picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/core
History
Lennart Poettering d3dcf4e3b9 fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name 
This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of
read_full_file_full() a bit: when used a sender socket name may be
specified. If specified as NULL behaviour is as before: the client
socket name is picked by the kernel. But if specified as non-NULL the
client can pick a socket name to use when connecting. This is useful to
communicate a minimal amount of metainformation from client to server,
outside of the transport payload.

Specifically, these beefs up the service credential logic to pass an
abstract AF_UNIX socket name as client socket name when connecting via
READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name
and the eventual credential name. This allows servers implementing the
trivial credential socket logic to distinguish clients: via a simple
getpeername() it can be determined which unit is requesting a
credential, and which credential specifically.

Example: with this patch in place, in a unit file "waldo.service" a
configuration line like the following:

    LoadCredential=foo:/run/quux/creds.sock

will result in a connection to the AF_UNIX socket /run/quux/creds.sock,
originating from an abstract namespace AF_UNIX socket:

    @$RANDOM/unit/waldo.service/foo

(The $RANDOM is replaced by some randomized string. This is included in
the socket name order to avoid namespace squatting issues: the abstract
socket namespace is open to unprivileged users after all, and care needs
to be taken not to use guessable names)

The services listening on the /run/quux/creds.sock socket may thus
easily retrieve the name of the unit the credential is requested for
plus the credential name, via a simpler getpeername(), discarding the
random preifx and the /unit/ string.

This logic uses "/" as separator between the fields, since both unit
names and credential names appear in the file system, and thus are
designed to use "/" as outer separators. Given that it's a good safe
choice to use as separators here, too avoid any conflicts.

This is a minimal patch only: the new logic is used only for the unit
file credential logic. For other places where we use
READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this
scheme too, but this should be done carefully in later patches, since
the socket names become API that way, and we should determine the right
amount of info to pass over.
2020-11-03 09:48:04 +01:00
..
all-units.h core: add spdx header to all-units.h 2019-07-24 05:06:21 +09:00
apparmor-setup.c AppArmor: Support for loading a set of pre-compiled profiles at startup time 2020-06-09 20:27:47 +02:00
apparmor-setup.h AppArmor: Support for loading a set of pre-compiled profiles at startup time 2020-06-09 20:27:47 +02:00
audit-fd.c
audit-fd.h
automount.c automount: make user unmounting for automount units more debuggable 2020-10-30 13:10:42 +01:00
automount.h automount: make user unmounting for automount units more debuggable 2020-10-30 13:10:42 +01:00
bpf-devices.c tree-wide: avoid some loaded terms 2020-06-25 09:00:19 +02:00
bpf-devices.h tree-wide: avoid some loaded terms 2020-06-25 09:00:19 +02:00
bpf-firewall.c core: make log_unit_error() or friends return void 2020-09-09 02:34:38 +09:00
bpf-firewall.h bpf-firewall: custom BPF programs through IP(Ingress|Egress)FilterPath= 2019-06-25 09:56:16 +02:00
cgroup.c core: clean up inactive/failed {service|scope}'s cgroups when the last process exits 2020-10-27 13:20:40 +01:00
cgroup.h core: clean up inactive/failed {service|scope}'s cgroups when the last process exits 2020-10-27 13:20:40 +01:00
core-varlink.c core: varlink tweaks 2020-10-19 02:46:00 -07:00
core-varlink.h core: add varlink call to get cgroup paths of units using ManagedOOM*= 2020-10-07 16:17:23 -07:00
dbus-automount.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-automount.h
dbus-cgroup.c Merge pull request #15206 from anitazha/systoomd-v0 2020-10-15 14:16:52 +02:00
dbus-cgroup.h core: make TasksMax a partially dynamic property 2019-11-14 18:41:54 +01:00
dbus-device.c
dbus-device.h
dbus-execute.c core: remember when we set ExecContext.mount_apivfs 2020-09-24 10:03:18 +02:00
dbus-execute.h core: add ExecStartXYZEx= with dbus support for executable prefixes 2019-05-30 20:41:42 -07:00
dbus-job.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
dbus-job.h shared: split out BusObjectImplementor APIs 2020-06-30 15:08:35 +02:00
dbus-kill.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-kill.h
dbus-manager.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
dbus-manager.h core: implement generic log control API in PID1 too 2020-04-21 17:08:23 +02:00
dbus-mount.c cgroup: Implicit unit_invalidate_cgroup_members_masks 2020-08-19 11:41:53 +02:00
dbus-mount.h
dbus-path.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-path.h
dbus-scope.c cgroup: Implicit unit_invalidate_cgroup_members_masks 2020-08-19 11:41:53 +02:00
dbus-scope.h
dbus-service.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
dbus-service.h
dbus-slice.c cgroup: Implicit unit_invalidate_cgroup_members_masks 2020-08-19 11:41:53 +02:00
dbus-slice.h
dbus-socket.c core: add Timestamping= option for socket units 2020-10-27 14:12:39 +01:00
dbus-socket.h
dbus-swap.c cgroup: Implicit unit_invalidate_cgroup_members_masks 2020-08-19 11:41:53 +02:00
dbus-swap.h
dbus-target.c
dbus-target.h
dbus-timer.c shared: split out property get helpers 2020-06-30 15:10:17 +02:00
dbus-timer.h
dbus-unit.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
dbus-unit.h pid1: convert to the new scheme 2020-05-05 22:40:37 +02:00
dbus-util.c core: add ManagedOOM*= properties to configure systemd-oomd on the unit 2020-10-07 16:17:23 -07:00
dbus-util.h core: add ManagedOOM*= properties to configure systemd-oomd on the unit 2020-10-07 16:17:23 -07:00
dbus.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
dbus.h pid1: add --bus-introspect 2020-05-05 22:40:44 +02:00
device.c Merge pull request #16968 from yuwata/remove-old-device-on-move-event 2020-10-14 17:49:37 +02:00
device.h
dynamic-user.c Move {uid,gid}_is_*() from basic to shared 2020-09-25 17:18:56 +02:00
dynamic-user.h tree-wide: reorder various structures to make them smaller and use fewer cache lines 2019-03-27 18:11:11 +01:00
efi-random.c random-util: add common helper random_write_entropy() for crediting entropy to the kernel's pool 2020-06-24 15:33:27 +02:00
efi-random.h core: take random seed from boot loader and credit it to kernel entropy pool 2019-07-25 18:16:46 +02:00
emergency-action.c feature to honor first shutdown request to completion 2020-06-24 09:42:01 +02:00
emergency-action.h core: change emergency_action() to return void 2019-03-18 16:06:36 +01:00
execute.c fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name 2020-11-03 09:48:04 +01:00
execute.h test-path: do not fail the test if we fail to start a service because of cgroup setup 2020-10-22 11:05:17 +02:00
generator-setup.c Split out generator directory setup to a src/core/generator-setup.c 2020-03-27 20:12:44 +01:00
generator-setup.h Split out generator directory setup to a src/core/generator-setup.c 2020-03-27 20:12:44 +01:00
hostname-setup.c core: allow overriding the system hostname with systemd.hostname= on the kernel command line 2020-05-18 20:20:50 +02:00
hostname-setup.h
ima-setup.c headers: remove unneeded includes from util.h 2019-03-27 11:53:12 +01:00
ima-setup.h
ip-address-access.c bpf-firewall: optimization for IPAddressXYZ="any" (and unprivileged users) 2019-06-22 19:56:06 +02:00
ip-address-access.h bpf-firewall: optimization for IPAddressXYZ="any" (and unprivileged users) 2019-06-22 19:56:06 +02:00
job.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
job.h Revert "job: Don't mark as redundant if deps are relevant" 2020-06-23 11:42:45 +02:00
kill.c core: add support for RestartKillSignal= to override signal used for restart jobs 2019-10-02 14:01:25 +02:00
kill.h core: add support for RestartKillSignal= to override signal used for restart jobs 2019-10-02 14:01:25 +02:00
killall.c tree-wide: cast result of get_process_comm() to (void) where we ignore it 2020-10-27 14:06:49 +01:00
killall.h core/killall: Propagate errors and return the number of process left 2019-04-08 19:41:16 +02:00
kmod-setup.c tree-wide: drop libkmod.h when module-util.h is included 2019-11-04 00:30:32 +09:00
kmod-setup.h
load-dropin.c Merge pull request #15940 from keszybz/names-set-optimization 2020-06-10 18:52:08 +02:00
load-dropin.h core: store unit aliases in a separate set 2020-06-10 09:36:58 +02:00
load-fragment-gperf-nulstr.awk
load-fragment-gperf.gperf.m4 core: add Timestamping= option for socket units 2020-10-27 14:12:39 +01:00
load-fragment.c core: add Timestamping= option for socket units 2020-10-27 14:12:39 +01:00
load-fragment.h core: add Timestamping= option for socket units 2020-10-27 14:12:39 +01:00
locale-setup.c tree-wide: drop string.h when string-util.h or friends are included 2019-11-04 00:30:32 +09:00
locale-setup.h
loopback-setup.c tree-wide: drop missing.h 2019-10-31 17:57:03 +09:00
loopback-setup.h
machine-id-setup.c machine-id-setup: sync before committing machine-id 2020-10-19 16:28:22 +02:00
machine-id-setup.h core: keep machine-id transient until first boot completes 2020-10-19 16:28:22 +02:00
macros.systemd.in rpm: include macro name in errors for two args macros too 2020-07-14 19:22:42 +02:00
main.c core: keep machine-id transient until first boot completes 2020-10-19 16:28:22 +02:00
manager.c pid1: various minor watchdog modernizations 2020-10-30 13:02:06 +01:00
manager.h core: add varlink call to get cgroup paths of units using ManagedOOM*= 2020-10-07 16:17:23 -07:00
meson.build core: add credentials logic 2020-08-25 19:45:35 +02:00
mount-setup.c pid1: ignore whole /run/host hierarchy 2020-10-15 17:16:36 +02:00
mount-setup.h mount-setup: change the system mount propagation to shared by default only at bootup 2020-04-09 10:14:20 +02:00
mount.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
mount.h mount: add ReadWriteOnly property to fail on read-only mounts 2020-05-01 13:23:30 +02:00
namespace.c tree-wide: drop if braces around single line expressions as well 2020-10-09 15:11:55 +02:00
namespace.h core/namespace: drop bitfield annotations from boolean fields 2020-09-22 17:58:11 +02:00
org.freedesktop.systemd1.conf pid1: add a new SetShowStatus() bus call to override/restore show status mode 2020-06-11 12:00:32 +02:00
org.freedesktop.systemd1.policy.in
org.freedesktop.systemd1.service Revert "Drop dbus activation stub service" 2019-12-20 17:28:12 +01:00
path.c core: propagate unit start limit hit state to triggering path unit 2020-09-14 13:05:09 +02:00
path.h core: propagate unit start limit hit state to triggering path unit 2020-09-14 13:05:09 +02:00
scope.c core: clean up inactive/failed {service|scope}'s cgroups when the last process exits 2020-10-27 13:20:40 +01:00
scope.h scope: Support RuntimeMaxSec= directive in scope units 2019-10-28 09:44:31 +01:00
selinux-access.c selinux: use SELinux status page 2020-08-27 10:28:53 +02:00
selinux-access.h selinux: do preprocessor check only in selinux-access.c 2020-04-29 13:56:40 +02:00
selinux-setup.c tree-wide: assorted coccinelle fixes 2020-10-09 15:02:23 +02:00
selinux-setup.h
service.c core: clean up inactive/failed {service|scope}'s cgroups when the last process exits 2020-10-27 13:20:40 +01:00
service.h core: let user define start-/stop-timeout behaviour 2020-06-09 10:04:57 +02:00
show-status.c pid1: add new mode systemd.show-status=error and use it when 'quiet' is passed 2020-03-01 11:48:23 +01:00
show-status.h pid1: add new mode systemd.show-status=error and use it when 'quiet' is passed 2020-03-01 11:48:23 +01:00
slice.c core: add ManagedOOM*= properties to configure systemd-oomd on the unit 2020-10-07 16:17:23 -07:00
slice.h
smack-setup.c tree-wide: drop dirent.h when dirent-util.h is included 2019-11-04 00:30:32 +09:00
smack-setup.h
socket.c core: add Timestamping= option for socket units 2020-10-27 14:12:39 +01:00
socket.h core: add Timestamping= option for socket units 2020-10-27 14:12:39 +01:00
swap.c core: make log_unit_error() or friends return void 2020-09-09 02:34:38 +09:00
swap.h core: swap priority can be negative 2019-12-04 08:57:08 +01:00
system.conf.in log: add support for prefixing console log messages with current timestamp 2020-02-10 07:01:30 -05:00
systemd.pc.in Also parse the minimum uid/gid values 2020-10-01 17:52:41 +02:00
target.c tree-wide: define iterator inside of the macro 2020-09-08 12:14:05 +02:00
target.h
timer.c core: propagate triggered unit in more load states 2020-09-14 13:05:09 +02:00
timer.h core: optionally, trigger .timer units on timezone and clock changes 2019-04-02 08:20:10 +02:00
transaction.c core: propagate triggered unit in more load states 2020-09-14 13:05:09 +02:00
transaction.h core: Add triggering job mode 2019-11-05 11:17:38 -08:00
triggers.systemd.in
unit-printf.c Add %l as specifier for the hostname without any domain component 2020-05-07 17:36:44 +02:00
unit-printf.h core: mark unit_*_printf() functions as taking a const Unit* 2019-10-16 16:21:56 +02:00
unit.c Merge pull request #17387 from anitazha/systoomd_fixups 2020-10-19 17:29:22 +02:00
unit.h core: systemd-oomd pid1 integration 2020-10-07 17:12:24 -07:00
user.conf.in log: add support for prefixing console log messages with current timestamp 2020-02-10 07:01:30 -05:00