The call iterates through cmsg list and closes all fds passed via
SCM_RIGHTS.
This patch also ensures the call is used wherever appropriate, where we
might get spurious fds sent and we should better close them, then leave
them lying around.
Make use of the new sd_bus_set_allow_interactive_authorization() call to
globally enable interactive authorization. Also, turn on PK agent for
more calls.
This allows us to make use of the sd_bus_call_method() convencience
helper at more places.
- Always issue selinux access check as early as possible, and PK check
as late as possible.
- Introduce a new policykit action for altering environment
- Open most remaining bus calls to unprivileged clients via PK
For plymouth themes not supporting i18n (like .script), send translated
messages to display to user, which is equivalent to the sent machine
readable data.
Try to connect and send to plymouth (if running) some checked report progress,
using direct plymouth protocole.
Update message is the following:
fsckd:<num_devices>:<progress>:<string>
* num_devices corresponds to the current number of devices being checked (int)
* progress corresponds to the current minimum percentage of all devices being
checked (float, from 0 to 100)
* string is a translated message ready to be displayed by the plymouth theme
displaying the information above. It can be overriden by plymouth themes
supporting i18n.
Grab in fsckd plymouth watch key Control+C, and propagate this cancel request
to systemd-fsck which will terminate fsck.
Send a message to signal to user what key we are grabbing for fsck cancel.
Message is: fsckd-cancel-msg:<string>
Where string is a translated string ready to be displayed by the plymouth theme
indicating that Control+C can be used to cancel current checks. It can be
overriden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.
Remove the plymouth running or show-status checks from systemd-fsck. Instead,
always connect to systemd-fsckd socket, and let this one decide if we display
progress or not.
Add systemd-fsckd multiplexer which accepts multiple systemd-fsck
instances to connect to it and sends progress report. systemd-fsckd then
computes and writes to /dev/console the number of devices currently being
checked and the minimum fsck progress. This will be used for interactive
progress report and cancelling in plymouth.
systemd-fsckd stops on idle when no systemd-fsck is connected.
Make the necessary changes to systemd-fsck to connect to the systemd-fsckd
socket.
What used to be gummiboot, was renamed sd-boot when it was merged into
systemd. Let's try to be a bit more consistent with the rest of systemd
and rename it again as follows:
The EFI bootloader is now called 'systemd-bootx64.efi', and its sources are in
'src/boot/efi/'. The drop-in directory where bootctl will find EFI loaders
is now /usr/lib/systemd/boot/efi/.
Also, allow clients to alter their own objects without any further
priviliges. i.e. this allows clients to kill and lock their own sessions
without involving PK.
Most of our client tools want to set this bit for all their method
calls, even though it defaults to off in sd-bus, and rightfully so.
Hence, to simplify thing, introduce a per sd_bus-object flag that sets
the default value for all messages created on the connection.
The output of gnutls_certificate_verification_status_print() needs to be
freed.
Noticed this while staring at verify_cert_authorized() to see what could
possibly confuse gcc5 on armv7hl to segfault during compilation.
We would require a match against all three: patterns specified
with --to, with --from, and as positional arguments to show an
edge. This does not seem useful. Let instead the positional args
behave like they were specified in both --to and --from, which is
fairly intuitive and should be more useful.
The test would treat the first non-empty set of matches in
match_paths, match_drivers, match_types, match_names as definitive
(essentially chaining them with OR). Make those tests instead match
like other tests and require all to pass if the set of patterns is
nonempty.
