morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
94634b4b0312e4cdb88e37cbbb4f2ec9273cb28a
systemd/src/core
History
Lennart Poettering 94634b4b03 pid1: add D-Bus API for removing delegated subcgroups 
When running unprivileged containers, we run into a scenario where an
unpriv owned cgroup has a subcgroup delegated to another user (i.e. the
container's own UIDs). When the owner of that cgroup dies without
cleaning it up then the unpriv service manager might encounter a cgroup
it cannot delete anymore.

Let's address that: let's expose a method call on the service manager
(primarly in PID1) that can be used to delete a subcgroup of a unit one
owns. This would then allow the unpriv service manager to ask the priv
service manager to get rid of such a cgroup.

This commit only adds the method call, the next commit then adds the
code that makes use of this.
2025-01-08 15:27:25 +01:00
..
bpf
bpf-socket-bind: fix unexpected behavior with either 0 allow or deny rules
2024-03-24 11:08:58 +00:00
all-units.h
apparmor-setup.c
apparmor-setup.h
audit-fd.c
audit-fd.h
automount.c
core/manager: introduce manager_add_job_full() which takes extra TransactionAddFlags
2024-10-27 20:02:46 +01:00
automount.h
bpf-devices.c
basic/linux: update kernel headers from v6.10-rc3
2024-06-20 02:35:35 +09:00
bpf-devices.h
bpf-firewall.c
core/cgroup: call bpf_firewall_close in cgroup_runtime_free
2024-06-28 15:38:56 +02:00
bpf-firewall.h
core/cgroup: call bpf_firewall_close in cgroup_runtime_free
2024-06-28 15:38:56 +02:00
bpf-foreign.c
bpf-foreign.h
bpf-restrict-fs.c
bpf: add helper to translate kernel error codes from libbpf
2024-05-29 08:29:47 +02:00
bpf-restrict-fs.h
bpf-restrict-ifaces.c
fdset: optionally, close remaining fds asynchronously
2024-10-17 09:48:05 +02:00
bpf-restrict-ifaces.h
bpf-socket-bind.c
fdset: optionally, close remaining fds asynchronously
2024-10-17 09:48:05 +02:00
bpf-socket-bind.h
bpf-util.c
tree-wise: several cleanups for logging
2024-05-01 04:41:06 +09:00
bpf-util.h
cgroup.c
pid1: add D-Bus API for removing delegated subcgroups
2025-01-08 15:27:25 +01:00
cgroup.h
pid1: add D-Bus API for removing delegated subcgroups
2025-01-08 15:27:25 +01:00
clock-warp.c
manager: add structured log message about clock bump
2024-06-15 16:54:37 +02:00
clock-warp.h
manager: apply clock epoch on updates too
2024-06-15 16:20:16 +02:00
core-varlink.c
various: set info on varlink server object
2024-12-10 10:51:56 +01:00
core-varlink.h
core: reliably check if varlink socket has been deserialized
2024-07-23 19:38:57 +02:00
crash-handler.c
tree-wide: make sigactions static const
2025-01-04 16:40:53 +01:00
crash-handler.h
dbus-automount.c
dbus-automount.h
dbus-cgroup.c
Merge pull request #34787 from yuwata/core-ip-address-allow-deny
2024-10-21 16:35:49 +02:00
dbus-cgroup.h
dbus-device.c
dbus-device.h
dbus-execute.c
core: drop unnecessary header inclusion
2024-12-18 09:30:25 +01:00
dbus-execute.h
manager: switch service unit type over to using new handoff timestamping logic
2024-04-25 13:40:41 +02:00
dbus-job.c
core: switch j->unit->manager to j->manager
2024-04-18 20:25:39 +08:00
dbus-job.h
dbus-kill.c
dbus-kill.h
dbus-manager.c
pid1: add D-Bus API for removing delegated subcgroups
2025-01-08 15:27:25 +01:00
dbus-manager.h
dbus-mount.c
core: cast ignored retval of unit_realize_cgroup to void
2024-06-28 15:43:21 +02:00
dbus-mount.h
dbus-path.c
dbus-path.h
dbus-scope.c
core: cast ignored retval of unit_realize_cgroup to void
2024-06-28 15:43:21 +02:00
dbus-scope.h
dbus-service.c
core: move debug logging from _can_live_mount() functions to caller
2024-10-16 10:50:15 +02:00
dbus-service.h
dbus-slice.c
core: cast ignored retval of unit_realize_cgroup to void
2024-06-28 15:43:21 +02:00
dbus-slice.h
dbus-socket.c
core: Use RateLimit struct to store ratelimits
2024-08-14 14:18:40 +02:00
dbus-socket.h
dbus-swap.c
core: cast ignored retval of unit_realize_cgroup to void
2024-06-28 15:43:21 +02:00
dbus-swap.h
dbus-target.c
dbus-target.h
dbus-timer.c
timer: introduce DeferReactivation setting
2024-10-11 22:54:16 +02:00
dbus-timer.h
dbus-unit.c
pid1: add D-Bus API for removing delegated subcgroups
2025-01-08 15:27:25 +01:00
dbus-unit.h
pid1: add D-Bus API for removing delegated subcgroups
2025-01-08 15:27:25 +01:00
dbus-util.c
core/dbus: add assertions
2024-10-09 06:57:11 +09:00
dbus-util.h
core/dbus: introduce bus_verify_manage_units_async_impl()
2024-10-09 06:55:32 +09:00
dbus.c
dbus: log disconnect on api and system busses
2024-12-11 12:12:14 -07:00
dbus.h
core/dbus: move bus_verify_xyz() to dbus-util.c
2024-10-09 06:54:45 +09:00
device.c
core/device: handle ID_PROCESSING udev property
2024-12-20 10:52:57 +09:00
device.h
core/device: handle ID_PROCESSING udev property
2024-12-20 10:52:57 +09:00
dynamic-user.c
Drop support for nscd
2024-06-28 18:51:56 +02:00
dynamic-user.h
efi-random.c
efivars: Remove STRINGIFY() helper macros
2024-11-02 23:20:57 +01:00
efi-random.h
emergency-action.c
terminal-util: split out color macros/helpers into its own header
2024-07-19 11:44:04 +02:00
emergency-action.h
core: refuse invalid emergency actions for SuccessAction= and friends in user service manager
2024-05-18 02:51:34 +09:00
exec-credential.c
pid1: add support for decrypting per-user credentials
2024-12-20 17:52:01 +01:00
exec-credential.h
core/dbus-service: refuse bind mounting over /run/credentials/
2024-08-17 18:16:20 +02:00
exec-invoke.c
tree-wide: replace FLAGS_SET(..., 1 << v) with BIT_SET(..., v)
2024-12-28 15:08:00 +01:00
exec-invoke.h
execute-serialize.c
core: make ProtectHostname= optionally take a hostname
2024-12-16 23:55:44 +09:00
execute-serialize.h
execute.c
tree-wide: replace FLAGS_SET(..., 1 << v) with BIT_SET(..., v)
2024-12-28 15:08:00 +01:00
execute.h
core: make ProtectHostname= optionally take a hostname
2024-12-16 23:55:44 +09:00
executor.c
core: clean up ambient capability logging
2024-07-31 21:40:28 +02:00
fuzz-execute-serialize.c
Add ExtraFileDescriptor property to StartTransientUnit dbus API
2024-10-07 09:01:48 -07:00
fuzz-manager-serialize.c
fuzz-manager-serialize.options
fuzz-unit-file.c
fuzz-unit-file.options
generator-setup.c
generator-setup: use RET_GATHER()
2024-05-29 11:52:40 +02:00
generator-setup.h
ima-setup.c
ima-setup.h
import-creds.c
core/import-creds: use proc_cmdline_get_bool()
2024-07-13 22:58:23 +02:00
import-creds.h
ipe-setup.c
core: load IPE policy on boot
2024-10-02 18:29:43 +02:00
ipe-setup.h
core: load IPE policy on boot
2024-10-02 18:29:43 +02:00
job.c
core: make refuse_late_merge a proper attr of Job and introduce TRANSACTION_REENQUEUE_ANCHOR
2024-10-27 20:02:47 +01:00
job.h
core: make refuse_late_merge a proper attr of Job and introduce TRANSACTION_REENQUEUE_ANCHOR
2024-10-27 20:02:47 +01:00
kill.c
Fix confusion between killer and prey
2024-06-19 16:22:23 +02:00
kill.h
various: move const ptr indicator to return value
2024-06-19 16:28:28 +02:00
kmod-setup.c
use FOREACH_ELEMENT
2024-04-18 17:39:34 +02:00
kmod-setup.h
load-dropin.c
tree-wide: use strv_extend_strv_consume() where appropriate
2024-09-21 00:53:50 +02:00
load-dropin.h
core/unit: do not use unit path cache in unit_need_daemon_reload()
2024-08-09 19:25:42 +09:00
load-fragment-gperf-nulstr.awk
load-fragment-gperf.gperf.in
core: make ProtectHostname= optionally take a hostname
2024-12-16 23:55:44 +09:00
load-fragment.c
tree-wide: remove support for kernels lacking ambient caps
2024-12-17 17:34:46 +01:00
load-fragment.h
core: Migrate ProtectHostname to use enum vs boolean
2024-12-06 13:33:49 -08:00
main.c
terminal-util: introduce terminal_{new,detach}_session helpers
2025-01-02 21:14:38 +01:00
main.h
core: Add systemd.crash_action= kernel command line argument
2024-04-29 14:34:22 +02:00
manager-dump.c
manager: add list of subscribers to dump info
2024-12-11 12:12:14 -07:00
manager-dump.h
manager-serialize.c
serialize: add explicit calls for finishing serialization
2024-12-17 18:26:15 +01:00
manager-serialize.h
manager.c
tree-wide: make sigactions static const
2025-01-04 16:40:53 +01:00
manager.h
core: Introduce PrivatePIDs=
2024-11-05 05:32:02 -08:00
meson.build
core: load IPE policy on boot
2024-10-02 18:29:43 +02:00
mount.c
core/mount: don't keep cred mounts around after mounted
2024-12-13 10:29:27 +00:00
mount.h
Revert "core/credential,mount: re-read /proc/self/mountinfo before invoking umount command"
2024-06-12 00:54:26 +01:00
namespace.c
namespace-util: modernize fd_is_namespace() and is_our_namespace()
2025-01-04 17:07:59 +01:00
namespace.h
core: Bind mount notify socket to /run/host/notify in sandboxed units (#35573)
2024-12-13 13:48:07 +00:00
org.freedesktop.systemd1.conf
pid1: add D-Bus API for removing delegated subcgroups
2025-01-08 15:27:25 +01:00
org.freedesktop.systemd1.policy.in
org.freedesktop.systemd1.service
path.c
core/manager: introduce manager_add_job_full() which takes extra TransactionAddFlags
2024-10-27 20:02:46 +01:00
path.h
scope.c
core: do BindMount/MountImage operations in async control process
2024-08-29 12:48:55 +01:00
scope.h
selinux-access.c
core/selinux-access: use empty_to_na where appropriate
2024-05-02 13:36:52 +08:00
selinux-access.h
selinux-setup.c
selinux: kill mac_selinux_free()
2024-06-12 15:21:21 +02:00
selinux-setup.h
service.c
core: Bind mount notify socket to /run/host/notify in sandboxed units
2024-12-13 13:37:02 +01:00
service.h
core/service: place occurrences of SERVICE_MOUNTING closer to reload states
2024-10-22 19:19:47 +02:00
show-status.c
pid1: use $COLUMNS info in status_vprintf()
2024-07-19 11:44:05 +02:00
show-status.h
slice.c
core/slice: simplify slice_freezer_action a bit
2024-07-17 17:25:23 +02:00
slice.h
smack-setup.c
smack-setup.h
socket.c
core/socket: include peer pidfd id in socket service instance if available
2025-01-04 17:07:58 +01:00
socket.h
core/socket: trivial coding style cleanups
2024-12-30 21:43:52 +01:00
swap.c
core/service: preserve RuntimeDirectory= even if oneshot service exits
2024-12-02 10:57:45 +01:00
swap.h
system.conf.in
core: Add systemd.crash_action= kernel command line argument
2024-04-29 14:34:22 +02:00
systemd.pc.in
taint.c
taint: Add taint_strv() to get taints as an array
2024-08-14 14:18:40 +02:00
taint.h
taint: Add taint_strv() to get taints as an array
2024-08-14 14:18:40 +02:00
target.c
core: use FOREACH_ARRAY at 3 more places
2024-04-10 23:40:53 +08:00
target.h
timer.c
core/manager: introduce manager_add_job_full() which takes extra TransactionAddFlags
2024-10-27 20:02:46 +01:00
timer.h
timer: introduce DeferReactivation setting
2024-10-11 22:54:16 +02:00
transaction.c
core: make refuse_late_merge a proper attr of Job and introduce TRANSACTION_REENQUEUE_ANCHOR
2024-10-27 20:02:47 +01:00
transaction.h
core: make refuse_late_merge a proper attr of Job and introduce TRANSACTION_REENQUEUE_ANCHOR
2024-10-27 20:02:47 +01:00
unit-dependency-atom.c
core: drop effectively unused UNIT_ATOM_PROPAGATE_RESTART
2024-10-27 20:02:46 +01:00
unit-dependency-atom.h
core: drop effectively unused UNIT_ATOM_PROPAGATE_RESTART
2024-10-27 20:02:46 +01:00
unit-printf.c
core: use strdup_to()
2024-03-20 15:18:21 +01:00
unit-printf.h
unit-serialize.c
tree-wide: replace FLAGS_SET(..., 1 << v) with BIT_SET(..., v)
2024-12-28 15:08:00 +01:00
unit-serialize.h
unit.c
core: do not disconnect from bus when failed to install signal match
2024-12-29 15:58:08 +09:00
unit.h
core/service: preserve RuntimeDirectory= even if oneshot service exits
2024-12-02 10:57:45 +01:00
user.conf.in