| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
We already filter out 0, and as -1 is usually special (meaning infinity,
as in USEC_INFINITY) we should better not accept it either. Better safe
than sorry...
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
CMSG_NXTHDR() checks for cmsg->cmsg_len *after* it increased the pointer.
While this makes sense for parsing received messages, that's a pitfall
for code crafting messages with this macro.
Wipe out the allocated memory to fix this.
|
| |
|
|
| |
No change in behaviour, just make the code more obvious.
|
| | |
|
| |
|
|
|
|
| |
- src/systemd/sd-bus.h
- src/systemd/sd-daemon.h
- src/systemd/sd-event.h
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we guarantee that if two event-sources with the same priority
fire at the same time, they're always dispatched in the same order. While
this might sound nice in theory, there's is little benefit in providing
stability on that level. We have no control over the order the events are
reported, hence, we cannot guarantee that we get notified about both at
the same time.
By dropping the stability guarantee, we loose roughly 10% Heap swaps in
the prioq on a desktop cold-boot. Krzysztof Kotlenga even reported up to
20% on his tests. This sounds worth optimizing, so drop the stability
guarantee.
|
| |
|
|
|
|
|
| |
Otherwise a disabled event source can get swapped with an enabled one
and cause a severe sd-event malfunction.
http://lists.freedesktop.org/archives/elogind-devel/2015-September/034356.html
|
| | |
|
| |
|
|
|
|
|
| |
The size of the allocated array for received file descriptors was
incorrectly calculated. This did not matter when a single file
descriptor was received, but for more descriptors the allocation was
insufficient.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure the assert expression is not macro-expanded before
stringification. This makes several assertion failure messages more
readable.
As an example:
assert(streq("foo", "bar"));
I'd rather see this:
Assertion 'streq("foo", "bar")' failed at foo.c:5, function main(). Aborting.
...than this, though awesome, incomprehensible truncated mess:
Assertion '(__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p ((
"foo")) && __builtin_constant_p (("bar")) && (__s1_len = strlen (("foo")), __s2_
len = strlen (("bar")), (!((size_t)(const void *)((("foo")) + 1) - (size_t)(cons
t void *)(("foo")) == 1) || __s1_len >= 4) && (!((size_t)(const void *)((("bar")
) + 1) - (size_t)(const void *)(("bar")) == 1) || __s2_len >= 4)) ? __builtin_st
rcmp (("foo"), ("bar")) : (__builtin_constant_p (("foo")) && ((size_t)(const voi
d *)((("foo")) + 1) - (size_t)(const void *)(("foo")) == 1) && (__s1_len = strle
n (("foo")), __s1_len < 4) ? (__builtin_constant_p (("bar")) && ((size_t)(const
void *)((("bar")) + 1) - (size_t)(const void *)(("bar")) == 1) ? __builtin_strcm
p (("foo"), ("bar")) : (__extension__ ({ const unsigned char *__s2 = (const unsi
gned char *) (const char *) (("bar")); int __result = (((const unsigned char *)
(const char *) (("foo")))[0] - __s2[0]); if (__s1_len > 0 && __result == 0) { __
result = (((const unsigned char *) (const char *) (("foo")))[1] - __s2[1]); if (
__s1_len > 1 && __result == 0) { __result = (((const unsigned char *) (const cha
r *) (("foo")))[2] - __s2[2]); if (__s1_len > 2 && __result == 0) __result = (((
const unsigned char *) (const char *) (("foo")))[3] - __s2[3]); } } __result; })
)) : (__builtin_constant_p (("bar")) && ((size_t)(const void *)((("bar")) + 1) -
(size_t)(const void *)(("bar")) == 1) && (__s2_len = strlen (("bar")), __s2_len
< 4) ? (__builtin_constant_p (("foo")) && ((size_t)(const void *)((("foo")) + 1
) - (size_t)(const void *)(("foo")) == 1) ? __builtin_strcmp (("foo"), ("bar"))
: (- (__extension__ ({ const unsigned char *__s2 = (const unsigned char *) (cons
t char *) (("foo")); int __result = (((const unsigned char *) (const char *) (("
bar")))[0] - __s2[0]); if (__s2_len > 0 && __result == 0) { __result = (((const
unsigned char *) (const char *) (("bar")))[1] - __s2[1]); if (__s2_len > 1 && __
result == 0) { __result = (((const unsigned char *) (const char *) (("bar")))[2]
- __s2[2]); if (__s2_len > 2 && __result == 0)
|
| |
|
|
|
| |
We should never put empty lines between `if` and `else if`, unless we use
braces.
|
| |
|
|
|
| |
CMSG_SPACE(0) may return value other than 0. This caused sendmsg to fail
with EINVAL, when have_pid or n_fds was 0.
|
| |
|
|
|
|
|
|
|
| |
mq_getattr returns -1/EBADF for file descriptors which are not mq.
But we should return 0 in this case.
We first check that fd is a valid fd, so we can assume that if
mq_getattr returns EBADF, it is simply a non-mq fd. There is a slight
race, but there doesn't seem to be a nice way to fix it.
|
| |
|
|
|
|
| |
Makre sure we always return sensible errors for the various, following
the same rules, and document them in a comment in sd-login.c. Also,
update all relevant man pages accordingly.
|
| |
|
|
|
|
|
| |
let's return ENXIO whenever we don't know something rather than ENOENT.
ENOENT suggests this was really about a file or directory, while ENXIO
is a more generic "not found" indicator.
|
| |
|
|
|
| |
Although it is nice to have it read ELOGIND instead of SYSTEMD, all
diffs just show too many irrelevant (false) positives.
|
| |
|
|
|
|
|
|
| |
The patching of elogind in several steps with only partly rebasing on
a common commit with upstream, left the tree in a state, that was
unmergeable with master. By rebasing on master and manually cleaning
up all commits, this merge is now possible.
However, this process left some orphans, that are cleanup now.
|
| |
|
|
|
|
|
|
| |
This commit substitutes all occurrences of
free(foo);
foo = NULL;
with
foo = mfree(foo);
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Check whether printf.h is available and define/undef HAVE_PRINTF_H
accordingly.
* Added src/shared/parse-printf-format.[hc] by Emil Renner Berthing
<systemd@esmil.dk> that provides parse_printf_format() if printf.h
is unavailable
* Added src/basic/musl_missing.h by Juergen Buchmueller
<pullmoll@t-online.de> that implements glibc functions missing in
musl libc as macros.
* Extended src/basic/musl_missing.h and added
src/basic/musl_missing.c providing
- program_invocation_name
- program_invocation_short_name and
- elogind_set_program_name() to set the two where appropriate.
* Added calls to elogind_set_program_name() to all main() functions
where needed.
* A few other fixes to work nicely with musl libc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- src/basic/ioprio.h - removed
- src/basic/ring.h - removed
- src/basic/capability.[hc] - cleaned
- src/basic/cgroup-util.[hc] - cleaned
- src/basic/hostname-util.[hc] - cleaned
- src/basic/path-util.[hc] - cleaned
- src/basic/socket-util.h - cleaned
- src/basic/strv.[hc] - cleaned
- src/basic/time-util.[hc] - cleaned
- src/basic/unit-name.[hc] - cleaned
- src/basic/util.[hc] - cleaned
- src/libelogind/sd-bus/bus-introspect.c - cleaned
- src/login/loginctl.c - cleaned
- src/login/logind-dbus.c - cleaned
- src/login/logind.h - cleaned
- src/shared/conf-parser.[hc] - cleaned
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- src/shared/install.h - removed
- src/basic/unit-name.[hc] - cleaned
- src/core/cgroup.[hc] - cleaned
- src/libelogind/libelogind.sym - cleaned
- src/libelogind/sd-daemon/sd-daemon.c - cleaned
- src/shared/acl-util.[hc] - cleaned
- src/shared/bus-util.[hc] - cleaned
- src/shared/output-mode.h - cleaned
- src/shared/path-lookup.h - cleaned
- src/systemd/sd-daemon.h - cleaned
|
| | |
|
| |
|
|
|
|
|
| |
a) Add some debugging messages to track what's going on with eloginds
cgroup handling.
b) Do not create a cgroup path "/elogind" if our cgroup root is
already "/elogind".
|
| |
|
|
|
|
|
| |
Create a private cgroup tree associated with no controllers, and use it
to map PIDs to sessions. Since we use our own path structure, remove
internal cgroup-related helpers that interpret the cgroup path structure
to pull out users, slices, and scopes.
|
| | |
|
| |
|
|
|
|
|
|
| |
The only function still using librt was
src/shared/clean-ipc.c::clean_posix_mq().
But that function is not really needed, because elogind does not call
mq_open() anywhere, or any other mqueue related functions.
|
| |
|
|
|
|
|
| |
* src/systemd/sd-daemon.h:
* src/libelogind/sd-daemon/sd-daemon.c (sd_is_mq): Remove unused
function that depended on librt. Ultimately we should remove this
header at some point.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
When forking of a child process for connecting to a container, pass
the preicse connection error to the calling process.
We already did this correctly for kdbus busses, let's do so for dbus1
busses, too.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, our introspection data looks like this:
<node>
<interface name="org.freedesktop.DBus.Peer">
...
</interface>
<interface name="org.freedesktop.DBus.Introspectable">
...
</interface>
<interface name="org.freedesktop.DBus.Properties">
...
</interface>
<node name="org"/>
<node name="org/freedesktop"/>
<node name="org/freedesktop/login1"/>
<node name="org/freedesktop/login1/user"/>
<node name="org/freedesktop/login1/user/self"/>
<node name="org/freedesktop/login1/user/_1000"/>
<node name="org/freedesktop/login1/seat"/>
<node name="org/freedesktop/login1/seat/self"/>
<node name="org/freedesktop/login1/seat/seat0"/>
<node name="org/freedesktop/login1/session"/>
<node name="org/freedesktop/login1/session/self"/>
<node name="org/freedesktop/login1/session/c1"/>
</node>
(ordered alphabetically for better visibility)
This is grossly incorrect. The spec says that we're allowed to return
non-directed children, however, it does not allow us to return data
recursively in multiple parents. If we return "org", then we must not
return anything else that starts with "org/".
It is unclear, whether we can include child-nodes as a tree. Moreover, it
is usually not what the caller wants. Hence, this patch changes sd-bus to
never return introspection data recursively. Instead, only a single
child-layer is returned.
This patch relies on enumerators to never return hierarchies. If someone
registers an enumerator via sd_bus_add_enumerator, they better register
sub-enumerators if they support *TRUE* hierarchies. Each enumerator is
treated as a single layer and not filtered.
Enumerators are still allowed to return nested data. However, that data
is still required to be a single hierarchy. For instance, returning
"/org/foo" and "/com/bar" is fine, but including "/com" or "/org" in that
dataset is not.
This should be the default for enumerators and I see no reason to filter
in sd-bus. Moreover, filtering that data-set would require to sort the
strv by path and then do prefix-filtering. This is O(n log n), which
would be fine, but still better to avoid.
Fixes #664.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Whenever we run in a user context, sd_bus_{default_user,open_user}() and
friends should always connect to the user-bus of the current context,
instead of deriving the uid from getuid(). This allows us running
programs via sudo/su, without the nasty side-effect of accidentally
connecting to the root user-bus.
This patch enforces the idea of making su/sudo *not* opening sessions by
default. That is, all they do is raising privileges, but keeping
everything set as before. You can still use su/sudo to open real sessions
by requesting a login-session (or loading pam_elogind otherwise).
However, in this case XDG_RUNTIME_DIR= will not be set (as usual in these
cases), hence, you will not be able to connect to *any* user-bus.
Long story short: With this patch applied, both:
- ./busctl --user
- sudo ./busctl --user
..will successfully connect to the user-bus of the local user.
Fixes #390.
|
| |
|
|
|
|
|
|
|
|
| |
This adds a new sd_pid_get_cgroup() call to sd-login which may be used
to query the control path of a process. This is useful for programs when
making use of delegation units, in order to figure out which subtree has
been delegated.
In light of the unified control group hierarchy this is finally safe to
do, hence let's add a proper API for it, to make it easier to use this.
|
| |
|
|
|
|
| |
Makre sure we always return sensible errors for the various, following
the same rules, and document them in a comment in sd-login.c. Also,
update all relevant man pages accordingly.
|
| |
|
|
|
|
|
| |
session
ENODATA is how we usually indicate such "missing info" cases, so we
should do this here, too.
|
| |
|
|
|
|
| |
This simply factors out the uid validation checks from parse_uid() and
uses them everywhere. This simply verifies that the passed UID is
neither 64bit -1 nor 32bit -1.
|
| |
|
|
|
|
| |
We should never connect to the host bus as fallback if connecting to a
container failed via one method. Otherwise connecting to a dbus1
container will always result in a connection to the host.
|
| |
|
|
|
|
| |
We rely on the correct error used when opening the kdbus device node,
hence let's make sure we pass it up from the namespaced child process to
the process which actually wants to connect.
|
| |
|
|
|
|
|
| |
let's return ENXIO whenever we don't know something rather than ENOENT.
ENOENT suggests this was really about a file or directory, while ENXIO
is a more generic "not found" indicator.
|
| |
|
|
|
| |
Let's help users to debug issues with epoll fd removal by printing the
name of the event source.
|
| |
|
|
|
| |
It's an OK way to check whether a message contains an erro, let's not
consider this a loggable assertion event.
|
| |
|
|
| |
functions.
|
| |
|
|
| |
that got lost during git am transfer.
|
| |
|
|
| |
that got lost during git am transfer.
|
| |
|
|
| |
got lost during git am transfer.
|
| |
|
|
|
|
|
|
| |
If a connection passed KDBUS_HELLO_ACTIVATOR, it cannot do I/O on the
bus. Hence, we should not treat it as proper peer. To actually query it,
you have to explicitly ask for activators.
This makes kdbus in-line with what dbus-daemon does.
|
| |
|
|
|
| |
The function "mfree" should be called instead of "free" at a specific
source code place.
|
