[systemd-commits] 20 commits - configure.ac hwdb/20-bluetooth-vendor-product.hwdb man/sd_bus_default.xml man/systemd.network.xml NEWS src/basic src/core src/libsystemd src/libsystemd-terminal src/login src/network src/nspawn src/test
David Herrmann
dvdhrm at kemper.freedesktop.org
Tue Jul 7 23:38:18 PDT 2015
NEWS | 14 ++++-
configure.ac | 2
hwdb/20-bluetooth-vendor-product.hwdb | 66 +++++++++++++++++++++++++++
man/sd_bus_default.xml | 2
man/systemd.network.xml | 19 +++++--
src/basic/fileio.c | 11 ++++
src/basic/fileio.h | 2
src/basic/path-util.c | 2
src/basic/process-util.c | 3 +
src/core/job.c | 4 -
src/core/service.c | 2
src/libsystemd-terminal/grdev-drm.c | 4 -
src/libsystemd/sd-bus/GVARIANT-SERIALIZATION | 4 -
src/libsystemd/sd-bus/bus-common-errors.h | 1
src/login/logind-core.c | 4 -
src/login/logind-dbus.c | 58 ++++++-----------------
src/login/logind-seat.c | 10 ++--
src/login/pam_systemd.c | 10 +++-
src/network/networkd-link.c | 54 +++++++++++++++-------
src/network/networkd-network.c | 25 ++++++----
src/network/networkd.h | 5 +-
src/nspawn/nspawn.c | 45 ++++++++++++++++--
src/test/test-pty.c | 2
23 files changed, 248 insertions(+), 101 deletions(-)
New commits:
commit 9a50ce20ef60263a6c88c29470ce761fcc424f2d
Merge: 680198d b80120c
Author: Kay Sievers <kay at vrfy.org>
Date: Tue Jul 7 19:43:28 2015 +0200
Merge pull request #509 from dvdhrm/logind
logind: fix CreateSession for lightdm
commit b80120c4cba7d134b5437a58437a23fdf7ab2084
Author: David Herrmann <dh.herrmann at gmail.com>
Date: Tue Jul 7 19:38:41 2015 +0200
logind: fail on CreateSession if already in session
Right now, if you're already in a session and call CreateSession, we
return information about the current session of yours. This is highy
confusing and a nasty hack. Avoid that, and instead return a commonly
known error, so the caller can detect that.
This has the side-effect, that we no longer override XDG_VTNR and XDG_SEAT
in pam_systemd, if you're already in a session. But this sounds like the
right thing to do, anyway.
diff --git a/src/libsystemd/sd-bus/bus-common-errors.h b/src/libsystemd/sd-bus/bus-common-errors.h
index b17b62a..0dbfbdd 100644
--- a/src/libsystemd/sd-bus/bus-common-errors.h
+++ b/src/libsystemd/sd-bus/bus-common-errors.h
@@ -58,6 +58,7 @@
#define BUS_ERROR_DEVICE_NOT_TAKEN "org.freedesktop.login1.DeviceNotTaken"
#define BUS_ERROR_OPERATION_IN_PROGRESS "org.freedesktop.login1.OperationInProgress"
#define BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED "org.freedesktop.login1.SleepVerbNotSupported"
+#define BUS_ERROR_SESSION_BUSY "org.freedesktop.login1.SessionBusy"
#define BUS_ERROR_AUTOMATIC_TIME_SYNC_ENABLED "org.freedesktop.timedate1.AutomaticTimeSyncEnabled"
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index a6c01f7..96a20e2 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -317,7 +317,6 @@ int manager_get_session_by_pid(Manager *m, pid_t pid, Session **session) {
int r;
assert(m);
- assert(session);
if (pid < 1)
return -EINVAL;
@@ -330,7 +329,8 @@ int manager_get_session_by_pid(Manager *m, pid_t pid, Session **session) {
if (!s)
return 0;
- *session = s;
+ if (session)
+ *session = s;
return 1;
}
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index c92761f..82654ee 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -689,58 +689,23 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
return r;
}
- manager_get_session_by_pid(m, leader, &session);
- if (!session && vtnr > 0 && vtnr < m->seat0->position_count) {
- session = m->seat0->positions[vtnr];
- /*
- * Old gdm and lightdm start the user-session on the same VT as
- * the greeter session. But they destroy the greeter session
- * after the user-session and want the user-session to take
- * over the VT. We need to support this for
- * backwards-compatibility, so make sure we allow new sessions
- * on a VT that a greeter is running on.
- */
- if (session && session->class == SESSION_GREETER)
- session = NULL;
- }
- if (session) {
- _cleanup_free_ char *path = NULL;
- _cleanup_close_ int fifo_fd = -1;
-
- /* Session already exists, client is probably
- * something like "su" which changes uid but is still
- * the same session */
-
- fifo_fd = session_create_fifo(session);
- if (fifo_fd < 0)
- return fifo_fd;
-
- path = session_bus_path(session);
- if (!path)
- return -ENOMEM;
-
- log_debug("Sending reply about an existing session: "
- "id=%s object_path=%s uid=%u runtime_path=%s "
- "session_fd=%d seat=%s vtnr=%u",
- session->id,
- path,
- (uint32_t) session->user->uid,
- session->user->runtime_path,
- fifo_fd,
- session->seat ? session->seat->id : "",
- (uint32_t) session->vtnr);
-
- return sd_bus_reply_method_return(
- message, "soshusub",
- session->id,
- path,
- session->user->runtime_path,
- fifo_fd,
- (uint32_t) session->user->uid,
- session->seat ? session->seat->id : "",
- (uint32_t) session->vtnr,
- true);
- }
+ r = manager_get_session_by_pid(m, leader, NULL);
+ if (r > 0)
+ return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already running in a session");
+
+ /*
+ * Old gdm and lightdm start the user-session on the same VT as
+ * the greeter session. But they destroy the greeter session
+ * after the user-session and want the user-session to take
+ * over the VT. We need to support this for
+ * backwards-compatibility, so make sure we allow new sessions
+ * on a VT that a greeter is running on.
+ */
+ if (vtnr > 0 &&
+ vtnr < m->seat0->position_count &&
+ m->seat0->positions[vtnr] &&
+ m->seat0->positions[vtnr]->class != SESSION_GREETER)
+ return sd_bus_error_setf(error, BUS_ERROR_SESSION_BUSY, "Already occupied by a session");
audit_session_from_pid(leader, &audit_id);
if (audit_id > 0) {
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 2f39023..f83d18b 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -31,6 +31,7 @@
#include <security/pam_ext.h>
#include <security/pam_misc.h>
+#include "bus-common-errors.h"
#include "util.h"
#include "audit.h"
#include "macro.h"
@@ -399,8 +400,13 @@ _public_ PAM_EXTERN int pam_sm_open_session(
remote_host,
0);
if (r < 0) {
- pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
- return PAM_SYSTEM_ERR;
+ if (sd_bus_error_has_name(&error, BUS_ERROR_SESSION_BUSY)) {
+ pam_syslog(handle, LOG_DEBUG, "Cannot create session: %s", bus_error_message(&error, r));
+ return PAM_SUCCESS;
+ } else {
+ pam_syslog(handle, LOG_ERR, "Failed to create session: %s", bus_error_message(&error, r));
+ return PAM_SYSTEM_ERR;
+ }
}
r = sd_bus_message_read(reply,
commit 680198d6a1ec08938fff1676cc5476125a0e9581
Author: Marcel Holtmann <marcel at holtmann.org>
Date: Tue Jul 7 19:22:10 2015 +0200
hwdb: Update database of Bluetooth company identifiers
diff --git a/hwdb/20-bluetooth-vendor-product.hwdb b/hwdb/20-bluetooth-vendor-product.hwdb
index b737e6b..dccced7 100644
--- a/hwdb/20-bluetooth-vendor-product.hwdb
+++ b/hwdb/20-bluetooth-vendor-product.hwdb
@@ -1706,3 +1706,69 @@ bluetooth:v0235*
bluetooth:v0236*
ID_VENDOR_FROM_DATABASE=Pitpatpet Ltd
+
+bluetooth:v0237*
+ ID_VENDOR_FROM_DATABASE=MSHeli s.r.l.
+
+bluetooth:v0238*
+ ID_VENDOR_FROM_DATABASE=Trakm8 Ltd
+
+bluetooth:v0239*
+ ID_VENDOR_FROM_DATABASE=JIN CO, Ltd
+
+bluetooth:v023A*
+ ID_VENDOR_FROM_DATABASE=Alatech Technology
+
+bluetooth:v023B*
+ ID_VENDOR_FROM_DATABASE=Beijing CarePulse Electronic Technology Co, Ltd
+
+bluetooth:v023C*
+ ID_VENDOR_FROM_DATABASE=Awarepoint
+
+bluetooth:v023D*
+ ID_VENDOR_FROM_DATABASE=ViCentra B.V.
+
+bluetooth:v023E*
+ ID_VENDOR_FROM_DATABASE=Raven Industries
+
+bluetooth:v023F*
+ ID_VENDOR_FROM_DATABASE=WaveWare Technologies
+
+bluetooth:v0240*
+ ID_VENDOR_FROM_DATABASE=Argenox Technologies
+
+bluetooth:v0241*
+ ID_VENDOR_FROM_DATABASE=Bragi GmbH
+
+bluetooth:v0242*
+ ID_VENDOR_FROM_DATABASE=16Lab Inc
+
+bluetooth:v0243*
+ ID_VENDOR_FROM_DATABASE=Masimo Corp
+
+bluetooth:v0244*
+ ID_VENDOR_FROM_DATABASE=Iotera Inc.
+
+bluetooth:v0245*
+ ID_VENDOR_FROM_DATABASE=Endress+Hauser
+
+bluetooth:v0246*
+ ID_VENDOR_FROM_DATABASE=ACKme Networks, Inc.
+
+bluetooth:v0247*
+ ID_VENDOR_FROM_DATABASE=FiftyThree Inc.
+
+bluetooth:v0248*
+ ID_VENDOR_FROM_DATABASE=Parker Hannifin Corp
+
+bluetooth:v0249*
+ ID_VENDOR_FROM_DATABASE=Transcranial Ltd
+
+bluetooth:v024A*
+ ID_VENDOR_FROM_DATABASE=Uwatec AG
+
+bluetooth:v024B*
+ ID_VENDOR_FROM_DATABASE=Orlan LLC
+
+bluetooth:v024C*
+ ID_VENDOR_FROM_DATABASE=Blue Clover Devices
commit 586cd08e1bbf8d6b1a960dc94f46235fde0d68c1
Author: David Herrmann <dh.herrmann at gmail.com>
Date: Tue Jul 7 19:13:52 2015 +0200
logind: allow sessions to share a VT if it's a greeter
Old gdm and lightdm start the user-session during login before they
destroy the greeter-session. Therefore, the user-session will take over
the VT from the greeter. We recently prevented this by never allowing
multiple sessions on the same VT. Fix this now, by explicitly allowing
this if the owning session is a GREETER.
Note that gdm no longer behaves like this. Instead, due to wayland, they
always use a different VT for each session. All other login-managers are
highly encouraged to destroy the greeter-session _before_ starting the
user-session. We now work around this, but this will probably not last
forever (and will already have nasty side-effects on the greeter-session).
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 0cc2cdf..c92761f 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -690,8 +690,19 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
}
manager_get_session_by_pid(m, leader, &session);
- if (!session && vtnr > 0 && vtnr < m->seat0->position_count)
+ if (!session && vtnr > 0 && vtnr < m->seat0->position_count) {
session = m->seat0->positions[vtnr];
+ /*
+ * Old gdm and lightdm start the user-session on the same VT as
+ * the greeter session. But they destroy the greeter session
+ * after the user-session and want the user-session to take
+ * over the VT. We need to support this for
+ * backwards-compatibility, so make sure we allow new sessions
+ * on a VT that a greeter is running on.
+ */
+ if (session && session->class == SESSION_GREETER)
+ session = NULL;
+ }
if (session) {
_cleanup_free_ char *path = NULL;
_cleanup_close_ int fifo_fd = -1;
commit 2d1ca11270e66777c90a449096203afebc37ec9c
Author: David Herrmann <dh.herrmann at gmail.com>
Date: Tue Jul 7 17:13:39 2015 +0200
Bump version to 222
diff --git a/NEWS b/NEWS
index c0c9113..3f80af3 100644
--- a/NEWS
+++ b/NEWS
@@ -35,10 +35,10 @@ CHANGES WITH 222:
(heftig), Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering,
Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal
Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne,
- Susant Sahani, Tom Gundersen, Torstein Husebø, Vedran Miletić, WaLyong
- Cho, Zbigniew Jędrzejewski-Szmek
+ Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
+ Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek
- -- Berlin, 2015-07-06
+ -- Berlin, 2015-07-07
CHANGES WITH 221:
diff --git a/configure.ac b/configure.ac
index 88b52c4..5c62735 100644
--- a/configure.ac
+++ b/configure.ac
@@ -20,7 +20,7 @@
AC_PREREQ([2.64])
AC_INIT([systemd],
- [221],
+ [222],
[http://github.com/systemd/systemd/issues],
[systemd],
[http://www.freedesktop.org/wiki/Software/systemd])
commit af86c440389986ed72cb1a943a98d1aaf297f467
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Tue Jul 7 07:40:53 2015 -0400
Remove repeated 'the's
diff --git a/src/basic/path-util.c b/src/basic/path-util.c
index 5377054..8f49d65 100644
--- a/src/basic/path-util.c
+++ b/src/basic/path-util.c
@@ -528,7 +528,7 @@ int fd_is_mount_point(int fd, const char *filename, int flags) {
*
* If that didn't work we will try to read the mount id from
* /proc/self/fdinfo/<fd>. This is almost as good as
- * name_to_handle_at(), however, does not return the the
+ * name_to_handle_at(), however, does not return the
* opaque file handle. The opaque file handle is pretty useful
* to detect the root directory, which we should always
* consider a mount point. Hence we use this only as
diff --git a/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION b/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION
index 859e271..6aeb113 100644
--- a/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION
+++ b/src/libsystemd/sd-bus/GVARIANT-SERIALIZATION
@@ -25,8 +25,8 @@ The header consists of the following:
= 12 bytes
-This header is then followed by the the fields array, whose first
-value is a 32bit array size.
+This header is then followed by the fields array, whose first value is
+a 32bit array size.
When using GVariant we keep the basic structure in place, only
slightly alter the header, and define protocol version '2'. The new
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index ab9fbaf..198de30 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -756,9 +756,8 @@ static int parse_argv(int argc, char *argv[]) {
/* If two parameters are specified,
* the first one is the lower, the
* second one the upper directory. And
- * we'll also define the the
- * destination mount point the same as
- * the upper. */
+ * we'll also define the destination
+ * mount point the same as the upper. */
upper = lower[1];
lower[1] = NULL;
commit 9b361114f568e839784a3aeba5c1df5a95e86832
Author: Daniel Mack <daniel at zonque.org>
Date: Mon Jul 6 21:19:57 2015 -0400
NEWS: give packagers a heads-up on the upcoming python bindings removal
diff --git a/NEWS b/NEWS
index f5173e0..c0c9113 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,14 @@ CHANGES WITH 222:
which enables IPv6 privacy extensions (RFC 4941, "Privacy Extensions
for Stateless Address") on selected networks.
+ * For the sake of fewer build-time dependencies and less code in the
+ main repository, the python bindings are about to be removed in the
+ next release. A new repository has been created which accommodates
+ the code from now on, and we kindly ask distributions to create a
+ separate package for this. The removal will take place in v223.
+
+ https://github.com/systemd/python-systemd
+
Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera,
Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack,
daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric
commit 7e59232f3171ed45e5fef90e0b6af96fa384324e
Merge: fc08079 5549398
Author: Daniel Mack <github at zonque.org>
Date: Mon Jul 6 20:45:17 2015 -0400
Merge pull request #502 from keszybz/login-small-cleanup
Login small cleanup
commit fc08079ef25a063f56be48b87035f8fde79153ba
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Mon Jul 6 20:09:54 2015 -0400
treewide: fix typos of let's
diff --git a/src/core/job.c b/src/core/job.c
index 8a047df..1448e5b 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -452,7 +452,7 @@ static bool job_is_runnable(Job *j) {
j->type == JOB_RELOAD) {
/* Immediate result is that the job is or might be
- * started. In this case lets wait for the
+ * started. In this case let's wait for the
* dependencies, regardless whether they are
* starting or stopping something. */
@@ -462,7 +462,7 @@ static bool job_is_runnable(Job *j) {
}
/* Also, if something else is being stopped and we should
- * change state after it, then lets wait. */
+ * change state after it, then let's wait. */
SET_FOREACH(other, j->unit->dependencies[UNIT_BEFORE], i)
if (other->job &&
diff --git a/src/core/service.c b/src/core/service.c
index fa1e80b..d72ff54 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1235,7 +1235,7 @@ static int main_pid_good(Service *s) {
/* Returns 0 if the pid is dead, 1 if it is good, -1 if we
* don't know */
- /* If we know the pid file, then lets just check if it is
+ /* If we know the pid file, then let's just check if it is
* still valid */
if (s->main_pid_known) {
diff --git a/src/libsystemd-terminal/grdev-drm.c b/src/libsystemd-terminal/grdev-drm.c
index 30c1a72..10c13e3 100644
--- a/src/libsystemd-terminal/grdev-drm.c
+++ b/src/libsystemd-terminal/grdev-drm.c
@@ -2584,7 +2584,7 @@ static int unmanaged_card_new(grdev_card **out, grdev_session *session, struct u
} else {
/* We might get DRM-Master implicitly on open(); drop it immediately
* so we acquire it only once we're actually enabled. We don't
- * really care whether this call fails or not, but lets log any
+ * really care whether this call fails or not, but let's log any
* weird errors, anyway. */
r = ioctl(fd, DRM_IOCTL_DROP_MASTER, 0);
if (r < 0 && errno != EACCES && errno != EINVAL)
@@ -2777,7 +2777,7 @@ static int managed_card_resume_device_fn(sd_bus_message *signal,
if (cm->card.fd < 0) {
/* This shouldn't happen. We should already own an FD from
- * TakeDevice(). However, lets be safe and use this FD in case
+ * TakeDevice(). However, let's be safe and use this FD in case
* we really don't have one. There is no harm in doing this
* and our code works fine this way. */
fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
index 3c30eea..23095f5 100644
--- a/src/login/logind-seat.c
+++ b/src/login/logind-seat.c
@@ -483,7 +483,7 @@ void seat_evict_position(Seat *s, Session *session) {
s->positions[pos] = NULL;
/* There might be another session claiming the same
- * position (eg., during gdm->session transition), so lets look
+ * position (eg., during gdm->session transition), so let's look
* for it and set it on the free slot. */
LIST_FOREACH(sessions_by_seat, iter, s->sessions) {
if (iter->pos == pos) {
diff --git a/src/test/test-pty.c b/src/test/test-pty.c
index 3f97a64..fbab3d4 100644
--- a/src/test/test-pty.c
+++ b/src/test/test-pty.c
@@ -133,7 +133,7 @@ int main(int argc, char *argv[]) {
/* Oh, there're ugly races in the TTY layer regarding HUP vs IN. Turns
* out they appear only 10% of the time. I fixed all of them and
- * don't see them, anymore. But lets be safe and run this 1000 times
+ * don't see them, anymore. But let's be safe and run this 1000 times
* so we catch any new ones, in case they appear again. */
for (i = 0; i < 1000; ++i)
test_pty();
commit 554939821674ff7a5cd3f2900aab1426921fa2e1
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Mon Jul 6 20:04:13 2015 -0400
login: use normal comparison to zero for integers
! is supposed to be used for booleans and pointers.
diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
index 3c30eea..fb5d076 100644
--- a/src/login/logind-seat.c
+++ b/src/login/logind-seat.c
@@ -269,7 +269,7 @@ int seat_set_active(Seat *s, Session *session) {
int seat_switch_to(Seat *s, unsigned int num) {
/* Public session positions skip 0 (there is only F1-F12). Maybe it
* will get reassigned in the future, so return error for now. */
- if (!num)
+ if (num == 0)
return -EINVAL;
if (num >= s->position_count || !s->positions[num]) {
@@ -286,7 +286,7 @@ int seat_switch_to(Seat *s, unsigned int num) {
int seat_switch_to_next(Seat *s) {
unsigned int start, i;
- if (!s->position_count)
+ if (s->position_count == 0)
return -EINVAL;
start = 1;
@@ -307,7 +307,7 @@ int seat_switch_to_next(Seat *s) {
int seat_switch_to_previous(Seat *s) {
unsigned int start, i;
- if (!s->position_count)
+ if (s->position_count == 0)
return -EINVAL;
start = 1;
@@ -476,14 +476,14 @@ void seat_evict_position(Seat *s, Session *session) {
session->pos = 0;
- if (!pos)
+ if (pos == 0)
return;
if (pos < s->position_count && s->positions[pos] == session) {
s->positions[pos] = NULL;
/* There might be another session claiming the same
- * position (eg., during gdm->session transition), so lets look
+ * position (eg., during gdm->session transition), so let's look
* for it and set it on the free slot. */
LIST_FOREACH(sessions_by_seat, iter, s->sessions) {
if (iter->pos == pos) {
commit de8763b6d23963e14787556de159d813e863043f
Author: Kay Sievers <kay at vrfy.org>
Date: Mon Jul 6 23:00:49 2015 +0200
get_process_environ: exit early when there is nothing to read
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index cfc8765..2c05f2f 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -329,6 +329,9 @@ int get_process_environ(pid_t pid, char **env) {
sz += cescape_char(c, outcome + sz);
}
+ if (sz == 0)
+ return -ENOENT;
+
outcome[sz] = '\0';
*env = outcome;
outcome = NULL;
commit eff8efe671e9ffa81e80ad13f791a32262567dfe
Merge: 5b7a135 825d528
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Jul 6 20:53:56 2015 +0200
Merge pull request #492 from richardmaw-codethink/nspawn-automatic-uid-shift-fix-v2
nspawn: Communicate determined UID shift to parent version 2
commit 5b7a135265ca1d9e2949e6e3d0c0fcd54c5aca6a
Merge: 6cefbec 67ad70e
Author: Daniel Mack <github at zonque.org>
Date: Mon Jul 6 14:45:50 2015 -0400
Merge pull request #497 from phomes/master
man: sd-bus: typo fix
commit 6cefbec8670bd07167d2608f5598afc78f1303a9
Merge: f767522 1f0d969
Author: Daniel Mack <github at zonque.org>
Date: Mon Jul 6 14:44:33 2015 -0400
Merge pull request #496 from poettering/ipv6-privacy
networkd: various fixes for the IPv6 privacy extensions support
commit 67ad70e4e937098bd7d6d25324105d1b6b1d2f54
Author: Thomas Hindoe Paaboel Andersen <phomes at gmail.com>
Date: Mon Jul 6 20:34:09 2015 +0200
man: sd-bus: typo fix
diff --git a/man/sd_bus_default.xml b/man/sd_bus_default.xml
index c5a1b53..95b347b 100644
--- a/man/sd_bus_default.xml
+++ b/man/sd_bus_default.xml
@@ -182,7 +182,7 @@
processes at this time.</para>
<para>These calls allocate a bus connection object and initiate
- the connection ot a well-known bus of some form. An alternative to
+ the connection to a well-known bus of some form. An alternative to
using these high-level calls is to create an unconnected bus
object with
<citerefentry><refentrytitle>sd_bus_new</refentrytitle><manvolnum>3</manvolnum></citerefentry>
commit 1f0d9695125bf8e66d0e53e37d454755a84899bb
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Jul 6 20:29:33 2015 +0200
networkd: various fixes for the IPv6 privacy extensions support
- Make sure that the IPv6PrivacyExtensions=yes results in
prefer-temporary, not prefer-public.
- Introduce special enum value "kernel" to leave setting unset, similar
how we have it for the IP forwarding settings.
- Bring the enum values in sync with the the strings we parse for them,
to the level this makes sense (specifically, rename "disabled" to
"no", and "prefer-temporary" to "yes").
- Make sure we really set the value to to "no" by default, the way it is
already documented in the man page.
- Fix whitespace error.
- Make sure link_ipv6_privacy_extensions() actually returns the correct
enum type, rather than implicitly casting it to "bool".
- properly size formatting buffer for ipv6 sysctl value
- Don't complain if /proc/sys isn't writable
- Document that the enum follows the kernel's own values (0 = off, 1 =
prefer-public, 2 = prefer-temporary)
- Drop redundant negating of error code passed to log_syntax()
- Manpage fixes
This fixes a number of issues from PR #417
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 85867e7..ff01da6 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -393,12 +393,19 @@
</varlistentry>
<varlistentry>
<term><varname>IPv6PrivacyExtensions=</varname></term>
- <listitem><para>Configures use of stateless temporary addresses that change over time
- (see <ulink url="https://tools.ietf.org/html/rfc4941">RFC 4941</ulink>, Privacy Extensions for Stateless Address
- Autoconfiguration in IPv6). A boolean or <literal>prefer-temporary</literal>. When true or <literal>prefer-public</literal>
- enables privacy extensions, but prefer public addresses over temporary addresses.
- <literal>prefer-temporary</literal> prefers temporary addresses over public addresses.
- Defaults to
+ <listitem><para>Configures use of stateless temporary
+ addresses that change over time (see <ulink
+ url="https://tools.ietf.org/html/rfc4941">RFC 4941</ulink>,
+ Privacy Extensions for Stateless Address Autoconfiguration
+ in IPv6). Takes a boolean or the special values
+ <literal>prefer-public</literal> and
+ <literal>kernel</literal>. When true enables the privacy
+ extensions and prefers temporary addresses over public
+ addresses. When <literal>prefer-public</literal> enables the
+ privacy extensions, but prefers public addresses over
+ temporary addresses. When false, the privacy extensions
+ remain disabled. When <literal>kernel</literal> the kernel's
+ default setting will be left in place. Defaults to
<literal>no</literal>.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index eb07e12..5607cf4 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -116,15 +116,12 @@ static bool link_ipv6_forward_enabled(Link *link) {
return link->network->ip_forward & ADDRESS_FAMILY_IPV6;
}
-static bool link_ipv6_privacy_extensions_enabled(Link *link) {
+static IPv6PrivacyExtensions link_ipv6_privacy_extensions(Link *link) {
if (link->flags & IFF_LOOPBACK)
- return false;
+ return _IPV6_PRIVACY_EXTENSIONS_INVALID;
if (!link->network)
- return false;
-
- if (link->network->ipv6_privacy_extensions == _IPV6_PRIVACY_EXTENSIONS_INVALID)
- return false;
+ return _IPV6_PRIVACY_EXTENSIONS_INVALID;
return link->network->ipv6_privacy_extensions;
}
@@ -1540,7 +1537,8 @@ static int link_set_ipv6_forward(Link *link) {
}
static int link_set_ipv6_privacy_extensions(Link *link) {
- char buf[2 * DECIMAL_STR_MAX(unsigned) + 1];
+ char buf[DECIMAL_STR_MAX(unsigned) + 1];
+ IPv6PrivacyExtensions s;
const char *p = NULL;
int r;
@@ -1548,15 +1546,21 @@ static int link_set_ipv6_privacy_extensions(Link *link) {
if (!socket_ipv6_is_supported())
return 0;
- if (!link_ipv6_privacy_extensions_enabled(link))
+ s = link_ipv6_privacy_extensions(link);
+ if (s == _IPV6_PRIVACY_EXTENSIONS_INVALID)
return 0;
p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/use_tempaddr");
xsprintf(buf, "%u", link->network->ipv6_privacy_extensions);
r = write_string_file_no_create(p, buf);
- if (r < 0)
+ if (r < 0) {
+ /* If the right value is set anyway, don't complain */
+ if (verify_one_line_file(p, buf) > 0)
+ return 0;
+
log_link_warning_errno(link, r, "Cannot configure IPv6 privacy extension for interface: %m");
+ }
return 0;
}
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index ddf03e6..a8e9ef9 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -111,7 +111,7 @@ static int network_load_one(Manager *manager, const char *filename) {
network->link_local = ADDRESS_FAMILY_IPV6;
- network->ipv6_privacy_extensions = _IPV6_PRIVACY_EXTENSIONS_INVALID;
+ network->ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO;
r = config_parse(NULL, filename, file,
"Match\0"
@@ -755,9 +755,9 @@ int config_parse_address_family_boolean_with_kernel(
}
static const char* const ipv6_privacy_extensions_table[_IPV6_PRIVACY_EXTENSIONS_MAX] = {
- [IPV6_PRIVACY_EXTENSIONS_DISABLE] = "no",
- [IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC] = "yes",
- [IPV6_PRIVACY_EXTENSIONS_PREFER_TEMPORARY] = "prefer-temporary",
+ [IPV6_PRIVACY_EXTENSIONS_NO] = "no",
+ [IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC] = "prefer-public",
+ [IPV6_PRIVACY_EXTENSIONS_YES] = "yes",
};
DEFINE_STRING_TABLE_LOOKUP(ipv6_privacy_extensions, IPv6PrivacyExtensions);
@@ -787,16 +787,21 @@ int config_parse_ipv6_privacy_extensions(
k = parse_boolean(rvalue);
if (k > 0)
- *ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC;
+ *ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_YES;
else if (k == 0)
- *ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_DISABLE;
+ *ipv6_privacy_extensions = IPV6_PRIVACY_EXTENSIONS_NO;
else {
- IPv6PrivacyExtensions s;
+ IPv6PrivacyExtensions s;
s = ipv6_privacy_extensions_from_string(rvalue);
- if (s < 0){
- log_syntax(unit, LOG_ERR, filename, line, -s, "Failed to parse IPv6 privacy extensions option, ignoring: %s", rvalue);
- return 0;
+ if (s < 0) {
+
+ if (streq(rvalue, "kernel"))
+ s = _IPV6_PRIVACY_EXTENSIONS_INVALID;
+ else {
+ log_syntax(unit, LOG_ERR, filename, line, s, "Failed to parse IPv6 privacy extensions option, ignoring: %s", rvalue);
+ return 0;
+ }
}
*ipv6_privacy_extensions = s;
diff --git a/src/network/networkd.h b/src/network/networkd.h
index cd5c020..f98c640 100644
--- a/src/network/networkd.h
+++ b/src/network/networkd.h
@@ -91,9 +91,10 @@ typedef enum DCHPClientIdentifier {
} DCHPClientIdentifier;
typedef enum IPv6PrivacyExtensions {
- IPV6_PRIVACY_EXTENSIONS_DISABLE,
+ /* The values map to the kernel's /proc/sys/net/ipv6/conf/xxx/use_tempaddr values */
+ IPV6_PRIVACY_EXTENSIONS_NO,
IPV6_PRIVACY_EXTENSIONS_PREFER_PUBLIC,
- IPV6_PRIVACY_EXTENSIONS_PREFER_TEMPORARY,
+ IPV6_PRIVACY_EXTENSIONS_YES, /* aka prefer-temporary */
_IPV6_PRIVACY_EXTENSIONS_MAX,
_IPV6_PRIVACY_EXTENSIONS_INVALID = -1,
} IPv6PrivacyExtensions;
commit f767522a65a03b164f30d6b9f089000ce5bcb730
Merge: 5541c88 15dee3f
Author: Daniel Mack <github at zonque.org>
Date: Mon Jul 6 14:22:23 2015 -0400
Merge pull request #495 from poettering/forwarding-fix
networkd: be more defensive when writing to ipv4/ipv6 forwarding sett…
commit 825d5287d7717b2dd220846217891c110e7c3083
Author: Richard Maw <richard.maw at codethink.co.uk>
Date: Tue Jun 30 13:41:41 2015 +0000
nspawn: Communicate determined UID shift to parent
There is logic to determine the UID shift from the file-system, rather
than having it be explicitly passed in.
However, this needs to happen in the child process that sets up the
mounts, as what's important is the UID of the mounted root, rather than
the mount-point.
Setting up the UID map needs to happen in the parent becuase the inner
child needs to have been started, and the outer child is no longer able
to access the uid_map file, since it lost access to it when setting up
the mounts for the inner child.
So we need to communicate the uid shift back out, along with the PID of
the inner child process.
Failing to communicate this means that the invalid UID shift, which is
the value used to specify "this needs to be determined from the file
system" is left invalid, so setting up the user namespace's UID shift
fails.
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 1ba248f..4e108a6 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -341,6 +341,11 @@ static int custom_mounts_prepare(void) {
for (i = 0; i < arg_n_custom_mounts; i++) {
CustomMount *m = &arg_custom_mounts[i];
+ if (arg_userns && arg_uid_shift == UID_INVALID && path_equal(m->destination, "/")) {
+ log_error("--private-users with automatic UID shift may not be combined with custom root mounts.");
+ return -EINVAL;
+ }
+
if (m->type != CUSTOM_MOUNT_OVERLAY)
continue;
@@ -1028,6 +1033,7 @@ static int tmpfs_patch_options(const char *options, char **ret) {
char *buf = NULL;
if (arg_userns && arg_uid_shift != 0) {
+ assert(arg_uid_shift != UID_INVALID);
if (options)
(void) asprintf(&buf, "%s,uid=" UID_FMT ",gid=" UID_FMT, options, arg_uid_shift, arg_uid_shift);
@@ -4259,6 +4265,7 @@ static int outer_child(
int pid_socket,
int kmsg_socket,
int rtnl_socket,
+ int uid_shift_socket,
FDSet *fds,
int argc,
char *argv[]) {
@@ -4317,6 +4324,16 @@ static int outer_child(
if (r < 0)
return r;
+ if (arg_userns) {
+ l = send(uid_shift_socket, &arg_uid_shift, sizeof(arg_uid_shift), MSG_NOSIGNAL);
+ if (l < 0)
+ return log_error_errno(errno, "Failed to send UID shift: %m");
+ if (l != sizeof(arg_uid_shift)) {
+ log_error("Short write while sending UID shift.");
+ return -EIO;
+ }
+ }
+
/* Turn directory into bind mount */
if (mount(directory, directory, NULL, MS_BIND|MS_REC, NULL) < 0)
return log_error_errno(errno, "Failed to make bind mount: %m");
@@ -4397,6 +4414,7 @@ static int outer_child(
if (pid == 0) {
pid_socket = safe_close(pid_socket);
+ uid_shift_socket = safe_close(uid_shift_socket);
/* The inner child has all namespaces that are
* requested, so that we all are owned by the user if
@@ -4687,7 +4705,8 @@ int main(int argc, char *argv[]) {
}
for (;;) {
- _cleanup_close_pair_ int kmsg_socket_pair[2] = { -1, -1 }, rtnl_socket_pair[2] = { -1, -1 }, pid_socket_pair[2] = { -1, -1 };
+ _cleanup_close_pair_ int kmsg_socket_pair[2] = { -1, -1 }, rtnl_socket_pair[2] = { -1, -1 }, pid_socket_pair[2] = { -1, -1 },
+ uid_shift_socket_pair[2] = { -1, -1 };
ContainerStatus container_status;
_cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL;
static const struct sigaction sa = {
@@ -4722,6 +4741,12 @@ int main(int argc, char *argv[]) {
goto finish;
}
+ if (arg_userns)
+ if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, uid_shift_socket_pair) < 0) {
+ r = log_error_errno(errno, "Failed to create uid shift socket pair: %m");
+ goto finish;
+ }
+
/* Child can be killed before execv(), so handle SIGCHLD
* in order to interrupt parent's blocking calls and
* give it a chance to call wait() and terminate. */
@@ -4756,6 +4781,7 @@ int main(int argc, char *argv[]) {
kmsg_socket_pair[0] = safe_close(kmsg_socket_pair[0]);
rtnl_socket_pair[0] = safe_close(rtnl_socket_pair[0]);
pid_socket_pair[0] = safe_close(pid_socket_pair[0]);
+ uid_shift_socket_pair[0] = safe_close(uid_shift_socket_pair[0]);
(void) reset_all_signal_handlers();
(void) reset_signal_mask();
@@ -4771,6 +4797,7 @@ int main(int argc, char *argv[]) {
pid_socket_pair[1],
kmsg_socket_pair[1],
rtnl_socket_pair[1],
+ uid_shift_socket_pair[1],
fds,
argc, argv);
if (r < 0)
@@ -4819,6 +4846,17 @@ int main(int argc, char *argv[]) {
goto finish;
}
+ l = recv(uid_shift_socket_pair[0], &arg_uid_shift, sizeof(arg_uid_shift), 0);
+ if (l < 0) {
+ r = log_error_errno(errno, "Failed to read UID shift: %m");
+ goto finish;
+ }
+ if (l != sizeof(arg_uid_shift)) {
+ log_error("Short read while reading UID shift: %m");
+ r = EIO;
+ goto finish;
+ }
+
r = setup_uid_map(pid);
if (r < 0)
goto finish;
commit 15dee3f07c646fd345b0aa30c6566071b3365db7
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Jul 6 13:38:47 2015 +0200
networkd: be more defensive when writing to ipv4/ipv6 forwarding settings
1) never bother with setting the flag for loopback devices
2) if we fail to write the flag due to EROFS (which is likely to happen
in containers where /proc/sys is read-only) or any other error, check
if the flag already has the right value. If so, don't complain.
Closes #469
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index ff6b1a7..00fb6f8 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -134,6 +134,17 @@ int read_one_line_file(const char *fn, char **line) {
return 0;
}
+int verify_one_line_file(const char *fn, const char *line) {
+ _cleanup_free_ char *value = NULL;
+ int r;
+
+ r = read_one_line_file(fn, &value);
+ if (r < 0)
+ return r;
+
+ return streq(value, line);
+}
+
int read_full_stream(FILE *f, char **contents, size_t *size) {
size_t n, l;
_cleanup_free_ char *buf = NULL;
diff --git a/src/basic/fileio.h b/src/basic/fileio.h
index 5ae51c1..91d4a0d 100644
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@@ -34,6 +34,8 @@ int read_one_line_file(const char *fn, char **line);
int read_full_file(const char *fn, char **contents, size_t *size);
int read_full_stream(FILE *f, char **contents, size_t *size);
+int verify_one_line_file(const char *fn, const char *line);
+
int parse_env_file(const char *fname, const char *separator, ...) _sentinel_;
int load_env_file(FILE *f, const char *fname, const char *separator, char ***l);
int load_env_file_pairs(FILE *f, const char *fname, const char *separator, char ***l);
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index f67a19e..eb07e12 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -1486,35 +1486,55 @@ static int link_enter_join_netdev(Link *link) {
}
static int link_set_ipv4_forward(Link *link) {
- const char *p = NULL;
+ const char *p = NULL, *v;
int r;
+ if (link->flags & IFF_LOOPBACK)
+ return 0;
+
if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID)
return 0;
p = strjoina("/proc/sys/net/ipv4/conf/", link->ifname, "/forwarding");
- r = write_string_file_no_create(p, one_zero(link_ipv4_forward_enabled(link)));
- if (r < 0)
+ v = one_zero(link_ipv4_forward_enabled(link));
+
+ r = write_string_file_no_create(p, v);
+ if (r < 0) {
+ /* If the right value is set anyway, don't complain */
+ if (verify_one_line_file(p, v) > 0)
+ return 0;
+
log_link_warning_errno(link, r, "Cannot configure IPv4 forwarding for interface %s: %m", link->ifname);
+ }
return 0;
}
static int link_set_ipv6_forward(Link *link) {
- const char *p = NULL;
+ const char *p = NULL, *v = NULL;
int r;
/* Make this a NOP if IPv6 is not available */
if (!socket_ipv6_is_supported())
return 0;
+ if (link->flags & IFF_LOOPBACK)
+ return 0;
+
if (link->network->ip_forward == _ADDRESS_FAMILY_BOOLEAN_INVALID)
return 0;
p = strjoina("/proc/sys/net/ipv6/conf/", link->ifname, "/forwarding");
- r = write_string_file_no_create(p, one_zero(link_ipv6_forward_enabled(link)));
- if (r < 0)
+ v = one_zero(link_ipv6_forward_enabled(link));
+
+ r = write_string_file_no_create(p, v);
+ if (r < 0) {
+ /* If the right value is set anyway, don't complain */
+ if (verify_one_line_file(p, v) > 0)
+ return 0;
+
log_link_warning_errno(link, r, "Cannot configure IPv6 forwarding for interface: %m");
+ }
return 0;
}
commit de7de280b5eae7206c35e869e7d5bcd3d6a18c22
Author: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
Date: Sun Jul 5 12:02:20 2015 -0400
login: simplify assignment
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 659ce18..0cc2cdf 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -690,8 +690,8 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus
}
manager_get_session_by_pid(m, leader, &session);
- if (!session && vtnr > 0)
- session = (vtnr < m->seat0->position_count) ? m->seat0->positions[vtnr] : NULL;
+ if (!session && vtnr > 0 && vtnr < m->seat0->position_count)
+ session = m->seat0->positions[vtnr];
if (session) {
_cleanup_free_ char *path = NULL;
_cleanup_close_ int fifo_fd = -1;
More information about the systemd-commits
mailing list