summaryrefslogtreecommitdiffstats
path: root/src/shared/dev-setup.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* terminal-util: move lock_dev_console() hereLennart Poettering2024-07-191-17/+0
| | | | | | | | It doesn't really make sense to have that in dev-setup.c, which is mostly about setting up /dev/, creating device nodes and stuff. let's move it to the other stuff that deals with /dev/console's peculiarities.
* dev-setup: Follow /dev/console symlinks when locking /dev/consoleDaan De Meyer2024-06-081-1/+3
| | | | | | systemd-nspawn sets up /dev/console as a symlink to a pty, so let's make sure we follow the symlink when trying to lock /dev/console so we don't fail with ELOOP.
* shared: create inaccessible files with correct security labelChristian Göttsche2024-04-291-2/+2
|
* use FOREACH_ELEMENTMatteo Croce2024-04-181-1/+1
| | | | | | | | Use FOREACH_ELEMENT where possible. Generated with this command, and checked manually: git grep -l 'FOREACH_ARRAY.*ELEMENTSOF' | \ xargs sed -ri 's/FOREACH_ARRAY\((.*), (.*), (ELEMENTSOF.*)\)/FOREACH_ELEMENT(\1, \2)/'
* dev-setup: normalize logging around lock_dev_console()Lennart Poettering2024-02-091-1/+1
| | | | | | | | | Previously this function would log loudly in some cases but not in others. Clean this up, and dont log at all, matching our coding style which says we should either log in all error cases or in none. Both callers of this function do logging already, hence no need to duplicate it here.
* dev-setup: rework make_inaccessible_nodes() around openat() and friendsLennart Poettering2024-01-061-21/+37
| | | | | | | | | | | | Let's operate on fds rather than paths. Make some tweaks to the logic on top: 1. Mark the resulting dir as read-only after we are done. 2. Use the new inode_type_to_string() calls to determine the inode names. 3. If an inode already exists, try to adjust the access mode, just in case. 4. Use FOREACH_ARRAY()
* pid1,vconsole-setup: lock /dev/console instead of the tty deviceZbigniew Jędrzejewski-Szmek2023-10-191-0/+18
| | | | | | | | | | | | | | As requested in https://github.com/systemd/systemd/pull/27867#pullrequestreview-1567161854. /dev/console, /dev/tty0, and /dev/ttyN are "different" device nodes that may point to a single underlying device. We want to use a single lock so that we don't get a race if different writers are using a different device path, so let's just always lock around /dev/console. This effectively makes the locking less granular. Fixup for a0043bfa51281c2374878e2a98cf2a3ee10fd92c. Fixes https://github.com/systemd/systemd/issues/28721. Maybe fixes https://github.com/systemd/systemd/issues/28778 and https://github.com/systemd/systemd/issues/28634.
* label: Rename to label-util.hDaan De Meyer2023-05-301-1/+1
|
* nulstr-util: Declare NULSTR_FOREACH() iterator inlineDaan De Meyer2022-11-111-1/+0
|
* shared: clean up mkdir.h/label.h situationLennart Poettering2021-11-161-0/+1
| | | | | | | | | | Previously the mkdir_label() family of calls was implemented in src/shared/mkdir-label.c but its functions partly declared ins src/shared/label.h and partly in src/basic/mkdir.h (!!). That's weird (and wrong). Let's clean this up, and add a proper mkdir-label.h matching the .c file.
* umask-util: add helper that resets umask until end of current code blockLennart Poettering2021-11-121-2/+1
|
* tree-wide: mark set-but-not-used variables as unused to make LLVM happyFrantisek Sumsal2021-09-151-1/+1
| | | | | | | | | | | | | | LLVM 13 introduced `-Wunused-but-set-variable` diagnostic flag, which trips over some intentionally set-but-not-used variables or variables attached to cleanup handlers with side effects (`_cleanup_umask_`, `_cleanup_(notify_on_cleanup)`, `_cleanup_(restore_sigsetp)`, etc.): ``` ../src/basic/process-util.c:1257:46: error: variable 'saved_ssp' set but not used [-Werror,-Wunused-but-set-variable] _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; ^ 1 error generated. ```
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* tree-wide: fix spelling of "fallback"Zbigniew Jędrzejewski-Szmek2020-08-201-4/+5
| | | | | | Similarly to "setup" vs. "set up", "fallback" is a noun, and "fall back" is the verb. (This is pretty clear when we construct a sentence in the present continous: "we are falling back" not "we are fallbacking").
* nspawn,pid1: pass "inaccessible" nodes from cntr mgr to pid1 payload via ↵Lennart Poettering2020-08-201-16/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /run/host Let's make /run/host the sole place we pass stuff from host to container in and place the "inaccessible" nodes in /run/host too. In contrast to the previous two commits this is a minor compat break, but not a relevant one I think. Previously the container manager would place these nodes in /run/systemd/inaccessible/ and that's where PID 1 in the container would try to add them too when missing. Container manager and PID 1 in the container would thus manage the same dir together. With this change the container manager now passes an immutable directory to the container and leaves /run/systemd entirely untouched, and managed exclusively by PID 1 inside the container, which is nice to have clear separation on who manages what. In order to make sure systemd then usses the /run/host/inaccesible/ nodes this commit changes PID 1 to look for that dir and if it exists will symlink it to /run/systemd/inaccessible. Now, this will work fine if new nspawn and new pid 1 in the container work together. as then the symlink is created and the difference between the two dirs won't matter. For the case where an old nspawn invokes a new PID 1: in this case things work as they always worked: the dir is managed together. For the case where different container manager invokes a new PID 1: in this case the nodes aren't typically passed in, and PID 1 in the container will try to create them and will likely fail partially (though gracefully) when trying to create char/block device nodes. THis is fine though as there are fallbacks in place for that case. For the case where a new nspawn invokes an old PID1: this is were the (minor) incompatibily happens: in this case new nspawn will place the nodes in the /run/host/inaccessible/ subdir, but the PID 1 in the container won't look for them there. Since the nodes are also not pre-created in /run/systed/inaccessible/ PID 1 will try to create them there as if a different container manager sets them up. This is of course not sexy, but is not a total loss, since as mentioned fallbacks are in place anyway. Hence I think it's OK to accept this minor incompatibility.
* shared: fix error handling in make_inaccessible_nodesChristian Göttsche2020-07-111-2/+2
| | | | | | | | _label wrappers return -errno on failure instead of returning -1 and setting global errno. Fixes: 8d9cbd809db492df9d94c0c664bd0d2e53416531 Follow up: #16426
* selinux: create standard user-runtime nodes with default contextChristian Göttsche2020-07-101-2/+2
| | | | | | | | | | | | Currently systemd-user-runtime-dir does not create the files in /run/user/$UID/systemd/inaccessible with the default SELinux label. The user and role part of these labels should be based on the user related to $UID and not based on the process context of systemd-user-runtime-dir. Since v246-rc1 (9664be199af6) /run/user/$UID/systemd is also created by systemd-user-runtime-dir and should also be created with the default SELinux context.
* inaccessible: move inaccessible file nodes to /systemd/ subdir in runtime ↵Lennart Poettering2020-06-091-10/+17
| | | | | | | | | | | | | | dir always Let's make sure $XDG_RUNTIME_DIR for the user instance and /run for the system instance is always organized the same way: the "inaccessible" device nodes should be placed in a subdir of either called "systemd" and a subdir of that called "inaccessible". This way we can emphasize the common behaviour, and only differ where really necessary. Follow-up for #13823
* core: create inaccessible nodes for users when making runtime dirsAnita Zhang2019-12-181-9/+9
| | | | | | To support ProtectHome=y in a user namespace (which mounts the inaccessible nodes), the nodes need to be accessible by the user. Create these paths and devices in the user runtime directory so they can be used later if needed.
* path-util: get rid of prefix_root()Lennart Poettering2019-06-211-2/+2
| | | | | | | | | | | | | | | | | | | prefix_root() is equivalent to path_join() in almost all ways, hence let's remove it. There are subtle differences though: prefix_root() will try shorten multiple "/" before and after the prefix. path_join() doesn't do that. This means prefix_root() might return a string shorter than both its inputs combined, while path_join() never does that. I like the path_join() semantics better, hence I think dropping prefix_root() is totally OK. In the end the strings generated by both functon should always be identical in terms of path_equal() if not streq(). This leaves prefix_roota() in place. Ideally we'd have path_joina(), but I don't think we can reasonably implement that as a macro. or maybe we can? (if so, sounds like something for a later PR) Also add in a few missing OOM checks
* util: split out nulstr related stuff to nulstr-util.[ch]Lennart Poettering2019-03-141-1/+1
|
* dev-setup: generalize logic we use to create "inaccessible" device nodesLennart Poettering2018-11-291-0/+59
| | | | | | | | | Let's generalize this, so that we can use this in nspawn later on, which is pretty useful as we need to be able to mask files from the inner child of nspawn too, where the host's /run/systemd/inaccessible directory is not visible anymore. Moreover, if nspawn can create these nodes on its own before the payload this means the payload can run with fewer privileges.
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* tree-wide: remove Emacs lines from all filesDaniel Mack2016-02-101-2/+0
| | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* shared: include what we useThomas Hindoe Paaboel Andersen2015-12-061-0/+1
| | | | | The next step of a general cleanup of our includes. This one mostly adds missing includes but there are a few removals as well.
* util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering2015-10-271-0/+1
|
* user-util: move UID/GID related macros from macro.h to user-util.hLennart Poettering2015-10-271-2/+3
|
* nspawn: finish user namespace supportLennart Poettering2015-05-211-9/+20
|
* remove unused includesThomas Hindoe Paaboel Andersen2015-02-231-5/+0
| | | | | | This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
* label: unify code to make directories, symlinksLennart Poettering2014-10-231-20/+2
|
* selinux: clean up selinux label function namingLennart Poettering2014-10-231-2/+2
|
* mac: rename apis with mac_{selinux/smack}_ prefixWaLyong Cho2014-10-231-2/+2
|
* core: Beef up PrivateDevices=Lennart Poettering2014-03-191-1/+1
| | | | | Also mount /dev/kdbus, /dev/mqueue and /dev/hugepages into the /dev for namespaced services.
* exec: introduce PrivateDevices= switch to provide services with a private /devLennart Poettering2014-01-201-8/+8
| | | | | | Similar to PrivateNetwork=, PrivateTmp= introduce PrivateDevices= that sets up a private /dev with only the API pseudo-devices like /dev/null, /dev/zero, /dev/random, but not any physical devices in them.
* dev-setup: do not create a dangling /proc/kcore symlinkZbigniew Jędrzejewski-Szmek2013-06-101-1/+7
| | | | | https://bugs.freedesktop.org/show_bug.cgi?id=65382 https://bugs.gentoo.org/472060?id=472060
* dev-setup: make NULL as parameter for dev_setup() equivalent to ""Lennart Poettering2012-08-211-8/+11
|
* dev-setup: allow a path prefix for use in chrootsDave Reisner2012-08-211-3/+13
| | | | | With this adjustment, we can reuse this code elsewhere, such as in nspawn.
* udev: unify /dev static symlink setupKay Sievers2012-04-171-0/+65
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 01:52:04 +0100