shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-08 11:27:32 +03:00
Code
The systemd System and Service Manager
21,624 Commits 3 Branches 391 Tags 553 MiB
C 88.9%
Python 5.3%
Shell 4.4%
Meson 1.2%
671c341958
Go to file
Richard Maw 671c341958 namespace helpers: Allow entering a UID namespace 
To be able to use `systemd-run` or `machinectl login` on a container
that is in a private user namespace, the sub-process must have entered
the user namespace before connecting to the container's D-Bus, otherwise
the UID and GID in the peer credentials are garbage.

So we extend namespace_open and namespace_enter to support UID namespaces,
and we enter the UID namespace in bus_container_connect_{socket,kernel}.

namespace_open will degrade to a no-op if user namespaces are not enabled
in the kernel.

Special handling is required for the setns call in namespace_enter with
a user namespace, since transitioning to your own namespace is forbidden,
as it would result in re-entering your user namespace as root.

Arguably it may be valid to check this at the call site, rather than
inside namespace_enter, but it is less code to do it inside, and if the
intention of calling namespace_enter is to *be* in the target namespace,
rather than to transition to the target namespace, it is a reasonable
approach.

The check for whether the user namespace is the same must happen before
entering namespaces, as we may not be able to access /proc during the
intermediate transition stage.

We can't instead attempt to enter the user namespace and then ignore
the failure from it being the same namespace, since the error code is
not distinct, and we can't compare namespaces while mid-transition.
2015-08-17 08:52:13 +00:00
catalog l10n: Add Belarusian translation 2015-06-15 00:13:43 +03:00
docs docs: add .gitignore 2015-07-06 17:47:38 +02:00
factory/etc factory: remove broken pam_limits 2014-07-30 15:21:54 +02:00
hwdb hwdb: add Logitech G500 (another version) 2015-08-05 19:15:05 -04:00
m4 remove gudev and gtk-doc 2015-06-03 00:22:53 +02:00
man man: clarify that unknown escapes must be escaped 2015-08-07 00:07:39 -04:00
network network: fix 'LinkLocal' -> 'LinkLocalAddressing' in network files 2015-02-14 15:31:26 +01:00
po po: run make update-po 2015-06-19 12:47:39 +02:00
rules rules: block - add dasd to whitelist 2015-07-05 16:22:30 +02:00
shell-completion zsh-completion: _loginctl/_systemd/_systemd-inhibit improvements 2015-06-22 18:07:32 -04:00
src namespace helpers: Allow entering a UID namespace 2015-08-17 08:52:13 +00:00
sysctl.d sysctl: add some hints how to override settings 2015-02-26 19:07:38 -05:00
system-preset preset: enable machines.target by default 2014-12-29 17:36:57 +01:00
sysusers.d turn kdbus support into a runtime option 2015-06-17 18:01:49 +02:00
test sysv-generator test: Fix random ordering failure 2015-07-01 07:34:23 +02:00
tmpfiles.d tmpfiles: don't recursively descend into journal directories in /var 2015-07-09 18:46:01 -03:00
tools terminal: drop unfinished code 2015-07-27 20:15:34 +02:00
units bus-proxy: add ExecReload= 2015-08-04 13:19:50 +02:00
xorg push xorg information to the systemd --user instance 2015-01-09 21:39:31 +01:00
.dir-locals.el Keep emacs configuration in one configuration file. 2011-03-08 01:53:46 +01:00
.gitattributes git: indicate that tabs are never OK in the systemd tree 2013-10-30 02:25:38 +01:00
.gitignore Merge branch 'hostnamectl-dot-v2' 2015-08-05 21:02:41 -04:00
.mailmap prepare NEWS 2014-02-18 02:51:47 +01:00
.travis.yml remove gudev and gtk-doc 2015-06-03 00:22:53 +02:00
.vimrc vimrc: disable -fdiagnostics-color output 2013-10-20 04:29:39 +02:00
.ycm_extra_conf.py ycm: update flag blacklist 2014-06-04 15:41:10 -04:00
autogen.sh terminal: drop unfinished code 2015-07-27 20:15:34 +02:00
CODING_STYLE CODING_STYLE: say that "for (;;)" is better than "while (1)" 2015-07-31 20:00:07 +02:00
configure.ac build-sys: line-wrap message about google servers 2015-08-06 21:43:22 -04:00
DISTRO_PORTING build-sys: warn if people don't change the default NTP servers when building systemd 2015-07-11 14:24:29 -03:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile-man.am gpt-auto-generator: merge efi-boot-generator 2015-07-29 18:16:48 +02:00
Makefile.am Merge pull request #888 from keszybz/completions-optional 2015-08-06 10:18:57 +03:00
NEWS NEWS: update 2015-07-31 18:21:19 +02:00
README Merge pull request #554 from poettering/ntp-pool 2015-07-12 11:43:51 +02:00
README.md README.md: add Coverity scan status badge 2015-06-08 13:26:54 +02:00
TODO update TODO 2015-08-06 13:44:24 +03:00

README.md

systemd - System and Service Manager

Build Status
Coverity Scan Status

Details

  • General information about systemd can be found in the systemd Wiki
  • Information about build requirements are provided in the README file