summaryrefslogtreecommitdiffstats
path: root/src/machine/machined-dbus.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* machined: userns is only supported for container-class machinesLennart Poettering2015-08-241-0/+12
| | | | We do not support userns for VM machines or for the host itself.
* machined: introduce pseudo-machine ".host" refererring to the host systemLennart Poettering2015-08-241-1/+1
| | | | | | | | | | | | | | Some of the operations machined/machinectl implement are also very useful when applied to the host system (such as machinectl login, machinectl shell or machinectl status), hence introduce a pseudo-machine by the name of ".host" in machined that refers to the host system, and may be used top execute operations on the host system with. This copies the pseudo-image ".host" machined already implements for image related commands. (This commit also adds a PK privilege for opening a PTY in a container, which was previously not accessible for non-root.)
* util: make machine_name_is_valid() a macro and move it to hostname-util.hLennart Poettering2015-08-241-0/+1
| | | | | | | | | | | | | As it turns out machine_name_is_valid() does the exact same thing as hostname_is_valid() these days, as it just invoked that and checked the name length was < 64. However, hostname_is_valid() checks the length against HOST_NAME_MAX anyway (which is 64 on Linux), hence any additional check is redundant. We hence replace machine_name_is_valid() by a macro that simply maps it to hostname_is_valid() but sets the allow_trailing_dot parameter to false. We also move this this call to hostname-util.h, to the same place as the hostname_is_valid() declaration.
* machined: always look for leader PID firstLennart Poettering2015-08-241-6/+7
| | | | | | | When looking for the machine belonging to a PID, always look for the leader first, only then fall back to a cgroup check. We keep direct track of the leader PID, but only indirectly of the cgroup, hence prefer the PID.
* machined: add new OpenShell() bus callLennart Poettering2015-08-241-0/+22
| | | | | | | | | This new bus call opens an interactive shell in a container. It works like the existing OpenLogin() call, but does not involve getty, and instead opens an arbitrary command line. This is similar to "systemd-run -t -M" but is controlled by a specific PolicyKit privilege.
* machined: rework state tracking logic for machinesLennart Poettering2015-08-061-35/+4
| | | | | | | | | | | | | | | This splits up the stopping logic for machines into two steps: first on machine_stop() we begin with the shutdown of a machine by queuing the stop method call for it. Then, in machine_finalize() we actually remove the rest of its runtime context. This mimics closely how sessions are handled in logind. This also reworks the GC logic to strictly check the current state of the machine unit, rather than shortcutting a few cases, like for example assuming that UnitRemoved really means a machine is gone (which it isn't since Reloading might trigger it, see #376). Fixes #376.
* logind,machined: various smaller cleanupsLennart Poettering2015-08-061-2/+1
| | | | | | | | | | | | | Use mfree() where we can. Drop unnecessary {}. Drop unnecessary variable declarations. Cast syscall invocations where explicitly don't care for the return value to (void). Reword a comment.
* machined,logind: don't generate errors on signal match functionsLennart Poettering2015-08-061-2/+2
| | | | | | | If we get a weird signal, then we should log about it, but not return an error, since sd-bus will not call us again then anymore, but for these signals we match here we actually do want to be called on the next invocation.
* nss-mymachines: map userns users of containers to real user namesLennart Poettering2015-07-091-1/+230
| | | | | | | | | | | | | Given a container "foo", that maps user id $UID to container user, using user namespaces, this NSS module extenstion will now map the $UID to a name "vu-foo-$TUID" for the translated UID $UID. Similar, userns groups are mapped to "vg-foo-$TGID" for translated GIDs of $GID. This simple change should make userns users more discoverable. Also, given that many tools like "adduser" check NSS before allocating a UID, should lower the chance of UID range conflicts between tools.
* sd-bus: allow passing NULL as bus parameter to sd_bus_send()Lennart Poettering2015-04-291-2/+2
| | | | | | | | If NULL is specified for the bus it is now automatically derived from the passed in message. This commit also changes a number of invocations of sd_bus_send() to make use of this.
* sd-bus: drop bus parameter from message callback prototypeLennart Poettering2015-04-291-71/+64
| | | | | | This should simplify the prototype a bit. The bus parameter is redundant in most cases, and in the few where it matters it can be derived from the message via sd_bus_message_get_bus().
* machined: make sure to track machine unit states properlyLennart Poettering2015-04-281-9/+46
| | | | | | | | | If a unit is stopped for a moment, we need to invalidate our knowledge of it, otherwise we might be confused by automatic restarts This makes reboots for nspawn containers run as service work correctly. https://bugs.freedesktop.org/show_bug.cgi?id=87428
* shared: add formats-util.hRonny Chevalier2015-04-101-0/+1
|
* shared: the btrfs quota field is called "referenced" not "referred"Lennart Poettering2015-03-101-2/+2
|
* importd: automatically grow /var/lib/machines/ loopback filesystem during ↵Lennart Poettering2015-03-031-3/+5
| | | | | | | | | | | downloads If /var/lib/machines is mounted as btrfs loopback file system in /var/lib/machines.raw with this change we automatically grow the file system as it fills up. After each 10M we write to it during imports, we check the free disk space, and if the fill level grows beyond 66% we increase the size of the file system to 3x the fill level (thus lowering it to 33%).
* machined: also set up /var/lib/machines as btrfs, if "machinectl set-limit" ↵Lennart Poettering2015-03-021-0/+6
| | | | is called
* machined: if /var/lib/machines is backed by a loop file, resize it on ↵Lennart Poettering2015-02-261-0/+4
| | | | | | | | | "machinectl set-limit" When the pool size limit is altered with "machinectl set-limit", then not only set the subvolume quota of the /var/lib/machine subvolume, but also resize the backing loop file and the btrfs file system on it dynamically.
* machined,machinectl: add calls for changing container/VM quotasLennart Poettering2015-02-251-0/+57
|
* machined/machinectl: when "machinectl image-status" is used without ↵Lennart Poettering2015-02-241-0/+91
| | | | arguments show statistics about pool
* remove unused includesThomas Hindoe Paaboel Andersen2015-02-231-9/+0
| | | | | | This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
* machined: open up most of machined's commands to unprivileged clients via ↵Lennart Poettering2015-02-181-9/+13
| | | | PolicyKit
* machined: make "machinectl copy-to" and "machinectl copy-from" server side ↵Lennart Poettering2015-02-171-2/+25
| | | | | | operations This way, any bus client can make use of these calls.
* machined: move logic for bind mounting into containers from machinectl to ↵Lennart Poettering2015-02-171-0/+22
| | | | | | | machined This extends the bus interface, adding BindMountMachine() for bind mounting directories from the host into the container.
* machined: refer to the disk space allocated for an image to "usage" rather ↵Lennart Poettering2015-01-191-1/+1
| | | | | | | than "size" After all, it's closer to the "du"-reported value than to the file sizes...
* Revert "machined: don't force terminate registered machines"Lennart Poettering2014-12-291-2/+0
| | | | | | | | | | This reverts commit 206e7a5f7b55ac61188efd895e65ab26e478cbb2. We actually want to allow shutting down containers that use RegisterMachine() rather than CreateMachine() to register their own unit. It should be safe to do so, since the primary usecase for RegisterMachine() are container managers that run only a single container within their own unit, such as systemd-nspawn.
* machined: ignore spurious errorLennart Poettering2014-12-291-0/+2
|
* machined: don't look for images on each property get, but cache the image ↵Lennart Poettering2014-12-281-31/+11
| | | | object inbetween
* machined: add support for reporting image size via btrfs quotaLennart Poettering2014-12-281-3/+4
|
* machinectl/machined: implement "rename", "clone", "read-only" verbs for ↵Lennart Poettering2014-12-281-0/+87
| | | | machine images
* machined: add "machinectl remove" for removing imagesLennart Poettering2014-12-281-1/+30
|
* machined: Move image discovery logic into src/shared, so that we can make ↵Lennart Poettering2014-12-281-1/+3
| | | | use of it from nspawn
* machined: remove spurious include of <sys/capability.h>Filipe Brandenburger2014-12-251-1/+0
| | | | | | | | They do not use any functions from libcap directly. The CAP_KILL constant in use by these files comes from <linux/capability.h> imported through "missing.h". Tested that "systemd-machined" builds cleanly and works after this change.
* machined: beef up machined image listing with creation/modification times of ↵Lennart Poettering2014-12-251-3/+5
| | | | | | | subvolumes We make use of the btrfs subvol crtime for this, and for gpt images of a manually managed xattr, if we can.
* machined: introduce polkit for OpenLogin() callLennart Poettering2014-12-231-1/+1
| | | | This way "machinectl login" can be opened up to run without privileges.
* machined: add new call OpenMachineLogin() that starts a getty in a container ↵Lennart Poettering2014-12-231-0/+22
| | | | | | | on a pty and returns the pty master fd to the client This is a one-stop solution for "machinectl login", and should simplify getting logins in containers.
* machined: add OpenMachinePTY() bus call for allocating a PTY device within a ↵Lennart Poettering2014-12-231-0/+22
| | | | | | container Then, port "machinectl" over to make use of it.
* machined: add new GetImage() bus call for retrieving the bus path for an imageLennart Poettering2014-12-191-0/+28
|
* machined/machinectl: add logic to show list of available imagesLennart Poettering2014-12-191-0/+53
| | | | | | | | | This adds a new bus call to machined that enumerates /var/lib/container and returns all trees stored in it, distuingishing three types: - GPT disk images, which are files suffixed with ".gpt" - directory trees - btrfs subvolumes
* sd-bus: move common errors src/shared/bus-errors.h → ↵Lennart Poettering2014-12-101-1/+1
| | | | | | src/libsystemd/sd-bus/bus-common-errors.h Stuff in src/shared/ should not use stuff from src/libsystemd/ really.
* machined: reorder method calls in vtableLennart Poettering2014-11-061-1/+1
|
* core: introduce new Delegate=yes/no property controlling creation of cgroup ↵Lennart Poettering2014-11-051-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | subhierarchies For priviliged units this resource control property ensures that the processes have all controllers systemd manages enabled. For unpriviliged services (those with User= set) this ensures that access rights to the service cgroup is granted to the user in question, to create further subgroups. Note that this only applies to the name=systemd hierarchy though, as access to other controllers is not safe for unpriviliged processes. Delegate=yes should be set for container scopes where a systemd instance inside the container shall manage the hierarchies below its own cgroup and have access to all controllers. Delegate=yes should also be set for user@.service, so that systemd --user can run, controlling its own cgroup tree. This commit changes machined, systemd-nspawn@.service and user@.service to set this boolean, in order to ensure that container management will just work, and the user systemd instance can run fine.
* machined: fix address API signaturesLennart Poettering2014-08-041-1/+1
|
* machined: allow registering host-side network interfaces for communication ↵Lennart Poettering2014-07-101-6/+51
| | | | with containers
* machine: properly distuingish created and registered machinesLennart Poettering2014-07-031-1/+2
|
* machinectl: show /etc/os-release information of container in status outputLennart Poettering2014-07-031-0/+22
|
* machined: don't force terminate registered machinesLennart Poettering2014-07-031-0/+1
| | | | | | | When a machine is registered in machined with CreateMachine it is OK to kill the machine when it is terminated, but when an existing unit is simply registered via RegisterMachine we shouldn't do that, as the unit is controlled by somebody else.
* sd-bus: support connecting to remote hosts, directly into containersLennart Poettering2014-07-031-18/+1
| | | | | | | | | | systemctl -H root@foobar:waldi will now show a list of services running on container "waldi" on host "foobar", using "root" for authenticating at "foobar". Since entereing a container requires priviliges, this will only work correctly for root logins.
* machined: add logic to query IP addresses of containersLennart Poettering2014-05-181-23/+22
|
* Remove unnecessary casts in printfsZbigniew Jędrzejewski-Szmek2014-05-151-1/+1
| | | | No functional change expected :)
* machined: fix Kill() bus call on machine objects when "what" is specified as ↵Lennart Poettering2014-03-181-2/+2
| | | | "leader"