picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/core
History
David Herrmann 05bae4a60c bus: use EUID over UID and fix unix-creds 
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.

Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.

This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
2015-01-18 13:55:55 +01:00
..
.gitignore build-sys: move more files from core/ to share/ that are generic enough 2013-11-22 16:31:40 +01:00
audit-fd.c treewide: use log_*_errno whenever %m is in the format string 2014-11-28 19:49:27 +01:00
audit-fd.h audit: turn the audit fd into a static variable 2012-10-02 17:40:09 -04:00
automount.c unit: handle nicely of certain unit types are not supported on specific systems 2014-12-15 19:02:17 +01:00
automount.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
bus-endpoint.c core: rearrange code so that libsystemd/sd-bus/ does not include header files from core 2014-12-23 19:15:27 +01:00
bus-endpoint.h core: rearrange code so that libsystemd/sd-bus/ does not include header files from core 2014-12-23 19:15:27 +01:00
bus-policy.c bus: add missing bus-policy.[ch] 2014-12-23 21:06:01 +01:00
bus-policy.h bus: add missing bus-policy.[ch] 2014-12-23 21:06:01 +01:00
busname.c sd-bus: sync kdbus.h (API break) 2015-01-12 18:15:45 +01:00
busname.h core: rearrange code so that libsystemd/sd-bus/ does not include header files from core 2014-12-23 19:15:27 +01:00
cgroup.c cgroup: memory limits on / are not supported 2015-01-05 19:04:10 -05:00
cgroup.h scope: make attachment of initial PIDs a bit more robust 2014-12-10 22:06:44 +01:00
dbus-automount.c core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-automount.h core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-busname.c kdbus: when uploading bus name policy, resolve users/groups out-of-process 2014-06-05 13:09:46 +02:00
dbus-busname.h core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-cgroup.c core: introduce new Delegate=yes/no property controlling creation of cgroup subhierarchies 2014-11-05 18:49:14 +01:00
dbus-cgroup.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-device.c core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-device.h core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-execute.c run: add a new "-t" mode for invoking a binary on an allocated TTY 2014-12-23 03:26:24 +01:00
dbus-execute.h core: allow User=, Group=, Nice=, Environment=, Type= to be passed when creating a transient service 2014-02-05 02:03:10 +01:00
dbus-job.c treewide: no need to negate errno for log_*_errno() 2014-11-28 13:29:21 +01:00
dbus-job.h core: Common code for DBus methods that Cancel a job 2014-08-15 14:07:07 +02:00
dbus-kill.c includes: remove duplicate includes 2014-02-10 13:06:31 +01:00
dbus-kill.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-manager.c sd-bus: move common errors src/shared/bus-errors.h → src/libsystemd/sd-bus/bus-common-errors.h 2014-12-10 19:07:48 +01:00
dbus-manager.h bus: add sd_bus_track object for tracking peers, and port core over to it 2014-03-03 02:34:13 +01:00
dbus-mount.c mount: add new SloppyOptions= setting for mount units, mapping to mount(8)'s "-s" switch 2014-06-16 01:02:27 +02:00
dbus-mount.h core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-path.c core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-path.h core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-scope.c sd-bus: move common errors src/shared/bus-errors.h → src/libsystemd/sd-bus/bus-common-errors.h 2014-12-10 19:07:48 +01:00
dbus-scope.h core: introduce new stop protocol for unit scopes 2014-01-31 17:48:36 +01:00
dbus-service.c core: add new logic for services to store file descriptors in PID 1 2015-01-06 03:16:39 +01:00
dbus-service.h core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-slice.c core: rework cgroup mask propagation 2014-02-17 15:49:21 +01:00
dbus-slice.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-snapshot.c mac: add mac_ prefix to distinguish origin security apis 2014-10-28 14:31:48 +01:00
dbus-snapshot.h bus: rework message handlers to always take an error argument 2013-11-21 21:12:36 +01:00
dbus-socket.c socket: suffix newly added TCP sockopt time properties with "Sec" 2014-08-19 21:58:48 +02:00
dbus-socket.h core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-swap.c swap: replace Discard= setting by a more generic Options= setting 2014-10-28 14:31:25 +01:00
dbus-swap.h core: no need to list properties for PropertiesChanged messages anymore 2013-12-22 03:50:52 +01:00
dbus-target.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-target.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
dbus-timer.c timer: timer can be a transient unit 2014-12-08 16:28:56 +01:00
dbus-timer.h timer: timer can be a transient unit 2014-12-08 16:28:56 +01:00
dbus-unit.c core: properly pass unit file state to clients via the bus 2014-12-10 19:58:50 +01:00
dbus-unit.h bus: rework message handlers to always take an error argument 2013-11-21 21:12:36 +01:00
dbus.c sd-bus: move common errors src/shared/bus-errors.h → src/libsystemd/sd-bus/bus-common-errors.h 2014-12-10 19:07:48 +01:00
dbus.h core: Verify systemd1 DBus method callers via polkit 2014-08-18 18:08:28 +02:00
device.c unit: handle nicely of certain unit types are not supported on specific systems 2014-12-15 19:02:17 +01:00
device.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
execute.c core: Fix EACCES check for OOM adjustments 2015-01-13 07:06:31 +01:00
execute.h core: make exec_command_free_list return NULL 2014-12-18 19:26:21 -05:00
failure-action.c manager: print warning on console before reboot 2014-10-27 23:17:49 -04:00
failure-action.h core: introduce "poweroff" as new failure action types 2014-08-22 18:10:31 +02:00
hostname-setup.c treewide: another round of simplifications 2014-11-28 19:57:32 +01:00
hostname-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
ima-setup.c copy: use btrfs reflinking only whe we know we copy full files 2014-12-12 17:30:25 +01:00
ima-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
job.c core: rework counting of running jobs 2015-01-05 17:54:59 +01:00
job.h unit: handle nicely of certain unit types are not supported on specific systems 2014-12-15 19:02:17 +01:00
kill.c core: introduce new KillMode=mixed which sends SIGTERM only to the main process, but SIGKILL to all daemon processes 2014-01-29 13:42:06 +01:00
kill.h core: introduce new KillMode=mixed which sends SIGTERM only to the main process, but SIGKILL to all daemon processes 2014-01-29 13:42:06 +01:00
killall.c treewide: use log_*_errno whenever %m is in the format string 2014-11-28 19:49:27 +01:00
killall.h core: fix order of parameters in broadcast_signal() 2013-11-25 23:03:03 +01:00
kmod-setup.c kmod-setup: simplify kernel command line parsing 2014-11-27 22:05:24 +01:00
kmod-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
load-dropin.c Move dropin listing to shared 2014-12-16 00:30:33 -05:00
load-dropin.h Move dropin listing to shared 2014-12-16 00:30:33 -05:00
load-fragment-gperf.gperf.m4 conf-parse: don't accept invalid bus names as BusName= arguments in service units 2015-01-07 23:44:08 +01:00
load-fragment.c core/load-fragment: avoid allocating 0 bytes when given an invalid command 2015-01-11 23:41:42 -05:00
load-fragment.h conf-parse: don't accept invalid bus names as BusName= arguments in service units 2015-01-07 23:44:08 +01:00
locale-setup.c treewide: no need to negate errno for log_*_errno() 2014-11-28 13:29:21 +01:00
locale-setup.h rework systemd's own process environment handling/passing 2013-07-26 18:40:40 +02:00
loopback-setup.c core: loopback - correctly fail the loopback_check if somehow the rtnl calls fail 2014-12-29 13:07:03 +01:00
loopback-setup.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
machine-id-setup.c tree-wide: spelling fixes 2014-12-30 20:07:04 -05:00
machine-id-setup.h machine-id-setup: add a machine_id_commit call to commit on disk a transient machine-id 2014-12-03 03:41:19 +01:00
macros.systemd.in rpm: add user macros 2014-10-27 22:34:09 -04:00
main.c core: fix typo in log message 2015-01-05 14:13:45 +01:00
Makefile build-sys: add stub makefiles to make emacs easier to use 2012-04-12 13:35:56 +02:00
manager.c Implement masking and overriding of generators 2015-01-11 18:17:33 -05:00
manager.h Implement masking and overriding of generators 2015-01-11 18:17:33 -05:00
mount-setup.c remove unneeded libgen.h includes 2015-01-17 12:26:20 +01:00
mount-setup.h mount-setup: remove mount_setup_late() 2014-11-14 15:18:56 +01:00
mount.c core/mount: remove "fail" again 2015-01-12 12:16:38 -05:00
mount.h core: retry unmounting until we are done, in case of stacked mounts 2014-12-12 20:12:35 +01:00
namespace.c Type of mount(2) flags is unsigned long 2015-01-01 14:39:17 -05:00
namespace.h Type of mount(2) flags is unsigned long 2015-01-01 14:39:17 -05:00
org.freedesktop.systemd1.conf systemctl: add add-wants and add-requires verbs 2014-10-08 12:44:00 +02:00
org.freedesktop.systemd1.policy.in.in polkit: as we dropped support for the polkit bus transport, also drop its polkit policy 2014-10-13 17:19:31 +02:00
org.freedesktop.systemd1.service move more main systemd parts to core/ 2012-04-12 14:24:40 +02:00
path.c util: fix strict aliasing violations in use of struct inotify_event v5 2014-12-24 16:53:04 +01:00
path.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
scope.c scope: make attachment of initial PIDs a bit more robust 2014-12-10 22:06:44 +01:00
scope.h core: watch SIGCHLD more closely to track processes of units with no reliable cgroup empty notifier 2014-02-07 15:14:36 +01:00
selinux-access.c bus: use EUID over UID and fix unix-creds 2015-01-18 13:55:55 +01:00
selinux-access.h selinux-access: fix broken ternary operator 2014-11-21 21:23:39 +01:00
selinux-setup.c manager: print fatal errors on the console too 2014-11-26 15:17:07 -05:00
selinux-setup.h mac: add mac_ prefix to distinguish origin security apis 2014-10-28 14:31:48 +01:00
service.c service: automatically create After= dependency from services to their .busname units, if BusName= is set 2015-01-07 23:44:08 +01:00
service.h core: add new logic for services to store file descriptors in PID 1 2015-01-06 03:16:39 +01:00
show-status.c core: add missing show-status.[ch] 2014-03-03 22:27:25 +01:00
show-status.h core: add missing show-status.[ch] 2014-03-03 22:27:25 +01:00
shutdown.c Implement masking and overriding of generators 2015-01-11 18:17:33 -05:00
slice.c log: rearrange log function naming 2014-11-27 22:05:24 +01:00
slice.h core: general cgroup rework 2013-06-27 04:17:34 +02:00
smack-setup.c treewide: use log_*_errno whenever %m is in the format string 2014-11-28 19:49:27 +01:00
smack-setup.h mac: add mac_ prefix to distinguish origin security apis 2014-10-28 14:31:48 +01:00
snapshot.c sd-bus: move common errors src/shared/bus-errors.h → src/libsystemd/sd-bus/bus-common-errors.h 2014-12-10 19:07:48 +01:00
snapshot.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
socket.c tmpfiles: add new line type 'v' for creating btrfs subvolumes 2014-12-28 02:08:40 +01:00
socket.h socket: introduce SELinuxContextFromNet option 2014-09-19 12:32:06 +02:00
swap.c Add new function to filter fstab options 2015-01-11 23:41:41 -05:00
swap.h swap: drop noauto/nofail bools from Swap structure 2014-10-28 14:31:25 +01:00
system.conf core: Support system.conf.d and user.conf.d directories in the usual search paths 2014-11-29 13:55:31 -05:00
systemd.pc.in pc: no longer expose exec_prefix in .pc file 2014-06-30 23:19:00 +02:00
target.c core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
target.h Add __attribute__((const, pure, format)) in various places 2013-05-02 22:52:09 -04:00
timer.c timer: timer can be a transient unit 2014-12-08 16:28:56 +01:00
timer.h timer: support timers that can resume the system from suspend 2014-03-24 16:24:07 +01:00
transaction.c sd-bus: move common errors src/shared/bus-errors.h → src/libsystemd/sd-bus/bus-common-errors.h 2014-12-10 19:07:48 +01:00
transaction.h core: convert PID 1 to libsystemd-bus 2013-11-20 20:52:36 +01:00
umount.c treewide: use log_*_errno whenever %m is in the format string 2014-11-28 19:49:27 +01:00
umount.h use #pragma once instead of foo*foo #define guards 2012-07-19 12:30:59 +02:00
unit-printf.c Always check asprintf return code 2014-07-26 15:08:41 -04:00
unit-printf.h specifier: rework specifier calls to return proper error message 2013-09-17 10:06:50 -05:00
unit.c core: add new logic for services to store file descriptors in PID 1 2015-01-06 03:16:39 +01:00
unit.h core: add new logic for services to store file descriptors in PID 1 2015-01-06 03:16:39 +01:00
user.conf core: Support system.conf.d and user.conf.d directories in the usual search paths 2014-11-29 13:55:31 -05:00