1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-08 11:27:32 +03:00
Commit Graph

18054 Commits

Author SHA1 Message Date
Daniel Mack
c1ec25a063 bus-proxyd: temporarily disable policy checks again
There are issues to investigate on with policies shipped by some
packages, which we'll address later. Move that topic out of the
way for now to bring sd-bus in sync with upstream kdbus.
2014-11-13 20:41:51 +01:00
Kay Sievers
adeba5008e udev: support ENV{}=="" global property matches 2014-11-13 20:35:06 +01:00
Kay Sievers
41b848b0ea udev: move global property handling from libudev to udevd 2014-11-13 13:50:01 +01:00
Kay Sievers
25e773eeb4 udev: switch to systemd logging functions 2014-11-13 13:12:57 +01:00
Kay Sievers
a974cacd9a libudev: we do not log errors from libraries 2014-11-13 11:42:24 +01:00
Ronny Chevalier
281e05b6cb tests: add test-execute
add tests for the following directives:
- WorkingDirectory
- Personality
- IgnoreSIGPIPE
- PrivateTmp
- SystemCallFilter: It makes test/TEST-04-SECCOMP obsolete, so it has
  been removed.
- SystemCallErrorNumber
- User
- Group
- Environment
2014-11-13 10:39:51 +01:00
Ronny Chevalier
07aa32e31d manager: allow test run to catch SIGCHLD events
Otherwise we cannot know when a service exited
2014-11-13 10:39:51 +01:00
Bastien Nocera
b4c72e52d2 keymap: Fix special keys on ThinkPad X60/X61 Tablet
KEY_DIRECTION is mapped to XF86RotateWindows, to rotate the display:
http://cgit.freedesktop.org/xkeyboard-config/commit/symbols/inet?id=ec875f6f9b7c4028e11d32b071989c682e6502bd

And F13 is mapped to XF86Tools, which is closest to the original toolbox
usage:
http://cgit.freedesktop.org/xkeyboard-config/tree/symbols/inet?id=7a2c4bed212ebbcc05f3c959aef659ce7dd31fd8#n221
2014-11-13 09:02:12 +01:00
Bastien Nocera
71ed2d3871 keymap: Add support for IBM ThinkPad X41 Tablet
Scancode taken from:
http://www.thinkwiki.org/wiki/Tablet_Hardware_Buttons#Linux_Support

William Jon McCann provided the DMI match. IBM seems to have
swapped the version and model of the system:
        Manufacturer: IBM
        Product Name: 18666TU
        Version: ThinkPad X41 Tablet
2014-11-13 09:01:51 +01:00
Lennart Poettering
174299e35f man: fix typo 2014-11-12 23:46:47 +01:00
Lennart Poettering
c2d5b3c94d Update TODO 2014-11-12 23:46:47 +01:00
Ronny Chevalier
00b06165a1 udev: use properly the systemd logging functions 2014-11-12 21:44:38 +01:00
Kay Sievers
b12b78712e udev: use the systemd logging functions in udev tools 2014-11-12 18:35:18 +01:00
Daniel Mack
e9730b7690 sd-bus: pass attach flags to BUS_CREATOR_INFO
kdbus learned parsing the attach flags for the KDBUS_CMD_BUS_CREATOR_INFO
ioctl. Bits not set in this mask will not be exported. Set that field to
_KDBUS_ATTACH_ALL for now.

Signed-off-by: Daniel Mack <daniel@zonque.org>
2014-11-11 18:31:11 +01:00
Lennart Poettering
4ecd221425 update TODO 2014-11-11 18:12:48 +01:00
Lennart Poettering
fff1949960 sysuser: simplify access mode syncing by introducing helper function for it 2014-11-11 18:12:40 +01:00
Daniel Mack
ed6d629a34 bus-proxyd: explicitly address messages to unique and well-known name
In order to check for matching policy entries at message transfers, we
have to consider the following:

* check the currently owned names of both the sending and the receiving
peer. If the sending peer is connected via kdbus, the currently owned
names are already attached to the message. If it was originated by the
connection we're proxying for, we store the owned names in our own strv
so we can check against them.

* Walk the list of names to check which name would allow the message to
pass, and explicitly use that name as destination of the message. If the
destination is on kdbus, store both the connection's unique name and the
chosen well-known-name in the message. That way, the kernel will make sure
the supplied name is owned by the supplied unique name, at the time of
sending, and return -EREMCHG otherwise.

* Make the policy checks optional by retrieving the bus owner creds, and
when the uid matches the current user's uid and is non-null, don't check
the bus policy.
2014-11-11 16:51:45 +01:00
Kay Sievers
0b906b8d6f build-sys: move libsystemd-capability into libsystemd-shared 2014-11-11 16:27:42 +01:00
Michal Schmidt
15e9297ebf Revert "bus-proxyd: make policy checks optional"
This reverts commit 5bb24cccbc.

It does not even compile (unbalanced {)
2014-11-11 15:36:48 +01:00
Daniel Mack
5bb24cccbc bus-proxyd: make policy checks optional
Retrieve the bus owner creds, and when the uid matches the current user's
uid and is non-null, don't check the bus policy.
2014-11-11 14:14:01 +01:00
Daniel Mack
2a2be74654 bus-proxyd: move name list iteration to policy users
We need to figure out which of the possible names satisfied the policy,
so we cannot do the iteration in check_policy_item() but have to leave it
to the users.

Test cases amended accordingly.
2014-11-11 14:14:01 +01:00
Daniel Mack
9cd751d2d0 bus-proxyd: enforce policy for method calls 2014-11-11 14:14:01 +01:00
Daniel Mack
f0a4c7391c bus-proxyd: enforce policy for name ownership 2014-11-11 14:14:01 +01:00
Daniel Mack
8573b68fec bus-proxyd: enforce policy for Hello messages 2014-11-11 14:14:01 +01:00
Daniel Mack
ac4eaf6dd4 bus-proxyd: keep track of names acquired by legacy client
Store names successfully acquired by the legacy client into a hashmap.
We need to take these names into account when checking for send policies.
2014-11-11 14:14:01 +01:00
Daniel Mack
022fb8558e sd-bus: add sd_bus_message.verify_destination_id and .destination_ptr
kdbus learned to accept both a numerical destination ID as well as a
well-known-name. In that case, kdbus makes sure that the numerical ID is in
fact the owner of the provided name and fails otherwise.

This allows for race-free assertion of a bus name owner while sending a
message, which is a requirement for bus-proxyd.

Add two new fields to sd_bus_message, and set the numerical ID to
verify_destination_id if bus_message_setup_kmsg() is called for a
message with a well-known name.

Also, set the destination's name in the kdbus item to .destination_ptr
if it is non-NULL.

Normal users should not touch these fields, and they're not publicy
accessible.
2014-11-11 14:14:01 +01:00
Lennart Poettering
7e27f3121e update TODO 2014-11-10 23:45:31 +01:00
Lennart Poettering
f88e6be5ee strv: rework strv_split_quoted() to use unquote_first_word()
This should make the unquoting scheme a bit less naive.
2014-11-10 23:45:12 +01:00
Lennart Poettering
27e9c5af81 bus: when dumping string property values escape the chars we use as end-of-line and end-of-item marks 2014-11-10 20:54:45 +01:00
Ronny Chevalier
c73d180dc4 shared: explicitly ignore the return value of wait_for_terminate
CID#1237532
CID#1237523
CID#1237522
2014-11-10 20:18:49 +01:00
Lennart Poettering
39f76ad8d6 man: improve documentation for "indirect" unit file state a bit
Also, correct mentions of "units" instead of "unit files" in the table,
and terminate all sentences with a full stop.
2014-11-10 20:16:16 +01:00
Jan Synacek
aedd4012f4 shared/install: when unit contains only Also=, report 'indirect'
If a unit contains only Also=, with no Alias= or WantedBy=, it shouldn't
be reported as static. New 'indirect' status shall be introduced.

https://bugzilla.redhat.com/show_bug.cgi?id=864298
2014-11-10 19:58:21 +01:00
Lennart Poettering
f81e67f79f update TODO 2014-11-10 19:25:29 +01:00
Lennart Poettering
d9130355ee busctl: add "tree" command to explore object trees 2014-11-10 19:25:29 +01:00
Mantas Mikulėnas
ca5447c082 inhibit: allow filtering --list by mode
Usually there are a few delay inhibitors all the time (NetworkManager,
Telepathy, etc.), but I'm only interested in the block ones.
2014-11-10 19:25:29 +01:00
Kay Sievers
657bf5a162 build-sys: do not use "label" functions in libsystemd-shared 2014-11-10 18:59:03 +01:00
Kay Sievers
87cfe63da1 build-sys: test-fdset - add libsystemd-internal 2014-11-10 18:22:44 +01:00
Kay Sievers
7680857ab8 build-sys: add libcap to libsystemd-shared 2014-11-10 17:32:29 +01:00
Michal Schmidt
ed80170d83 man: don't refer to undocumented option '--failed' 2014-11-10 14:54:57 +01:00
Lennart Poettering
036359ba8d man: don't document systemctl --failed
This effectively reverts 599b6322f1, which
in turn partially reverted 4dc5b821ae.

The --failed switch is not documented on purpose, since it is redundant
due to --state=failed, which it predates. Due to that it's not
documented in --help either.

We generally try to avoid redundant interfaces, but if we need to keep
them for compatibility we do so, however remove them from documentation
to ensure they are not used in future.

The man page is now changed to include a comment about the fact that
--failed is not documented on purpose. Also, explicitly mention
--state=failed as example for --state.
2014-11-10 14:44:35 +01:00
Ronny Chevalier
5445c7a002 build-sys: do not include tests in code coverage 2014-11-08 22:48:17 +01:00
Ronny Chevalier
8444e49c99 update .gitignore 2014-11-08 22:48:17 +01:00
Ronny Chevalier
ad02805f85 build-sys: link to libsystemd-core only when needed
Multiple executables do not need libsystemd-core
2014-11-08 22:48:17 +01:00
Ronny Chevalier
0c2a5d721e core: remove unused macro GC_QUEUE_USEC_MAX
It is unused since cf1265e188
2014-11-08 22:48:17 +01:00
Ronny Chevalier
b36bf0f361 build-sys: avoid duplication of macro definition
TEST_DIR is already defined in AM_CFLAGS
2014-11-08 22:48:17 +01:00
Ronny Chevalier
bc9992978c tests: add test-path
It tests all available directives of Path units:
- PathChanged
- PathModified
- PathExists
- PathExisysGlob
- DirectoryNotEmpty
- MakeDirectory
- DirectoryMode
- Unit
2014-11-08 22:45:56 +01:00
Rami Rosen
ed7fb9cb23 network: fix typo
IFLA_IPTUN_LINK -> VETH_INFO_PEER
2014-11-08 12:42:44 +01:00
Zbigniew Jędrzejewski-Szmek
599b6322f1 man: document --failed
https://bugs.debian.org/767267
2014-11-07 21:37:50 -05:00
Tom Gundersen
9a67bcf275 shared: add readlink_value
Reads the basename of the target of a symlink.
2014-11-07 19:46:14 +01:00
Lennart Poettering
f06863bde5 sysusers: be nice and print a warning if futimens() fails
CID# 1251163
2014-11-07 16:36:14 +01:00