picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src
History
Lennart Poettering 6592b9759c core: add new new bus call for migrating foreign processes to scope/service units 
This adds a new bus call to service and scope units called
AttachProcesses() that moves arbitrary processes into the cgroup of the
unit. The primary user for this new API is systemd itself: the systemd
--user instance uses this call of the systemd --system instance to
migrate processes if itself gets the request to migrate processes and
the kernel refuses this due to access restrictions.

The primary use-case of this is to make "systemd-run --scope --user …"
invoked from user session scopes work correctly on pure cgroupsv2
environments. There, the kernel refuses to migrate processes between two
unprivileged-owned cgroups unless the requestor as well as the ownership
of the closest parent cgroup all match. This however is not the case
between the session-XYZ.scope unit of a login session and the
user@ABC.service of the systemd --user instance.

The new logic always tries to move the processes on its own, but if
that doesn't work when being the user manager, then the system manager
is asked to do it instead.

The new operation is relatively restrictive: it will only allow to move
the processes like this if the caller is root, or the UID of the target
unit, caller and process all match. Note that this means that
unprivileged users cannot attach processes to scope units, as those do
not have "owning" users (i.e. they have now User= field).

Fixes: #3388
 		2018-02-12 11:34:00 +01:00
..
ac-power
activate process-util: add another fork_safe() flag for enabling LOG_ERR/LOG_WARN logging 2018-01-04 13:27:26 +01:00
analyze analyze: slight simplification 2018-02-09 12:27:34 +01:00
ask-password
backlight
basic user-util: also consider /bin/false and /bin/true as non-shell 2018-02-12 11:34:00 +01:00
binfmt
boot boot/efi: TPM V2 fix for GetEventLog EFI function 2018-01-25 15:03:55 +01:00
busctl Comment the fact that some tools need to termintate their bus connect first 2018-01-12 16:20:36 +01:00
cgls tree-wide: port all code to use safe_getcwd() 2018-01-17 11:17:38 +01:00
cgroups-agent
cgtop cgtop: make sure we can show a tasks number for the root cgroup too 2018-01-22 16:26:55 +01:00
core core: add new new bus call for migrating foreign processes to scope/service units 2018-02-12 11:34:00 +01:00
coredump util: minor tweaks to disable_core_dumps() 2018-01-10 18:44:09 +01:00
cryptsetup log: remove LOG_TARGET_SAFE pseudo log target 2018-01-24 18:22:56 +01:00
debug-generator log: remove LOG_TARGET_SAFE pseudo log target 2018-01-24 18:22:56 +01:00
delta Merge pull request #7540 from fbuihuu/systemd-delta-tweaks 2018-01-16 20:22:25 +11:00
detect-virt
dissect nspawn: make sure images containing an ESP are compatible with userns -U mode 2017-12-05 13:49:12 +01:00
environment-d-generator
escape
firstboot firstboot: Include <crypt.h> for declaration of crypt() if needed (#7944) 2018-01-25 17:30:15 +03:00
fsck tree-wide: make use of wait_for_terminate_and_check() at various places 2018-01-04 13:27:27 +01:00
fstab-generator log: remove LOG_TARGET_SAFE pseudo log target 2018-01-24 18:22:56 +01:00
fuzz fuzz: cast to void when return value is ignored 2018-01-22 09:58:29 +09:00
getty-generator log: remove LOG_TARGET_SAFE pseudo log target 2018-01-24 18:22:56 +01:00
gpt-auto-generator log: remove LOG_TARGET_SAFE pseudo log target 2018-01-24 18:22:56 +01:00
hibernate-resume log: remove LOG_TARGET_SAFE pseudo log target 2018-01-24 18:22:56 +01:00
hostname tree-wide: make name requesting asynchronous in all our services 2018-01-05 13:58:32 +01:00
hwdb
import locale-util: add freelocale() cleanup helper 2018-01-16 11:53:43 +01:00
initctl log: minimize includes in log.h 2018-01-11 14:44:31 +01:00
journal Revert "Periodically call sd_journal_process in journalctl" (#8147) 2018-02-09 20:10:00 +01:00
journal-remote Merge pull request #7881 from keszybz/pcre 2018-01-28 15:29:10 +01:00
kernel-install
libsystemd sd-bus: synthesize a description for user/system bus if otherwise unset 2018-02-12 11:34:00 +01:00
libsystemd-network tree-wide: use "cannot" instead of "can not" 2018-02-08 10:34:52 +01:00
libudev Merge pull request #8134 from keszybz/unit-load-paths 2018-02-09 17:08:23 +01:00
locale Comment the fact that some tools need to termintate their bus connect first 2018-01-12 16:20:36 +01:00
login Suspend on lid close based on power status. (#8016) 2018-02-09 17:37:39 +01:00
machine machine: add some missing asserts 2018-02-08 10:10:40 -08:00
machine-id-setup
modules-load
mount Comment the fact that some tools need to termintate their bus connect first 2018-01-12 16:20:36 +01:00
network tree-wide: use "cannot" instead of "can not" 2018-02-08 10:34:52 +01:00
notify notify: add new --uid= command 2018-01-11 15:12:16 +01:00
nspawn tree-wide: port all code to use safe_getcwd() 2018-01-17 11:17:38 +01:00
nss-myhostname
nss-mymachines nss-mymachines: add work-around to silence gcc warning 2018-02-06 17:08:42 +09:00
nss-resolve resolve: Adjust and unify D-Bus call timeout (#7847) 2018-01-23 09:53:31 +09:00
nss-systemd nss-systemd: add work-around to silence gcc warning 2018-02-05 15:21:07 +01:00
partition log: minimize includes in log.h 2018-01-11 14:44:31 +01:00
path
quotacheck process-spec: add another flag FORK_WAIT to safe_fork() 2018-01-04 13:27:27 +01:00
random-seed
rc-local-generator log: remove LOG_TARGET_SAFE pseudo log target 2018-01-24 18:22:56 +01:00
remount-fs process-util: add another fork_safe() flag for enabling LOG_ERR/LOG_WARN logging 2018-01-04 13:27:26 +01:00
reply-password
resolve resolved: use _cleanup_ in one more place 2018-02-05 10:08:18 +01:00
rfkill
run tree-wide: install matches asynchronously 2018-01-05 13:58:32 +01:00
shared shared/path-lookup: rename user control dirs to "user.control" 2018-02-09 12:27:34 +01:00
sleep
socket-proxy
stdio-bridge stdio-bridge: add missing option 2017-12-04 13:11:25 +09:00
sulogin-shell process-util: rework wait_for_terminate_and_warn() to take a flags parameter 2018-01-04 13:27:27 +01:00
sysctl Use read_line() and LONG_LINE_MAX to read values configuration files. 2017-12-13 15:03:33 -02:00
system-update-generator log: remove LOG_TARGET_SAFE pseudo log target 2018-01-24 18:22:56 +01:00
systemctl systemctl: show: use EnvironmentFiles= instead of EnvironmentFile= 2018-02-05 15:28:02 +09:00
systemd Add fd close support to sd_event_source 2018-01-24 17:57:27 +01:00
sysusers tmpfiles: allow admin/runtime overrides to runtime config 2018-02-05 15:04:52 +01:00
sysv-generator log: remove LOG_TARGET_SAFE pseudo log target 2018-01-24 18:22:56 +01:00
test Merge pull request #8143 from yuwata/drop-unused-func 2018-02-10 12:47:12 +09:00
timedate tree-wide: use "cannot" instead of "can not" 2018-02-08 10:34:52 +01:00
timesync tree-wide: use "cannot" instead of "can not" 2018-02-08 10:34:52 +01:00
tmpfiles tmpfiles: allow admin/runtime overrides to runtime config 2018-02-05 15:04:52 +01:00
tty-ask-password-agent tty-ask-password-agent: add (void) cast to mkdir/mkfifo calls we knowingly ignore 2018-01-11 14:44:31 +01:00
udev Merge pull request #8066 from LittleCVR/udevadm-trigger-and-settle 2018-02-09 17:09:42 +01:00
update-done
update-utmp
user-sessions
vconsole process-util: rework wait_for_terminate_and_warn() to take a flags parameter 2018-01-04 13:27:27 +01:00
veritysetup log: remove LOG_TARGET_SAFE pseudo log target 2018-01-24 18:22:56 +01:00
volatile-root