Richard Maw [Fri, 19 Jun 2015 15:24:37 +0000 (15:24 +0000)]
nspawn: escape paths in overlay mount options
Overlayfs uses , as an option separator and : as a list separator. These
characters are both valid in file paths, so overlayfs allows file paths
which contain these characters to backslash escape these values.
Richard Maw [Tue, 23 Jun 2015 10:57:41 +0000 (10:57 +0000)]
strv: Add strv_shell_escape
This modifies the strv in-place, replacing strings with their escaped
version. It's mostly just a convenience function for when you need to
join a strv together because it's passed as a string to something, and
the separator needs escaping.
Richard Maw [Tue, 23 Jun 2015 10:32:02 +0000 (10:32 +0000)]
util: Add shell_escape
This is for shell-style \ escaping rather than quoting, which while it
has the same effect in produced shell commands, is not exclusively
useful for shell commands.
shell_escape would be useful for producing sed commands, as you would be
able to \ escape the normal special characters, plus whichever argument
separator was chosen; or it could be used to escape arguments passed to
the overlayfs mount command.
Richard Maw [Fri, 19 Jun 2015 15:24:34 +0000 (15:24 +0000)]
strv: convert strv_split_quotes into a generic strv_split_extract
strv_split_extract is to strv_split_quotes as extract_first_word was to
unquote_first_word.
Now there's extract_first_word for extracting a single argument,
extract_many_words for extracting a bounded number of arguments,
and strv_split_extract for extracting an arbitrary number of arguments.
Richard Maw [Tue, 23 Jun 2015 17:00:40 +0000 (17:00 +0000)]
util: Allow non-separator coalescing parsing in extract_first_word
If EXTRACT_DONT_COALESCE_SEPARATORS is passed, then leading separators,
trailing separators and spans of multiple separators aren't skipped, and
empty arguments from before, after or between separators may be extracted.
Richard Maw [Fri, 19 Jun 2015 16:38:06 +0000 (16:38 +0000)]
unquote_first_word: set *p=NULL on termination
To add a flag to allow an empty string to be parsed as an argument, we
need to be able to distinguish between the end of the string, and after
the end of the string, so when we *do* reach the end, let's set *p to
this state.
Richard Maw [Fri, 19 Jun 2015 15:24:29 +0000 (15:24 +0000)]
Convert unquote_*_word users to expect isempty(p) after the last entry
This is so that, when called in a loop, unquote_first_word can
distinguish between reaching the end of a string because it has consumed
all the input before the end, and consuming all the input.
This is important because we later add a flag that allows
https://bugzilla.redhat.com/show_bug.cgi?id=1251334
is about a unit file which has
Environment=TERM=linux PS1=system-upgrade:\w\$\x20
We used to allow that, but after recent tightening of parsing
rules, we barf. Make it clear that this is intentional.
machined: rework state tracking logic for machines
This splits up the stopping logic for machines into two steps: first on
machine_stop() we begin with the shutdown of a machine by queuing the
stop method call for it. Then, in machine_finalize() we actually remove
the rest of its runtime context. This mimics closely how sessions are
handled in logind.
This also reworks the GC logic to strictly check the current state of
the machine unit, rather than shortcutting a few cases, like for example
assuming that UnitRemoved really means a machine is gone (which it isn't
since Reloading might trigger it, see #376).
machined,logind: don't generate errors on signal match functions
If we get a weird signal, then we should log about it, but not return an
error, since sd-bus will not call us again then anymore, but for these
signals we match here we actually do want to be called on the next
invocation.
execute: don't fail if we create the runtime directory from two processes simultaneously
If a service has both ExecStart= and ExecStartPost= set with
Type=simple, then it might happen that we have two children create the
runtime directory of a service (as configured with RuntimeDirectory=) at
the same time. Previously we did this with mkdir_safe() which will
create the dir only if it is missing, but if it already exists will at
least verify the access mode and ownership to match the right values.
This is problematic in this case, since it creates and then adjusts the
settings, thus it might happen that one child creates the directory with
root owner, another one then verifies it, and only afterwards the
directory ownership is fixed by the original child, while the second
child already failed.
With this change we'll now always adjust the access mode, so that we
know that it is right. In the worst case this means we adjust the
mode/ownership even though its unnecessary, but this should have no
negative effect.
Daniel Mack [Wed, 5 Aug 2015 15:47:45 +0000 (17:47 +0200)]
core: dbus: track bus names per unit
Currently, PID1 installs an unfiltered NameOwnerChanged signal match, and
dispatches the signals itself. This does not scale, as right now, PID1
wakes up every time a bus client connects.
To fix this, install individual matches once they are requested by
unit_watch_bus_name(), and remove the watches again through their slot in
unit_unwatch_bus_name().
If the bus is not available during unit_watch_bus_name(), just store
name in the 'watch_bus' hashmap, and let bus_setup_api() do the installing
later.
When the user requests to set hostname, and we are setting both
pretty and static hostnames, and the name is a valid FQDN, we
use it as the static hostname, and unset the pretty hostname.
The change is that a FQDN with a trailing dot is accepted and ignored.
hostname-util: add relax parameter to hostname_is_valid
Tests are modified to check behaviour with relax and without relax.
New tests are added for hostname_cleanup().
Tests are moved a new file (test-hostname-util) because there's
now a bunch of them.
New parameter is not used anywhere, except in tests, so there should
be no observable change.
Alex Crawford [Sat, 1 Aug 2015 03:02:22 +0000 (20:02 -0700)]
networkd: add private options to lease struct
This stores private-zone DHCP options inside of their respective DHCP
lease. These options aren't used by networkd (what would it do with
them?), but saving them will allow other programs to query the values.
To improve performance, the options are stored in ascending order by
tag.
Daniel Mack [Wed, 5 Aug 2015 13:58:39 +0000 (15:58 +0200)]
logind: switch to sd_bus_track helper
Let logind use the sd_bus_track helper object to track the controllers of
sessions. This does not only remove quite some code but also kills the
unconditional matches for all NameOwnerChanged signals.
The latter is something we should never ever do, as it wakes up the daemon
every time a client connects, which doesn't scale.
Richard Maw [Wed, 5 Aug 2015 08:40:36 +0000 (08:40 +0000)]
man: point nspawn --machine to machinectl search-path
The --machine option used to describe searching for machines in
/var/lib/machines, which is not the whole story, so let's link to where
it's described in more detail.
WaLyong Cho [Mon, 27 Jul 2015 17:55:35 +0000 (02:55 +0900)]
core: set default process label only exec label is none
When command path has access label and no SmackProcessLabel= is not
set, default process label will be set. But if the default process
label has no rule for the access label of the command path then smack
access error will be occurred.
So, if the command path has execute label then the child have to set
its label to the same of execute label of command path instead of
default process label.
WaLyong Cho [Mon, 27 Jul 2015 17:43:55 +0000 (02:43 +0900)]
smack-util: revise smack-util apis and add read smack attr apis
- Add smack xattr lookup table
- Unify all of mac_smack_apply_xxx{_fd}() to mac_smack_apply() and
mac_smack_apply_fd().
- Add smack xattr read apis similar with apply apis as
mac_smack_read{_fd}().
David Herrmann [Tue, 4 Aug 2015 11:36:03 +0000 (13:36 +0200)]
bus-proxy: discard invalid environment updates
If the caller provides invalid assignments via
UpdateActivationEnvironment=, we now drop it and warn loudly about it. We
need this to be compatible to dbus1, but we also clearly want to tell the
caller that they better ought to follow POSIX recommendations and use
valid labels only.
Alex Crawford [Tue, 4 Aug 2015 06:11:53 +0000 (23:11 -0700)]
basic: add LIST_INSERT_BEFORE
Similar in function to LIST_INSERT_AFTER, this will insert a new element
into the list before the specified position. If the specified position
is NULL, the element is added as the tail of the list.
Richard Maw [Tue, 4 Aug 2015 08:55:04 +0000 (08:55 +0000)]
machined: Relax path checks for Copy{From,To}
Absolute paths should be sufficient to prevent funny business,
and while path_is_safe() checks this, it also checks whether the path
contains . or .. components, which while odd, aren't a security risk.