summaryrefslogtreecommitdiffstats
path: root/src/core/dbus-execute.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: drop !! casts to booleansZbigniew Jędrzejewski-Szmek2018-06-131-1/+1
| | | | | | | | | | | They are not needed, because anything that is non-zero is converted to true. C11: > 6.3.1.2: When any scalar value is converted to _Bool, the result is 0 if the > value compares equal to 0; otherwise, the result is 1. https://stackoverflow.com/questions/31551888/casting-int-to-bool-in-c-c
* core: add new PrivateMounts= unit settingLennart Poettering2018-06-121-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new setting is supposed to be useful in most cases where "MountFlags=slave" is currently used, i.e. as an explicit way to run a service in its own mount namespace and decouple propagation from all mounts of the new mount namespace towards the host. The effect of MountFlags=slave and PrivateMounts=yes is mostly the same, as both cause a CLONE_NEWNS namespace to be opened, and both will result in all mounts within it to be mounted MS_SLAVE. The difference is mostly on the conceptual/philosophical level: configuring the propagation mode is nothing people should have to think about, in particular as the matter is not precisely easyto grok. Moreover, MountFlags= allows configuration of "private" and "slave" modes which don't really make much sense to use in real-life and are quite confusing. In particular PrivateMounts=private means mounts made on the host stay pinned for good by the service which is particularly nasty for removable media mount. And PrivateMounts=shared is in most ways a NOP when used a alone... The main technical difference between setting only MountFlags=slave or only PrivateMounts=yes in a unit file is that the former remounts all mounts to MS_SLAVE and leaves them there, while that latter remounts them to MS_SHARED again right after. The latter is generally a nicer approach, since it disables propagation, while MS_SHARED is afterwards in effect, which is really nice as that means further namespacing down the tree will get MS_SHARED logic by default and we unify how applications see our mounts as we always pass them as MS_SHARED regardless whether any mount namespacing is used or not. The effect of PrivateMounts=yes was implied already by all the other mount namespacing options. With this new option we add an explicit knob for it, to request it without any other option used as well. See: #4393
* path-util: introduce path_simplify()Yu Watanabe2018-06-031-2/+2
| | | | | | | | The function is similar to path_kill_slashes() but also removes initial './', trailing '/.', and '/./' in the path. When the second argument of path_simplify() is false, then it behaves as the same as path_kill_slashes(). Hence, this also replaces path_kill_slashes() with path_simplify().
* namespace: rename parse_protect_{home,system}_or_bool() to ↵Yu Watanabe2018-05-311-2/+2
| | | | | | | protect_{home,system}_or_bool_to_string() Hence, we can define config_parse_protect_{home,system}() by using DEFINE_CONFIG_PARSE_ENUM() macro.
* Merge pull request #8817 from yuwata/cleanup-nsflagsLennart Poettering2018-05-241-1/+1
|\ | | | | core: allow to specify RestrictNamespaces= multiple times
| * nsflsgs: drop namespace_flag_{from,to}_string()Yu Watanabe2018-05-051-1/+1
| | | | | | | | | | | | This also drops namespace_flag_to_string_many_with_check(), and renames namespace_flag_{from,to}_string_many() to namespace_flags_{from,to}_string().
| * nsflags: drop namespace_flag_to_string_many_with_check()Yu Watanabe2018-05-051-1/+1
| | | | | | | | | | We always ignore the unused bits. So, it is not necessary to check them.
* | Merge pull request #8985 from yuwata/bus-macro-3Lennart Poettering2018-05-181-51/+3
|\ \ | | | | | | tree-wide: use BUS_DEFINE_PROPERTY_GET* macros
| * | core: use BUS_DEFINE_PROPERTY_GET* macrosYu Watanabe2018-05-151-51/+3
| | |
* | | Merge pull request #9026 from yuwata/followup-9021Lennart Poettering2018-05-181-2/+8
|\ \ \ | | | | | | | | core: refuse StateDirectory=private
| * | | core: refuse StateDirectory=privateYu Watanabe2018-05-181-2/+8
| |/ / | | | | | | | | | Follow-up for e8865688735ba3bd34297fa89cca6bde7ba33997 (#9021).
* / / rlimit-util: rework rlimit_{from|to}_string() to work without "Limit" prefixLennart Poettering2018-05-171-55/+59
|/ / | | | | | | | | let's make the call more generic, so that we can also easily use it for parsing "RLIMIT_xyz" style constants.
* | dbus-execute: use BUS_DEFINE_PROPERTY_GET* macrosYu Watanabe2018-05-131-54/+3
| |
* | core: send NULL instead of empty stringYu Watanabe2018-05-101-1/+1
| |
* | core: use offsetof() for Syslog{Level,Facility} dbus propertiesYu Watanabe2018-05-101-8/+8
| |
* | core: drop property_get_syscall_errno()Yu Watanabe2018-05-101-19/+1
| |
* | core: drop property_get_{capability_bounding_set,ambient_capabilities}()Yu Watanabe2018-05-101-38/+2
| |
* | core: use BUS_DEFINE_PROPERTY_GET_ENUM() macroYu Watanabe2018-05-101-19/+2
| |
* | core: drop 'bus_' prefix from bus_property_get_protect_{home,system}()Yu Watanabe2018-05-101-6/+4
| |
* | core: simplify property_get_cpu_affinity()Yu Watanabe2018-05-101-4/+1
| |
* | tree-wide: use strv_free_and_replace() macroYu Watanabe2018-05-091-6/+2
|/
* tree-wide: drop spurious newlines (#8764)Lennart Poettering2018-04-191-5/+0
| | | | | | | | Double newlines (i.e. one empty lines) are great to structure code. But let's avoid triple newlines (i.e. two empty lines), quadruple newlines, quintuple newlines, …, that's just spurious whitespace. It's an easy way to drop 121 lines of code, and keeps the coding style of our sources a bit tigther.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* core: don't include libmount.h in a header file (#8580)Michael Olbrich2018-03-261-0/+1
| | | | | | | | | | | | | | | | | linux/fs.h sys/mount.h, libmount.h and missing.h all include MS_* definitions. To avoid problems, only one of linux/fs.h, sys/mount.h and libmount.h should be included. And missing.h must be included last. Without this, building systemd may fail with: In file included from [...]/libmount/libmount.h:31:0, from ../systemd-238/src/core/manager.h:23, from ../systemd-238/src/core/emergency-action.h:37, from ../systemd-238/src/core/unit.h:34, from ../systemd-238/src/core/dbus-timer.h:25, from ../systemd-238/src/core/timer.c:26: [...]/sys/mount.h:57:2: error: expected identifier before numeric constant
* macro: introduce TAKE_PTR() macroLennart Poettering2018-03-221-6/+3
| | | | | | | | | | | | | | | | This macro will read a pointer of any type, return it, and set the pointer to NULL. This is useful as an explicit concept of passing ownership of a memory area between pointers. This takes inspiration from Rust: https://doc.rust-lang.org/std/option/enum.Option.html#method.take and was suggested by Alan Jenkins (@sourcejedi). It drops ~160 lines of code from our codebase, which makes me like it. Also, I think it clarifies passing of ownership, and thus helps readability a bit (at least for the initiated who know the new macro)
* seccomp: rework functions for parsing system call filtersLennart Poettering2018-02-271-2/+2
| | | | | | | | | | | | | | This reworks system call filter parsing, and replaces a couple of "bool" function arguments by a single flags parameter. This shouldn't change behaviour, except for one case: when we recursively call our parsing function on our own syscall list, then we'll lower the log level to LOG_DEBUG from LOG_WARNING, because at that point things are just a problem in our own code rather than in the user configuration we are parsing, and we shouldn't hence generate confusing warnings about syntax errors. Fixes: #8261
* tree-wide: use reallocarray instead of our home-grown realloc_multiply (#8279)Zbigniew Jędrzejewski-Szmek2018-02-261-1/+1
| | | | | | | There isn't much difference, but in general we prefer to use the standard functions. glibc provides reallocarray since version 2.26. I moved explicit_bzero is configure test to the bottom, so that the two stdlib functions are at the bottom.
* core: add DBus API for TemporaryFileSystem=Yu Watanabe2018-02-211-0/+82
|
* core: simplify DBus API for BindPaths=Yu Watanabe2018-02-211-13/+5
|
* core: fix DBus API for AppArmorProfile= and SmackProcessLabel=Yu Watanabe2018-02-211-5/+1
|
* dbus-execute: define bus_set_transient_errno() only if HAVE_SECCOMP (#7869)0xAX2018-01-131-0/+2
| | | | | | | | in other way we will get a warning during build: ../src/core/dbus-util.h:55:13: warning: ‘bus_set_transient_errno’ defined but not used [-Wunused-function] int bus_set_transient_##function(
* dbus-execute: simplify bus_exec_context_set_transient_property()Yu Watanabe2018-01-011-589/+207
|
* core: rename bus_exec_command_set_transient_property() to ↵Yu Watanabe2018-01-011-1/+1
| | | | bus_set_transient_exec_command()
* dbus-execute: use empty_to_null() where it can be applicableYu Watanabe2017-12-231-52/+34
|
* core: implement transient socket unitYu Watanabe2017-12-231-0/+115
|
* core,seccomp: fix logic to parse RestrictAddressFamilies= in dbus-execute.cYu Watanabe2017-12-231-12/+20
| | | | | | | | If multiple RestrictAddressFamilies= settings, some of them are whitelist and the others are blacklist, are sent to bus, then parsing result was corrupted. This fixes the parse logic, now it is the same as one used in load-fragment.c
* core,seccomp: fix logic to parse syscall filter in dbus-execute.cYu Watanabe2017-12-231-40/+23
| | | | | | | | If multiple SystemCallFilter= settings, some of them are whitelist and the others are blacklist, are sent to bus, then the parse result was corrupted. This fixes the parse logic, now it is the same as one used in load-fragment.c
* core: move path_kill_slashes() to managerYu Watanabe2017-12-191-1/+3
|
* core: fix wrong validity checkYu Watanabe2017-12-191-1/+1
|
* tree-wide: use __fsetlocking() instead of fxyz_unlocked()Lennart Poettering2017-12-141-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | Let's replace usage of fputc_unlocked() and friends by __fsetlocking(f, FSETLOCKING_BYCALLER). This turns off locking for the entire FILE*, instead of doing individual per-call decision whether to use normal calls or _unlocked() calls. This has various benefits: 1. It's easier to read and easier not to forget 2. It's more comprehensive, as fprintf() and friends are covered too (as these functions have no _unlocked() counterpart) 3. Philosophically, it's a bit more correct, because it's more a property of the file handle really whether we ever pass it on to another thread, not of the operations we then apply to it. This patch reworks all pieces of codes that so far used fxyz_unlocked() calls to use __fsetlocking() instead. It also reworks all places that use open_memstream(), i.e. use stdio FILE* for string manipulations. Note that this in some way a revert of 4b61c8751135c58be043d86b9fef4c8ec7aadf18.
* core: merge multiple CPUAffinity= settingsYu Watanabe2017-12-061-10/+30
|
* core/dbus-execute: actually set PassEnvironment= (#7510)Yu Watanabe2017-11-301-0/+4
| | | Follow-up for #7444.
* tree-wide: use strv_isempty() instead of strv_length() == 0Lennart Poettering2017-11-291-7/+7
| | | | It's a lot faster in many cases, since it's O(1) rather than O(n).
* core: add proper escaping to writing of drop-ins/transient unit filesLennart Poettering2017-11-291-170/+189
| | | | | | | | | | | | | | | | | | | | | | | | | | | This majorly refactors the transient unit file and drop-in writing logic, so that we properly C-escape and specifier-escape (% → %%) everything we write out, so that when we read it back again, specifiers are parsed that aren't supposed to be parsed. This renames unit_write_drop_in() and friends by unit_write_setting(). The name change is supposed to clarify that the functions are not only used to write drop-in files, but also transient unit files. The previous "mode" parameter to this function is replaced by a more generic "flags", which knows additional flags for implicit C-style and specifier escaping before writing things out. This can cover most properties where either form of escaping is defined. For the cases where this isn't sufficient, we add helpers unit_escape_setting() and unit_concat_strv() for escaping individual strings or strvs properly. While we are at it, we also prettify generation of transient unit files: we try to reduce the number of section headers written out: previously we'd write the right section header our for each setting. With this change we do so only if the setting lives in a different section than the one before. (This should also be considered preparation for when we add proper APIs to systemd to write normal, persistant unit files through the bus API)
* core: drop specifier expansion when parsing transient dbus propertiesLennart Poettering2017-11-291-27/+10
| | | | | | | | | | | | | | | | Specifier expansion (much like C escape handling) should be a helper for writing unit files, but should be nothing we do on programatic APIs. For those, the client can do the necessary replacements anyway, and we really should be careful with doing such string processing of data we get via lower level programmatic APIs. We currently do specifier expansion only for the env var transient unit APIs, no other properties do this. Let's remove it here too, to be fully systematic. Yes, in a way this is API breakage, but then again this API isn't documented yet, and an outlier, hence let's clear this up now, before it is too late.
* Merge pull request #7198 from poettering/stdin-stdoutLennart Poettering2017-11-191-25/+125
|\ | | | | Add StandardInput=data, StandardInput=file:... and more
| * fs-util: rename path_is_safe() → path_is_normalized()Lennart Poettering2017-11-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | Already, path_is_safe() refused paths container the "." dir. Doing that isn't strictly necessary to be "safe" by most definitions of the word. But it is necessary in order to consider a path "normalized". Hence, "path_is_safe()" is slightly misleading a name, but "path_is_normalize()" is more descriptive, hence let's rename things accordingly. No functional changes.
| * core: add support for StandardInputFile= and friendsLennart Poettering2017-11-171-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These new settings permit specifiying arbitrary paths as stdin/stdout/stderr locations. We try to open/create them as necessary. Some special magic is applied: 1) if the same path is specified for both input and output/stderr, we'll open it only once O_RDWR, and duplicate them fd instead. 2) If we an AF_UNIX socket path is specified, we'll connect() to it, rather than open() it. This allows invoking systemd services with stdin/stdout/stderr connected to arbitrary foreign service sockets. Fixes: #3991
| * core: fix handling of transient StandardOutputFileDescriptorName= and friendsLennart Poettering2017-11-171-10/+14
| | | | | | | | | | | | | | Let's make sure to process the fdname first, before changing the actual input/output setting, since the fdname part can fail due to OOM. This way we don't leave half-initialized bits around.
| * core: fold property_get_input_fdname() and property_get_output_fdname() into oneLennart Poettering2017-11-171-32/+20
| | | | | | | | | | | | property_get_output_fdname() already had two different control flows for stdout and stderr, it might as well handle stdin too, thus shortening our code a bit.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 16:32:56 +0100