summaryrefslogtreecommitdiffstats
path: root/src/machine/machined-dbus.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* tree-wide: Remove O_CLOEXEC from fdopenChris Down2018-12-121-1/+1
| | | | | | | | | | | | fdopen doesn't accept "e", it's ignored. Let's not mislead people into believing that it actually sets O_CLOEXEC. From `man 3 fdopen`: > e (since glibc 2.7): > Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen() As mentioned by @jlebon in #11131.
* lockfile: drop unnecessary headers from lockfile-util.hYu Watanabe2018-12-061-0/+1
|
* Merge pull request #10920 from yuwata/hashmap-destructorLennart Poettering2018-12-031-4/+4
|\ | | | | hashmap: make hashmap_free() call destructors of key or value
| * machine-image: introduce image_hash_ops and use itYu Watanabe2018-12-021-4/+4
| |
* | util-lib: split out all temporary file related calls into tmpfiles-util.cLennart Poettering2018-12-021-0/+1
|/ | | | | | | | This splits out a bunch of functions from fileio.c that have to do with temporary files. Simply to make the header files a bit shorter, and to group things more nicely. No code changes, just some rearranging of source files.
* import: drop logic of setting up /var/lib/machines as btrfs loopback mountLennart Poettering2018-11-261-30/+1
| | | | | | | | | | | | | | | | | | | Let's simplify things and drop the logic that /var/lib/machines is setup as auto-growing btrfs loopback file /var/lib/machines.raw. THis was done in order to make quota available for machine management, but quite frankly never really worked properly, as we couldn't grow the file system in sync with its use properly. Moreover philosophically it's problematic overriding the admin's choice of file system like this. Let's hence drop this, and simplify things. Deleting code is a good feeling. Now that regular file systems provide project quota we could probably add per-machine quota support based on that, hence the btrfs quota argument is not that interesting anymore (though btrfs quota is a bit more powerful as it allows recursive quota, i.e. that the machine pool gets an overall quota in addition to per-machine quota).
* machined: rework referencing of machine scopes from machined, tooLennart Poettering2018-11-091-9/+26
| | | | | | | | When a machine scope is registered by machined, let's add a reference to it, and change the GC mode so that the unit is cleaned up as soon as machined drops the reference, regardless of the fail state. Fixes: #2809
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* machine: ignore containers which disable private user namespace in ↵Yu Watanabe2018-06-131-0/+8
| | | | | | MapToMachine{User,Group} Fixes #9286.
* machined: move bus_reply_pair_array() into generic utilitiesLennart Poettering2018-05-241-27/+0
| | | | This way, we can reuse it in portabled.
* machined: unify how we forward image method calls from manager to image objectLennart Poettering2018-05-241-171/+17
| | | | | Much like the previous commit, but for Image objects rather than Machine objects.
* machined: introduce a common function for redirecting machine method calls ↵Lennart Poettering2018-05-241-174/+17
| | | | | | | | from manager to machine object Let's shorten the code a bit, and unify how we forward executoin from the machine functions that take a machine name as first argument to the matching functions on the machine object.
* machine-image: rework error handlingLennart Poettering2018-05-241-19/+19
| | | | | | | | | | | Let's rework error handling a bit in image_find() and friends: when we can't find an image, return -ENOENT rather than 0. That's better as before we violated the usual rule in our codebase that return parameters are initialized when the return value is >= 0 and otherwise not touched. This also makes enumeration and validation a bit more strict: we'll only accept ".raw" as suffix for regular files, and filter out this suffix handling on directories/subvolumes, where it makes no sense.
* machine-image: introduce two different classes of imagesLennart Poettering2018-05-241-12/+12
| | | | | | | | | | This distuingishes two different classes of images, one for the purpose of npsawn-like containers, i.e. "machines", and one for portable services. This distinction is mostly about search paths. We look for machine images in /var/lib/machines and for portable images in /var/lib/portables.
* machine: use BUS_DEFINE_PROPERTY_GET* macrosYu Watanabe2018-05-151-14/+1
|
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* fixed 3 occurences of 'Failed top open' (#8349)SjonHortensius2018-03-041-2/+2
|
* tree-wide: introduce new safe_fork() helper and port everything overLennart Poettering2017-12-251-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new safe_fork() wrapper around fork() and makes use of it everywhere. The new wrapper does a couple of things we previously did manually and separately in a safer, more correct and automatic way: 1. Optionally resets signal handlers/mask in the child 2. Sets a name on all processes we fork off right after forking off (and the patch assigns useful names for all processes we fork off now, following a systematic naming scheme: always enclosed in () – in order to indicate that these are not proper, exec()ed processes, but only forked off children, and if the process is long-running with only our own code, without execve()'ing something else, it gets am "sd-" prefix.) 3. Optionally closes all file descriptors in the child 4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe way so that the parent dying before this happens being handled safely. 5. Optionally reopens the logs 6. Optionally connects stdin/stdout/stderr to /dev/null 7. Debug logs about the forked off processes.
* tree-wide: make use of new STRLEN() macro everywhere (#7639)Lennart Poettering2017-12-141-2/+2
| | | | | Let's employ coccinelle to do this for us. Follow-up for #7625.
* machined: port machined's bus APIs to use new image metadata APILennart Poettering2017-11-201-0/+75
| | | | | | | Let's rework the D-Bus APIs GetImageOSRelease() to use the new internal metadata API, to query what it needs to know. Augment it with GetImageHostname(), GetImageMachineID(), GetImageMachineInfo(), that expose the other new APIS.
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* Revert "tree-wide: use pid_is_valid() at more places"Alan Jenkins2017-10-031-1/+1
| | | | | | | | | | | This reverts commit ee043777be58251e7441b4f04594e9e3792d7fb2. It broke almost everywhere it touched. The places that handn't been converted, were mostly followed by special handling for the invalid PID `0`. That explains why they tested for `pid < 0` instead of `pid <= 0`. I think that one was the first commit I reviewed, heh.
* tree-wide: use pid_is_valid() at more placesLennart Poettering2017-08-311-1/+1
|
* machined: expose "UID shift" concept for containersLennart Poettering2017-02-171-0/+21
| | | | | | | | | | | | UID/GID mapping with userns can be arbitrarily complex. Let's break this down to a single admin-friendly parameter: let's expose the UID/GID shift of a container via a new bus call for each container, and let's show this as part of "machinectl status" if it is not 0. This should work for pretty much all real-life full OS container setups (i.e. the stuff machined is suppose to be useful for). For everything else we generate a clean error, clarifying that we can't expose the mapping.
* machined: add API for querying the OS release of a machine imageLennart Poettering2016-12-071-0/+52
| | | | | | | | | | This adds a bus call GetImageOSRelease() to the Manager interface that retrieves the /etc/os-release file of a machine image. It matches the existing GetMachineOSRelease() call, however operates on a disk image rather than a running container. The backend for this call on .raw images is implemented via the generalized image dissector, which makes this scheme relatively easy to implement.
* Rename formats-util.h to format-util.hZbigniew Jędrzejewski-Szmek2016-11-071-1/+1
| | | | | | We don't have plural in the name of any other -util files and this inconsistency trips me up every time I try to type this file name from memory. "formats-util" is even hard to pronounce.
* tree-wide: use %m in calls to sd_bus_error_set_errnofZbigniew Jędrzejewski-Szmek2016-09-141-1/+3
| | | | | sd_bus_error_set_errnof supports %m, so there's no need to call strerror manually.
* util-lib: rework /tmp and /var/tmp handling codeLennart Poettering2016-08-041-1/+1
| | | | | | | | | | | | | | | | | | | | Beef up the existing var_tmp() call, rename it to var_tmp_dir() and add a matching tmp_dir() call (the former looks for the place for /var/tmp, the latter for /tmp). Both calls check $TMPDIR, $TEMP, $TMP, following the algorithm Python3 uses. All dirs are validated before use. secure_getenv() is used in order to limite exposure in suid binaries. This also ports a couple of users over to these new APIs. The var_tmp() return parameter is changed from an allocated buffer the caller will own to a const string either pointing into environ[], or into a static const buffer. Given that environ[] is mostly considered constant (and this is exposed in the very well-known getenv() call), this should be OK behaviour and allows us to avoid memory allocations in most cases. Note that $TMPDIR and friends override both /var/tmp and /tmp usage if set.
* Various fixes for typos found by lintian (#3705)Michael Biebl2016-07-121-1/+1
|
* machined: "machinectl clean" can take a while, do it asynchronously from a ↵Lennart Poettering2016-06-241-35/+179
| | | | | | | | | | | | | | background process This is a follow-up to 5d2036b5f3506bd0ff07042aee8d69c26db32298, and also makes the "machinectl clean" verb asynchronous, after all it's little more than a series of image removals. The changes required to make this happen are a bit more comprehensive as we need to pass information about deleted images back to the client, as well as information about the image we failed on if we failed on one. Hence, create a temporary file in /tmp, serialize that data into, and read it from the parent after the operation is complete.
* machined: add new OpenRootDirectory() call to Machine objectsLennart Poettering2016-04-251-0/+21
| | | | | | | | | | | | | | | | This new call returns a file descriptor for the root directory of a container. This file descriptor may then be used to access the rest of the container's file system, via openat() and similar calls. Since the file descriptor returned is for the file system namespace inside of the container it may be used to access all files of the container exactly the way the container itself would see them. This is particularly useful for containers run directly from loopback media, for example via systemd-nspawn's --image= switch. It also provides access to directories such as /run of a container that are normally not accessible to the outside of a container. This replaces PR #2870. Fixes: #2870
* machinectl: add new "machinectl clean" commandLennart Poettering2016-04-121-0/+88
| | | | | This new command removes all, or all hidden container images that have been downloaded.
* tree-wide: minor formatting inconsistency cleanupsVito Caputo2016-02-231-1/+1
|
* tree-wide: remove Emacs lines from all filesDaniel Mack2016-02-101-2/+0
| | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* machined: add early checks for unrealistically large image/pool sizesLennart Poettering2016-01-271-0/+3
|
* machined: when the pool limit is set to infinity don't resize backing ↵Lennart Poettering2016-01-271-5/+8
| | | | | | | | | loopback file An unlimited quota makes a lot of sense, but we really should try to propagate this onto the loopback file size, since an infinitely sized file makes no sense. Fixes: #2314 #2253
* logind,machined: bump TasksMax=Lennart Poettering2016-01-251-1/+1
| | | | | | | | | Issue #2388 suggests the current TasksMax= setting for user processes is to low. Bump it to 12K. Also, bump the container TasksMax= from 8K to 16K, so that it remains higher than the one for user processes. (Compare: the kernel default limit for processes system-wide is 32K). Fixes #2388
* tree-wide: check if errno is greater than zero (2)Zbigniew Jędrzejewski-Szmek2016-01-131-4/+4
| | | | | Compare errno with zero in a way that tells gcc that (if the condition is true) errno is positive.
* nspawn: set TasksMax in machined instead of nspawnAlban Crequy2015-12-041-0/+4
| | | | https://github.com/systemd/systemd/issues/2016
* tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering2015-11-271-11/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
* tree-wide: use right cast macros for UIDs, GIDs and PIDsLennart Poettering2015-11-171-1/+1
|
* machined,logind: be more careful when accepting PIDs and UIDs from clientsLennart Poettering2015-11-151-0/+3
| | | | Always validate first before we start processing the data.
* util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering2015-10-271-0/+1
|
* util-lib: split out printf() helpers to stdio-util.hLennart Poettering2015-10-271-0/+1
|
* util-lib: split out user/group/uid/gid calls into user-util.[ch]Lennart Poettering2015-10-261-0/+1
|
* util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering2015-10-251-8/+10
| | | | | There are more than enough to deserve their own .c file, hence move them over.
* btrfs: beef-up btrfs support with a limited understanding of quotaLennart Poettering2015-10-221-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | With this change we understand more than just leaf quota groups for btrfs file systems. Specifically: - When we create a subvolume we can now optionally add the new subvolume to all qgroups its parent subvolume was member of too. Alternatively it is also possible to insert an intermediary quota group between the parent's qgroups and the subvolume's leaf qgroup, which is useful for a concept of "subtree" qgroups, that contain a subvolume and all its children. - The remove logic for subvolumes has been updated to optionally remove any leaf qgroups or "subtree" qgroups, following the logic above. - The snapshot logic for subvolumes has been updated to replicate the original qgroup setup of the source, if it follows the "subtree" design described above. It will not cover qgroup setups that introduce arbitrary qgroups, especially those orthogonal to the subvolume hierarchy. This also tries to be more graceful when setting up /var/lib/machines as btrfs. For example, if mkfs.btrfs is missing we don't even try to set it up as loopback device. Fixes #1559 Fixes #1129
* util: drop UID_IS_INVALID() in favour of uid_is_valid()Lennart Poettering2015-09-221-8/+8
| | | | No need to keep both functions, settle on uid_is_valid() for everything.
* bus-util: support details in CheckAuthorization callsMichael Chapman2015-09-051-0/+1
| | | | | | Extra details for an action can be supplied when calling polkit's CheckAuthorization method. Details are a list of key/value string pairs. Custom policy can use these details when making authorization decisions.