[systemd-commits] 4 commits - TODO src/core src/libsystemd src/shared
Lennart Poettering
lennart at kemper.freedesktop.org
Wed Mar 19 08:25:29 PDT 2014
TODO | 14 ++--
src/core/busname.h | 4 -
src/core/dbus-busname.c | 2
src/core/namespace.c | 128 +++++++++++++++++++++++++++++------------
src/libsystemd/sd-bus/busctl.c | 18 +++++
src/shared/dev-setup.c | 2
6 files changed, 123 insertions(+), 45 deletions(-)
New commits:
commit 7973ca1927e1f3bac9438f3529458c9ff868905d
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Mar 19 16:24:47 2014 +0100
update TODO
diff --git a/TODO b/TODO
index aa18bdd..f6e6203 100644
--- a/TODO
+++ b/TODO
@@ -159,9 +159,15 @@ Features:
* sd-bus:
- when kdbus doesn't take our message without memfds, try again with memfds
+ - systemd-bus-proxyd needs to enforce good old XML policy
+ - port exit-on-idle logic to byebye ioctl
+ - allow updating attach flags during runtime
+ - pid1: peek into activating message when activating a service
+ - introduce sd_bus_emit_object_added()/sd_bus_emit_object_removed() that automatically includes the build-in interfaces in the list
+ - constructors for bus messages should probably not be OK with a NULL bus pointer
+ - .busname units should not use get_user_creds()/get_cgroup_creds() but instead do NSS only in temporarily forked off child
- see if we can drop more message validation on the sending side
- add API to clone sd_bus_message objects
- - systemd-bus-proxyd needs to enforce good old XML policy
- kdbus: matches against source or destination pids for an "strace -p"-like feel. Problem: The PID info needs to be available in userspace too...
- longer term: priority inheritance
- dbus spec updates:
@@ -170,15 +176,9 @@ Features:
- GVariant
- "const" properties (posted)
- path escaping
- - port exit-on-idle logic to byebye ioctl
- update systemd.special(7) to mention that dbus.socket is only about the compatibility socket now
- - allow updating attach flags during runtime
- - pid1: peek into activating message when activating a service
- test bloom filter generation indexes
- - introduce sd_bus_emit_object_added()/sd_bus_emit_object_removed() that automatically includes the build-in interfaces in the list
- port to sd-resolve for connecting to TCP dbus servers
- - constructors for bus messages should probably not be OK with a NULL bus pointer
- - .busname units should not use get_user_creds()/get_cgroup_creds() but instead do NSS only in temporarily forked off child
* sd-event
- allow multiple signal handlers per signal?
commit 2b85f4e19cee6a8533208f9fd618a7da6d32ad51
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Mar 19 16:23:32 2014 +0100
core: Beef up PrivateDevices=
Also mount /dev/kdbus, /dev/mqueue and /dev/hugepages into the /dev for
namespaced services.
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 3694368..4cbb0a1 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -142,9 +142,8 @@ static int mount_dev(BindMount *m) {
"/dev/urandom\0"
"/dev/tty\0";
- struct stat devnodes_stat[6] = {};
- const char *d;
- unsigned n = 0;
+ char temporary_mount[] = "/tmp/namespace-dev-XXXXXX";
+ const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devkdbus = NULL, *devhugepages = NULL, *devmqueue = NULL;
_cleanup_umask_ mode_t u;
int r;
@@ -152,56 +151,115 @@ static int mount_dev(BindMount *m) {
u = umask(0000);
- /* First: record device mode_t and dev_t */
+ if (!mkdtemp(temporary_mount))
+ return -errno;
+
+ dev = strappenda(temporary_mount, "/dev");
+ mkdir(dev, 0755);
+ if (mount("tmpfs", dev, "tmpfs", MS_NOSUID|MS_STRICTATIME, "mode=755") < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ devpts = strappenda(temporary_mount, "/dev/pts");
+ mkdir(devpts, 0755);
+ if (mount("/dev/pts", devpts, NULL, MS_BIND, NULL) < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ devshm = strappenda(temporary_mount, "/dev/shm");
+ mkdir(devshm, 01777);
+ r = mount("/dev/shm", devshm, NULL, MS_BIND, NULL);
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
+
+ devmqueue = strappenda(temporary_mount, "/dev/mqueue");
+ mkdir(devmqueue, 0755);
+ mount("/dev/mqueue", devmqueue, NULL, MS_BIND, NULL);
+
+ devkdbus = strappenda(temporary_mount, "/dev/kdbus");
+ mkdir(devkdbus, 0755);
+ mount("/dev/kdbus", devkdbus, NULL, MS_BIND, NULL);
+
+ devhugepages = strappenda(temporary_mount, "/dev/hugepages");
+ mkdir(devhugepages, 0755);
+ mount("/dev/hugepages", devhugepages, NULL, MS_BIND, NULL);
+
NULSTR_FOREACH(d, devnodes) {
- r = stat(d, &devnodes_stat[n]);
+ _cleanup_free_ char *dn = NULL;
+ struct stat st;
+
+ r = stat(d, &st);
if (r < 0) {
- if (errno != ENOENT)
- return -errno;
- } else {
- if (!S_ISBLK(devnodes_stat[n].st_mode) &&
- !S_ISCHR(devnodes_stat[n].st_mode))
- return -EINVAL;
+
+ if (errno == ENOENT)
+ continue;
+
+ r = -errno;
+ goto fail;
+ }
+
+ if (!S_ISBLK(st.st_mode) &&
+ !S_ISCHR(st.st_mode)) {
+ r = -EINVAL;
+ goto fail;
+ }
+
+ if (st.st_rdev == 0)
+ continue;
+
+ dn = strappend(temporary_mount, d);
+ if (!dn) {
+ r = -ENOMEM;
+ goto fail;
}
- n++;
+ r = mknod(dn, st.st_mode, st.st_rdev);
+ if (r < 0) {
+ r = -errno;
+ goto fail;
+ }
}
- assert(n == ELEMENTSOF(devnodes_stat));
+ dev_setup(temporary_mount);
- r = mount("tmpfs", "/dev", "tmpfs", MS_NOSUID|MS_STRICTATIME, "mode=755");
- if (r < 0)
- return m->ignore ? 0 : -errno;
+ if (mount(dev, "/dev/", NULL, MS_MOVE, NULL) < 0) {
+ r = -errno;
+ goto fail;
+ }
+ rmdir(dev);
+ rmdir(temporary_mount);
- mkdir_p("/dev/pts", 0755);
+ return 0;
- r = mount("devpts", "/dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=620,gid=" STRINGIFY(TTY_GID));
- if (r < 0)
- return m->ignore ? 0 : -errno;
+fail:
+ if (devpts)
+ umount(devpts);
- mkdir_p("/dev/shm", 0755);
+ if (devshm)
+ umount(devshm);
- r = mount("tmpfs", "/dev/shm", "tmpfs", MS_NOSUID|MS_NODEV|MS_STRICTATIME, "mode=1777");
- if (r < 0)
- return m->ignore ? 0 : -errno;
+ if (devkdbus)
+ umount(devkdbus);
- /* Second: actually create it */
- n = 0;
- NULSTR_FOREACH(d, devnodes) {
- if (devnodes_stat[n].st_rdev == 0)
- continue;
+ if (devhugepages)
+ umount(devhugepages);
- r = mknod(d, devnodes_stat[n].st_mode, devnodes_stat[n].st_rdev);
- if (r < 0)
- return m->ignore ? 0 : -errno;
+ if (devmqueue)
+ umount(devmqueue);
- n++;
+ if (dev) {
+ umount(dev);
+ rmdir(dev);
}
- dev_setup(NULL);
+ rmdir(temporary_mount);
- return 0;
+ return r;
}
static int apply_mount(
diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c
index e025e17..1a565d5 100644
--- a/src/shared/dev-setup.c
+++ b/src/shared/dev-setup.c
@@ -64,7 +64,7 @@ int dev_setup(const char *prefix) {
if (j[0] == '-') {
j++;
- if (access(j, F_OK))
+ if (access(j, F_OK) < 0)
continue;
}
commit d0ce77344bfb71e50da7296cd0d4f2529a109044
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Mar 19 16:21:01 2014 +0100
busctl: when monitoring the bus, enable all credentials
diff --git a/src/libsystemd/sd-bus/busctl.c b/src/libsystemd/sd-bus/busctl.c
index b4fb364..4e396f2 100644
--- a/src/libsystemd/sd-bus/busctl.c
+++ b/src/libsystemd/sd-bus/busctl.c
@@ -507,6 +507,24 @@ int main(int argc, char *argv[]) {
log_error("Failed to set monitor mode: %s", strerror(-r));
goto finish;
}
+
+ r = sd_bus_negotiate_creds(bus, _SD_BUS_CREDS_ALL);
+ if (r < 0) {
+ log_error("Failed to enable credentials: %s", strerror(-r));
+ goto finish;
+ }
+
+ r = sd_bus_negotiate_timestamp(bus, true);
+ if (r < 0) {
+ log_error("Failed to enable timestamps: %s", strerror(-r));
+ goto finish;
+ }
+
+ r = sd_bus_negotiate_fds(bus, true);
+ if (r < 0) {
+ log_error("Failed to enable fds: %s", strerror(-r));
+ goto finish;
+ }
}
if (arg_address)
commit 6af00e06e4e9efacc5a9941eb3b9fffa1c816ee6
Author: Lennart Poettering <lennart at poettering.net>
Date: Wed Mar 19 16:19:06 2014 +0100
core: expose missing busname properties on the bus
diff --git a/src/core/busname.h b/src/core/busname.h
index 0009c6a..ab3082b 100644
--- a/src/core/busname.h
+++ b/src/core/busname.h
@@ -49,7 +49,9 @@ struct BusName {
char *name;
int starter_fd;
+
bool activating;
+ bool accept_fd;
UnitRef service;
@@ -58,8 +60,6 @@ struct BusName {
sd_event_source *event_source;
- bool accept_fd;
-
LIST_HEAD(BusNamePolicy, policy);
};
diff --git a/src/core/dbus-busname.c b/src/core/dbus-busname.c
index 854491b..5dd3a5e 100644
--- a/src/core/dbus-busname.c
+++ b/src/core/dbus-busname.c
@@ -31,5 +31,7 @@ const sd_bus_vtable bus_busname_vtable[] = {
SD_BUS_VTABLE_START(0),
SD_BUS_PROPERTY("Name", "s", NULL, offsetof(BusName, name), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(BusName, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
+ SD_BUS_PROPERTY("Activating", "b", bus_property_get_bool, offsetof(BusName, activating), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("AcceptFileDescriptors", "b", bus_property_get_bool, offsetof(BusName, accept_fd), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_VTABLE_END
};
More information about the systemd-commits
mailing list