| Commit message (Collapse) | Author | Age |
... | |
| |
|
|
|
|
| |
Fixes #6152.
|
|
|
|
|
|
| |
Apart from bugs (as in #6152), this can happen if we ever make
our requirements for environment entries more stringent. As with
the rest of deserialization, we should just warn and continue.
|
|
|
|
| |
We use that quite often, let's implement one clean version of it.
|
|
|
|
|
| |
Quite often we just want to subtract two normal usec_t values, hence
provide an implementation for that.
|
|
|
|
|
|
|
| |
This prevents log_object_internalv from corrupting the stack.
Closes #6147.
Many thanks to Walter Doekes for the code review.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we'd propagate errors returned by user callbacks configured
in vtables back to the users only for method handlers and property
get/set handlers. This does the same for child enumeration and when we
check whether a fallback unit exists.
Without this the failure will be treated as a non-recoverable connection
error and result in connection termination.
Fixes: #6059
|
|
|
|
|
|
| |
services
This is helpful for debugging/testing #5606.
|
|
|
|
|
|
|
|
|
| |
This also alters the documentation to recommend memfds rather than /run
for serializing state across reboots. That's because /run doesn't
actually have the same lifecycle as the fd store, as it is cleared out
on restarts.
Fixes: #5606
|
|
|
|
|
|
|
|
| |
We open the target path with O_DIRECTORY|O_NOFOLLOW, and if that doesn't work,
we call unlink() on the path. In neither case we will follow the symlink, so
we can relax our check to also not follow symlinks.
Fixes #5864.
|
|
|
|
|
| |
No functional change, just a new parameters and the tests that
AT_SYMLINK_NOFOLLOW works as expected.
|
|
|
|
| |
[zj: rename HAVE_IDN to ENABLE_IDN]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also called "ANSI-C Quoting" in info:(bash) ANSI-C Quoting.
The escaping rules are a POSIX proposal, and are described in
http://austingroupbugs.net/view.php?id=249. There's a lot of back-and-forth on
the details of escaping of control characters, but we'll be only using a small
subset of the syntax that is common to all proposals and is widely supported.
Unfortunately dash and fish and maybe some other shells do not support it (see
the man page patch for a list).
This allows environment variables to be safely exported using show-environment
and imported into the shell. Shells which do not support this syntax will have
to do something like
export $(systemctl show-environment|grep -v '=\$')
or whatever is appropriate in their case. I think csh and fish do not support
the A=B syntax anyway, so the change is moot for them.
Fixes #5536.
v2:
- also escape newlines (which currently disallowed in shell values, so this
doesn't really matter), and tabs (as $'\t'), and ! (as $'!'). This way quoted
output can be included directly in both interactive and noninteractive bash.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code is mostly correct, but gcc is trying to outsmart us, and emits a
warning for a "llu vs lu" mismatch, even though they are the same size (on alpha):
src/libelogind/sd-bus/bus-control.c: In function ‘kernel_get_list’:
src/libelogind/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
if (asprintf(&n, ":1.%llu", name->id) < 0) {
^
src/libelogind/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’:
src/libelogind/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
^
This is hard to work around properly, because kdbus.h uses __u64 which is
defined-differently-despite-being-the-same-size then uint64_t. Thus the simple
solution of using %PRIu64 fails on amd64:
src/libelogind/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long long unsigned int}’ [-Werror=format=]
if (asprintf(&c->unique_name, ":1.%"PRIu64, conn_info->id) < 0) {
^~~~~~
Let's just avoid the whole issue for now by silencing the warning.
After the next release, we should just get rid of the kdbus code.
Fixes #5561.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of always letting logind guess what the caller's session is, let's
give it the value from $XDG_SESSION_ID when it is present in the caller's
environment.
Nowadays terminal emulators are often running as services under elogind --user,
and not as part of an actual session, so all loginctl calls which depend on
logind guessing the session will fail. I don't see a reason not to honour
$XDG_SESSION_ID.
This applies to LockSession, UnlockSession, TerminateSession, ActivateSession,
SetUserLinger.
Fixes #6032.
|
|
|
|
| |
Partial fix for #6032.
|
| |
|
|
|
|
|
|
|
|
| |
parameter is NULL
Other functions in sd-login generally allow the output parameter to be NULL, in
which case only the number of items that would be stored in the array is returned.
Be nice and do the same here.
|
|
|
|
|
|
|
| |
C.f. 0543105b0fb13e4243b71a78f62f81fb9dde5d51.
This makes if /run/elogind/{seats,sessions,users} are missing, then
sd_get_seats(), sd_get_sessions() and sd_get_uids() return 0, that is,
an empty list, instead of -ENOENT.
|
|
|
|
|
|
|
|
|
|
| |
The -ENOMEDIUM return value was introduced in v232-1001-g2977724b09,
('core: make hybrid cgroup unified mode keep compat /sys/fs/cgroup/elogind hierarchy'),
and would be returned by cg_pid_get_path_shifted(), but the documented and
expected return value is -ENODATA. Let's just catch ENXIO/ENOMEDIUM and translate
it to ENODATA in all cases.
Complements 171f8f591ff27ebb5ff475b7a9d1f13a846c9331, fixes #6012.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
*scanf functions set errno on i/o error. For sscanf, this doesn't really apply,
so (based on the man page), it seems that errno is unlikely to be ever set to a
useful value. So just ignore errno. The error message includes the string that
was parsed, so it should be always pretty clear why parsing failed.
On the other hand, detect trailing characters and minus prefix that weren't
converted properly. This matches what our safe_ato* functions do. Add tests to
elucidate various edge cases.
|
| |
|
|
|
|
|
| |
DesignWare ARC Processors are a family of 32-bit CPUs from Synopsys
used extensively in SoCs of different vendors.
|
|
|
|
| |
Needed on musl.
|
|
|
|
|
|
|
|
|
|
|
| |
Enable masking the /proc folder using the 'InaccessiblePaths' unit
option.
This also slightly simplify mounts setup as the bind_remount_recursive
function will only open /proc/self/mountinfo once.
This is based on the suggestion at:
https://lists.freedesktop.org/archives/elogind-devel/2017-April/038634.html
|
|
|
|
|
|
|
|
|
|
| |
timex::time::tv_usec and timex::freq can have different sizes
depending on the host architecture. On x32 in particular,
it is 8 bytes long while the long int type is only 4 bytes
long. Hence, using li as a format specifier will trigger
a format error. Thus, introduce a new format specifier
PRI_TIMEX which is defined as PRIi64 on x32 and li
everywhere else.
|
|
|
|
|
| |
We should not leak the internal error from missing directory and treat
that case the same as no machines.
|
|
|
|
| |
After all, we might be running on a non-elogind system.
|
|
|
|
|
| |
E.g. "/user.slice/user-1000.slice/session-15.scope" would cause -ENXIO to be
returned.
|
|
|
|
| |
We'd return -ENXIO, even thoug -ENODATA is documented.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As described by Luke Shumaker:
sd_seat_get_sessions looks at /run/elogind/seats/${seat_name}:SESSIONS to get
the list of sessions (which I believe is correct), and at
/run/elogind/seats/${seat_name}:ACTIVE_SESSIONS for the list of users (which
I believe is incorrect); I believe that it should look at the UIDS field for
the list of users. As far as I can tell, the ACTIVE_SESSIONS field is never
even present in the seats file. I also believe that this has been broken
since the function was first committed almost 6 years ago.
Fixes #5743.
|
|
|
|
|
|
|
|
| |
sd_seat_get_sessions returns two arrays, that in principle should always match:
the session names and corresponding uids. The second array could be shorter only
if parsing or uid conversion fails. But in that case there is no way to tell
*which* uid is wrong, so they are *all* useless. It's better to simplify things and
just return an error if parsing fails.
|
|
|
|
|
|
|
| |
Explain briefly how the concept of "sd_bus_slot" works.
This recently came up on the mailing list, hence let's document this for
the next time.
|
|
|
|
| |
If cunescape succeeds, but the assignment is not valid, uce is not freed.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The condition is on "word", hence we give word instead of rvalue.
An assert would be triggered if !utf8_is_valid(word) is true and
rvalue == NULL, since log_syntax_invalid_utf8 calls utf8_escape_invalid
which calls assert(str).
A test case has been added to test with valid and invalid utf8.
|
|
|
|
|
| |
We provide an independent reimplementation in macro.h, and that's the one
we want to use. Including the system header is unnecessary and confusing.
|
|
|
|
|
|
|
|
| |
All those uses were correct, but I think it's better to be explicit.
Using implicit errno is too error prone, and with this change we can require
(in the sense of a style guideline) that the code is always specified.
Helpful query: git grep -n -P 'log_[^s][a-z]+\(.*%m'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
test-login.c is largely rewritten to use _cleanup_ and give more meaningful
messages (function names are used instead of creative terms like "active
session", so that when something unexpected is returned, it's much easier to
see what function is responsible).
The monitoring part is only activated if '-m' is passed on the command line.
It runs against the information from /run/elogind/ in the live system, but that
should be OK: logind/sd-login interface is supposed to be stable and both
backwards and forwards compatible.
If not running in a login session, some tests are skipped.
Those two changes together mean that it's possible to run test-login in the
test suite.
Tests for sd_pid_get_{unit,user_unit,slice} are added.
|
|
|
|
|
|
|
| |
g++ annoyingly requires a non-empty struct-initializer to initialize all
struct members, in order of declaration.
Signed-off-by: Matthijs van Duin <matthijsvanduin@gmail.com>
|
|
|
|
| |
There should be no functional change.
|
|
|
|
|
| |
This adds a short-iso-precise option for journalctl output. It is similar to
short-iso, but includes microseconds.
|
|
|
|
|
|
|
|
|
|
| |
Since all our python scripts have a proper python3 shebang, there is no benefit
to letting meson autodetect them. On linux, meson will just uses exec(), so the
shebang is used anyway. The only difference should be in how meson reports the
script and that the detection won't fail for (most likely misconfigured)
non-UTF8 locales.
Closes #5855.
|
|
|
|
| |
linkchecker ftw!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6355e75610a8d47fc3ba5ab8bd442172a2cfe574.
The previously mentioned commit inadvertently broke a lot of SELinux related
functionality for both unprivileged users and elogind instances running as
MANAGER_USER. In particular, setting the correct SELinux context after a User=
directive is used would fail to work since we attempt to set the security
context after changing UID. Additionally, it causes activated socket units to
be mislabeled for elogind --user processes since setsockcreatecon() would never
be called.
Reverting this fixes the issues with labeling outlined above, and reinstates
SELinux access checks on unprivileged user services.
|
| |
|
| |
|
| |
|