summaryrefslogtreecommitdiffstats
path: root/src/sulogin-shell (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: use FORK_RLIMIT_NOFILE_SAFE wherever possibleLennart Poettering2018-12-011-1/+1
| | | | | | | Similar to the previous commit: in many cases no further fd processing needs to be done in forked of children before execve() or any of its flavours are called. In those case we can use FORK_RLIMIT_NOFILE_SAFE instead.
* log: introduce new helper call log_setup_service()Lennart Poettering2018-11-201-3/+1
| | | | | Let's reduce the common boilerplate and have a single setup function used by all service code to setup logging.
* sulogin-shell: Use force if SYSTEMD_SULOGIN_FORCE setAndreas Henriksson2018-10-171-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | When the root account is locked sulogin will either inform you of this and not allow you in or if --force is used it will hand you passwordless root (if using a recent enough version of util-linux). Not being allowed a shell is ofcourse inconvenient, but at the same time handing out passwordless root unconditionally is probably not a good idea everywhere. This patch thus allows to control which behaviour you want by setting the SYSTEMD_SULOGIN_FORCE environment variable to true or false to control the behaviour, eg. via adding this to 'systemctl edit rescue.service' (or emergency.service): [Service] Environment=SYSTEMD_SULOGIN_FORCE=1 Distributions who used locked root accounts and want the passwordless behaviour could thus simply drop in the override file in /etc/systemd/system/rescue.service.d/override.conf Fixes: #7115 Addresses: https://bugs.debian.org/802211
* tree-wide: shorten error logging a bitYu Watanabe2018-08-071-2/+2
| | | | Continuation of 4027f96aa08c73f109aa46b89842ca0e25c9c0e9.
* tree-wide: beautify remaining copyright statementsLennart Poettering2018-06-141-1/+1
| | | | | | Let's unify an beautify our remaining copyright statements, with a unicode ©. This means our copyright statements are now always formatted the same way. Yay.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* process-util: rework wait_for_terminate_and_warn() to take a flags parameterLennart Poettering2018-01-041-1/+1
| | | | | | | | | | | | | This renames wait_for_terminate_and_warn() to wait_for_terminate_and_check(), and adds a flags parameter, that controls how much to log: there's one flag that means we log about abnormal stuff, and another one that controls whether we log about non-zero exit codes. Finally, there's a shortcut flag value for logging in both cases, as that's what we usually use. All callers are accordingly updated. At three occasions duplicate logging is removed, i.e. where the old function was called but logged in the caller, too.
* process-util: add another fork_safe() flag for enabling LOG_ERR/LOG_WARN loggingLennart Poettering2018-01-041-2/+2
|
* tree-wide: introduce new safe_fork() helper and port everything overLennart Poettering2017-12-251-10/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new safe_fork() wrapper around fork() and makes use of it everywhere. The new wrapper does a couple of things we previously did manually and separately in a safer, more correct and automatic way: 1. Optionally resets signal handlers/mask in the child 2. Sets a name on all processes we fork off right after forking off (and the patch assigns useful names for all processes we fork off now, following a systematic naming scheme: always enclosed in () – in order to indicate that these are not proper, exec()ed processes, but only forked off children, and if the process is long-running with only our own code, without execve()'ing something else, it gets am "sd-" prefix.) 3. Optionally closes all file descriptors in the child 4. Optionally sets a PR_SET_DEATHSIG to SIGTERM in the child, in a safe way so that the parent dying before this happens being handled safely. 5. Optionally reopens the logs 6. Optionally connects stdin/stdout/stderr to /dev/null 7. Debug logs about the forked off processes.
* sulogin-shell: replace "^D" by "exit"Zbigniew Jędrzejewski-Szmek2017-12-071-2/+2
| | | | | ^D is a bit cryptic, and advanced users will know that they can use ^D instead of typing exit anyway.
* sulogin-shell: do daemon-reload before starting default targetZbigniew Jędrzejewski-Szmek2017-12-071-8/+39
| | | | | | | | | | | | | If the user modifies configuration, e.g. /etc/fstab, they might forget to tell systemd about the changes. Let's do a reload for them. Note that doing a reload should be safe, because emergency and rescue modes are "single threaded" and nothing should be doing changes at the point where we are exiting from the sushell. Also, daemon-reload can be implicitly called at various moments, so we can ignore the case where the user did some incompatible changes on disk and is counting on systemd never reloading and picking them up. C.f. #7565.
* sulogin-shell: simplify returns from a functionZbigniew Jędrzejewski-Szmek2017-12-071-7/+5
| | | | | | This is actually slightly safer because it allows gcc to make sure that all code paths either call return or are noreturn. But the real motivation is just to follow the usual style and make it a bit shorter.
* meson: place systemd-sulogin-shell in build/Zbigniew Jędrzejewski-Szmek2017-12-071-25/+0
| | | | We do that will all executables so that it's easy to call them.
* Add license headers and SPDX identifiers to meson.build filesZbigniew Jędrzejewski-Szmek2017-11-191-0/+17
| | | | | | | So far I avoided adding license headers to meson files, but they are pretty big and important and should carry license headers like everything else. I added my own copyright, even though other people modified those files too. But this is mostly symbolic, so I hope that's OK.
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* sulogin-shell: switch from shell implementation to a C implementation (#6698)Felipe Sateler2017-09-083-19/+113
|
* sulogin-shell: remove ineffective job mode option from `systemctl isolate` ↵Alan Jenkins2017-08-301-1/+1
| | | | | | | | | | | | | (#6627) `systemctl default` uses job mode `isolate` (see `action_table`). The job mode option is ignored. Note that exiting the emergency shell service by using e.g. `systemctl isolate multi-user` or `systemctl start multi-user.target` already kills `emergency.service`. There's only a potential conflict between your command and the command in systemd-sulogin-shell if you run something like `systemctl start --no-block multi-user.target; exit`. Which is nothing like what we told them to do :).
* build-sys: drop gitignore patterns for in-tree buildsZbigniew Jędrzejewski-Szmek2017-07-181-1/+0
| | | | ... and other autotools-generated files.
* sulogin-shell: avoid heredocsZbigniew Jędrzejewski-Szmek2017-05-301-5/+3
| | | | | | | | They require a writable /tmp dir (in the bash implementation). Let's use echo, and not 'echo -e' since that doesn't seem to be completely portable. Fixes #6052.
* meson: reindent all files with 8 spacesZbigniew Jędrzejewski-Szmek2017-04-241-5/+3
| | | | | | | The indentation for emacs'es meson-mode is added .dir-locals. All files are reindented automatically, using the lasest meson-mode from git. Indentation should now be fairly consistent.
* meson: install systemd-sulogin-shell tooZbigniew Jędrzejewski-Szmek2017-04-241-0/+9
|
* units: simplify rescue.service and emergency.service (#5623)Michael Biebl2017-03-232-0/+15
The emergency.service and rescue.service units have become rather convoluted. We spawn multiple shells and the help text spans multiple lines which makes the units hard to read. Move the logic into a single shell script and call that via ExecStart.