picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src/basic
History
Lennart Poettering 6b7c9f8bce namespace: rework how ReadWritePaths= is applied 
Previously, if ReadWritePaths= was nested inside a ReadOnlyPaths=
specification, then we'd first recursively apply the ReadOnlyPaths= paths, and
make everything below read-only, only in order to then flip the read-only bit
again for the subdirs listed in ReadWritePaths= below it.

This is not only ugly (as for the dirs in question we first turn on the RO bit,
only to turn it off again immediately after), but also problematic in
containers, where a container manager might have marked a set of dirs read-only
and this code will undo this is ReadWritePaths= is set for any.

With this patch behaviour in this regard is altered: ReadOnlyPaths= will not be
applied to the children listed in ReadWritePaths= in the first place, so that
we do not need to turn off the RO bit for those after all.

This means that ReadWritePaths=/ReadOnlyPaths= may only be used to turn on the
RO bit, but never to turn it off again. Or to say this differently: if some
dirs are marked read-only via some external tool, then ReadWritePaths= will not
undo it.

This is not only the safer option, but also more in-line with what the man page
currently claims:

        "Entries (files or directories) listed in ReadWritePaths= are
        accessible from within the namespace with the same access rights as
        from outside."

To implement this change bind_remount_recursive() gained a new "blacklist"
string list parameter, which when passed may contain subdirs that shall be
excluded from the read-only mounting.

A number of functions are updated to add more debug logging to make this more
digestable.
 		2016-09-25 10:40:51 +02:00
..
.gitignore build-sys: split internal basic/ library from shared/ 2015-06-11 10:52:46 +02:00
Makefile build-sys: split internal basic/ library from shared/ 2015-06-11 10:52:46 +02:00
MurmurHash2.c tree-wide: minor formatting inconsistency cleanups 2016-02-23 14:20:34 -08:00
MurmurHash2.h build-sys: split internal basic/ library from shared/ 2015-06-11 10:52:46 +02:00
af-list.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
af-list.h Use provided buffer in dns_resource_key_to_string 2016-02-16 19:55:51 -05:00
alloc-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
alloc-util.h alloc-util: cleanups 2016-02-19 01:36:46 +06:00
architecture.c basic: Fix incorrect architecture mapping on sparc64. (#3274) 2016-05-16 21:25:36 +02:00
architecture.h basic: Fix incorrect architecture mapping on sparc64. (#3274) 2016-05-16 21:25:36 +02:00
arphrd-list.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
arphrd-list.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
async.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
async.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
audit-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
audit-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
barrier.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
barrier.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
bitmap.c resolved: when using the ResolveRecord() bus call, adjust TTL for caching time 2016-06-21 13:20:48 +02:00
bitmap.h resolved: when using the ResolveRecord() bus call, adjust TTL for caching time 2016-06-21 13:20:48 +02:00
blkid-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
btrfs-ctree.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
btrfs-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
btrfs-util.h tree-wide: place #pragma once at the same place everywhere 2016-02-20 22:42:29 +01:00
build.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
bus-label.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
bus-label.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
calendarspec.c util-lib: make timestamp generation and parsing reversible (#3869) 2016-08-03 19:04:53 -04:00
calendarspec.h util-lib: make timestamp generation and parsing reversible (#3869) 2016-08-03 19:04:53 -04:00
cap-list.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
cap-list.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
capability-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
capability-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
cgroup-util.c Merge pull request #3965 from htejun/systemd-controller-on-unified 2016-08-19 19:58:01 -04:00
cgroup-util.h Merge pull request #3965 from htejun/systemd-controller-on-unified 2016-08-19 19:58:01 -04:00
chattr-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
chattr-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
clock-util.c clock-util: be more tolerant in parsing /etc/adjtime 2016-02-26 12:33:41 +01:00
clock-util.h clock-util: make clock_is_localtime() testable and add initial tests 2016-02-26 11:28:49 +01:00
conf-files.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
conf-files.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
copy.c treewide: fix typos and remove accidental repetition of words 2016-07-11 16:18:43 +02:00
copy.h machined: support non-btrfs file systems with "machinectl clone" 2016-05-02 11:15:30 +02:00
cpu-set-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
cpu-set-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
def.h tree-wide: rename config_parse_many to …_nulstr 2016-09-16 10:32:03 -04:00
device-nodes.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
device-nodes.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
dirent-util.c tree-wide: rename hidden_file to hidden_or_backup_file and optimize 2016-04-28 08:25:17 -04:00
dirent-util.h tree-wide: rename hidden_file to hidden_or_backup_file and optimize 2016-04-28 08:25:17 -04:00
env-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
env-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
errno-list.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
errno-list.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
escape.c Merge pull request #2589 from keszybz/resolve-tool-2 2016-02-13 11:15:41 +01:00
escape.h Merge pull request #2589 from keszybz/resolve-tool-2 2016-02-13 11:15:41 +01:00
ether-addr-util.c util-lib: add ether_addr_from_string() 2016-05-17 16:55:20 -04:00
ether-addr-util.h util-lib: add ether_addr_from_string() 2016-05-17 16:55:20 -04:00
exit-status.c exit-code: minor coding style updates 2016-06-06 19:59:07 +02:00
exit-status.h exit-status: update comments a bit 2016-06-06 19:59:08 +02:00
extract-word.c tree-wide: make ++/-- usage consistent WRT spacing 2016-02-22 20:32:04 -08:00
extract-word.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
fd-util.c basic/fd-util: introduce stdio_unset_cloexec() function 2016-07-02 23:38:47 +06:00
fd-util.h basic/fd-util: introduce stdio_unset_cloexec() function 2016-07-02 23:38:47 +06:00
fileio-label.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
fileio-label.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
fileio.c fileio: simplify mkostemp_safe() (#4090) 2016-09-13 08:20:38 +02:00
fileio.h fileio: simplify mkostemp_safe() (#4090) 2016-09-13 08:20:38 +02:00
formats-util.h core: set $JOURNAL_STREAM to the dev_t/ino_t of the journal stream of executed services 2016-06-15 23:00:27 +02:00
fs-util.c util-lib: rework /tmp and /var/tmp handling code 2016-08-04 16:27:07 +02:00
fs-util.h util-lib: rework /tmp and /var/tmp handling code 2016-08-04 16:27:07 +02:00
glob-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
glob-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
gunicode.c basic: include only what we use 2015-11-30 21:51:03 +01:00
gunicode.h tree-wide: place #pragma once at the same place everywhere 2016-02-20 22:42:29 +01:00
hash-funcs.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
hash-funcs.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
hashmap.c set: add new set_put_strsplit() call 2016-06-21 13:20:48 +02:00
hashmap.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
hexdecoct.c tree-wide: make ++/-- usage consistent WRT spacing 2016-02-22 20:32:04 -08:00
hexdecoct.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
hostname-util.c hostnamectl: rework pretty hostname validation (#3985) 2016-08-18 21:16:16 -04:00
hostname-util.h networkd: add basic LLDP transmission support 2016-02-21 20:58:59 +01:00
in-addr-util.c Merge pull request #3432 from poettering/resolved-ll-ipv6 2016-06-09 10:18:07 +02:00
in-addr-util.h Merge pull request #3432 from poettering/resolved-ll-ipv6 2016-06-09 10:18:07 +02:00
io-util.c core: rework how we flush incoming traffic when a socket unit goes down 2016-05-06 13:29:26 +02:00
io-util.h tree-wide: minor formatting inconsistency cleanups 2016-02-23 14:20:34 -08:00
ioprio.h tree-wide: sort includes in *.h 2015-11-18 23:09:02 +01:00
label.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
label.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
list.h tree-wide: minor formatting inconsistency cleanups 2016-02-23 14:20:34 -08:00
locale-util.c locale-util: mark special_glyph() as _const_ 2016-05-09 15:17:57 -04:00
locale-util.h locale-util: mark special_glyph() as _const_ 2016-05-09 15:17:57 -04:00
lockfile-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
lockfile-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
log.c basic: log: Increase static buffer for source file location (#3674) 2016-07-07 07:30:34 +03:00
log.h basic/log: remove unused return value 2016-03-15 19:40:33 -04:00
login-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
login-util.h tree-wide: place #pragma once at the same place everywhere 2016-02-20 22:42:29 +01:00
macro.h networkd: add support to configure VLAN on bridge ports 2016-06-10 09:10:41 +02:00
memfd-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
memfd-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
mempool.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
mempool.h tree-wide: make more global variables static 2016-02-13 12:28:28 +01:00
missing.h missing.h: add missing definitions for __O_TMPFILE 2016-08-29 12:40:22 +02:00
missing_syscall.h missing_syscall: add __NR_copy_file_range for powerpc architecture (#3772) 2016-07-21 11:40:35 +02:00
mkdir-label.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
mkdir.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
mkdir.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
mount-util.c namespace: rework how ReadWritePaths= is applied 2016-09-25 10:40:51 +02:00
mount-util.h namespace: rework how ReadWritePaths= is applied 2016-09-25 10:40:51 +02:00
nss-util.h basic: fix macro definition in nss-util.h 2016-07-20 14:53:15 +02:00
ordered-set.c networkd: use an OrderedSet instead of Set to collect link domains 2016-01-26 14:42:03 +01:00
ordered-set.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
parse-util.c util-lib: unify parsing of nice level values 2016-08-05 11:18:32 +02:00
parse-util.h util-lib: unify parsing of nice level values 2016-08-05 11:18:32 +02:00
path-util.c path-util: also support ".old" and ".new" suffixes and recommend them 2016-04-29 10:21:07 -04:00
path-util.h tree-wide: rename hidden_file to hidden_or_backup_file and optimize 2016-04-28 08:25:17 -04:00
prioq.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
prioq.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
proc-cmdline.c core: parse `rd.rescue` and `rd.emergency` as initrd-specific shorthands (#3488) 2016-06-13 16:28:42 +02:00
proc-cmdline.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
process-util.c util: don't send SIGCONT following a SIGCONT or SIGKILL in kill_and_sigcont() 2016-07-20 11:14:48 +02:00
process-util.h util-lib: unify parsing of nice level values 2016-08-05 11:18:32 +02:00
random-util.c Fixed a small typo in a comment (#3514) 2016-06-12 16:42:13 +02:00
random-util.h basic: include only what we use 2015-11-30 21:51:03 +01:00
ratelimit.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
ratelimit.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
raw-clone.h util-lib: Add sparc64 support for process creation (#3348) 2016-05-29 20:03:51 -04:00
refcnt.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
replace-var.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
replace-var.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
rlimit-util.c core: make parsing of RLIMIT_NICE aware of actual nice levels 2016-04-29 16:27:49 +02:00
rlimit-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
rm-rf.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
rm-rf.h basic: remove rm_rf_and_free, add rm_rf_physical_and_free, use rm_rf_physical_and_freep in tests (#3292) 2016-05-20 15:08:24 +02:00
securebits.h build-sys: split internal basic/ library from shared/ 2015-06-11 10:52:46 +02:00
selinux-util.c tree-wide: get rid of selinux_context_t (#3732) 2016-07-15 18:44:02 +02:00
selinux-util.h selinux: always try to load the full selinux db 2016-03-01 20:39:30 -05:00
set.h basic/set: remove some spurious spaces 2016-08-04 23:53:07 -04:00
sigbus.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
sigbus.h tree-wide: place #pragma once at the same place everywhere 2016-02-20 22:42:29 +01:00
signal-util.c tree-wide: add new SIGNAL_VALID() macro-like function that validates signal numbers 2016-04-12 13:43:32 +02:00
signal-util.h tree-wide: add new SIGNAL_VALID() macro-like function that validates signal numbers 2016-04-12 13:43:32 +02:00
siphash24.c missing include added for build with -DDEBUG (#3424) 2016-06-03 12:33:12 +02:00
siphash24.h shared: make sure foo.bar and foobar result in different domain name hashes 2016-01-11 19:39:59 +01:00
smack-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
smack-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
socket-label.c socket_address_listen: do not rely on errno (2) 2016-03-10 09:24:08 -05:00
socket-util.c core: add a concept of "dynamic" user ids, that are allocated as long as a service is running 2016-07-22 15:53:45 +02:00
socket-util.h core: add a concept of "dynamic" user ids, that are allocated as long as a service is running 2016-07-22 15:53:45 +02:00
sparse-endian.h build-sys: split internal basic/ library from shared/ 2015-06-11 10:52:46 +02:00
special.h Create initrd-root-device.target synchronization point (#3239) 2016-05-12 18:42:39 +02:00
stat-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
stat-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
stdio-util.h tree-wide: minor formatting inconsistency cleanups 2016-02-23 14:20:34 -08:00
strbuf.c strbuf: set the proper character when creating new nodes 2016-05-03 22:35:27 +02:00
strbuf.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
string-table.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
string-table.h string-table: make sure DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN() handles NULL strings nicely 2016-06-21 13:20:47 +02:00
string-util.c Always use unicode ellipsis when ellipsizing 2016-09-13 20:10:57 -04:00
string-util.h machinectl: split OS field in two; print ip addresses (#4058) 2016-08-31 20:06:57 +02:00
strv.c Merge pull request #3745 from keszybz/fix-make-nulstr-confusion 2016-07-18 11:12:47 +02:00
strv.h basic/strv: introduce STRV_IGNORE macro (#3601) 2016-06-27 23:26:07 +02:00
strxcpyx.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
strxcpyx.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
syslog-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
syslog-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
terminal-util.c terminal-util: remove unnecessary check of result of isatty() (#4000) 2016-08-19 18:51:54 -04:00
terminal-util.h pager: don't start pager if the terminal is explicitly set to TERM=dumb 2016-05-30 18:23:54 +02:00
time-util.c time-util: export timespec_load_nsec() 2016-09-15 05:21:09 +03:00
time-util.h time-util: export timespec_load_nsec() 2016-09-15 05:21:09 +03:00
umask-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
unaligned.h util-lib: add accessors for unaligned native endian words 2016-06-06 19:59:09 +02:00
unit-name.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
unit-name.h unit-name: remove spurious newline 2016-06-13 18:47:42 +02:00
user-util.c execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c 2016-09-25 10:18:57 +02:00
user-util.h execute: move suppression of HOME=/ and SHELL=/bin/nologin into user-util.c 2016-09-25 10:18:57 +02:00
utf8.c tree-wide: make ++/-- usage consistent WRT spacing 2016-02-22 20:32:04 -08:00
utf8.h Ignore BOM in config files 2016-03-22 18:51:59 -04:00
util.c Merge pull request #3777 from poettering/id128-rework 2016-07-22 21:18:41 -04:00
util.h Add enable_disable() helper 2016-07-31 22:48:22 -04:00
verbs.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
verbs.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
virt.c virt: detect bhyve (FreeBSD hypervisor) (#3840) 2016-08-01 09:04:49 -04:00
virt.h virt: detect bhyve (FreeBSD hypervisor) (#3840) 2016-08-01 09:04:49 -04:00
web-util.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
web-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
xattr-util.c tree-wide: no need to pass excess flags to open()/openat() if O_PATH is passed 2016-03-02 00:42:49 +06:00
xattr-util.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
xml.c tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00
xml.h tree-wide: remove Emacs lines from all files 2016-02-10 13:41:57 +01:00