shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-10 05:18:17 +03:00
Code
The systemd System and Service Manager
47,687 Commits 4 Branches 400 Tags 552 MiB
C 89.2%
Python 5.3%
Shell 4.1%
Meson 1.2%
d3dcf4e3b9
Go to file
Lennart Poettering d3dcf4e3b9 fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name 
This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of
read_full_file_full() a bit: when used a sender socket name may be
specified. If specified as NULL behaviour is as before: the client
socket name is picked by the kernel. But if specified as non-NULL the
client can pick a socket name to use when connecting. This is useful to
communicate a minimal amount of metainformation from client to server,
outside of the transport payload.

Specifically, these beefs up the service credential logic to pass an
abstract AF_UNIX socket name as client socket name when connecting via
READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name
and the eventual credential name. This allows servers implementing the
trivial credential socket logic to distinguish clients: via a simple
getpeername() it can be determined which unit is requesting a
credential, and which credential specifically.

Example: with this patch in place, in a unit file "waldo.service" a
configuration line like the following:

    LoadCredential=foo:/run/quux/creds.sock

will result in a connection to the AF_UNIX socket /run/quux/creds.sock,
originating from an abstract namespace AF_UNIX socket:

    @$RANDOM/unit/waldo.service/foo

(The $RANDOM is replaced by some randomized string. This is included in
the socket name order to avoid namespace squatting issues: the abstract
socket namespace is open to unprivileged users after all, and care needs
to be taken not to use guessable names)

The services listening on the /run/quux/creds.sock socket may thus
easily retrieve the name of the unit the credential is requested for
plus the credential name, via a simpler getpeername(), discarding the
random preifx and the /unit/ string.

This logic uses "/" as separator between the fields, since both unit
names and credential names appear in the file system, and thus are
designed to use "/" as outer separators. Given that it's a good safe
choice to use as separators here, too avoid any conflicts.

This is a minimal patch only: the new logic is used only for the unit
file credential logic. For other places where we use
READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this
scheme too, but this should be done carefully in later patches, since
the socket names become API that way, and we should determine the right
amount of info to pass over.
2020-11-03 09:48:04 +01:00
.github ci: add the libfido2 dependency for better coverage 2020-10-21 16:28:22 +02:00
.lgtm/cpp-queries lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC] 2019-04-10 20:03:38 +02:00
.mkosi mkosi: include libfido2 binary package in mkosi manually for now 2020-09-19 18:06:45 +02:00
catalog tree-wide: update web link to logind description 2020-10-19 15:23:37 +02:00
coccinelle coccinelle: introduce drop-braces transformation 2020-10-09 15:02:20 +02:00
docs Merge pull request #17438 from anitazha/systoomd_quick 2020-10-27 18:43:34 +01:00
factory/etc man: move 'files' module in NSS 'hosts:' line before myhostname 2020-08-17 18:55:59 +02:00
hwdb.d hwdb: Add accel orientation quirk for Predia Basic tablet 2020-10-29 17:41:24 +01:00
man fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name 2020-11-03 09:48:04 +01:00
modprobe.d Add SPDX license headers to various assorted files 2017-11-19 19:08:15 +01:00
network network: add TUN/TAP vt-* network rule for VMs 2020-04-17 19:15:00 +02:00
po po: Update Turkish translation 2020-11-02 12:41:39 +01:00
presets preset: don't enable proc-sys-fs-binfmt_misc.mount 2020-10-19 12:33:39 +02:00
rules.d udev: merge rules for bluetooth device 2020-09-15 11:29:38 +09:00
semaphoreci semaphore: temporarily explicitly use the US image mirror 2020-10-20 12:39:25 +02:00
shell-completion shell-completion: add missing completions to meson.build 2020-10-05 08:05:41 +02:00
src fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name 2020-11-03 09:48:04 +01:00
sysctl.d sysctl: set kernel.core_pipe_limit=16 2020-10-13 09:31:13 +02:00
sysusers.d systemd-oomd: service files 2020-10-07 17:12:24 -07:00
test Merge pull request #17438 from anitazha/systoomd_quick 2020-10-27 18:43:34 +01:00
tmpfiles.d pstore: don't enable crash_kexec_post_notifiers by default 2020-10-22 11:17:39 +02:00
tools hwdb: add trailing ":*" everywhere 2020-10-15 18:01:32 +02:00
travis-ci travis: compile with -O1 with clang 2020-07-21 02:00:04 +09:00
units Merge pull request #17467 from keszybz/unconditionally-pull-in-cryptsetup-remote 2020-10-28 18:00:04 +01:00
xorg scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.clang-format Remove FOREACH_WORD and friends 2020-09-09 09:34:55 +02:00
.ctags editors: Prevent ctags from following symlinks 2019-02-15 11:01:20 -08:00
.dir-locals.el scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.editorconfig editorconfig: add man configuration 2020-05-26 15:37:05 +02:00
.gitattributes git: indicate that tabs are never OK in the systemd tree 2013-10-30 02:25:38 +01:00
.gitignore mkosi: Keep mkosi.default out of the repository. 2020-07-16 21:44:02 +01:00
.lgtm.yml lgtm: drop the TMPDIR/meson workaround 2020-03-03 20:27:42 +01:00
.mailmap NEWS: update contributors list for v246-pre 2020-07-23 17:30:54 +02:00
.travis.yml coverity: switch back to Fedora 31 2020-07-12 22:00:16 +00:00
.vimrc scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.ycm_extra_conf.py ycm: add doc string for all the functions in configuration file 2017-11-29 13:21:49 -07:00
azure-pipelines.yml Free up some resources on Azure Pipelines 2019-07-17 13:28:38 +09:00
configure treewide: more portable bash shebangs 2020-03-05 17:27:07 +01:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile build-sys: Fix Makefile wrapper for install target (#6548) 2017-08-07 11:29:20 +02:00
meson_options.txt meson: convert developer_mode boolean to an enum 2020-10-22 11:05:17 +02:00
meson.build Merge pull request #17454 from keszybz/journal-dlopen-cleanup 2020-10-28 18:20:27 +01:00
mkosi.build mkosi: Unify environment for unit tests 2020-04-22 10:35:12 +02:00
NEWS NEWS: v247-rc1 2020-10-26 20:43:18 +01:00
README meson: add min version for libfdisk 2020-08-19 10:18:33 +02:00
README.md README.md: update CentOS CI badges 2020-10-06 13:59:52 +02:00
TODO update TODO 2020-11-02 15:30:16 +01:00
zanata.xml po: add basic fedora.zanata.org configuration 2018-02-19 13:56:57 +01:00

README.md

Systemd

System and Service Manager

Count of open issues over time Count of open pull requests over time Semaphore CI Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
Travis CI Build Status
Language Grade: C/C++
CentOS CI - CentOS 7
CentOS CI - Arch
CentOS CI - Arch (sanitizers)
Build Status
Fossies codespell report
Packaging status

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.