shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-01-19 14:04:03 +03:00
Code
systemd/src
History
Lennart Poettering dd0b3a9215 pid1: add D-Bus API for removing delegated subcgroups 
When running unprivileged containers, we run into a scenario where an
unpriv owned cgroup has a subcgroup delegated to another user (i.e. the
container's own UIDs). When the owner of that cgroup dies without
cleaning it up then the unpriv service manager might encounter a cgroup
it cannot delete anymore.

Let's address that: let's expose a method call on the service manager
(primarly in PID1) that can be used to delete a subcgroup of a unit one
owns. This would then allow the unpriv service manager to ask the priv
service manager to get rid of such a cgroup.

This commit only adds the method call, the next commit then adds the
code that makes use of this.
2024-12-20 22:17:06 +01:00
..
ac-power
analyze
analyze-chid: fully support all CHID types
2024-12-20 18:13:18 +01:00
ask-password
ask-password-tool: add --user/--system flag to systemd-ask-password tool
2024-10-21 14:14:10 +02:00
backlight
basic
namespace-util: add process_is_owned_by_uid() helper
2024-12-20 22:17:06 +01:00
battery-check
battery-check: parse options before checking for kernel command line
2024-12-12 23:11:29 +00:00
binfmt
various: check meson feature flag early
2024-11-13 08:21:33 +09:00
bless-boot
Move bless-boot components to their own source subdirectory
2024-11-07 14:50:41 +01:00
boot
boot: do not build test-hwids-section.c if ukify is disabled
2024-12-17 11:15:39 +00:00
bootctl
various: set info on varlink server object
2024-12-10 10:51:56 +01:00
busctl
busctl: minor tweak to help text for --limit-messages=
2024-10-29 21:34:47 +01:00
cgls
bus-util: Log more information when connecting to a bus socket fails
2024-10-09 10:27:53 +02:00
cgroups-agent
cgtop
core
pid1: add D-Bus API for removing delegated subcgroups
2024-12-20 22:17:06 +01:00
coredump
Revert "coredumpctl: Don't treat no coredumps as failure"
2024-12-11 11:14:37 +09:00
creds
creds: support --transcode=help and --with-key=help
2024-12-12 15:25:34 +09:00
cryptenroll
tpm2-util: allow to control if legend and/or footer shown by tpm2_list_devices()
2024-12-12 15:21:16 +09:00
cryptsetup
gpt-auto: take timeout opts in rootflags= into account; hibernate-resume: always respect user-defined timeout (#35518)
2024-12-12 11:01:40 +00:00
debug-generator
debug-generator: add a kernel cmdline option to pause the boot process
2024-12-20 08:51:23 +01:00
delta
detect-virt
dissect
dissect: employ vpick also if we operate on a directory-based image
2024-12-20 22:17:06 +01:00
environment-d-generator
various: check meson feature flag early
2024-11-13 08:21:33 +09:00
escape
Fix typo in escape.c
2024-09-08 18:55:13 +09:00
firstboot
firstboot: generalize prompt_loop more
2024-10-30 20:13:56 +01:00
fsck
Undeprecate commandline params forcequotacheck, fastboot, and forcefsck
2024-11-23 17:30:56 +09:00
fstab-generator
fstab-generator: move write_(mount_)timeout() to shared/generator
2024-12-09 19:25:59 +01:00
fundamental
chid: add missing CHID type definitions
2024-12-20 18:13:18 +01:00
fuzz
sd-varlink: add sd_varlink_server_set_info
2024-12-10 10:43:14 +01:00
getty-generator
gpt-auto-generator
gpt-auto: take timeout opts in rootflags= into account
2024-12-09 19:59:29 +01:00
growfs
Move growfs+makefs to src/growfs/
2024-11-10 14:09:46 +01:00
hibernate-resume
hibernate-resume: always respect user-defined timeout
2024-12-09 19:24:59 +01:00
home
memfd-util: introduce memfd_new_full() helper
2024-12-17 18:26:15 +01:00
hostname
sd-varlink: add function to configure server object info (#35519)
2024-12-10 15:26:24 +00:00
hwdb
id128
import
discover-image: introduce per-user image directories
2024-12-20 18:04:01 +01:00
initctl
tree-wide: replace for loop with FOREACH_ELEMENT or FOREACH_ARRAY macros (#34893)
2024-10-26 07:10:22 +09:00
integritysetup
various: check meson feature flag early
2024-11-13 08:21:33 +09:00
journal
journald: get rid of get_process_capeff(), use pidref_get_capability() instead
2024-12-17 19:06:54 +01:00
journal-remote
fuzz-journal-remote: use memfd_new_and_seal() where appropriate
2024-12-17 18:26:15 +01:00
kernel-install
kernel-install: remove .extra.d/ directory too
2024-12-01 14:05:45 +09:00
keyutil
Introduce systemd-keyutil to do various key/certificate operations
2024-11-08 15:00:21 +01:00
libsystemd
execute: introduce a user-scoped credstore
2024-12-20 17:51:58 +01:00
libsystemd-network
ndisc-option: use memcpy_safe() at one more place
2024-11-19 04:04:14 +09:00
libudev
locale
fileio: port write_string_file() to LabelOps, and thus add WRITE_STRING_FILE_LABEL flag
2024-10-22 17:51:26 +02:00
login
tree-wide: use pidref_is_self() at more places
2024-12-18 13:34:35 +01:00
machine
discover-image: introduce per-user image directories
2024-12-20 18:04:01 +01:00
machine-id-setup
measure
tpm2-util: allow to control if legend and/or footer shown by tpm2_list_devices()
2024-12-12 15:21:16 +09:00
modules-load
various: check meson feature flag early
2024-11-13 08:21:33 +09:00
mount
bus-util: Log more information when connecting to a bus socket fails
2024-10-09 10:27:53 +02:00
mountfsd
mntfsd: add api to mount dirs for containers
2024-12-20 22:13:05 +01:00
network
networkd-sysctl: tweak error handling and log level a bit
2024-12-18 16:38:54 +01:00
notify
sd-daemon: add fd array size safety check to sd_notify_with_fds()
2024-11-04 12:10:09 +01:00
nspawn
nspawn: allow to run unpriv from dir
2024-12-20 22:15:21 +01:00
nsresourced
nsresourced: add ability to mangle specified name if necessary
2024-12-20 22:13:05 +01:00
nss-myhostname
nss-mymachines
nss-resolve
json-util: generalize json_dispatch_ifindex()
2024-11-04 11:42:37 +01:00
nss-systemd
userdb: synthesize stub user records for the foreign UID
2024-12-20 22:13:05 +01:00
oom
tree-wide: drop acquire_data_fd_full() helper
2024-12-17 18:26:15 +01:00
path
sd-path: expose credential store in sd-path
2024-12-20 17:51:54 +01:00
pcrextend
tpm2-util: allow to control if legend and/or footer shown by tpm2_list_devices()
2024-12-12 15:21:16 +09:00
pcrlock
tree-wide: replace ANSI_XYZ with ansi_xyz()
2024-12-11 10:11:53 +09:00
portable
discover-image: introduce per-user image directories
2024-12-20 18:04:01 +01:00
pstore
various: check meson feature flag early
2024-11-13 08:21:33 +09:00
quotacheck
Undeprecate commandline params forcequotacheck, fastboot, and forcefsck
2024-11-23 17:30:56 +09:00
random-seed
rc-local-generator
remount-fs
repart
repart: Take configured minimum and maximum size into account for Minimize=
2024-12-13 15:10:29 +00:00
reply-password
resolve
resolved: if one transaction completes, expect other transactions within candidate to succeed quickly
2024-12-18 15:43:46 +01:00
rfkill
rpm
systemd-update-helper: Show executed commands if debug logging is enabled
2024-10-11 19:30:04 +01:00
run
ptyfwd: always flush buffer and disconnect before exit
2024-12-18 20:28:07 +09:00
run-generator
sbsign
sbsign: remove unused --no-pager option
2024-11-12 17:52:48 +01:00
shared
nspawn: move uid shift/chown() code into shared/
2024-12-20 22:13:05 +01:00
shutdown
shutdown: propagate one more error from sync_making_progress()
2024-11-23 17:32:51 +09:00
sleep
efivars: Remove STRINGIFY() helper macros
2024-11-02 23:20:57 +01:00
socket-activate
socket-proxy
ssh-generator
ssh-generator: silence "Binding to socket" messages
2024-11-19 11:00:20 +01:00
stdio-bridge
stdio-bridge: Use customized log message for forwarding bus
2024-10-11 11:35:02 +02:00
storagetm
sulogin-shell
sysctl
sysext
discover-image: introduce per-user image directories
2024-12-20 18:04:01 +01:00
system-update-generator
fs-util: rename laccess to access_nofollow
2024-10-05 01:30:43 +02:00
systemctl
systemctl-edit: ignore ENOENT from unit_is_masked()
2024-12-17 13:19:35 +09:00
systemd
sd-path: expose credential store in sd-path
2024-12-20 17:51:54 +01:00
sysupdate
discover-image: introduce per-user image directories
2024-12-20 18:04:01 +01:00
sysusers
various: check meson feature flag early
2024-11-13 08:21:33 +09:00
sysv-generator
sysv-generator: break long message into lines
2024-10-28 14:04:06 +01:00
test
namespace-util: add process_is_owned_by_uid() helper
2024-12-20 22:17:06 +01:00
timedate
fileio: port write_string_file() to LabelOps, and thus add WRITE_STRING_FILE_LABEL flag
2024-10-22 17:51:26 +02:00
timesync
tree-wide: replace for loop with FOREACH_ELEMENT or FOREACH_ARRAY macros (#34893)
2024-10-26 07:10:22 +09:00
tmpfiles
tmpfiles: reduce quoting in warning message
2024-12-13 16:23:05 +00:00
tpm2-setup
tpm2-util: allow to control if legend and/or footer shown by tpm2_list_devices()
2024-12-12 15:21:16 +09:00
tty-ask-password-agent
tty-askpw-agent: modernize wall_tty_match() a bit
2024-10-21 14:15:21 +02:00
udev
[RFC] better naming for Azure MANA network devices (#34255)
2024-12-20 09:52:40 +01:00
ukify
ukify: Fix regression in --no-sign-kernel flag
2024-12-19 12:27:27 +09:00
update-done
sysext: set SELinux context for hierarchies and workdir
2024-11-26 17:47:32 +00:00
update-utmp
update-utmp: do not give up if the first attempt at connecting bus failed
2024-12-19 00:34:38 +09:00
user-sessions
shared: get rid of fileio-label.[ch]
2024-10-22 17:51:26 +02:00
userdb
userdb: synthesize stub user records for the foreign UID
2024-12-20 22:13:05 +01:00
varlinkctl
sd-json,tree-wide: add sd_json_format_enabled() and use it everwhere
2024-10-28 09:23:07 +01:00
vconsole
vconsole-setup: drop impossible condition
2024-12-13 16:23:05 +00:00
veritysetup
various: check meson feature flag early
2024-11-13 08:21:33 +09:00
version
vmspawn
discover-image: introduce per-user image directories
2024-12-20 18:04:01 +01:00
volatile-root
vpick
xdg-autostart-generator
path-lookup: move xdg_user_dirs() to xdg-autostart-generator
2024-10-06 19:42:39 +02:00