Commit 5f4c5fef6 introduced this new test case, but this does not work in
build chroots where cgroupfs is not mounted. So skip the test if systemd is not
running.
We should never access the "signal" part of the event source unless the
event source is actually for a signal. In this case it's a child pid
handler however, hence make sure to use the right signal.
This is a fix for PR #1177, which in turn was a fix for
9da4cb2be2.
If the root file system is located on an encrypted root disk, we'll not
find the GPT partition table for it. Let's fix that by following the
slaves/ symlinks in /sys for the device. We only handle devices having
exactly one backing device.
Also see: #1167
.nspawn fiels are simple settings files that may accompany container
images and directories and contain settings otherwise passed on the
nspawn command line. This provides an efficient way to attach execution
data directly to containers.
This funciton is exposed via CanStart on the bus, and should be as
accurate as possible. Hence: make sure to return false for units of unit
types not supported on the system, and for unit types where
configuration failed to load.
Also see #1105.
Currently, our introspection data looks like this:
<node>
<interface name="org.freedesktop.DBus.Peer">
...
</interface>
<interface name="org.freedesktop.DBus.Introspectable">
...
</interface>
<interface name="org.freedesktop.DBus.Properties">
...
</interface>
<node name="org"/>
<node name="org/freedesktop"/>
<node name="org/freedesktop/login1"/>
<node name="org/freedesktop/login1/user"/>
<node name="org/freedesktop/login1/user/self"/>
<node name="org/freedesktop/login1/user/_1000"/>
<node name="org/freedesktop/login1/seat"/>
<node name="org/freedesktop/login1/seat/self"/>
<node name="org/freedesktop/login1/seat/seat0"/>
<node name="org/freedesktop/login1/session"/>
<node name="org/freedesktop/login1/session/self"/>
<node name="org/freedesktop/login1/session/c1"/>
</node>
(ordered alphabetically for better visibility)
This is grossly incorrect. The spec says that we're allowed to return
non-directed children, however, it does not allow us to return data
recursively in multiple parents. If we return "org", then we must not
return anything else that starts with "org/".
It is unclear, whether we can include child-nodes as a tree. Moreover, it
is usually not what the caller wants. Hence, this patch changes sd-bus to
never return introspection data recursively. Instead, only a single
child-layer is returned.
This patch relies on enumerators to never return hierarchies. If someone
registers an enumerator via sd_bus_add_enumerator, they better register
sub-enumerators if they support *TRUE* hierarchies. Each enumerator is
treated as a single layer and not filtered.
Enumerators are still allowed to return nested data. However, that data
is still required to be a single hierarchy. For instance, returning
"/org/foo" and "/com/bar" is fine, but including "/com" or "/org" in that
dataset is not.
This should be the default for enumerators and I see no reason to filter
in sd-bus. Moreover, filtering that data-set would require to sort the
strv by path and then do prefix-filtering. This is O(n log n), which
would be fine, but still better to avoid.
Fixes#664.
Whenever we run in a user context, sd_bus_{default_user,open_user}() and
friends should always connect to the user-bus of the current context,
instead of deriving the uid from getuid(). This allows us running
programs via sudo/su, without the nasty side-effect of accidentally
connecting to the root user-bus.
This patch enforces the idea of making su/sudo *not* opening sessions by
default. That is, all they do is raising privileges, but keeping
everything set as before. You can still use su/sudo to open real sessions
by requesting a login-session (or loading pam_systemd otherwise).
However, in this case XDG_RUNTIME_DIR= will not be set (as usual in these
cases), hence, you will not be able to connect to *any* user-bus.
Long story short: With this patch applied, both:
- ./busctl --user
- sudo ./busctl --user
..will successfully connect to the user-bus of the local user.
Fixes#390.
The following details are passed:
- unit: the primary name of the unit upon which the action was
invoked (i.e. after resolving any aliases);
- verb: one of 'start', 'stop', 'reload', 'restart', 'try-restart',
'reload-or-restart', 'reload-or-try-restart', 'kill',
'reset-failed', or 'set-property', corresponding to the
systemctl verb used to invoke the action.
Typical use of these details in a polkit policy rule might be:
// Allow alice to manage example.service;
// fall back to implicit authorization otherwise.
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "example.service" &&
subject.user == "alice") {
return polkit.Result.YES;
}
});
We also supply a custom polkit message that includes the unit's name and
the requested operation.
Extra details for an action can be supplied when calling polkit's
CheckAuthorization method. Details are a list of key/value string pairs.
Custom policy can use these details when making authorization decisions.
This adds a new sd_pid_get_cgroup() call to sd-login which may be used
to query the control path of a process. This is useful for programs when
making use of delegation units, in order to figure out which subtree has
been delegated.
In light of the unified control group hierarchy this is finally safe to
do, hence let's add a proper API for it, to make it easier to use this.
We treat an empty wall-message equal to a NULL wall-message since:
commit 5744f59a3e
Author: Lennart Poettering <lennart@poettering.net>
Date: Fri Sep 4 10:34:47 2015 +0200
logind: treat an empty wall message like a NULL one
Fix the shutdown scheduler to not deref a NULL pointer, but properly
check for an empty wall-message.
Fixes: #1120
Commit 0339cd770 changed libsystemd-network's error code for missing DHCP lease
data from ENOENT to ENODATA. Adjust networkd accordingly.
This fixes interfaces being stuck in "degraded/configuring" mode forever.
https://github.com/systemd/systemd/issues/1147
Commit efdb023 ("core: unified cgroup hierarchy support") introduced a new
error ENOEXEC in cg_unified() if /sys/fs/cgroup/ is not available. Adjust the
"skip" checks in various tests accordingly.
Add a corresponding "skip" check to test-bus-creds as well, as
sd_bus_creds_new_from_pid() now calls cg_unified() as well.
This re-fixes "make check" in build chroots without /sys/fs/cgroup.
https://github.com/systemd/systemd/issues/1132
Delegation to unpriviliged processes is safe in the unified hierarchy,
hence allow it. This has the benefit of permitting "systemd --user"
instances to further partition their resources between user services.
Makre sure we always return sensible errors for the various, following
the same rules, and document them in a comment in sd-login.c. Also,
update all relevant man pages accordingly.
RT signals operate in a queue, and we should be careful to never merge
two queued signals into one. Hence, makes sure we only ever dequeue a
single signal at a time and leave the remaining ones queued in the
signalfd. In order to implement correct priorities for the signals
introduce one signalfd per priority, so that we only process the highest
priority signal at a time.
In the unified hierarchy delegating controller access is safe, hence
make sure to enable all controllers for the "payload" subcgroup if we
create it, so that the container will have all controllers enabled the
nspawn service itself has.
If the controller managed by systemd cannot found in /proc/$PID/cgroup,
return ENODATA, the usual error for cases where the data being looked
for does not exist, even if the process does.
Previously, on the legacy hierarchy a non-existing cgroup was considered
identical to an empty one, but the unified hierarchy the check for a
non-existing one returned ENOENT.
Let's move the actual cgroup part of it into a new separate function
manager_get_unit_by_pid_cgroup(), and then make
manager_get_unit_by_pid() just a wrapper that also checks the two pid
hashmaps.
Then, let's make sure the various calls that want to deliver events to
the owners of a PID check both hashmaps and the cgroup and deliver the
event to *each* of them. OTOH make sure bus calls like GetUnitByPID()
continue to check the PID hashmaps first and the cgroup only as
fallback.
This simply factors out the uid validation checks from parse_uid() and
uses them everywhere. This simply verifies that the passed UID is
neither 64bit -1 nor 32bit -1.
This adds a new PID_TO_PTR() macro, plus PTR_TO_PID() and makes use of
it wherever we maintain processes in a hash table. Previously we
sometimes used LONG_TO_PTR() and other times ULONG_TO_PTR() for that,
hence let's make this more explicit and clean up things.
