| Commit message (Collapse) | Author | Age |
... | |
|
|
|
| |
We use that quite often, let's implement one clean version of it.
|
|
|
|
|
| |
Quite often we just want to subtract two normal usec_t values, hence
provide an implementation for that.
|
|
|
|
|
|
|
| |
This prevents log_object_internalv from corrupting the stack.
Closes #6147.
Many thanks to Walter Doekes for the code review.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we'd propagate errors returned by user callbacks configured
in vtables back to the users only for method handlers and property
get/set handlers. This does the same for child enumeration and when we
check whether a fallback unit exists.
Without this the failure will be treated as a non-recoverable connection
error and result in connection termination.
Fixes: #6059
|
|
|
|
|
|
| |
services
This is helpful for debugging/testing #5606.
|
|
|
|
|
|
|
|
| |
We open the target path with O_DIRECTORY|O_NOFOLLOW, and if that doesn't work,
we call unlink() on the path. In neither case we will follow the symlink, so
we can relax our check to also not follow symlinks.
Fixes #5864.
|
|
|
|
|
| |
No functional change, just a new parameters and the tests that
AT_SYMLINK_NOFOLLOW works as expected.
|
|
|
|
| |
[zj: rename HAVE_IDN to ENABLE_IDN]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also called "ANSI-C Quoting" in info:(bash) ANSI-C Quoting.
The escaping rules are a POSIX proposal, and are described in
http://austingroupbugs.net/view.php?id=249. There's a lot of back-and-forth on
the details of escaping of control characters, but we'll be only using a small
subset of the syntax that is common to all proposals and is widely supported.
Unfortunately dash and fish and maybe some other shells do not support it (see
the man page patch for a list).
This allows environment variables to be safely exported using show-environment
and imported into the shell. Shells which do not support this syntax will have
to do something like
export $(systemctl show-environment|grep -v '=\$')
or whatever is appropriate in their case. I think csh and fish do not support
the A=B syntax anyway, so the change is moot for them.
Fixes #5536.
v2:
- also escape newlines (which currently disallowed in shell values, so this
doesn't really matter), and tabs (as $'\t'), and ! (as $'!'). This way quoted
output can be included directly in both interactive and noninteractive bash.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code is mostly correct, but gcc is trying to outsmart us, and emits a
warning for a "llu vs lu" mismatch, even though they are the same size (on alpha):
src/libelogind/sd-bus/bus-control.c: In function ‘kernel_get_list’:
src/libelogind/sd-bus/bus-control.c:267:42: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
if (asprintf(&n, ":1.%llu", name->id) < 0) {
^
src/libelogind/sd-bus/bus-control.c: In function ‘bus_get_name_creds_kdbus’:
src/libelogind/sd-bus/bus-control.c:714:47: error: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64 {aka long unsigned int}’ [-Werror=format=]
if (asprintf(&c->unique_name, ":1.%llu", conn_info->id) < 0) {
^
This is hard to work around properly, because kdbus.h uses __u64 which is
defined-differently-despite-being-the-same-size then uint64_t. Thus the simple
solution of using %PRIu64 fails on amd64:
src/libelogind/sd-bus/bus-control.c:714:47: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘__u64 {aka long long unsigned int}’ [-Werror=format=]
if (asprintf(&c->unique_name, ":1.%"PRIu64, conn_info->id) < 0) {
^~~~~~
Let's just avoid the whole issue for now by silencing the warning.
After the next release, we should just get rid of the kdbus code.
Fixes #5561.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of always letting logind guess what the caller's session is, let's
give it the value from $XDG_SESSION_ID when it is present in the caller's
environment.
Nowadays terminal emulators are often running as services under elogind --user,
and not as part of an actual session, so all loginctl calls which depend on
logind guessing the session will fail. I don't see a reason not to honour
$XDG_SESSION_ID.
This applies to LockSession, UnlockSession, TerminateSession, ActivateSession,
SetUserLinger.
Fixes #6032.
|
|
|
|
| |
Partial fix for #6032.
|
|
|
|
|
|
|
|
| |
parameter is NULL
Other functions in sd-login generally allow the output parameter to be NULL, in
which case only the number of items that would be stored in the array is returned.
Be nice and do the same here.
|
|
|
|
|
|
|
| |
C.f. 0543105b0fb13e4243b71a78f62f81fb9dde5d51.
This makes if /run/elogind/{seats,sessions,users} are missing, then
sd_get_seats(), sd_get_sessions() and sd_get_uids() return 0, that is,
an empty list, instead of -ENOENT.
|
|
|
|
|
|
|
|
|
|
| |
The -ENOMEDIUM return value was introduced in v232-1001-g2977724b09,
('core: make hybrid cgroup unified mode keep compat /sys/fs/cgroup/elogind hierarchy'),
and would be returned by cg_pid_get_path_shifted(), but the documented and
expected return value is -ENODATA. Let's just catch ENXIO/ENOMEDIUM and translate
it to ENODATA in all cases.
Complements 171f8f591ff27ebb5ff475b7a9d1f13a846c9331, fixes #6012.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
*scanf functions set errno on i/o error. For sscanf, this doesn't really apply,
so (based on the man page), it seems that errno is unlikely to be ever set to a
useful value. So just ignore errno. The error message includes the string that
was parsed, so it should be always pretty clear why parsing failed.
On the other hand, detect trailing characters and minus prefix that weren't
converted properly. This matches what our safe_ato* functions do. Add tests to
elucidate various edge cases.
|
| |
|
|
|
|
|
| |
DesignWare ARC Processors are a family of 32-bit CPUs from Synopsys
used extensively in SoCs of different vendors.
|
|
|
|
| |
Needed on musl.
|
|
|
|
|
|
|
|
|
|
|
| |
Enable masking the /proc folder using the 'InaccessiblePaths' unit
option.
This also slightly simplify mounts setup as the bind_remount_recursive
function will only open /proc/self/mountinfo once.
This is based on the suggestion at:
https://lists.freedesktop.org/archives/elogind-devel/2017-April/038634.html
|
|
|
|
|
|
|
|
|
|
| |
timex::time::tv_usec and timex::freq can have different sizes
depending on the host architecture. On x32 in particular,
it is 8 bytes long while the long int type is only 4 bytes
long. Hence, using li as a format specifier will trigger
a format error. Thus, introduce a new format specifier
PRI_TIMEX which is defined as PRIi64 on x32 and li
everywhere else.
|
|
|
|
|
| |
We should not leak the internal error from missing directory and treat
that case the same as no machines.
|
|
|
|
| |
After all, we might be running on a non-elogind system.
|
|
|
|
|
| |
E.g. "/user.slice/user-1000.slice/session-15.scope" would cause -ENXIO to be
returned.
|
|
|
|
| |
We'd return -ENXIO, even thoug -ENODATA is documented.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As described by Luke Shumaker:
sd_seat_get_sessions looks at /run/elogind/seats/${seat_name}:SESSIONS to get
the list of sessions (which I believe is correct), and at
/run/elogind/seats/${seat_name}:ACTIVE_SESSIONS for the list of users (which
I believe is incorrect); I believe that it should look at the UIDS field for
the list of users. As far as I can tell, the ACTIVE_SESSIONS field is never
even present in the seats file. I also believe that this has been broken
since the function was first committed almost 6 years ago.
Fixes #5743.
|
|
|
|
|
|
|
|
| |
sd_seat_get_sessions returns two arrays, that in principle should always match:
the session names and corresponding uids. The second array could be shorter only
if parsing or uid conversion fails. But in that case there is no way to tell
*which* uid is wrong, so they are *all* useless. It's better to simplify things and
just return an error if parsing fails.
|
|
|
|
| |
If cunescape succeeds, but the assignment is not valid, uce is not freed.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The condition is on "word", hence we give word instead of rvalue.
An assert would be triggered if !utf8_is_valid(word) is true and
rvalue == NULL, since log_syntax_invalid_utf8 calls utf8_escape_invalid
which calls assert(str).
A test case has been added to test with valid and invalid utf8.
|
|
|
|
|
| |
We provide an independent reimplementation in macro.h, and that's the one
we want to use. Including the system header is unnecessary and confusing.
|
|
|
|
|
|
|
|
| |
All those uses were correct, but I think it's better to be explicit.
Using implicit errno is too error prone, and with this change we can require
(in the sense of a style guideline) that the code is always specified.
Helpful query: git grep -n -P 'log_[^s][a-z]+\(.*%m'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
test-login.c is largely rewritten to use _cleanup_ and give more meaningful
messages (function names are used instead of creative terms like "active
session", so that when something unexpected is returned, it's much easier to
see what function is responsible).
The monitoring part is only activated if '-m' is passed on the command line.
It runs against the information from /run/elogind/ in the live system, but that
should be OK: logind/sd-login interface is supposed to be stable and both
backwards and forwards compatible.
If not running in a login session, some tests are skipped.
Those two changes together mean that it's possible to run test-login in the
test suite.
Tests for sd_pid_get_{unit,user_unit,slice} are added.
|
|
|
|
|
|
|
| |
g++ annoyingly requires a non-empty struct-initializer to initialize all
struct members, in order of declaration.
Signed-off-by: Matthijs van Duin <matthijsvanduin@gmail.com>
|
|
|
|
| |
There should be no functional change.
|
|
|
|
|
| |
This adds a short-iso-precise option for journalctl output. It is similar to
short-iso, but includes microseconds.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6355e75610a8d47fc3ba5ab8bd442172a2cfe574.
The previously mentioned commit inadvertently broke a lot of SELinux related
functionality for both unprivileged users and elogind instances running as
MANAGER_USER. In particular, setting the correct SELinux context after a User=
directive is used would fail to work since we attempt to set the security
context after changing UID. Additionally, it causes activated socket units to
be mislabeled for elogind --user processes since setsockcreatecon() would never
be called.
Reverting this fixes the issues with labeling outlined above, and reinstates
SELinux access checks on unprivileged user services.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
restarted
When assigning a new session controller to a session, the VT is prepared so the
controller can expect the VT to be in a good default state.
However when logind is restarted and a session controller already took control
of a session, there's no need to prepare th VT otherwise logind may screw up
the VT state set by the controller.
This patch prevents the preparation of the VT in this case.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This filters out "." and ".." from glob results. Fixes #5655 and #5644.
Any judgements on whether the path is "safe" are removed. We will not remove
"/" under any name (including "/../" and such), but we will remove stuff that
is specified using paths that include "//", "/./" and "/../". Such paths can be
created when joining strings automatically, or for other reasons, and people
generally know what ".." and "." is.
Tests are added to make sure that the helper functions behave as expected.
|
|
|
|
|
|
| |
safe_glob filters out "." and "..".
This converts all users of glob_extend() and glob_exists() to safe_glob.
|
| |
|
|
|
|
|
|
|
|
| |
We already report builtin interfaces with InterfacesAdded and InterfacesRemoved. However,
we never reported them in GetManagedObjects(). This might end up confusing callers that
want to use those interfaces (or simply rely on the interface count to be coherent).
Report the builtins for all objects that are queried.
|
| |
|
|
|
|
|
| |
- result of dup2 should be compared against 0
- making parenthesis around comparisons just to be sure
|