Commit Graph

1204 Commits

Author SHA1 Message Date
Lennart Poettering
e79e8afd62 update TODO 2014-01-08 18:11:10 +08:00
Lennart Poettering
e62b3b353a update TODO 2014-01-07 06:34:56 +08:00
David Herrmann
e10e429f2d TODO: extend login capability note
We cannot remove CAP_SYS_ADMIN, which basically makes removing all other
capabilities useless. Anyhow, still wouldn't hurt checking whether stuff
like CAP_KILL can be dropped from logind.
2014-01-05 13:59:12 +01:00
Lennart Poettering
0058679911 bus: add some preliminary docs for porting existing dbus1 client libraries to kdbus 2013-12-27 00:28:22 +01:00
Zbigniew Jędrzejewski-Szmek
72ebbf3450 man: document fail/nofail, auto/noauto
Also s/filesystem/file system/ in a few places.
2013-12-25 23:22:05 -05:00
Zbigniew Jędrzejewski-Szmek
8b8f259170 Trim TODO 2013-12-25 22:53:46 -05:00
Lennart Poettering
452de75e5b update TODO 2013-12-26 03:08:35 +01:00
Lennart Poettering
eab07b4b23 update TODO 2013-12-24 02:57:17 +01:00
Lennart Poettering
508c6f95cb update TODO 2013-12-23 04:20:55 +01:00
Lennart Poettering
bee7e92899 update TODO 2013-12-22 03:50:52 +01:00
Lennart Poettering
df98a87ba3 bus: introduce concept of "const" properties
This way we have four kinds of properties:

a) those which are constant as long as an object exists
b) those which can change and PropertiesChange messages with contents are generated
c) those which can change and where the PropertesChange merely includes invalidation
d) those which can change but for which no events are generated

Clients (through code generators run on the introspection XML) can thus
aggressively cache a, b, c, with only d excluded.
2013-12-22 03:50:52 +01:00
Florian Weimer
4ff4ebb1fb util: remove union dirent_storage 2013-12-21 18:35:55 -05:00
Lennart Poettering
dad5f697dd update TODO 2013-12-21 23:32:45 +01:00
Lennart Poettering
2aa40788f7 update TODO 2013-12-21 18:13:01 +01:00
Lennart Poettering
daee56067f update TODO 2013-12-21 00:19:30 +01:00
Lennart Poettering
53461b74df driverd: implement AddMatch/RemoveMatch logic 2013-12-19 04:40:56 +01:00
Kay Sievers
df32a1caaf libudev: disable monitor inside a container
Uevents are events of the host, which should not leak into a container.
Containers do not support hotplug at the moment, and devices and uevents
are not namespace aware.
2013-12-18 22:01:31 +01:00
Kay Sievers
f6613dd959 libudev: devices received from udev are always initialized 2013-12-18 17:34:22 +01:00
Kay Sievers
48b9cfcb7c comment out udev's is_initialized call until the problem is sorted out 2013-12-18 05:07:16 +01:00
Lennart Poettering
06db8540cd update TODO 2013-12-17 21:45:43 +01:00
Lennart Poettering
10e4e52be8 update TODO 2013-12-16 17:05:42 +01:00
Lennart Poettering
58f299eef6 update TODO 2013-12-13 17:16:06 +01:00
Lennart Poettering
a56b63f41d man: document more error codes for sd_bus_request_name() 2013-12-13 16:01:54 +01:00
Lennart Poettering
9f97c93671 update TODO 2013-12-13 15:30:12 +01:00
Lennart Poettering
12179984a3 event: when unreffing an event source from its own handler, detach fd from epoll
The pattern of unreffing an IO event source and then closing its fd is
frequently seen in even source callbacks. Previously this likely
resultet in us removing the fd from the epoll after it was closed which
is problematic, since while we were dispatching we always kept an extra
reference to event source objects because we might still need it later.
2013-12-13 04:06:43 +01:00
Lennart Poettering
6203e07a83 event: rework sd-event exit logic
With this change a failing event source handler will not cause the
entire event loop to fail. Instead, we just disable the specific event
source, log a message at debug level and go on.

This also introduces a new concept of "exit code" which can be stored in
the event loop and is returned by sd_event_loop(). We also rename "quit"
to "exit" everywhere else.

Altogether this should make things more robus and keep errors local
while still providing a way to return event loop errors in a clear way.
2013-12-13 04:06:43 +01:00
Lennart Poettering
01390ca8a2 update TODO 2013-12-12 15:59:13 +01:00
Lennart Poettering
d78bf250b0 bus: properly generate NameOwnerChanged messages when we take from/give back to queue/starter 2013-12-12 01:51:51 +01:00
Lennart Poettering
0a825b5cd4 update TODO 2013-12-12 01:39:21 +01:00
Lennart Poettering
b6741478e7 journal: add ability to browse journals of running OS containers
This adds the new library call sd_journal_open_container() and a new
"-M" switch to journalctl. Particular care is taken that journalctl's
"-b" switch resolves to the current boot ID of the container, not the
host.
2013-12-11 22:04:03 +01:00
Lennart Poettering
f9a810beda journald: port to sd-event and enable watchdog support 2013-12-11 20:55:09 +01:00
Lennart Poettering
cde93897cd event: hook up sd-event with the service watchdog logic
Adds a new call sd_event_set_watchdog() that can be used to hook up the
event loop with the watchdog supervision logic of systemd. If enabled
and $WATCHDOG_USEC is set the event loop will ping the invoking systemd
daemon right after coming back from epoll_wait() but not more often than
$WATCHDOG_USEC/4. The epoll_wait() will sleep no longer than
$WATCHDOG_USEC/4*3, to make sure the service manager is called in time.

This means that setting WatchdogSec= in a .service file and calling
sd_event_set_watchdog() in your daemon is enough to hook it up with the
watchdog logic.
2013-12-11 18:20:09 +01:00
Lennart Poettering
08cd155254 event: when handling SIGCHLD of a child process only reap after dispatching event source
That way the even source callback is run with the zombie process still
around so that it can access /proc/$PID/ and similar, and so that it can
be sure that the PID has not been reused yet.
2013-12-11 18:20:09 +01:00
Lennart Poettering
80caea6cc7 update TODO 2013-12-10 22:50:29 +00:00
Lennart Poettering
adacb9575a bus: introduce "trusted" bus concept and encode access control in object vtables
Introduces a new concept of "trusted" vs. "untrusted" busses. For the
latter libsystemd-bus will automatically do per-method access control,
for the former all access is automatically granted. Per-method access
control is encoded in the vtables: by default all methods are only
accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag
is set for a method it is accessible to unprivileged clients too. By
default whether a client is privileged is determined via checking for
its CAP_SYS_ADMIN capability, but this can be altered via the
SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field
of the method.

Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and
SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note
however that read access is unrestricted, as PropertiesChanged messages
might send out the values anyway as an unrestricted broadcast.

By default the system bus is set to "untrusted" and the user bus is
"trusted" since per-method access control on the latter is unnecessary.

On dbus1 busses we check the UID of the caller rather than the
configured capability since the capability cannot be determined without
race. On kdbus the capability is checked if possible from the attached
meta-data of a message and otherwise queried from the sending peer.

This also decorates the vtables of the various daemons we ship with
these flags.
2013-12-10 16:52:49 +00:00
Ronny Chevalier
c6a77179a4 test: rework run_qemu
It tries to find a suitable QEMU binary and will use KVM if present.
We can now configure QEMU from outside with 4 variables :
  - $QEMU_BIN : path to QEMU's binary
  - $KERNEL_APPEND : arguments appended to kernel cmdline
  - $KERNEL_BIN : path to a kernel
    Default /boot/vmlinuz-$KERNEL_VER
  - $INITRD : path to an initramfs
    Default /boot/initramfs-${KERNEL_VER}.img
  - $QEMU_SMP : number of CPU simulated by QEMU.
    Default 1

(from Alexander Graf's script: http://www.spinics.net/lists/kvm/msg72389.html)
2013-12-10 07:46:21 -05:00
Lennart Poettering
a99b3a4a9f update TODO 2013-12-10 01:11:43 +01:00
Zbigniew Jędrzejewski-Szmek
014e7ea7f2 Trim TODO 2013-12-08 19:26:51 -05:00
Tom Gundersen
0a4b9a0787 TODO: add networkd entries 2013-12-04 14:15:13 +01:00
Lennart Poettering
0e7be1293f core: use normal library call to query list of current names 2013-12-03 18:58:18 +01:00
Lennart Poettering
e7176abbe8 bus: make sd_bus_request_name() and sd_bus_release_name() behave more like other calls
Instead of returning an enum of return codes, make them return error
codes like kdbus does internally.

Also, document this behaviour so that clients can stick to it.

(Also rework bus-control.c to always have to functions for dbus1 vs.
kernel implementation of the various calls.)
2013-12-03 18:02:46 +01:00
Zbigniew Jędrzejewski-Szmek
c7332b0844 catalog: determine language from the filename 2013-12-02 22:12:02 -05:00
Lennart Poettering
e821075a23 bus: add .busname unit type to implement kdbus-style bus activation 2013-12-02 23:32:34 +01:00
Lennart Poettering
fd5b0b9141 nspawn: make sure /dev/kdbus in the container is world accessible 2013-12-02 19:59:15 +01:00
Lennart Poettering
6717d47350 bus: when replying to an incoming message and the vtable contains the expected return signature generate an error if the response message doesn't match it 2013-12-02 15:29:40 +01:00
Shawn Landden
e93c33d4aa systemctl: add "systemctl cat" 2013-11-30 22:20:20 -05:00
Lennart Poettering
626851be97 bus: do kdbus only if this is enabled on the configure switch
Since we want to retain the ability to break kernel ←→ userspace ABI
after the next release, let's not make use by default of kdbus, so that
people with future kernels will not suddenly break with current systemd
versions.

kdbus support is left in all builds but must now be explicitly requested
at runtime (for example via setting $DBUS_SESSION_BUS). Via a configure
switch the old behaviour can be restored. In fact, we change autogen.sh
to do this, so that git builds (which run autogen.sh) get kdbus by
default, but tarball builds (which ue the configure defaults) do not get
it, and hence this stays out of the distros by default.
2013-11-30 20:18:48 +01:00
Lennart Poettering
4734b89564 update TODO 2013-11-30 19:55:23 +01:00
Lennart Poettering
49b832c5b8 bus: include unique and well known names in credentials object 2013-11-30 14:46:14 +01:00
Lennart Poettering
f38afcd0c7 clean up TODO 2013-11-28 18:44:50 +01:00