Martin Pitt [Tue, 9 Jun 2015 14:16:56 +0000 (16:16 +0200)]
path-util: Fix path_is_mount_point for parent mount points in symlink mode
When we have a structure like this:
/bin -> /usr/bin
/usr is a mount point
Then path_is_mount_point("/bin", AT_SYMLINK_FOLLOW) needs to look at the pair
/usr/bin and /usr, not at the pair / and /usr/bin, as the latter have different
mount IDs. But we only want to consider the base name, not any parent.
Thus we have to resolve the given path first to get the real parent when
allowing symlinks.
Martin Pitt [Tue, 9 Jun 2015 12:01:06 +0000 (14:01 +0200)]
build-sys: always dist *.policy.in files
Unconditionally dist org.freedesktop.{import1,machine1}.policy.in, like all the
other *.policy.in files. This avoids missing policy files in the tarball.
Spotted by "make distcheck" failure with --disable-importd.
Harald Hoyer [Mon, 1 Jun 2015 15:26:27 +0000 (17:26 +0200)]
cryptsetup: craft a unique ID with the source device
If cryptsetup is called with a source device as argv[3], then craft the
ID for the password agent with a unique device path.
If possible "/dev/block/<maj>:<min>" is used, otherwise the original
argv[3] is used.
This enables password agents like petera [1] to provide a password
according to the source device. The original ID did not carry enough
information and was more targeted for a human readable string, which
is specified in the "Message" field anyway.
With this patch the ID of the ask.XXX ini file looks like this:
ID=cryptsetup:/dev/block/<maj>:<min>
Tom Gundersen [Mon, 8 Jun 2015 20:30:59 +0000 (22:30 +0200)]
man: systemd.link - explain random MAC addresses
Two of the bits in the MAC address are set unconditioanlly, and the rest is randomized,
make this clear in the documentation (as it currently read as if it was all random).
Daniel Mack [Mon, 8 Jun 2015 16:52:25 +0000 (18:52 +0200)]
kmod-setup: split warn flags
Traditionally, we used to warn about ipv6 being a module or being
unavailable. This was changed in b4aa82f16 ("kmod-setup: don't warn
when ipv6 can't be loaded") in a way that neither of the two conditions
will cause a log message.
Now, while running a setup without any IPv6 is completely fine and
shouldn't cause any warning, we should still warn about ipv6 being a
module instead of built-in.
To achieve this, split the boolean warn flag into two: one for a
feature not being built-in but shipped as a module, and one to
print an error when a module is entirely unavailable.
We will, however, still warn if kmod returns anything else than
-ENOENT in the attempt of loading the module, and at the very least,
turn the message into a debug log.
Daniel Mack [Fri, 5 Jun 2015 12:11:26 +0000 (14:11 +0200)]
Add README.md
A README.md allows us to include a badge for the current build status of
Semaphore CI. Keep other information in this file minimal, and avoid
information duplication but point readers to the official README.
David Herrmann [Fri, 5 Jun 2015 13:23:03 +0000 (15:23 +0200)]
bus: don't force send-masks on kdbus buses
Right now we always pass KDBUS_ITEM_ATTACH_FLAGS_RECV to
KDBUS_CMD_BUS_MAKE, effectively forcing every bus connection to do the
same during KDBUS_CMD_HELLO. This used to be a workaround to make sure all
metadata is always present. However, we refrained from that approach and
intend to make all metadata collection solely rely on /proc access
restrictions. Therefore, there is no need to force the send-flags mask on
newly created buses.
Philip Withnall [Fri, 29 May 2015 09:49:21 +0000 (10:49 +0100)]
logind: Fix user_elect_display() to be more stable
The previous implementation of user_elect_display() could easily end up
overwriting the user’s valid graphical session with a new TTY session.
For example, consider the situation where there is one session:
c1, type = SESSION_X11, !stopping, class = SESSION_USER
it is initially elected as the user’s display (i.e. u->display = c1).
If another session is started, on a different VT, the sessions_by_user
list becomes:
c1, type = SESSION_X11, !stopping, class = SESSION_USER
c2, type = SESSION_TTY, !stopping, class = SESSION_USER
In the previous code, graphical = c1 and text = c2, as expected.
However, neither graphical nor text fulfil the conditions for setting
u->display = graphical (because neither is better than u->display), so
the code falls through to check the text variable. The conditions for
this match, as u->display->type != SESSION_TTY (it’s actually
SESSION_X11). Hence u->display is set to c2, which is incorrect, because
session c1 is still valid.
Refactor user_elect_display() to use a more explicit filter and
pre-order comparison over the sessions. This can be demonstrated to be
stable and only ever ‘upgrade’ the session to a more graphical one.
Tom Gundersen [Thu, 4 Jun 2015 14:54:45 +0000 (16:54 +0200)]
sd-event: don't touch fd's accross forks
We protect most of the API from use accross forks, but we still allow both
sd_event and sd_event_source objects to be unref'ed. This would cause
problems as it would unregister sources from the underlying eventfd, hence
also affecting the original instance in the parent process.
This fixes the issue by not touching the fds on unref when done accross a fork,
but still free the memory.
This fixes a regression introduced by
"udevd: move main-loop to sd-event": 693d371d30fee
where the worker processes were disabling the inotify event source in the
main daemon.
Daniel Mack [Thu, 4 Jun 2015 13:39:49 +0000 (15:39 +0200)]
core/mount: skip incomplete mountinfo entries
Skip /proc/mountinfo entries for which libmount returns a NULL pointer
for 'source' or 'target'. This happened on Semaphore CI's build servers
when the test suite is run.
copy_bytes() tries to do the write in chunks, but ima kernel code
needs every rule to be written in one write. Writing the whole file
at once avoids the issue.
Kay Sievers [Wed, 3 Jun 2015 15:17:08 +0000 (17:17 +0200)]
build-sys: disable gc-sections if optimization is disabled
This way, development builds will not rely on gc-sections to
paper over cyclic link dependencies. Newly introduced broken
link requirements will immediatley fail.
build-sys: Work around --with-rootprefix= (empty) not producing /
Since we introduced AX_NORMALIZE_PATH, using --with-rootprefix=/ does
produce an empty string, but using --with-rootprefix= (empty) now
produces "." instead which is wrong.
Work around it until we can find a better solution for AX_NORMALIZE_PATH
upstream at autoconf-archive.
build-sys: Recommend --with-rootprefix=/ for split-usr
Since we started using AX_NORMALIZE_PATH, that is a valid supported
setup and is more explicit than --with-rootprefix= (empty) which is
actually currently broken.
Let's advocate for it in the ./configure suggestion from autogen.sh.
Kay Sievers [Wed, 3 Jun 2015 12:16:36 +0000 (14:16 +0200)]
build-sys: merge libsystemd-label convenience lib
Stop to pretend that we can split selinux related code from other.
We have too many cross-references and it breaks all the time and
I am no longer willing to maintain that mess for no real benefit.
We currently have cyclic dependencies which are only resolved on
machines with gc-sections toolchains. We need a simpler and at the
same time more strict model to manage our convenienc libraries and
linking.
The first thing to give up is the "optimization" of not linking
libselinux for a very few tools. If that is an issue, please fix
the mess that libselinux creates in selinux itself, and do not ask
consumers to work around it.
Michael Biebl [Wed, 3 Jun 2015 12:00:59 +0000 (14:00 +0200)]
systemctl: Use /usr/bin/editor if available
If the EDITOR environment variable is not set, the Debian policy
recommends to use the /usr/bin/editor program as default editor.
This file is managed via the dpkg alternatives mechanism and typically
used in Debian/Ubuntu and derivatives to configure the default editor.
See section 11.4 of the Debian policy [1].
Therefor prefer /usr/bin/editor over specific editors if available.
Daniel Mack [Wed, 3 Jun 2015 11:33:26 +0000 (13:33 +0200)]
util: fix another cunescape() regression
Fix a regression caused by 4034a06d ("util: rework word parsing and c
unescaping code") which broke octal escape sequences.
The reason for this breakage is that cunescape_one() expects 4 characters
in an octal encoding, which is a stray left-over from the old code which
operated on different variables to make the length check.
While at it, add a test case to prevent the same thing from happening
again.
Tom Gundersen [Tue, 2 Jun 2015 21:14:34 +0000 (23:14 +0200)]
udevd: merge manager_new() and manager_listen() again
Now that listen_fds() have been split out, we can safely move the allocation
of the manager object after doing the forking (the fork is done to notify legcay
init-systems that the fds are ready).
Subsequently, we can merge manager_listen() back into managre_new().
This entails a minor behaviour change: the application of permissions to
static device nodes now happens after the fork (but still before notifying
systemd about being ready).
Tom Gundersen [Tue, 2 Jun 2015 21:08:11 +0000 (23:08 +0200)]
udevd: make sd_notify independent of forknig/notify mode
This will simply silently fail on non-systemd systems, so there is no reason
to make it conditional.
Also make it clear that we notify systemd about being ready as the last step
before starting the event loop, whereas the forking might need to happen
earlier.
Tom Gundersen [Tue, 2 Jun 2015 18:57:52 +0000 (20:57 +0200)]
libudev: monitor - set nl_pid when reusing fd in udev_monitor_new_from_netlink_fd
This allows a fd to be created and configured as part of one monitor, to be passed in
to create a second monitor without having to redo any of the configuration.
Tom Gundersen [Tue, 2 Jun 2015 23:53:20 +0000 (01:53 +0200)]
udevd: make cgroup logic independent of socket passing
This should have no behavioural change, but it is odd to tie the cgroup cleaning to
whether or not we are passed sockets.
The point really is if we are guaranteed to be in a dedicated cgroup, so instead
check for our parent being PID1 (we already implicitly only do this on systemd
systems).