Commit Graph

1338 Commits

Author SHA1 Message Date
WaLyong Cho
cc56fafeeb mac: rename apis with mac_{selinux/smack}_ prefix 2014-10-23 17:13:15 +02:00
WaLyong Cho
66b6d9d5b5 label: rearrange mandatory access control(MAC) apis
move label apis to selinux-util.ch or smack-util.ch appropriately.
2014-10-23 17:10:05 +02:00
Zbigniew Jędrzejewski-Szmek
cb41ff2922 shared/log: add log_trace as compile-time optional debugging
Repetetive messages can be annoying when running with
SYSTEMD_LOG_LEVEL=debug, but they are sometimes very useful
when debugging problems. Add log_trace which is like log_debug
but becomes a noop unless LOG_TRACE is defined during compilation.
This makes it easy to enable very verbose logging for a subset
of programs when compiling from source.
2014-10-23 00:27:57 -04:00
Zbigniew Jędrzejewski-Szmek
cb6518345f socket-util: use IP address when hostname is not found
socknameinfo_pretty() would fail for addresses without reverse DNS,
but we do not want that to happen.
2014-10-23 00:26:35 -04:00
Zbigniew Jędrzejewski-Szmek
1af719edc5 systemd-upload: print paths in help() 2014-10-23 00:18:15 -04:00
Lennart Poettering
affcf18915 machine: validate machine names using machine_name_is_valid() instead of string_is_safe()
After all, we know have this as generic validator, so let's be correct
and use it wherver applicable.
2014-10-22 23:22:47 +02:00
Lennart Poettering
a5f0359600 resolved: simplify detection of packets from the loopback device
We can simplify our code quite a bit if we explicitly check for the
ifindex being 1 on Linux as a loopback check. Apparently, this is
hardcoded on Linux on the kernel, and effectively exported to userspace
via rtnl and such, hence we should be able to rely on it.
2014-10-22 16:52:38 +02:00
Michal Schmidt
14f27b4e3b strv: use realloc_multiply() to check for multiplication overflow
This could overflow on 32bit, where size_t is the same as unsigned.
2014-10-21 14:36:03 +02:00
Lennart Poettering
97569e154b strv: add an additional overflow check when enlarging strv()s
https://bugs.freedesktop.org/show_bug.cgi?id=76745
2014-10-21 14:01:28 +02:00
Ronny Chevalier
e2e07fec7b shared: remove unused functions
- mkdir_p_prefix: It has never been used
- mkdir_parents_prefix_label: Unused since 1434ae6fd4
2014-10-21 00:40:44 +02:00
Ronny Chevalier
e4746b5738 util: avoid duplication of TIME_T_MAX 2014-10-21 00:38:30 +02:00
Zbigniew Jędrzejewski-Szmek
d677d4df80 systemd: continue switch-root even if umount fails
Leaving the old root around seems better than aborting the
switch.
2014-10-17 10:09:27 -04:00
Lukas Nykryn
7491ccf2cb environment: append unit_id to error messages regarding EnvironmentFile 2014-10-17 16:05:57 +02:00
Zbigniew Jędrzejewski-Szmek
c7e4a7bece missing: remove fanotify
It was only used in readahead.
2014-10-17 08:55:42 -04:00
Michal Sekletar
5e78424f4a selinux: fix potential double free crash in child process
Before returning from function we should reset ret to NULL, thus cleanup
function is nop.

Also context_str() returns pointer to a string containing context but not a
copy, hence we must make copy it explicitly.
2014-10-15 10:58:27 +02:00
Thomas Hindoe Paaboel Andersen
6f53e671aa util: avoid double close of fd
We could end with a double close if we close the fd loop and flush_fd
fails. That would make us goto fail and there we close the fd once
again. This patch sets the fd to the return value for safe_close: -1
A fd with negative value will be ignored by the next call to
safe_close.

CID#996223
2014-10-09 00:19:57 +02:00
Lennart Poettering
5ab99e076c time: functions named "internal" really shouldn't be exported
Also, let's try to make function names descriptive, instead of using
bools for flags.
2014-10-08 22:37:45 +02:00
Lukas Nykryn
e94937df95 systemctl: add add-wants and add-requires verbs 2014-10-08 12:44:00 +02:00
Lukas Nykryn
cb87a73b45 unit: move UnitDependency to unit-name 2014-10-08 12:44:00 +02:00
Jan Synacek
f7101b7368 core: don't allow enabling if unit is masked 2014-10-07 17:08:18 -04:00
Zbigniew Jędrzejewski-Szmek
27c64db6df build-sys: use linux/memfd.h if available
linux/memfd.h was added linux 3.17, so it might not be widely
available for a while.

Also, check if memfd_create is defined, for the HAVE_LINUX_MEMFD_H
check to have a chance of succeeding.

Also, collapse all ifdefs for memfd-related stuff, because they
were all added together so there's no need to check separately.
2014-10-05 19:07:28 -04:00
David Sommerseth
64845bdc82 ask-password: Add --echo to enable echoing the user input
Programs such as OpenVPN may use ask-password for not only retrieving
passwords, but also usernames.  Masking usernames with * seems just silly.

 v2 - Don't mess with termios flags, instead print the input
      instead of an asterix.  Resolves issues with backspace
      and TAB input.

 v3 - Renamed 'do_echo' variables and argument to 'echo'.  Also
      modified the ask_password_{tty,agent,auto} API instead of
      additional wrapper functions.

[zj: undo changes to ask_password_auto, since no callers were using
     the new argument.]
2014-10-05 15:29:41 -04:00
David Herrmann
48fed5c55b pty: optimize read loop
As it turns out, I can actually send data to the pty faster than the
terminal can read. Therefore, make sure we read as much data as possible
but bail out early enough to not cause starvation.

Kernel TTY buffers are 4k, so reduce the overall buffer size, but read
more than once if possible (up to 8 times sounds reasonable).
2014-10-03 15:57:00 +02:00
Zbigniew Jędrzejewski-Szmek
754fc0c720 fileio-label: return error when writing fails
The status of actually writing the file was totally ignored.
2014-10-03 08:58:40 -04:00
Jan Synacek
a62e83b48c journalctl: make --utc work everywhere
The --utc option was introduced by commit
9fd290443f.
Howerver, the implementation was incomplete.
2014-10-03 08:38:01 -04:00
Michal Sekletar
893e72da6b virt: detect that we are running inside the docker container 2014-10-02 17:15:17 +02:00
Zbigniew Jędrzejewski-Szmek
aa08982d62 Fix order and document user unit dirs
Fixup for 718880ba0d 'add a transient user unit directory'.
2014-10-02 11:11:31 -04:00
Zbigniew Jędrzejewski-Szmek
4d5dec2389 Rename user_runtime to user_runtime_dir
This makes this function name similar to user_config_home() and makes
it match the name of the environment variable.
2014-10-02 11:10:35 -04:00
Steven Allen
718880ba0d add a transient user unit directory
This patch adds a transient user unit directory under
`$XDG_RUNTIME_DIR/systemd/user/` and stores transient user-instance
units (such as those created by `systemd-run --user`) under there
instead of putting them in $XDG_CONFIG_HOME/systemd/user/.

Fixes https://bugs.freedesktop.org/show_bug.cgi?id=67331
2014-10-02 10:37:30 -04:00
Jan Synacek
9fd290443f journalctl: add --utc option
Introduce option to display time in UTC.
2014-10-02 14:52:32 +02:00
David Herrmann
fc80861622 barrier: fix up constructor error handling
We cannot rely on "errno" to be non-zero on failure, if we perform
multiple glibc calls. That is, if the first eventfd() call fails, but the
second succeeds, we cleanup the barrier but return 0.

Fix this by always testing the return value immediately. This should also
fix all the coverity warnings.
2014-10-02 08:40:43 +02:00
Thomas Hindoe Paaboel Andersen
cf4acf84c6 Remove repeated includes
In pty.c there was both an include of our pty.h and the system installed pty.h.
The latter contains only two functions openpty and forkpty. We use neither so
I assume it was a typo and removed it. We still compile and pass all tests.
2014-10-01 23:25:50 +02:00
Zbigniew Jędrzejewski-Szmek
acb3b3ddc0 shared: util - use nicer idiom to silence Coverity
Change the other spot too.
2014-10-01 09:34:05 -04:00
Tom Gundersen
c6828d2794 shared: util - use nicer idiom to silence Coverity
Suggested by Zbigniew.
2014-09-30 11:37:28 +02:00
Tom Gundersen
9fb02b1d5d util: silence coverity
Make it clear in the code that ignoring a failed safe_ato?() is intentional.
2014-09-29 20:52:10 +02:00
Zbigniew Jędrzejewski-Szmek
b1d6dcf5a5 Do not format USEC_INFINITY as NULL
systemctl would print 'CPUQuotaPerSecUSec=(null)' for no limit. This
does not look right.

Since USEC_INFINITY is one of the valid values, format_timespan()
could return NULL, and we should wrap every use of it in strna() or
similar. But most callers didn't do that, and it seems more robust to
return a string ("infinity") that makes sense most of the time, even
if in some places the result will not be grammatically correct.
2014-09-29 11:09:39 -04:00
Emil Renner Berthing
37161c5148 make utmp/wtmp support configurable
This adds --disable-utmp option to configure. If it is used, all
utmp-related functionality, including querying runlevel support,
is removed.
2014-09-26 07:48:35 -04:00
Tom Gundersen
4a690c4726 shared: path-util - try to make PATH_FORECH_PREFIX look less wrong
We replace the idiom "X && !(*foo = 0)" with "X && ((*foo = 0), true)".

This is not a functional change, but should hopefully make it less
likely that people and static analyzers believe there is a typo here
(i.e., to make it clear that the intention was not "X && *foo != 0").

Thanks to David Herrmann for the suggestion.
2014-09-25 16:17:58 +02:00
Michal Sekletar
a34286684e localectl: print warning when there are options given on kernel cmdline 2014-09-25 09:19:56 +02:00
Michal Sekletar
a5f6c30da3 fileio: make parse_env_file() return number of parsed items
This commit introduces possibility to call parse_env_file_internal() and hand
over extra argument where we will accumulate how many items were successfully
parsed and pushed by callback. We make use of this in parse_env_file() and
return number of parsed items on success instead of always returning zero.

As a side-effect this commit should fix bug that locale settings in
/etc/locale.conf are not overriden by options passed via kernel command line.
2014-09-25 09:19:56 +02:00
Zbigniew Jędrzejewski-Szmek
493d521d9f Fix warning about unused variable with !SELINUX
src/shared/label.c:255:15: warning: unused variable 'l' [-Wunused-variable]
         char *l = NULL;
               ^
2014-09-23 09:22:40 -04:00
Emil Renner Berthing
8507eb20b6 util: avoid non-portable __WORDSIZE
Lets not unnecessarily rely on __WORDSIZE, which is not clearly specified
by any spec. Use explicit size comparisons if we're not interested in the
WORDSIZE, anyway.

(David: adjust commit message to explain why we do this)
2014-09-22 18:20:21 +02:00
Zbigniew Jędrzejewski-Szmek
ffb6c43e79 exit-status.c: bring EXIT_BUS_ENDPOINT label in line with others 2014-09-22 09:15:49 -04:00
David Herrmann
95d78c7e7c util: add alloca_align()
The alloca_align() helper is the alloca() equivalent of posix_memalign().
As there is no such function provided by glibc, we simply account for
additional memory and return a pointer offset into the allocated memory to
grant the alignment.

Furthermore, alloca0_align() is added, which simply clears the allocated
memory.
2014-09-22 14:27:02 +02:00
Michal Sekletar
16115b0a7b socket: introduce SELinuxContextFromNet option
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.

Implementation of label_get_child_mls_label derived from xinetd.

Reviewed-by: Paul Moore <pmoore@redhat.com>
2014-09-19 12:32:06 +02:00
Tom Gundersen
863f3ce0d0 shared: wtmp-utmp - don't clear store_wtmp in utmp_put_dead_process()
Also modernize a few other things and add comments to explain CID #1237503
and CID #1237504.
2014-09-19 08:06:52 +02:00
Emil Renner Berthing
8e8af4cfc7 shared/sparse-endian.h: add missing byteswap.h include 2014-09-19 00:27:42 +02:00
Emil Renner Berthing
45f15021e3 shared/label.h: add missing stdio.h include 2014-09-19 00:26:49 +02:00
David Herrmann
fb1f4170d0 pty: include linux/ioctl.h for TIOCSIG
TIOCSIG is linux specific, so include the linux ioctl header to make sure
it's defined. We currently rely on some rather non-obvious recursive
includes. Make sure its always defined regardless of the system headers.
2014-09-19 00:26:49 +02:00
Tom Gundersen
77c10205bb shared: conf-parser - don't leak memory on error in DEFINE_CONFIG_PARSE_ENUMV
Found by Coverity. Fixes CID #1237746.
2014-09-18 13:48:44 +02:00