sd-bus: update to current kernel version, by splitting off the extended KDBUS_ITEM_PIDS structure from KDBUS_ITEM_CREDS
Also:
- adds support for euid, suid, fsuid, egid, sgid, fsgid fields.
- makes augmentation of creds with data from /proc explicitly
controllable to give apps better control over this, given that this is
racy.
- enables augmentation for kdbus connections (previously we only did it
for dbus1). This is useful since with recent kdbus versions it is
possible for clients to control the metadata they want to send.
- changes sd_bus_query_sender_privilege() to take the euid of the client
into consideration, if known
- when we don't have permissions to read augmentation data from /proc,
don't fail, just don't add the data in
David Herrmann [Tue, 25 Nov 2014 09:24:39 +0000 (10:24 +0100)]
terminal/idev: forward xkb-messages
Properly forward all XKB messages. You can use XKB_LOG_VERBOSITY= to
control the amount of messages sent by XKB. We explicitly set
XKB_LOG_LEVEL to 7 you can use SYSTEMD_LOG_LEVEL to control the log-level
generically.
David Herrmann [Mon, 24 Nov 2014 17:25:30 +0000 (18:25 +0100)]
terminal/idev: use compose tables
Before forwarding keyboard events, feed them into possible compose tables.
This enables Compose-key and Dead-key features.
Few notes:
* REPEAT events are never fed into compose tables. It just doesn't make
sense and is usually not wanted. Compose-sequences are usually hard to
remember and take time to type. Thus, the REPEAT event of the
Compose-key itself would often cancel the compose sequence already.
* Stop resolving symbols for UP events. Anything but keycodes is never
associated to a physical key, but is a one-time action. There is
nothing like UP events for key-symbols!
* Cancel compose-sequences on Multi-Key UP. See the inline comment. We
should make this configurable!
WaLyong Cho [Mon, 24 Nov 2014 11:46:20 +0000 (20:46 +0900)]
smack: introduce new SmackProcessLabel option
In service file, if the file has some of special SMACK label in
ExecStart= and systemd has no permission for the special SMACK label
then permission error will occurred. To resolve this, systemd should
be able to set its SMACK label to something accessible of ExecStart=.
So introduce new SmackProcessLabel. If label is specified with
SmackProcessLabel= then the child systemd will set its label to
that. To successfully execute the ExecStart=, accessible label should
be specified with SmackProcessLabel=.
Additionally, by SMACK policy, if the file in ExecStart= has no
SMACK64EXEC then the executed process will have given label by
SmackProcessLabel=. But if the file has SMACK64EXEC then the
SMACK64EXEC label will be overridden.
David Herrmann [Mon, 24 Nov 2014 14:39:00 +0000 (15:39 +0100)]
build-sys: support local ./configure arguments
I often want to use the awesome "./autogen.sh [cmd]" arguments, but have
to append some custom ./configure options. For now, I always had to edit
autogen.sh manually, or copy the full commands out of it and run it
myself.
As I think this is super annoying, this commit adds support for
".config.args" files in $topdir. If it exists, any content is just
appended to $args, thus to any ./configure invokation of autogen.sh.
Maybe autotools provide something similar out-of-the-box. In that case,
feel free to revert this and lemme know!
David Herrmann [Mon, 24 Nov 2014 14:12:42 +0000 (15:12 +0100)]
localed: validate xkb keymaps
Introduce a new optional dependency on libxkbcommon for systemd-localed.
Whenever the x11 keymap settings are changed, use libxkbcommon to compile
the keymap. If the compilation fails, print a warning so users will get
notified.
On compilation failure, we still update the keymap settings for now. This
patch just introduces the xkbcommon infrastructure to have keymap
validation in place. We can later decide if/how we want to enforce this.
cryptsetup: default to no hash when keyfile is specified
For plain dm-crypt devices, the behavior of cryptsetup package is to
ignore the hash algorithm when a key file is provided. It seems wrong
to ignore a hash when it is explicitly specified, but we should default
to no hash if the keyfile is specified.
Lukas Nykryn [Thu, 20 Nov 2014 15:06:18 +0000 (16:06 +0100)]
dbus: return non-zero return value in the case that prefix won't match
strv_extend returns 0 in the case of success which means that
else if (bus_track_deserialize_item(&m->deserialized_subscribed, l) == 0)
log_warning("Unknown serialization item '%s'", l);
will be printed when value is added correctly.
The previous version was a bit too vague. It is better
to simply list all dependency types that are followed.
Previous version also made an emphasis on dependencies introduced by
configuration. But this command (or systemd) don't care about this
distinction between configured and automatically added dependencies at
all. This distinctionis removed from the main description, and an
explanatory paragraph is added to remind the user that all
dependencies are shown, no matter where they come from.
Richard Schütz [Fri, 21 Nov 2014 20:44:48 +0000 (21:44 +0100)]
nspawn: ignore EEXIST when mounting tmpfs
commit 79d80fc1466512d0ca211f4bfcd9de5f2f816a5a introduced a regression that
prevents mounting a tmpfs if the mount point already exits in the container's
root file system. This commit fixes the problem by ignoring EEXIST.
systemd-run would fail when run with -M or -H and an absolute path,
if this path did not exists locally. Allow it to continue, since we
don't have a nice way of checking if the binary exists remotely.
The case where -M or -H is used and a local path is unchanged, and we
still iterate over $PATH to find the binary. We need to convert to an
absolute path, and we don't have a nice mechanism to check remotely,
so we assume that the binary will be located in the same place locally
and remotely.
Mips has getrandom() too, but there's just too many variants
for me too care. Either someone who cares does it, or they get
compile-time warnings with old kernel headers.
man: add emacs header to get correct indention in nxml-mode for the manpage XML files that use 2ch indenting
In the long run we really should figure out if we want to stick with 8ch
or 2ch indenting, and not continue with half-and-half. For now, just
make emacs aware of the files that use 2ch indenting.
Martin Pitt [Thu, 20 Nov 2014 13:30:52 +0000 (14:30 +0100)]
nspawn: Add try-{host,guest} journal link modes
--link-journal={host,guest} fail if the host does not have persistent
journalling enabled and /var/log/journal/ does not exist. Even worse, as there
is no stdout/err any more, there is no error message to point that out.
Introduce two new modes "try-host" and "try-guest" which don't fail in this
case, and instead just silently skip the guest journal setup.
Change -j to mean "try-guest" instead of "guest", and fix the wrong --help
output for it (it said "host" before).
Change systemd-nspawn@.service.in to use "try-guest" so that this unit works
with both persistent and non-persistent journals on the host without failing.
logind.service is a D-Bus service, hence we should use the dbus name as
indication that we are up. Type=dbus is implied if BusName= is
specified, as it is in this case.
This removes a warning that is printed because a BusName= is specified
for a Type=notify unit.
Martin Pitt [Thu, 20 Nov 2014 13:37:08 +0000 (14:37 +0100)]
tmpfiles.d: Create /var/lib/containers
Create /var/lib/containers so that it exists with an appropriate mode. We want
0700 by default so that users on the host aren't able to call suid root
binaries in the container. This becomes a security issue if a user can enter a
container as root, create a suid root binary, and call that from the host.
(This assumes that containers are caged by mandatory access control or are
started as user).
Dave Reisner [Wed, 19 Nov 2014 13:13:34 +0000 (08:13 -0500)]
systemd-logind.service: set Type=notify
The code already calls sd_notify("READY=1"), so we may as well take
advantage of the startup behavior in the unit. The same was done for
the journal in a87a38c20.
Dan Williams [Tue, 18 Nov 2014 23:01:20 +0000 (17:01 -0600)]
sd-dhcp-client: allow getting/setting the client ID
The client identifier can be in many different formats, not just
the one that systemd creates from the Ethernet MAC address. Non-
ethernet interfaces may have different client IDs formats. Users
may also have custom client IDs that the wish to use to preserve
lease options delivered by servers configured with the existing
client ID.
Dan Williams [Tue, 4 Nov 2014 17:20:43 +0000 (11:20 -0600)]
sd-dhcp-client: fix REBOOT state handling
client->secs wasn't getting set in the REBOOT state, causing
an assertion. REBOOT should work the same way as INIT, per
RFC 2131:
secs 2 Filled in by client, seconds elapsed since client
began address acquisition or renewal process.
REBOOT is necessary because some DHCP servers (eg on
home routers) do not hand back the same IP address unless the
'ciaddr' field is filled with that address, which DISCOVER
cannot do per the RFCs. This leads to multiple leases
on machine reboot or DHCP client restart.
Ronny Chevalier [Sun, 9 Nov 2014 14:42:23 +0000 (15:42 +0100)]
udev: silence TOCTOU warning when creating a directory
CID#979416. There is no real race here to fix, but lets make coverity
happy and rework the code.
Note that we still fail if the directory is removed _after_ we ran
mkdir(), so the same race is still there. Coverity is complaining, though.
Rewrite the code to make it happy.
(David: rewrote the commit-message to note that this is not a race. If I'm
wrong, blame me, not Ronny!)
autogen: drop unnecessary -Wno-gnu for the clang shortcut
It is no longer necessary after 65e3a2cf7c3b399853dd309f702ca5078b7d16ea
where -Wno-gnu-variable-sized-type-not-at-end is added if we detect
that the compiler is clang.
The access check call was broken (as it tried to read a service name
from the UpdateActivationEnvironment() method call which doesn't carry
any). Also, it's unnecessary to make any access checks here, as we just
forward the call to PID 1 which should do the access checks necessary.
Daniel Mack [Fri, 14 Nov 2014 14:18:56 +0000 (15:18 +0100)]
mount-setup: remove mount_setup_late()
Turns out we can just do kmod_setup() earlier, before we do mount_setup(),
so there's no need for mount_setup_late() anymore. Instead, put kdbusfs in
mount_table[].
Daniel Mack [Thu, 13 Nov 2014 19:33:03 +0000 (20:33 +0100)]
sd-bus: sync with kdbus upstream (ABI break)
kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:
* Each time a file system of this type is mounted, a new kdbus
domain is created.
* The layout inside each mount point is the same as before, except
that domains are not hierarchically nested anymore.
* Domains are therefore also unnamed now.
* Unmounting a kdbusfs will automatically also detroy the
associated domain.
* Hence, the action of creating a kdbus domain is now as
privileged as mounting a filesystem.
* This way, we can get around creating dev nodes for everything,
which is last but not least something that is not limited by
20-bit minor numbers.
The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.
A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().
Daniel Mack [Thu, 13 Nov 2014 10:59:29 +0000 (11:59 +0100)]
bus-proxyd: temporarily disable policy checks again
There are issues to investigate on with policies shipped by some
packages, which we'll address later. Move that topic out of the
way for now to bring sd-bus in sync with upstream kdbus.