picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/core
History
Lennart Poettering bc9fd78c7b bus: when connecting to a container's kdbus instance, enter namespace first 
Previously we'd open the connection in the originating namespace, which
meant most peers of the bus would not be able to make sense of the
PID/UID/... identity of us since we didn't exist in the namespace they
run in. However they require this identity for privilege decisions,
hence disallowing access to anything from the host.

Instead, when connecting to a container, create a temporary subprocess,
make it join the container's namespace and then connect from there to
the kdbus instance. This is similar to how we do it for socket
conections already.

THis also unifies the namespacing code used by machinectl and the bus
APIs.
2013-12-14 05:10:25 +01:00
..
.gitignore build-sys: move more files from core/ to share/ that are generic enough 2013-11-22 16:31:40 +01:00
async.c Make tmpdir removal asynchronous 2013-09-17 10:26:30 -05:00
async.h Make tmpdir removal asynchronous 2013-09-17 10:26:30 -05:00
audit-fd.c selinux: remove anything PID1-specific from selinux-access.[ch] so that we can reuse it in logind 2012-10-02 17:56:54 -04:00
audit-fd.h audit: turn the audit fd into a static variable 2012-10-02 17:40:09 -04:00
automount.c automount: log info about triggering process 2013-11-28 01:25:10 +01:00
automount.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
build.h journal: make libgcrypt dependency optional 2012-08-20 16:51:46 +02:00
busname.c busname: improve condition check 2013-12-05 02:48:17 +01:00
busname.h bus: add .busname unit type to implement kdbus-style bus activation 2013-12-02 23:32:34 +01:00
cgroup.c cgroups: Cache controller masks and optimize queues. 2013-11-22 11:22:47 +10:00
cgroup.h cgroups: Cache controller masks and optimize queues. 2013-11-22 11:22:47 +10:00
condition.c util: unify reading of /proc/cmdline 2013-11-06 03:15:16 +01:00
condition.h systemd,systemctl: export condition status and show failing condition 2013-07-17 23:41:10 -04:00
dbus-automount.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-automount.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-busname.c bus: add .busname unit type to implement kdbus-style bus activation 2013-12-02 23:32:34 +01:00
dbus-busname.h bus: add .busname unit type to implement kdbus-style bus activation 2013-12-02 23:32:34 +01:00
dbus-cgroup.c bus: rework message handlers to always take an error argument 2013-11-21 21:12:36 +01:00
dbus-cgroup.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-client-track.c core: fix serialization of client tracker 2013-11-21 21:18:02 +01:00
dbus-client-track.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-device.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-device.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-execute.c core: fix serialization of exec command structs 2013-11-25 17:40:53 +01:00
dbus-execute.h core: fix serialization of exec command structs 2013-11-25 17:40:53 +01:00
dbus-job.c core: don't warn loudly if we cannot send a bus signal to a disconnected client 2013-11-22 20:19:27 +01:00
dbus-job.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-kill.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-kill.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-manager.c bus: introduce "trusted" bus concept and encode access control in object vtables 2013-12-10 16:52:49 +00:00
dbus-manager.h core: don't warn loudly if we cannot send a bus signal to a disconnected client 2013-11-22 20:19:27 +01:00
dbus-mount.c bus: rework message handlers to always take an error argument 2013-11-21 21:12:36 +01:00
dbus-mount.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-path.c bus: rework message handlers to always take an error argument 2013-11-21 21:12:36 +01:00
dbus-path.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-scope.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-scope.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-service.c core: fix serialization of exec command structs 2013-11-25 17:40:53 +01:00
dbus-service.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-slice.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-slice.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-snapshot.c bus: rework message handlers to always take an error argument 2013-11-21 21:12:36 +01:00
dbus-snapshot.h bus: rework message handlers to always take an error argument 2013-11-21 21:12:36 +01:00
dbus-socket.c core: fix serialization of exec command structs 2013-11-25 17:40:53 +01:00
dbus-socket.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-swap.c bus: rework message handlers to always take an error argument 2013-11-21 21:12:36 +01:00
dbus-swap.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-target.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-target.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-timer.c timer: make timer accuracy configurable 2013-11-21 22:08:20 +01:00
dbus-timer.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-unit.c core: fix Unit.SetProperties argument parsing 2013-12-10 23:28:07 +00:00
dbus-unit.h bus: rework message handlers to always take an error argument 2013-11-21 21:12:36 +01:00
dbus.c core: suppress gcc warnings on selinux-less systems 2013-12-12 15:59:13 +01:00
dbus.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
device.c Revert "systemd: add a start job for all units in SYSTEMD_[USER_]WANTS=" 2013-12-10 18:53:56 +00:00
device.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
execute.c Get rid of our reimplementation of basename 2013-12-06 21:29:55 -05:00
execute.h execute.h: remove redefinition of Unit 2013-12-05 22:35:11 +01:00
hostname-setup.c hostname: only suppress setting of pretty hostname if it is non-equal to the static hostname and if the static hostname is set, too 2013-05-07 20:56:41 +02:00
hostname-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
ima-setup.c core: move mount_setup_early() to main.c 2013-03-07 20:53:14 +01:00
ima-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
job.c systemd: treat reload failure as failure 2013-12-02 22:12:02 -05:00
job.h systemd: treat reload failure as failure 2013-12-02 22:12:02 -05:00
kill.c core: optionally send SIGHUP in addition to the configured kill signal 2013-07-30 01:54:59 +02:00
kill.h core: optionally send SIGHUP in addition to the configured kill signal 2013-07-30 01:54:59 +02:00
killall.c core: fix order of parameters in broadcast_signal() 2013-11-25 23:03:03 +01:00
killall.h core: fix order of parameters in broadcast_signal() 2013-11-25 23:03:03 +01:00
kmod-setup.c kmod-setup: properly iterate through module table 2013-05-07 17:52:23 +02:00
kmod-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
load-dropin.c id128: when taking user input for a 128bit ID, validate syntax 2013-04-30 08:36:01 -03:00
load-dropin.h Introspect and monitor dropin configuration 2013-04-01 23:43:49 -04:00
load-fragment-gperf.gperf.m4 bus: add .busname unit type to implement kdbus-style bus activation 2013-12-02 23:32:34 +01:00
load-fragment.c bus: when connecting to a container's kdbus instance, enter namespace first 2013-12-14 05:10:25 +01:00
load-fragment.h bus: add .busname unit type to implement kdbus-style bus activation 2013-12-02 23:32:34 +01:00
locale-setup.c local: fix memory leak when putting together locale settings 2013-10-01 00:17:21 +02:00
locale-setup.h rework systemd's own process environment handling/passing 2013-07-26 18:40:40 +02:00
loopback-setup.c loopback-setup: move to rtnl 2013-11-14 15:11:15 +01:00
loopback-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
machine-id-setup.c build-sys: use -Og instead of -O0 to catch warnings 2013-10-21 15:46:00 +02:00
machine-id-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
macros.systemd.in rpm: add RPM macro for creating tmpfiles entries after package installation 2013-07-16 18:54:03 +02:00
main.c core: allocate a kdbus bus for each systemd instance, if we can 2013-11-30 03:53:42 +01:00
Makefile build-sys: add stub makefiles to make emacs easier to use 2012-04-12 13:35:56 +02:00
manager.c event: be more conservative when returning errors from event handler callbacks 2013-12-13 04:06:43 +01:00
manager.h core: allocate a kdbus bus for each systemd instance, if we can 2013-11-30 03:53:42 +01:00
mount-setup.c tree-wide usage of %m specifier instead of strerror(errno) 2013-11-26 21:07:46 +10:00
mount-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
mount.c bus: add .busname unit type to implement kdbus-style bus activation 2013-12-02 23:32:34 +01:00
mount.h service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces 2013-11-27 20:28:48 +01:00
namespace.c namespace: include boot id in private tmp directories 2013-12-13 04:06:43 +01:00
namespace.h service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces 2013-11-27 20:28:48 +01:00
org.freedesktop.systemd1.conf systemctl: add commands set-default and get-default 2013-05-30 20:44:41 -04:00
org.freedesktop.systemd1.policy.in.in move more main systemd parts to core/ 2012-04-12 14:24:40 +02:00
org.freedesktop.systemd1.service move more main systemd parts to core/ 2012-04-12 14:24:40 +02:00
path.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
path.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
scope.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
scope.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
selinux-access.c bus: add new sd_bus_creds object to encapsulate process credentials 2013-11-28 18:42:18 +01:00
selinux-access.h bus: rework message handlers to always take an error argument 2013-11-21 21:12:36 +01:00
selinux-setup.c util: make time formatting a bit smarter 2013-04-04 02:56:56 +02:00
selinux-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
service.c service: process watchdog timeouts with lowest priority 2013-12-12 20:49:32 +01:00
service.h service: remove unneccesary Socket.got_socket_fd 2013-12-01 19:53:55 -05:00
shutdown.c shutdown: during final killing spree also send SIGHUP in addition to SIGTERM to deal with shells 2013-11-25 22:10:22 +01:00
slice.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
slice.h core: general cgroup rework 2013-06-27 04:17:34 +02:00
smack-setup.c Run with a custom SMACK domain (label). 2013-10-07 10:23:20 -07:00
smack-setup.h core: mount and initialize Smack 2013-03-07 20:53:14 +01:00
snapshot.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
snapshot.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
socket.c bus: add .busname unit type to implement kdbus-style bus activation 2013-12-02 23:32:34 +01:00
socket.h service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces 2013-11-27 20:28:48 +01:00
swap.c Remove some unused variables 2013-11-28 14:37:11 -05:00
swap.h service: add the ability for units to join other unit's PrivateNetwork= and PrivateTmp= namespaces 2013-11-27 20:28:48 +01:00
switch-root.c switch-root: try pivot_root() before overmounting / 2012-11-16 18:21:09 +01:00
switch-root.h use #pragma once instead of foo*foo define guards 2013-11-18 20:28:54 -05:00
sysfs-show.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
system.conf manager: configurable StartLimit default values 2013-11-08 17:00:01 +01:00
systemd.pc.in pkg-config: export systemd{system,user}generatordir and catalogdir 2013-08-03 09:20:12 -04:00
target.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
target.h Add __attribute__((const, pure, format)) in various places 2013-05-02 22:52:09 -04:00
tcpwrap.c relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
tcpwrap.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
timer.c timer: make timer accuracy configurable 2013-11-21 22:08:20 +01:00
timer.h timer: make timer accuracy configurable 2013-11-21 22:08:20 +01:00
transaction.c core: add new "flush" job mode to cancel all other jobs when queuing a new job 2013-11-26 02:26:31 +01:00
transaction.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
umount.c list: make our list macros a bit easier to use by not requring type spec on each invocation 2013-10-14 06:11:19 +02:00
umount.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
unit-printf.c specifier: rework specifier calls to return proper error message 2013-09-17 10:06:50 -05:00
unit-printf.h specifier: rework specifier calls to return proper error message 2013-09-17 10:06:50 -05:00
unit.c Get rid of our reimplementation of basename 2013-12-06 21:29:55 -05:00
unit.h bus: add .busname unit type to implement kdbus-style bus activation 2013-12-02 23:32:34 +01:00
user.conf manager: configurable StartLimit default values 2013-11-08 17:00:01 +01:00