| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
container
This is unfortunately harder to implement than it sounds. The user's bus
is bound a to the user's lifecycle after all (i.e. only exists as long
as the user has at least one PAM session), and the path dynamically (at
least theoretically, in practice it's going to be the same always)
generated via $XDG_RUNTIME_DIR in /run/.
To fix this properly, we'll thus go through PAM before connecting to a
user bus. Which is hard since we cannot just link against libpam in the
container, since the container might have been compiled entirely
differently. So our way out is to use systemd-run from outside, which
invokes a transient unit that does PAM from outside, doing so via D-Bus.
Inside the transient unit we then invoke systemd-stdio-bridge which
forwards D-Bus from the user bus to us. The systemd-stdio-bridge makes
up the PAM session and thus we can sure tht the bus exists at least as
long as the bus connection is kept.
Or so say this differently: if you use "systemctl -M lennart@foobar"
now, the bus connection works like this:
1. sd-bus on the host forks off:
systemd-run -M foobar -PGq --wait -pUser=lennart -pPAMName=login systemd-stdio-bridge
2. systemd-run gets a connection to the "foobar" container's
system bus, and invokes the "systemd-stdio-bridge" binary as
transient service inside a PAM session for the user "lennart"
3. The systemd-stdio-bridge then proxies our D-Bus traffic to
the user bus.
sd-bus (on host) → systemd-run (on host) → systemd-stdio-bridge (in container)
Complicated? Well, to some point yes, but otoh it's actually nice in
various other ways, primarily as it makes the -H and -M codepaths more
alike. In the -H case (i.e. connect to remote host via SSH) a very
similar three steps are used. The only difference is that instead of
"systemd-run" the "ssh" binary is used to invoke the stdio bridge in a
PAM session of some other system. Thus we get similar implementation and
isolation for similar operations.
Fixes: #14580
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We return BUS_ERROR_NO_SUCH_UNIT a.k.a. org.freedesktop.systemd1.NoSuchUnit
in various places. In #16813:
Aug 22 06:14:48 core sudo[2769199]: pam_systemd_home(sudo:account): Failed to query user record: Unit dbus-org.freedesktop.home1.service not found.
Aug 22 06:14:48 core dbus-daemon[5311]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freedesktop.home1.service not found.
Aug 22 06:14:48 core dbus-daemon[5311]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.6564' (uid=0 pid=2769199 comm="sudo su ")
This particular error comes from bus_unit_validate_load_state() in pid1:
case UNIT_NOT_FOUND:
return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT, "Unit %s not found.", u->id);
It seems possible that we should return a different error, but it doesn't really
matter: if we change pid1 to return a different error, we still need to handle
BUS_ERROR_NO_SUCH_UNIT as in this patch to handle pid1 with current code.
|
|
|
|
| |
No code changes, just some refactoring.
|
|
|
|
| |
No code changes, just some refactoring.
|
|
|
|
| |
Just some refactoring, no code changes.
|
| |
|
|
|
|
| |
Just some refactoring, no code changes
|
|
|
|
|
|
| |
set_put()/set_ensure_put() return 0, not -EEXIST, if the entry is already
found in the set. In this case this does not make any difference, but let's
not confuse the reader.
|
|
|
|
|
|
|
|
|
| |
Patch contains a coccinelle script, but it only works in some cases. Many
parts were converted by hand.
Note: I did not fix errors in return value handing. This will be done separate
to keep the patch comprehensible. No functional change is intended in this
patch.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we're using a set with _put_strdup(), most of the time we want to use
string hash ops on the set, and free the strings when done. This defines
the appropriate a new string_hash_ops_free structure to automatically free
the keys when removing the set, and makes set_put_strdup() and set_put_strdupv()
instantiate the set with those hash ops.
hashmap_put_strdup() was already doing something similar.
(It is OK to instantiate the set earlier, possibly with a different hash ops
structure. set_put_strdup() will then use the existing set. It is also OK
to call set_free_free() instead of set_free() on a set with
string_hash_ops_free, the effect is the same, we're just overriding the
override of the cleanup function.)
No functional change intended.
|
|
|
|
|
| |
The output is not very well formatted, but it is still useful when
testing this.
|
| |
|
|
|
|
|
|
| |
The idea is to have a static table that defines the dbus API. The vtable is
defined right next to the interface name and path because they are logically
connected.
|
|
|
|
| |
adds BusLocator variant called bus_message_new_method_call()
|
|
|
|
|
| |
Mechanical rename in response to
https://github.com/systemd/systemd/pull/15331#issuecomment-611472240
|
|\
| |
| | |
CoredumpFilter=
|
| |
| |
| |
| | |
Fixes #6685.
|
|\ \
| | |
| | | |
Show Environment= entries with spaces in systemctl
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes the Environment entries more round-trippable: a similar format is
used for input and output. It is certainly more useful for users, because
showing [unprintable] on anything non-trivial makes systemctl show -p Environment
useless in many cases.
Fixes: #14723 and https://bugzilla.redhat.com/show_bug.cgi?id=1525593.
$ systemctl --user show -p Environment run-*.service
Environment=ASDF=asfd "SPACE= "
Environment=ASDF=asfd "SPACE=\n\n\n"
Environment=ASDF=asfd "TAB=\t\\" "FOO=X X"
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many of the convenience functions from sd-bus operate on verbose sets
of discrete strings for destination/path/interface/member.
For most callers, destination/path/interface are uniform, and just the
member is distinct.
This commit introduces a new struct encapsulating the
destination/path/interface pointers called BusAddress, and wrapper
functions which take a BusAddress* instead of three strings, and just
pass the encapsulated strings on to the sd-bus convenience functions.
Future commits will update call sites to use these helpers throwing
out a bunch of repetitious destination/path/interface strings littered
throughout the codebase, replacing them with some appropriately named
static structs passed by pointer to these new helpers.
|
|
|
|
|
| |
sd_bus_try_close() always returns -EOPNOTSUPP if bus is a valid object.
It nevers returns -EBUSY. So we'd always go into the "fallback" path.
|
|
|
|
|
|
|
|
|
|
| |
This improves the following debug log.
Before:
systemd[1162]: Restricting namespace to: .
After:
systemd[1162]: Restricting namespace to: n/a.
|
|
|
|
|
|
| |
It's enough, complex stuff to warrant its own source file.
No other changes, just splitting out.
|
|
|
|
|
|
|
|
|
|
|
| |
Change the behavior of string arrays in a bus property map. Previously,
passing the same strv pointer to more than one map entry would result in
the old strv being freed and overwritten. With this change, an existing
strv pointer is appended to.
This is important if we want to create one strv comprised of multiple
dependencies. This makes it so callers don't have to create one strv per
dependency and subsequently merge them into one strv.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we fail to start polkit, we get a message like
"org.freedesktop.DBus.Error.NameHasNoOwner: Could not activate remote peer.",
which has no meaning for the caller of our StartUnit method. Let's just
return -EACCES.
$ systemctl start apache
Failed to start apache.service: Could not activate remote peer. (before)
Failed to start apache.service: Access denied (after)
Fixes #13865.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
bus_open_system_watch_bind_with_description()
https://bugzilla.redhat.com/show_bug.cgi?id=1746057
This only affects systemd-resolved. bus_open_system_watch_bind_with_description()
is also used in timesyncd, but it has no methods, only read-only properties, and
in networkd, but it annotates all methods with SD_BUS_VTABLE_UNPRIVILEGED and does
polkit checks.
|
|
|
|
|
|
|
| |
With SYSTEMD_LOG_LOCATION=1, it is much more useful to see the location
where the call to bus_log_{parse,create}_error() was made, rather then
the one-line body of the helper function. Also, it's our internal code,
so having a one-line non-inline function doesn't make much sense anyway.
|
|
|
|
|
| |
It's a special case of strjoin(), so no need to keep both. In particular
as typing strjoin() is even shoert than strappend().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
leds/backlight devices associated with a seat
This augments the drm/input device management by adding a single method
call for setting the brightness of an "leds" or "backlight" kernel class
device.
This method call requires no privileges to call, but a caller can only
change the brightness on sessions that are currently active, and they
must own the session.
This does not do enumeration of such class devices, feature or range
probing, chnage notification; it doesn't help associating graphics or
input devices with their backlight or leds devices. For all that clients
should go directly to udev/sysfs. The SetBrightness() call is just for
executing the actual change operation, that is otherwise privileged.
Example line:
busctl call org.freedesktop.login1 /org/freedesktop/login1/session/self org.freedesktop.login1.Session SetBrightness ssu "backlight" "intel_backlight" 200
The parameter the SetBrightness() call takes are the kernel subsystem
(i.e. "leds" or "backlight"), the device name, and the brightness
value.
On some hw setting the brightness is slow, and implementation and write
access to the sysfs knobs exposes this slowness. Due to this we'll fork
off a writer process in the background so that logind doesn't have to
block. Moreover, write requestes are coalesced: when a write request is
enqueued while one is already being executed it is queued. When another
write reques is then enqueued the earlier one is replaced by the newer
one, so that only one queued write request per device remains at any
time. Method replies are sent as soon as the first write request that
happens after the request was received is completed.
It is recommended that bus clients turn off the "expect_reply" flag on
the dbus messages they send though, that relieves logind from sending
completion notification and is particularly a good idea if clients
implement reactive UI sliders that send a quick secession of write
requests.
Replaces: #12413
|
|
|
|
|
| |
Somehow these got lost in the previous PR, rendering DefaultMemoryMin
not very useful.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In cgroup v2 we have protection tunables -- currently MemoryLow and
MemoryMin (there will be more in future for other resources, too). The
design of these protection tunables requires not only intermediate
cgroups to propagate protections, but also the units at the leaf of that
resource's operation to accept it (by setting MemoryLow or MemoryMin).
This makes sense from an low-level API design perspective, but it's a
good idea to also have a higher-level abstraction that can, by default,
propagate these resources to children recursively. In this patch, this
happens by having descendants set memory.low to N if their ancestor has
DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow
value.
Any affected unit can opt out of this propagation by manually setting
`MemoryLow` to some value in its unit configuration. A unit can also
stop further propagation by setting `DefaultMemoryLow=` with no
argument. This removes further propagation in the subtree, but has no
effect on the unit itself (for that, use `MemoryLow=0`).
Our use case in production is simplifying the configuration of machines
which heavily rely on memory protection tunables, but currently require
tweaking a huge number of unit files to make that a reality. This
directive makes that significantly less fragile, and decreases the risk
of misconfiguration.
After this patch is merged, I will implement DefaultMemoryMin= using the
same principles.
|
|
|
|
|
|
| |
does not exist
Fixes #12209.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
final ref
This doesn't really change much, but feels more correct to do, as it
ensures that all messages currently queued in the bus connections are
definitely unreffed and thus destryoing of the connection object will
follow immediately.
Strictly speaking this change is entirely unnecessary, since nothing
else could have acquired a ref to the connection and queued a message
in, however, now that we have the new sd_bus_close_unref() helper it
makes a lot of sense to use it here, to ensure that whatever happens
nothing that might have been queued fucks with us.
|
|
|
|
| |
All found with "cppcheck --enable=unusedFunction".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The idea is that anything which is related to actually manipulating mounts is
in mount-util.c, but functions for mountpoint introspection are moved to the
new file. Anything which requires libmount must be in mount-util.c.
This was supposed to be a preparation for further changes, with no functional
difference, but it results in a significant change in linkage:
$ ldd build/libnss_*.so.2
(before)
build/libnss_myhostname.so.2:
linux-vdso.so.1 (0x00007fff77bf5000)
librt.so.1 => /lib64/librt.so.1 (0x00007f4bbb7b2000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007f4bbb755000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4bbb734000)
libc.so.6 => /lib64/libc.so.6 (0x00007f4bbb56e000)
/lib64/ld-linux-x86-64.so.2 (0x00007f4bbb8c1000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f4bbb51b000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f4bbb512000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f4bbb4e3000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f4bbb45e000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f4bbb458000)
build/libnss_mymachines.so.2:
linux-vdso.so.1 (0x00007ffc19cc0000)
librt.so.1 => /lib64/librt.so.1 (0x00007fdecb74b000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007fdecb744000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007fdecb6e7000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdecb6c6000)
libc.so.6 => /lib64/libc.so.6 (0x00007fdecb500000)
/lib64/ld-linux-x86-64.so.2 (0x00007fdecb8a9000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fdecb4ad000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fdecb4a2000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fdecb475000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fdecb3f0000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fdecb3ea000)
build/libnss_resolve.so.2:
linux-vdso.so.1 (0x00007ffe8ef8e000)
librt.so.1 => /lib64/librt.so.1 (0x00007fcf314bd000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007fcf314b6000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007fcf31459000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fcf31438000)
libc.so.6 => /lib64/libc.so.6 (0x00007fcf31272000)
/lib64/ld-linux-x86-64.so.2 (0x00007fcf31615000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fcf3121f000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fcf31214000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fcf311e7000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fcf31162000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fcf3115c000)
build/libnss_systemd.so.2:
linux-vdso.so.1 (0x00007ffda6d17000)
librt.so.1 => /lib64/librt.so.1 (0x00007f610b83c000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f610b835000)
libmount.so.1 => /lib64/libmount.so.1 (0x00007f610b7d8000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f610b7b7000)
libc.so.6 => /lib64/libc.so.6 (0x00007f610b5f1000)
/lib64/ld-linux-x86-64.so.2 (0x00007f610b995000)
libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f610b59e000)
libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f610b593000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f610b566000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f610b4e1000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f610b4db000)
(after)
build/libnss_myhostname.so.2:
linux-vdso.so.1 (0x00007fff0b5e2000)
librt.so.1 => /lib64/librt.so.1 (0x00007fde0c328000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fde0c307000)
libc.so.6 => /lib64/libc.so.6 (0x00007fde0c141000)
/lib64/ld-linux-x86-64.so.2 (0x00007fde0c435000)
build/libnss_mymachines.so.2:
linux-vdso.so.1 (0x00007ffdc30a7000)
librt.so.1 => /lib64/librt.so.1 (0x00007f06ecabb000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f06ecab4000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f06eca93000)
libc.so.6 => /lib64/libc.so.6 (0x00007f06ec8cd000)
/lib64/ld-linux-x86-64.so.2 (0x00007f06ecc15000)
build/libnss_resolve.so.2:
linux-vdso.so.1 (0x00007ffe95747000)
librt.so.1 => /lib64/librt.so.1 (0x00007fa56a80f000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007fa56a808000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa56a7e7000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa56a621000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa56a964000)
build/libnss_systemd.so.2:
linux-vdso.so.1 (0x00007ffe67b51000)
librt.so.1 => /lib64/librt.so.1 (0x00007ffb32113000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007ffb3210c000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ffb320eb000)
libc.so.6 => /lib64/libc.so.6 (0x00007ffb31f25000)
/lib64/ld-linux-x86-64.so.2 (0x00007ffb3226a000)
I don't quite understand what is going on here, but let's not be too picky.
|
|
|
|
|
|
|
|
|
|
|
| |
Ideally, coccinelle would strip unnecessary braces too. But I do not see any
option in coccinelle for this, so instead, I edited the patch text using
search&replace to remove the braces. Unfortunately this is not fully automatic,
in particular it didn't deal well with if-else-if-else blocks and ifdefs, so
there is an increased likelikehood be some bugs in such spots.
I also removed part of the patch that coccinelle generated for udev, where we
returns -1 for failure. This should be fixed independently.
|