the
kdbus struct, more precisel pid_starttime and tid
2013-12-24 16:20:47 +01:00
Lennart Poettering
eff0527098 util: unify SO_PEERCRED/SO_PEERSEC invocations
Introduce new call getpeercred() which internally just uses SO_PEERCRED
but checks if the returned data is actually useful due to namespace
quirks.
2013-12-24 15:53:04 +01:00
Lennart Poettering
96415cad2f bus: fix hello ioctl buffer size calculation 2013-12-24 15:38:30 +01:00
Lennart Poettering
aedd330b13 bus: make gcc shut up 2013-12-24 15:33:02 +01:00
Lennart Poettering
8a0e0ed9dd bus: fake client side creds in the proxy to the caller's creds 2013-12-24 15:27:59 +01:00
Marcel Holtmann
515c883021 hwdb: Add SDIO product ID for Marvell SD8897 WLAN function 2013-12-23 19:04:19 -08:00
Lennart Poettering
3798fd4c30 bus: allow peeking signatures recusively inside of containers
Previously we invalidated the peeked signature as soon as the caller
would recurse into a container, making stack based handling difficult.
With this change we will keep the peeked signature around until the user
advances to the next field.
2013-12-24 03:02:49 +01:00
Lennart Poettering
eab07b4b23 update TODO 2013-12-24 02:57:17 +01:00
Lennart Poettering
8f19720dd2 bus: fix assert when serializing fixed size struct to gvariant 2013-12-23 23:48:30 +01:00
Lennart Poettering
85feb8e4d9 bus: don't attach KDBUS_ITEM_ID to match ioctl() if we don't need it 2013-12-23 22:32:33 +01:00
Lennart Poettering
d711a95778 bus: fix sender match creation on kdbus 2013-12-23 21:55:27 +01:00
Lennart Poettering
3022d74ba5 sd-event: make sd_event_add_signal() fail with EBUSY if signal is not blocked 2013-12-23 21:44:20 +01:00
Lennart Poettering
be04cbca6c core: when we close the notify fd, we also need to free its event source 2013-12-23 21:01:32 +01:00
Lennart Poettering
9a8112f5e9 units: systemd-machined now exits on idle and we shouldn't try to restart it then 2013-12-23 20:37:03 +01:00
Lennart Poettering
5326b03f30 units: limit caps for bus proxyd and driverd services 2013-12-23 20:37:00 +01:00
Lennart Poettering
f98a58fe89 sd-event: fix return code of sd_event_run() 2013-12-23 20:25:57 +01:00
Lennart Poettering
6261f11fc3 machinectl: fix success check when getting pty from within container 2013-12-23 20:25:57 +01:00
Kay Sievers
94a6ce5b7c bus-proxyd: init cleanup variable 2013-12-23 19:16:49 +01:00
Kay Sievers
98531b5762 bus: update kdbus.h 2013-12-23 19:15:33 +01:00
Lennart Poettering
fbadf04511 bus: when getting a kdbus connection into a container wait first for child, then read message
There's no EOF generated for AF_UNIX/SOCK_DGRAM sockets, hence let's
wait for the child first to see if it succeeded, only then read the socket.
2013-12-23 19:10:11 +01:00
Lennart Poettering
e7f7a1b022 bus: when we are connected to a bus, then do not assume peer creds are useful as message creds 2013-12-23 18:56:37 +01:00
Lennart Poettering
02bb6cda87 util: when we try to read /proc/cmdline in a container, read /proc/1/cmdline instead 2013-12-23 18:13:12 +01:00
Lennart Poettering
b8d0ffc21f log: als turn on debug logging in non-PID1 if /proc/cmdline contains "debug" 2013-12-23 17:56:44 +01:00
Lennart Poettering
46525bfc02 bus: make sure sd_bus_emit_properties_changed_strv() doesn't return ENOENT if no properties with a change flag are in the interface 2013-12-23 17:30:21 +01:00
Lennart Poettering
dc74ce9b4a bus: write debug message when we get a method call we cannot handle 2013-12-23 17:18:30 +01:00
Zbigniew Jędrzejewski-Szmek
6096dfd616 delta: if prefix is specified, only show overrides there
systemd-delta /run/systemd/system will show all unit overrides
in /run, etc.
2013-12-22 22:54:15 -05:00
Zbigniew Jędrzejewski-Szmek
f939e9a47c delta: fix delta for drop-ins
Also, fix highlighting, add more debug statements, make const tables
static and global, run path_kill_slashes only at entry.
2013-12-22 22:53:56 -05:00
Lennart Poettering
8f04d2ebba bus: make sure to request peer cred only after connect(), not before 2013-12-23 04:20:55 +01:00
Lennart Poettering
cd789fdf45 bus: always talk to the full dbus driver object 2013-12-23 04:20:55 +01:00
Lennart Poettering
a7639e37af bus-proxyd: synthesize NameAcquire/NameLost signals for socket clients 2013-12-23 04:20:55 +01:00
Lennart Poettering
508c6f95cb update TODO 2013-12-23 04:20:55 +01:00
Lennart Poettering
dff91e8b7f bus: use memcpy() rather than unbounded strcpy() 2013-12-23 04:20:55 +01:00
Lennart Poettering
b67f541f13 bus: switch kdbus bloom filter over to SipHash (from MurmurHash3)
Let's try to standardize on a single non-cryptographic hash algorithm,
and for that SipHash appears to be the best answer.

With this change there are two other hash functions left in systemd: an
older version of MurmurHash embedded into libudev for the bloom filters
in udev messages (which is hard to update, given that the we probably
should stay compatible with older versions of the library). And lookup3
in the journal files (which we could replace for new files, but which is
probably not worth the work).
2013-12-23 04:20:55 +01:00
Kay Sievers
57d0e6b273 libudev: ship the original MurmurHash2.[ch] file 2013-12-23 02:55:06 +01:00
Mantas Mikulėnas
91d53e2b89 loginctl: fix output of type with class 2013-12-22 19:12:57 -05:00
Zbigniew Jędrzejewski-Szmek
d4fffc4b8b Fix extraction of _SYSTEMD_USER_UNIT
Units from user services underneath user@.service would not be detected
properly.
2013-12-22 18:55:01 -05:00
Zbigniew Jędrzejewski-Szmek
58684be9a7 systemctl: also color filenames of drop-ins in cat 2013-12-22 18:55:01 -05:00
Lennart Poettering
09812eb764 sd-daemon: introduce sd_watchdog_enabled() for parsing $WATCHDOG_USEC
Also, introduce a new environment variable named $WATCHDOG_PID which
cotnains the PID of the process that is supposed to send the keep-alive
events. This is similar how $LISTEN_FDS and $LISTEN_PID work together,
and protects against confusing processes further down the process tree
due to inherited environment.
2013-12-22 22:19:03 +01:00
Lennart Poettering
565a9388f2 journal: when we shall go down do so cleanly 2013-12-22 21:12:25 +01:00
Lennart Poettering
9bf3b53533 shared: switch our hash table implementation over to SipHash
SipHash appears to be the new gold standard for hashing smaller strings
for hashtables these days, so let's make use of it.
2013-12-22 21:12:25 +01:00