1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-14 15:21:37 +03:00
Commit Graph

17906 Commits

Author SHA1 Message Date
Lennart Poettering
8aee3fc7ea sd-bus: don't clobber return values on failure in bus_kernel_open_bus_fd() 2014-11-26 03:06:50 +01:00
Lennart Poettering
fa7796e97b sd-bus: set per-bus attach flag requirement mask to ANY
On the system and user busses we create it's the receiver that chooses
which metadata is attched, not the sender, hence set the requirement
mask to ANY, to allow any current of future credential bit to be
attached.
2014-11-26 03:06:50 +01:00
Lennart Poettering
1dfac061ce update TODO 2014-11-26 02:21:15 +01:00
Lennart Poettering
b5dae4c7f7 sd-bus: add suppot for renegotiating message credential attach flags 2014-11-26 02:20:55 +01:00
Lennart Poettering
f3c0588651 sd-bus: use free_and_strdup() where appropriate
This simplifies things a bit and makes sure we free any previously set
creds component before writing in a new one.
2014-11-26 02:20:55 +01:00
Tom Gundersen
b37d45c9ab resolved: fix typo in sd_notify() call 2014-11-25 22:30:52 +01:00
Lennart Poettering
6363357378 update TODO 2014-11-25 20:55:28 +01:00
Lennart Poettering
bd5f920f12 core: show log message about process triggering kdbus service activation 2014-11-25 20:52:48 +01:00
Lennart Poettering
f9a458c666 sd-bus: react properly to EOVERFLOW by generating a log message about dropped broadcast messages and proceeding 2014-11-25 20:42:31 +01:00
Lennart Poettering
48eaba354e kdbus: update header file to current upstream version 2014-11-25 19:25:33 +01:00
Lennart Poettering
0a9f1fd79b kdbus: minor simplification 2014-11-25 19:25:19 +01:00
Lennart Poettering
54e2e63dd2 update TODO 2014-11-25 19:25:03 +01:00
Lennart Poettering
2e8574290d util: mark page_size() as pure 2014-11-25 19:24:45 +01:00
Lennart Poettering
3c575b6417 update TODO 2014-11-25 14:28:34 +01:00
Lennart Poettering
9f6dfd0624 sd-bus: fix error handling when receiving invalid service name
Also, properly keep track of incoming additional service names.
2014-11-25 14:28:34 +01:00
Lennart Poettering
6dfcc64bb5 sd-bus: properly handle non-initialized audit records attached to incoming kernel messages 2014-11-25 14:28:34 +01:00
Lennart Poettering
a6ede528c4 sd-bus: properly copy selinux label and description field when duplicating creds object 2014-11-25 14:28:34 +01:00
Lennart Poettering
0258159049 sd-bus: add supplementary groups list to creds object 2014-11-25 14:28:34 +01:00
Lennart Poettering
2e9efd22ce busctl: if no parameter is specified for "busctl status" show credentials of bus owner 2014-11-25 14:28:34 +01:00
Lennart Poettering
becca6eaaf sd-bus: properly handle uninitialized audit creds from kdbus 2014-11-25 14:28:34 +01:00
Lennart Poettering
359c09b1c1 sd-bus: don't fail when querying creds and dbus1 refuses to tell us the selinux context 2014-11-25 14:28:34 +01:00
Lennart Poettering
40ed1a4574 busctl: add new --augment-creds= switch for controlling whether shown credential data shall be augment with data from /proc 2014-11-25 14:28:34 +01:00
Lennart Poettering
705a415f68 sd-bus: update to current kernel version, by splitting off the extended KDBUS_ITEM_PIDS structure from KDBUS_ITEM_CREDS
Also:

- adds support for euid, suid, fsuid, egid, sgid, fsgid fields.

- makes augmentation of creds with data from /proc explicitly
  controllable to give apps better control over this, given that this is
  racy.

- enables augmentation for kdbus connections (previously we only did it
  for dbus1). This is useful since with recent kdbus versions it is
  possible for clients to control the metadata they want to send.

- changes sd_bus_query_sender_privilege() to take the euid of the client
  into consideration, if known

- when we don't have permissions to read augmentation data from /proc,
  don't fail, just don't add the data in
2014-11-25 14:28:34 +01:00
Lennart Poettering
1d58a1fe13 busctl: improve readability a bit 2014-11-25 14:28:34 +01:00
Lennart Poettering
5cf4f2d176 bus: change creds dumping order to be more close to internal storage order 2014-11-25 14:28:34 +01:00
Lennart Poettering
62028d9c2b util: skip incomplete ucred information in getpeersec() 2014-11-25 14:28:34 +01:00
Lennart Poettering
dc18cefdc3 sd-bus: don't blindly take incomplete ucred bits from AF_UNIX when constructing message 2014-11-25 14:28:34 +01:00
Lennart Poettering
bdb074a562 update TODO 2014-11-25 14:28:33 +01:00
Peter Hutterer
24a4501d70 hwdb: fix a typo 2014-11-25 12:04:02 +01:00
Martin Pitt
f148ae1489 tmpfiles.d: Fix directory name
The .service uses "/var/lib/container", not "containers".
2014-11-25 11:39:30 +01:00
David Herrmann
8623d3a3b2 localed: verify xkb keymaps after pk-queries
Make sure not to run xkb-keymap validation twice if pk-queries are used.
Move it below pk-checks.
2014-11-25 10:26:08 +01:00
David Herrmann
2f0dd5164d terminal/idev: forward xkb-messages
Properly forward all XKB messages. You can use XKB_LOG_VERBOSITY= to
control the amount of messages sent by XKB. We explicitly set
XKB_LOG_LEVEL to 7 you can use SYSTEMD_LOG_LEVEL to control the log-level
generically.
2014-11-25 10:24:39 +01:00
David Herrmann
123a8dc84d terminal/idev: avoid magic numbers
Use XKB_CONTEXT_NO_FLAGS instead of magic 0.
2014-11-25 10:24:08 +01:00
David Herrmann
a2ce1730e1 terminal/idev: use compose tables
Before forwarding keyboard events, feed them into possible compose tables.
This enables Compose-key and Dead-key features.

Few notes:
 * REPEAT events are never fed into compose tables. It just doesn't make
   sense and is usually not wanted. Compose-sequences are usually hard to
   remember and take time to type. Thus, the REPEAT event of the
   Compose-key itself would often cancel the compose sequence already.

 * Stop resolving symbols for UP events. Anything but keycodes is never
   associated to a physical key, but is a one-time action. There is
   nothing like UP events for key-symbols!

 * Cancel compose-sequences on Multi-Key UP. See the inline comment. We
   should make this configurable!
2014-11-24 18:30:03 +01:00
David Herrmann
cdcd0ccdbe terminal/idev: add compose-file support
Add support for compose files to idev-keyboard. This requires
libxkbcommon-0.5.0, which is pretty new, but should be fine.

We don't use the compose-files, yet. Further commits will put life into
them.
2014-11-24 18:30:03 +01:00
WaLyong Cho
2ca620c4ed smack: introduce new SmackProcessLabel option
In service file, if the file has some of special SMACK label in
ExecStart= and systemd has no permission for the special SMACK label
then permission error will occurred. To resolve this, systemd should
be able to set its SMACK label to something accessible of ExecStart=.
So introduce new SmackProcessLabel. If label is specified with
SmackProcessLabel= then the child systemd will set its label to
that. To successfully execute the ExecStart=, accessible label should
be specified with SmackProcessLabel=.
Additionally, by SMACK policy, if the file in ExecStart= has no
SMACK64EXEC then the executed process will have given label by
SmackProcessLabel=. But if the file has SMACK64EXEC then the
SMACK64EXEC label will be overridden.

[zj: reword man page]
2014-11-24 10:20:53 -05:00
Zbigniew Jędrzejewski-Szmek
8086ffacdb gpt-auto-generator: properly ignore value
A negative return code was treated as a true value.
2014-11-24 10:20:53 -05:00
David Herrmann
9a20fcbcd1 build-sys: support local ./configure arguments
I often want to use the awesome "./autogen.sh [cmd]" arguments, but have
to append some custom ./configure options. For now, I always had to edit
autogen.sh manually, or copy the full commands out of it and run it
myself.

As I think this is super annoying, this commit adds support for
".config.args" files in $topdir. If it exists, any content is just
appended to $args, thus to any ./configure invokation of autogen.sh.

Maybe autotools provide something similar out-of-the-box. In that case,
feel free to revert this and lemme know!
2014-11-24 15:39:00 +01:00
David Herrmann
d4f5a1f47d localed: validate xkb keymaps
Introduce a new optional dependency on libxkbcommon for systemd-localed.
Whenever the x11 keymap settings are changed, use libxkbcommon to compile
the keymap. If the compilation fails, print a warning so users will get
notified.

On compilation failure, we still update the keymap settings for now. This
patch just introduces the xkbcommon infrastructure to have keymap
validation in place. We can later decide if/how we want to enforce this.
2014-11-24 15:16:33 +01:00
Zbigniew Jędrzejewski-Szmek
8a52210c93 cryptsetup: default to no hash when keyfile is specified
For plain dm-crypt devices, the behavior of cryptsetup package is to
ignore the hash algorithm when a key file is provided. It seems wrong
to ignore a hash when it is explicitly specified, but we should default
to no hash if the keyfile is specified.

https://bugs.freedesktop.org/show_bug.cgi?id=52630
2014-11-24 09:14:18 -05:00
Zbigniew Jędrzejewski-Szmek
056edeb910 manager: only issue overmount warning when the check succeeded
If for any reason the check failed (selinux?), we would still issue
the warning. Check the return status.
2014-11-23 19:17:31 -05:00
Zbigniew Jędrzejewski-Szmek
06d8d842e9 manager: let manager_free() handle NULLs
This makes the calling code a bit simpler.
2014-11-23 19:17:28 -05:00
Lukas Nykryn
f44b9efcec dbus: return non-zero return value in the case that prefix won't match
strv_extend returns 0 in the case of success which means that
else if (bus_track_deserialize_item(&m->deserialized_subscribed, l) == 0)
        log_warning("Unknown serialization item '%s'", l);
will be printed when value is added correctly.
2014-11-23 19:15:20 -05:00
Iago López Galeiras
58f10d401f test: support empty environment variables in unit files
Also update TODO, empty environment variables in Environment= and
EnvironmentFile= options work.
2014-11-23 16:29:11 -05:00
Zbigniew Jędrzejewski-Szmek
f6375e8376 man: reword list-dependencies description
The previous version was a bit too vague. It is better
to simply list all dependency types that are followed.

Previous version also made an emphasis on dependencies introduced by
configuration.  But this command (or systemd) don't care about this
distinction between configured and automatically added dependencies at
all. This distinctionis removed from the main description, and an
explanatory paragraph is added to remind the user that all
dependencies are shown, no matter where they come from.
2014-11-23 11:07:30 -05:00
Zbigniew Jędrzejewski-Szmek
c469089cf6 systemctl: show BindsTo/BoundBy in list-dependencies
Suggested-by: Peter Mattern <matternp@arcor.de>

http://lists.freedesktop.org/archives/systemd-devel/2014-November/025437.html
2014-11-22 20:21:56 -05:00
Richard Schütz
6c2d07020f nspawn: ignore EEXIST when mounting tmpfs
commit 79d80fc146 introduced a regression that
prevents mounting a tmpfs if the mount point already exits in the container's
root file system. This commit fixes the problem by ignoring EEXIST.
2014-11-22 20:05:19 -05:00
Chris Atkinson
6e3157c5e6 man/logind.conf.xml: make consistent with default logind.conf
https://bugs.freedesktop.org/show_bug.cgi?id=86263
2014-11-22 19:52:30 -05:00
Zbigniew Jędrzejewski-Szmek
b63bd1090b Do not check for existence of remote binaries
systemd-run would fail when run with -M or -H and an absolute path,
if this path did not exists locally. Allow it to continue, since we
don't have a nice way of checking if the binary exists remotely.

The case where -M or -H is used and a local path is unchanged, and we
still iterate over $PATH to find the binary. We need to convert to an
absolute path, and we don't have a nice mechanism to check remotely,
so we assume that the binary will be located in the same place locally
and remotely.

http://lists.freedesktop.org/archives/systemd-devel/2014-November/025418.html
2014-11-22 18:01:43 -05:00
Zbigniew Jędrzejewski-Szmek
8ecec322fe missing: add IFLA_BRPORT_LEARNING and friends
IFLA_BRPORT_LEARNING was added in v3.10-rc4-583-g9ba18891f7,
and IFLA_BRPORT_UNICAST_FLOOD in v3.10-rc4-584-g867a59436f.
2014-11-22 17:12:44 -05:00