Re: [systemd-devel] [ANNOUNCE] systemd 219

2015-02-18 Thread Maciej Wereski
Dnia wtorek, 17 lutego 2015 17:23:55 Lennart Poettering pisze:
> On Tue, 17.02.15 17:13, Maciej Wereski (m.were...@partner.samsung.com) 
wrote:
> > Hello,
> > 
> > Dnia poniedziałek, 16 lutego 2015 23:59:56 Lennart Poettering pisze:
> > > Note that this version is not available in Fedora F22/F23 yet. The
> > > linker on ARM segfaults. Since the i386 and x86_64 versions built
> > > fine, I decided to release 219 anyway.
> > 
> > I was able to build systemd v219 both on armv7l and aarch64. As a
> > workaround I had to disable Link Time Optimizations.
> 
> Well, did it segfault for you if you had lto on?
> 
> This toolchain bug is tracked here btw:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1193212

No, we have some issues rather specific to our buildsystem.

-- 
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [ANNOUNCE] systemd 219

2015-02-17 Thread Maciej Wereski
Hello,

Dnia poniedziałek, 16 lutego 2015 23:59:56 Lennart Poettering pisze:

> 
> Note that this version is not available in Fedora F22/F23 yet. The
> linker on ARM segfaults. Since the i386 and x86_64 versions built
> fine, I decided to release 219 anyway.
> 

I was able to build systemd v219 both on armv7l and aarch64. As a workaround I 
had to disable Link Time Optimizations.

Tizen 3.0:
gcc 4.9.2
binutils 2.24.90

cheers,
-- 
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] kdbus in d-bus project

2015-02-13 Thread Maciej Wereski
Dnia czwartek, 12 lutego 2015 18:28:45 Steven Noonan pisze:
> Hi all,

Hello,

> Is anyone maintaining a patch series against upstream d-bus for kdbus
> integration? I checked the kdbus-dev branch linked to by the kdbus
> Google Code page:
> 
> https://review.tizen.org/git/?p=platform/upstream/dbus.git;a=shortlog;h=refs
> /heads/kdbus-dev
> 
> But it hasn't been updated in over a year, and in that time kdbus has
> changed almost completely (i.e. now is kdbusfs...).

As you stated kdbus has changed quite fast. That's the main reason why kdbus 
support development in libdbus was halted. Now, when kdbus is stabilizing we 
plan to restart the efforts with libdbus.  Kdbus in glib is more mature, if 
you'd like to see it, you'll find it in official repo: 
<https://git.gnome.org/browse/glib/log/?h=wip/kdbus-junk>

We will discuss it with dbus upstream.

cheers,
-- 
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCH] config_parse_exec_mount_flags: get rid of unnecessary copy

2015-02-13 Thread Maciej Wereski
Dnia środa, 11 lutego 2015 13:08:26 Lennart Poettering pisze:

> This optimization is not valid.
> 
> If 'word' is set to "sh", then l will be 2, and strneq(word, "shared",
> 2) is true, but we don't actually want to allow such abbreviations!
> 
> Lennart

True, I can use strlen("shared" ) then as a n value in strneq. Or please at 
least change that:

-else if (streq(word, "private"))
+   else if (streq(t, "private"))

regards,
-- 
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCH] config_parse_exec_mount_flags: get rid of unnecessary copy

2015-02-06 Thread Maciej Wereski
---
 src/core/load-fragment.c | 14 --
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 90bf563..6108d12 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -1203,21 +1203,15 @@ int config_parse_exec_mount_flags(const char *unit,
 assert(data);
 
 FOREACH_WORD_SEPARATOR(word, l, rvalue, ", ", state) {
-_cleanup_free_ char *t;
-
-t = strndup(word, l);
-if (!t)
-return log_oom();
-
-if (streq(t, "shared"))
+if (strneq(word, "shared", l))
 flags = MS_SHARED;
-else if (streq(t, "slave"))
+else if (strneq(word, "slave", l))
 flags = MS_SLAVE;
-else if (streq(word, "private"))
+else if (strneq(word, "private", l))
 flags = MS_PRIVATE;
 else {
 log_syntax(unit, LOG_ERR, filename, line, EINVAL,
-   "Failed to parse mount flag %s, ignoring: 
%s", t, rvalue);
+   "Failed to parse mount flag %.*s, ignoring: 
%s", l, word, rvalue);
 return 0;
 }
 }
-- 
2.3.0

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCH v10] tmpfiles, man: Add xattr support to tmpfiles

2014-12-04 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
v10:
* use strv_consume_pair()
* small refactorization and cleanup

v9:
* fully parse xattrs in one place
* remove potential double free()

v8:
* update man

v7:
* use strv_consume() instead of strv_extend()
* use only lsetxattr()
* do not label in 'z' option
* style fixes and cleanup

v6:
* rebase
* man fixes
* use glibc xattr
* use unquote_first_word() instead of own parsing logic

v5:
* fixes for HAVE_XATTR undefined
* use cunescape() instead of strreplace()
* cache result of strv_length()
* fix typo in manpage

v4:
* grammar fix in man
* style fix

v3:
* "may be used" instead of "should be used" in manpage
* use strv_isempty() instead of != NULL
* rework item_set_xattrs() with split_pair()
* remove copy_item_contents()
* use hashmap_replace() instead of removed copy_item_contents()
* use strv_extend() instead of strv_append()
* cleanup
---
 man/tmpfiles.d.xml  |  32 ---
 src/tmpfiles/tmpfiles.c | 139 
 2 files changed, 155 insertions(+), 16 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 1b14d69..4f2e640 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -343,6 +343,25 @@ L/tmp/foobar ----   
/dev/null
 normal path
 names.
 
+
+
+t
+Set extended
+attributes on item. It may be
+used in conjunction with other
+types (only d,
+D, 
f,
+F, 
L,
+p, 
c,
+b, makes sense).
+If used as a standalone line, then
+systemd-tmpfiles
+will try to set extended
+attributes on specified path.
+This can be especially used to set
+SMACK labels.
+
+
 
 
 If the exclamation mark is used, this
@@ -430,7 +449,7 @@ r! /tmp/.X[0-9]*-lock
 will not be modified. This parameter is
 ignored for x,
 r, R,
-L lines.
+L, t 
lines.
 
 Optionally, if prefixed with
 ~, the access mode is masked
@@ -462,8 +481,8 @@ r! /tmp/.X[0-9]*-lock
 ownership will not be modified. These
 parameters are ignored for
 x, r,
-R, L
-lines.
+R, L,
+t lines.
 
 
 
@@ -527,8 +546,8 @@ r! /tmp/.X[0-9]*-lock
 specify a short string that is written to the
 file, suffixed by a newline. For
 C, specifies the source file
-or directory. Ignored for all other
-lines.
+or directory. For t determines
+extended attributes to be set. Ignored for all other 
lines.
 
 
 
@@ -540,7 +559,8 @@ r! /tmp/.X[0-9]*-lock
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /run/screens  1777 root root 10d
-d /run/uscreens 0755 root root 10d12h
+d /run/uscreens 0755 root root 10d12h
+t /run/screen - - - - user.name="John Smith" 
security.SMACK64=screen
 
 
 /etc/tmpfiles.d/abrt.conf example
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index d60c577..d40bd96 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "log.h"
 #include "util.h"
@@ -71,6 +72,7 @@ typedef enum ItemTy

[systemd-devel] [PATCH v9] tmpfiles, man: Add xattr support to tmpfiles

2014-12-03 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
v9:
* fully parse xattrs in one place
* remove potential double free()

v8:
* update man

v7:
* use strv_consume() instead of strv_extend()
* use only lsetxattr()
* do not label in 'z' option
* style fixes and cleanup

v6:
* rebase
* man fixes
* use glibc xattr
* use unquote_first_word() instead of own parsing logic

v5:
* fixes for HAVE_XATTR undefined
* use cunescape() instead of strreplace()
* cache result of strv_length()
* fix typo in manpage

v4:
* grammar fix in man
* style fix

v3:
* "may be used" instead of "should be used" in manpage
* use strv_isempty() instead of != NULL
* rework item_set_xattrs() with split_pair()
* remove copy_item_contents()
* use hashmap_replace() instead of removed copy_item_contents()
* use strv_extend() instead of strv_append()
* cleanup
---
 man/tmpfiles.d.xml  |  32 +--
 src/tmpfiles/tmpfiles.c | 150 
 2 files changed, 166 insertions(+), 16 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 1b14d69..4f2e640 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -343,6 +343,25 @@ L/tmp/foobar ----   
/dev/null
 normal path
 names.
 
+
+
+t
+Set extended
+attributes on item. It may be
+used in conjunction with other
+types (only d,
+D, 
f,
+F, 
L,
+p, 
c,
+b, makes sense).
+If used as a standalone line, then
+systemd-tmpfiles
+will try to set extended
+attributes on specified path.
+This can be especially used to set
+SMACK labels.
+
+
 
 
 If the exclamation mark is used, this
@@ -430,7 +449,7 @@ r! /tmp/.X[0-9]*-lock
 will not be modified. This parameter is
 ignored for x,
 r, R,
-L lines.
+L, t 
lines.
 
 Optionally, if prefixed with
 ~, the access mode is masked
@@ -462,8 +481,8 @@ r! /tmp/.X[0-9]*-lock
 ownership will not be modified. These
 parameters are ignored for
 x, r,
-R, L
-lines.
+R, L,
+t lines.
 
 
 
@@ -527,8 +546,8 @@ r! /tmp/.X[0-9]*-lock
 specify a short string that is written to the
 file, suffixed by a newline. For
 C, specifies the source file
-or directory. Ignored for all other
-lines.
+or directory. For t determines
+extended attributes to be set. Ignored for all other 
lines.
 
 
 
@@ -540,7 +559,8 @@ r! /tmp/.X[0-9]*-lock
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /run/screens  1777 root root 10d
-d /run/uscreens 0755 root root 10d12h
+d /run/uscreens 0755 root root 10d12h
+t /run/screen - - - - user.name="John Smith" 
security.SMACK64=screen
 
 
 /etc/tmpfiles.d/abrt.conf example
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index d60c577..4ef7bb2 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "log.h"
 #include "util.h"
@@ -71,6 +72,7 @@ typedef enum ItemType {
 CREATE_CHAR_DEVICE = 'c',
 CREATE_BLOCK_DEVICE

[systemd-devel] [PATCH v8] tmpfiles, man: Add xattr support to tmpfiles

2014-11-13 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
v8:
* update man

v7:
* use strv_consume() instead of strv_extend()
* use only lsetxattr()
* do not label in 'z' option
* style fixes and cleanup

v6:
* rebase
* man fixes
* use glibc xattr
* use unquote_first_word() instead of own parsing logic

v5:
* fixes for HAVE_XATTR undefined
* use cunescape() instead of strreplace()
* cache result of strv_length()
* fix typo in manpage

v4:
* grammar fix in man
* style fix

v3:
* "may be used" instead of "should be used" in manpage
* use strv_isempty() instead of != NULL
* rework item_set_xattrs() with split_pair()
* remove copy_item_contents()
* use hashmap_replace() instead of removed copy_item_contents()
* use strv_extend() instead of strv_append()
* cleanup
---
 man/tmpfiles.d.xml  |  32 +--
 src/tmpfiles/tmpfiles.c | 145 
 2 files changed, 159 insertions(+), 18 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 1b14d69..4f2e640 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -343,6 +343,25 @@ L/tmp/foobar ----   
/dev/null
 normal path
 names.
 
+
+
+t
+Set extended
+attributes on item. It may be
+used in conjunction with other
+types (only d,
+D, 
f,
+F, 
L,
+p, 
c,
+b, makes sense).
+If used as a standalone line, then
+systemd-tmpfiles
+will try to set extended
+attributes on specified path.
+This can be especially used to set
+SMACK labels.
+
+
 
 
 If the exclamation mark is used, this
@@ -430,7 +449,7 @@ r! /tmp/.X[0-9]*-lock
 will not be modified. This parameter is
 ignored for x,
 r, R,
-L lines.
+L, t 
lines.
 
 Optionally, if prefixed with
 ~, the access mode is masked
@@ -462,8 +481,8 @@ r! /tmp/.X[0-9]*-lock
 ownership will not be modified. These
 parameters are ignored for
 x, r,
-R, L
-lines.
+R, L,
+t lines.
 
 
 
@@ -527,8 +546,8 @@ r! /tmp/.X[0-9]*-lock
 specify a short string that is written to the
 file, suffixed by a newline. For
 C, specifies the source file
-or directory. Ignored for all other
-lines.
+or directory. For t determines
+extended attributes to be set. Ignored for all other 
lines.
 
 
 
@@ -540,7 +559,8 @@ r! /tmp/.X[0-9]*-lock
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /run/screens  1777 root root 10d
-d /run/uscreens 0755 root root 10d12h
+d /run/uscreens 0755 root root 10d12h
+t /run/screen - - - - user.name="John Smith" 
security.SMACK64=screen
 
 
 /etc/tmpfiles.d/abrt.conf example
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 1e4675f..c5bb4e7 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "log.h"
 #include "util.h"
@@ -71,6 +72,7 @@ typedef enum ItemType {
 CREATE_CHAR_DEVICE = 'c',
 CREATE_BLOCK_DEVICE = 'b',
 COPY_FILES = 'C',
+SET_XATTR = 't',
 
 

[systemd-devel] [PATCH v7] tmpfiles, man: Add xattr support to tmpfiles

2014-11-12 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
v7:
* use strv_consume() instead of strv_extend()
* use only lsetxattr()
* do not label in 'z' option
* style fixes and cleanup

v6:
* rebase
* man fixes
* use glibc xattr
* use unquote_first_word() instead of own parsing logic

v5:
* fixes for HAVE_XATTR undefined
* use cunescape() instead of strreplace()
* cache result of strv_length()
* fix typo in manpage

v4:
* grammar fix in man
* style fix

v3:
* "may be used" instead of "should be used" in manpage
* use strv_isempty() instead of != NULL
* rework item_set_xattrs() with split_pair()
* remove copy_item_contents()
* use hashmap_replace() instead of removed copy_item_contents()
* use strv_extend() instead of strv_append()
* cleanup
---
 man/tmpfiles.d.xml  |  32 +--
 src/tmpfiles/tmpfiles.c | 145 
 2 files changed, 159 insertions(+), 18 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 1b14d69..acf87cf 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -343,6 +343,25 @@ L/tmp/foobar ----   
/dev/null
 normal path
 names.
 
+
+
+t
+Set extended
+attributes on item. It may be
+used in conjunction with other
+types (only d,
+D, 
f,
+F, 
L,
+p, 
c,
+b, 
z
+makes sense). If used as a standalone
+line, then systemd-tmpfiles
+ will try to set extended
+attributes on specified path.
+This can be especially used to set
+SMACK labels.
+
+
 
 
 If the exclamation mark is used, this
@@ -430,7 +449,7 @@ r! /tmp/.X[0-9]*-lock
 will not be modified. This parameter is
 ignored for x,
 r, R,
-L lines.
+L, t 
lines.
 
 Optionally, if prefixed with
 ~, the access mode is masked
@@ -462,8 +481,8 @@ r! /tmp/.X[0-9]*-lock
 ownership will not be modified. These
 parameters are ignored for
 x, r,
-R, L
-lines.
+R, L,
+t lines.
 
 
 
@@ -527,8 +546,8 @@ r! /tmp/.X[0-9]*-lock
 specify a short string that is written to the
 file, suffixed by a newline. For
 C, specifies the source file
-or directory. Ignored for all other
-lines.
+or directory. For t determines
+extended attributes to be set. Ignored for all other 
lines.
 
 
 
@@ -540,7 +559,8 @@ r! /tmp/.X[0-9]*-lock
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /run/screens  1777 root root 10d
-d /run/uscreens 0755 root root 10d12h
+d /run/uscreens 0755 root root 10d12h
+t /run/screen - - - - user.name="John Smith" 
security.SMACK64=screen
 
 
 /etc/tmpfiles.d/abrt.conf example
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 1e4675f..c5bb4e7 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "log.h"
 #include "util.h"
@@ -71,6 +72,7 @@ typedef enum ItemType {
 CREATE_CHAR_DEVICE = 'c',
 CREATE_BLOCK_DEVICE = 'b',
 COPY_FILES = 'C',
+SET_XATTR = 't',
 
 /* These ones 

Re: [systemd-devel] [PATCHv6] tmpfiles, man: Add xattr support to tmpfiles

2014-11-12 Thread Maciej Wereski

10.11.2014 at 23:55 Lennart Poettering  wrote:

On Thu, 30.10.14 12:21, Maciej Wereski (m.were...@partner.samsung.com)  
wrote:




+static int get_xattrs_from_arg(Item *i) {
+_cleanup_free_ char *xattr = NULL;
+const char *p;
+int n;
+
+assert(i);
+if (i->type != SET_XATTR)
+return 0;
+
+if (!i->argument) {
+log_error("%s: Argument can't be empty!", i->path);
+return -EBADMSG;
+}
+p = i->argument;
+
+while ((n = unquote_first_word(&p, &xattr)) > 0) {
+if (strv_extend(&i->xattrs, xattr) < 0)
+return log_oom();
+free(xattr);
+xattr = NULL;
+}


Please use strv_consume() or strv_push() here, to make the additional
copy unnecessary. Also please, generate a parse failure if
unquote_first_workd() fails due to parse errors.


What does it mean parse failure? I'm passing return value of  
unquote_first_word(). Should it be something else?



+r = get_xattrs_from_arg(i);
+if (r < 0)
+return r;
+
+if (strv_isempty(i->xattrs))
+return 0;
+
+STRV_FOREACH(x, i->xattrs) {
+_cleanup_free_ char *name = NULL, *value = NULL, *tmp  
= NULL;

+n = split_pair(*x, "=", &name, &value);
+if (n < 0)
+return n;
+tmp = unquote(value, "\"");
+if (!tmp)
+return log_oom();
+free(value);
+value = cunescape(tmp);
+if (!value)
+return log_oom();
+n = strlen(value);
+if (i->type == CREATE_SYMLINK) {
+if (lsetxattr(path, name, value, n+1, 0) < 0) {
+log_error("Setting extended attribute  
%s=%s on symlink %s failed: %m", name, value, path);

+return -errno;
+}
+}
+else if (setxattr(path, name, value, n+1, 0) < 0) {
+log_error("Setting extended attribute %s=%s on  
%s failed: %m", name, value, path);

+return -errno;
+}


The indentation is wrong.
[cut]


Hmm? I'm using systemd .vimrc, so what is wrong with indentation here  
precisely?




@@ -894,6 +983,12 @@ static int create_item(Item *i) {
 r = glob_item(i, item_set_perms);
 if (r < 0)
 return r;
+
+if (i->xattrs) {
+r = glob_item(i, item_set_xattrs);
+if (r < 0)
+return r;
+}
 break;


Hmm, ths would mean we resolve the globbing twice. Once for
item_set_perms() and once for item_set_xattr(). I think it would be
better to do this in one call.



I've removed this completely. item_set_perms already calls label_fix,  
which calls SMACK function.


regards,
--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCHv6] tmpfiles, man: Add xattr support to tmpfiles

2014-10-30 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
v6:
* rebase
* man fixes
* use glibc xattr
* use unquote_first_word() instead of own parsing logic

v5:
* fixes for HAVE_XATTR undefined
* use cunescape() instead of strreplace()
* cache result of strv_length()
* fix typo in manpage

v4:
* grammar fix in man
* style fix

v3:
* "may be used" instead of "should be used" in manpage
* use strv_isempty() instead of != NULL
* rework item_set_xattrs() with split_pair()
* remove copy_item_contents()
* use hashmap_replace() instead of removed copy_item_contents()
* use strv_extend() instead of strv_append()
* cleanup
---
 man/tmpfiles.d.xml  |  32 --
 src/tmpfiles/tmpfiles.c | 160 
 2 files changed, 173 insertions(+), 19 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index f2360ba..731efd9 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -343,6 +343,25 @@ L/tmp/foobar ----   
/dev/null
 normal path
 names.
 
+
+
+t
+Set extended
+attributes on item. It may be
+used in conjunction with other
+types (only d,
+D, 
f,
+F, 
L,
+p, 
c,
+b, 
z
+makes sense). If used as a standalone
+line, then systemd-tmpfiles
+ will try to set extended
+attributes on specified path.
+This can be especially used to set
+SMACK labels.
+
+
 
 
 If the exclamation mark is used, this
@@ -430,7 +449,7 @@ r! /tmp/.X[0-9]*-lock
 will not be modified. This parameter is
 ignored for x,
 r, R,
-L lines.
+L, t 
lines.
 
 Optionally, if prefixed with
 ~, the access mode is masked
@@ -462,8 +481,8 @@ r! /tmp/.X[0-9]*-lock
 ownership will not be modified. These
 parameters are ignored for
 x, r,
-R, L
-lines.
+R, L,
+t lines.
 
 
 
@@ -527,8 +546,8 @@ r! /tmp/.X[0-9]*-lock
 specify a short string that is written to the
 file, suffixed by a newline. For
 C, specifies the source file
-or directory. Ignored for all other
-lines.
+or directory. For t determines
+extended attributes to be set. Ignored for all other 
lines.
 
 
 
@@ -540,7 +559,8 @@ r! /tmp/.X[0-9]*-lock
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /run/screens  1777 root root 10d
-d /run/uscreens 0755 root root 10d12h
+d /run/uscreens 0755 root root 10d12h
+t /run/screen - - - - user.name="John Smith" 
security.SMACK64=screen
 
 
 /etc/tmpfiles.d/abrt.conf example
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 1e4675f..30857ed 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "log.h"
 #include "util.h"
@@ -71,6 +72,7 @@ typedef enum ItemType {
 CREATE_CHAR_DEVICE = 'c',
 CREATE_BLOCK_DEVICE = 'b',
 COPY_FILES = 'C',
+SET_XATTR = 't',
 
 /* These ones take globs */
 WRITE_FILE = 'w',
@@ -88,6 +90,7 @@ typedef struct Item {
 
 char *path;
 char *argument;
+

Re: [systemd-devel] [RFC] tmpfiles.d with mac_label

2014-10-23 Thread Maciej Wereski

3.10.2014 at 10:34 WaLyong Cho  wrote:


As we know we can make a direcory or link or file or some others by
using tmpfiles.d. But we can not apply mac_label on there when after
that is genreated.


Last year I've proposed patch, that was adding xattr option to tmpfiles
(which can be used for SMACK labeling). This is latest patch:
<http://lists.freedesktop.org/archives/systemd-devel/2013-December/015053.html>

Problem was, that upstream wanted me to use str/strv API, which
unfortunately didn't work well in my case.


How about add mac_label field on tmpfiles.d? Actually, now we can not
assign a mac_label to newly generated directory. So we make a script
which include mkdir/chsmack. (I'm not sure chsmack is official tool for
get/set SMACK label. Anyway.) If tmpfiles.d have a field for mac_label
then we don't need such a terrible scripts.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


regards,
--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCH] fsck: re-enable fsck -l

2014-10-22 Thread Maciej Wereski

22.10.2014 at 10:28 Karel Zak  wrote:


The -l (lock) has been temporary disabled due to conflict with
udev (https://bugs.freedesktop.org/show_bug.cgi?id=79576)

The problem is fixed since util-linux v2.25 (Jul 2014).
---
 README  |  3 ++-
 src/fsck/fsck.c | 13 -
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/README b/README
index e0edd41..8f7a96e 100644
--- a/README
+++ b/README
@@ -129,8 +129,9 @@ REQUIREMENTS:
 During runtime, you need the following additional
 dependencies:
-util-linux >= v2.19 (requires fsck -l, agetty -s),
+util-linux >= v2.19 required for agetty -s
   v2.21 required for tests in test/
+  v2.25 required for fsck -l


Well, actually it should be util-linux >= v2.25 now. -l is always enabled,
so on earlier versions of util-linux the bug remains.


 dbus >= 1.4.0 (strictly speaking optional, but recommended)
 sulogin (from util-linux >= 2.22 or sysvinit-tools, optional  
but recommended,

  required for tests in test/)
diff --git a/src/fsck/fsck.c b/src/fsck/fsck.c
index dfe97bc..70a5918 100644
--- a/src/fsck/fsck.c
+++ b/src/fsck/fsck.c
@@ -320,16 +320,11 @@ int main(int argc, char *argv[]) {
 cmdline[i++] = "-T";
/*
- * Disable locking which conflict with udev's event
- * ownershipi, until util-linux moves the flock
- * synchronization file which prevents multiple fsck running
- * on the same rotationg media, from the disk device
- * node to a privately owned regular file.
- *
- * https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5
- *
- * cmdline[i++] = "-l";
+ * Since util-linux v2.25 fsck uses /run/fsck/.lock  
files.
+ * The previous versions use flock for the device and conflict  
with
+ * udevd, see  
https://bugs.freedesktop.org/show_bug.cgi?id=79576#c5

  */
+cmdline[i++] = "-l";
if (!root_directory)
         cmdline[i++] = "-M";


regards,
--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [RFC] Mounting $XGD_RUNTIME_DIR with units instead of logind code.

2014-10-08 Thread Maciej Wereski

Hello,

Lately I've been working on updating systemd (currently 208) in Tizen. One
of problems we've stumbled upon was with user@.service failing. Problem
was on SMACK-enabled system, caused by 1c231f5 (logind: make
$XDG_RUNTIME_DIR a per-user tmpfs).

When $XDG_RUNTIME_DIR is mounted it inherits logind label, which in turn
forbid users to access theirs directories.

One solution would be to add "if (use_smack())
mount(..."smackfsroot=*"...)" in logind-user.c,
but it would also require to add CAP_MAC_ADMIN to systemd-logind.service.

Another solution would be to remove mounting logic from logind-user.c
completely and add run-user@.mount. user@.service would gain following
lines:
Requires=run-user@%I.mount
After=run-user@%I.mount

Unfortunately, currently it's not possible.
First problem is that unit isn't named after path, so that requirement
needs to be removed first.
Second - we don't have gid, but it doesn't seem to be an issue, as mode is
set to 0700.

Then, in Tizen we could just add "smackfsroot" to options. Alternatively
SmackLabel= option could be added for mount units, which would
automatically append "smackfsroot" to options, when SMACK is enabled.

How should we solve this issue?

regards,
--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCH] shorten_uuid: use proper table size

2014-06-11 Thread Maciej Wereski

10.06.2014 at 19:20 Lennart Poettering  wrote:

On Wed, 28.05.14 11:24, Maciej Wereski (m.were...@partner.samsung.com)  
wrote:



>When the function is called the buffer is filled with 36 chars, and we
>then strip the non-hex-chars, so that 34 chars result. But the function
>signature should still indicate that we need 36 chars initially..
>
>Lennart

Well, i (< 36) is used for source and j (< 32) is used for destination.
After the loop destination[32] and destination[33] is set. Also
shorten_uuid() is used in two places, where id[34] is passed as
destination. So it looked for me like destination should be 34.


I am an idiot and you are right... I now merged a patch that turns both
strings into arrays and we speciy both sizes. I hope that cleans up the
confusion. Please check!

Lennart



Looks good, thanks.

regards,
--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCH] shorten_uuid: use proper table size

2014-05-28 Thread Maciej Wereski

16.05.2014 at 16:41 Lennart Poettering  wrote:

On Fri, 16.05.14 11:00, Maciej Wereski (m.were...@partner.samsung.com)  
wrote:



---
 src/core/machine-id-setup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
index 2a58e48..0544117 100644
--- a/src/core/machine-id-setup.c
+++ b/src/core/machine-id-setup.c
@@ -38,7 +38,7 @@
 #include "fileio.h"
 #include "path-util.h"

-static int shorten_uuid(char destination[36], const char *source) {
+static int shorten_uuid(char destination[34], const char *source) {
 unsigned i, j;

 for (i = 0, j = 0; i < 36 && j < 32; i++) {


Hmm? This patch doesn't look right.

When the function is called the buffer is filled with 36 chars, and we
then strip the non-hex-chars, so that 34 chars result. But the function
signature should still indicate that we need 36 chars initially..

Lennart


Well, i (< 36) is used for source and j (< 32) is used for destination.
After the loop destination[32] and destination[33] is set. Also
shorten_uuid() is used in two places, where id[34] is passed as
destination. So it looked for me like destination should be 34.

regards,
--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCH] shorten_uuid: use proper table size

2014-05-16 Thread Maciej Wereski
---
 src/core/machine-id-setup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
index 2a58e48..0544117 100644
--- a/src/core/machine-id-setup.c
+++ b/src/core/machine-id-setup.c
@@ -38,7 +38,7 @@
 #include "fileio.h"
 #include "path-util.h"
 
-static int shorten_uuid(char destination[36], const char *source) {
+static int shorten_uuid(char destination[34], const char *source) {
 unsigned i, j;
 
 for (i = 0, j = 0; i < 36 && j < 32; i++) {
-- 
1.9.2

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCH] Add CAP_MAC_OVERRIDE in logind and hostnamed units

2014-03-07 Thread Maciej Wereski

07.03.2014 at 14:27 Zbigniew Jędrzejewski-Szmek  wrote:


What is it needed for?


To fix SMACK:

[8.715491] type=1400 audit(946708910.490:2): lsm=SMACK  
fn=smack_inode_permission action=denied subject="System" object="_"  
requested=w pid=2324 comm="systemd-logind" dev="tmpfs" ino=11023
[8.731766] type=1400 audit(946708910.510:3): lsm=SMACK  
fn=smack_inode_permission action=denied subject="System" object="_"  
requested=w pid=2324 comm="systemd-logind" dev="tmpfs" ino=11023
[9.570774] type=1400 audit(946708911.345:4): lsm=SMACK  
fn=smack_inode_permission action=denied subject="System" object="_"  
requested=w pid=2412 comm="systemd-hostnam" dev="tmpfs" ino=9174
[9.587658] type=1400 audit(946708911.360:5): lsm=SMACK  
fn=smack_inode_permission action=denied subject="System" object="_"  
requested=w pid=2412 comm="systemd-hostnam" dev="tmpfs" ino=9175


Should it be fixed in some other way?


Zbyszek


regards,
--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCH] Add CAP_MAC_OVERRIDE in logind and hostnamed units

2014-03-07 Thread Maciej Wereski
---
 units/systemd-hostnamed.service.in |2 +-
 units/systemd-logind.service.in|2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/units/systemd-hostnamed.service.in 
b/units/systemd-hostnamed.service.in
index 3f5ef75..ac7d9b6 100644
--- a/units/systemd-hostnamed.service.in
+++ b/units/systemd-hostnamed.service.in
@@ -13,5 +13,5 @@ 
Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed
 [Service]
 ExecStart=@rootlibexecdir@/systemd-hostnamed
 BusName=org.freedesktop.hostname1
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_MAC_OVERRIDE 
CAP_SYS_PTRACE
 WatchdogSec=1min
diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
index c6cbd1c..125f201 100644
--- a/units/systemd-logind.service.in
+++ b/units/systemd-logind.service.in
@@ -23,7 +23,7 @@ ExecStart=@rootlibexecdir@/systemd-logind
 Restart=always
 RestartSec=0
 BusName=org.freedesktop.login1
-CapabilityBoundingSet=CAP_SYS_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL 
CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL 
CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_MAC_OVERRIDE CAP_FOWNER 
CAP_SYS_TTY_CONFIG
 WatchdogSec=1min
 
 # Increase the default a bit in order to allow many simultaneous
-- 
1.7.9.5

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Compilation error on Debian

2014-02-20 Thread Maciej Wereski

20.02.2014 on 09:59 Holger Schurig  wrote:


I'm on Debian 7.4 (the current stable one), gcc is "gcc (Debian
4.7.2-5) 4.7.2". I get lots of warnings, but also a compilation error.

I also get one warning at autogen time and one warning at configure time.


For the compilation error: I have libc6-dev in version 2.13-38+deb7u1.
Doesn't that one define setns? The libc6-dev *.deb provides
/usr/include/i386-linux-gnu/bits/syscall.h, which at least defines
SYS_setns.

[cut]


You need glibc >= 2.14


...
  CCLD   pam_systemd.la
libsystemd_internal_la-bus-message.o (symbol from plugin): warning:
memset used with constant zero length parameter; this could be due to
transposed parameters
/tmp/ccSsUdbL.ltrans11.ltrans.o: In function `namespace_enter':
ccSsUdbL.ltrans11.o:(.text+0xf94): undefined reference to `setns'
ccSsUdbL.ltrans11.o:(.text+0xfa8): undefined reference to `setns'
collect2: error: ld returned 1 exit status
make[2]: *** [pam_systemd.la] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2


for details please see commit 4ec181a0065102ccb0a8992ed9f2fa4860e44b43

regards,
--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCH 2/2] systemctl: remove erroneous return in runlevel_parse_argv()

2014-02-19 Thread Maciej Wereski
---
 src/systemctl/systemctl.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index ef0cbc5..e529095 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -5879,7 +5879,6 @@ static int runlevel_parse_argv(int argc, char *argv[]) {
 
 case ARG_HELP:
 return runlevel_help();
-return 0;
 
 case '?':
 return -EINVAL;
-- 
1.9.0

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCH 1/2] logind: remove redundant check in manager_new()

2014-02-19 Thread Maciej Wereski
---
 src/login/logind.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/login/logind.c b/src/login/logind.c
index 2add241..7aea3cd 100644
--- a/src/login/logind.c
+++ b/src/login/logind.c
@@ -73,8 +73,7 @@ Manager *manager_new(void) {
 m->busnames = set_new(string_hash_func, string_compare_func);
 
 if (!m->devices || !m->seats || !m->sessions || !m->users || 
!m->inhibitors || !m->buttons || !m->busnames ||
-!m->user_units || !m->session_units ||
-!m->busnames) {
+!m->user_units || !m->session_units) {
 manager_free(m);
 return NULL;
 }
-- 
1.9.0

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCHv5] tmpfiles, man: Add xattr support to tmpfiles

2014-01-16 Thread Maciej Wereski

11.12.2013 at 15:15 Lennart Poettering  wrote:

On Wed, 11.12.13 14:24, Maciej Wereski (m.were...@partner.samsung.com)  
wrote:



>>+xattr = new0(char, strlen(i->argument)+1);
>>+if (!xattr)
>>+return log_oom();
>>+
>>+tmp = strv_split(i->argument, WHITESPACE);
>>+if (!tmp)
>>+return log_oom();
>>+
>>+strv_len = strv_length(tmp);
>>+for (n = 0; n < strv_len; ++n) {
>
>Sounds like a job for the STRV_FOREACH() macro. Since you don't  
actually

>need the strv as strv here it sounds like you actually really want to
>use FOREACH_WORD_QUOTED() for this, which will also do the unquoting  
for

>you.

Well, FOREACH_WORD_QUOTED() won't work properly, because quotation marks
aren't first chars in strings (e.g. user.name="John Smith"). Maybe  
better
idea would be to introduce mandatory separator (e.g. semicolon) instead  
of

quotation marks.


Yeah, FOREACH_WORD_QUOTED() is quite badly designed. We should fix it to
do somewhat sane quoting and escaping. I'll look into it.


There is one problem with using it in this patch. In my case quotation  
mark isn't first char of the string, so using pointer and length won't get  
rid of it. String needs to be modified.


regards,
--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCHv5] tmpfiles, man: Add xattr support to tmpfiles

2013-12-11 Thread Maciej Wereski

10.12.2013 at 20:48 Lennart Poettering  wrote:

On Wed, 04.12.13 15:27, Maciej Wereski (m.were...@partner.samsung.com)  
wrote:




+#ifdef HAVE_XATTR
+static int get_xattrs_from_arg(Item *i){
+_cleanup_free_ char *xattr = NULL;
+_cleanup_strv_free_ char **tmp = NULL;
+char *p;
+unsigned n, len, strv_len;
+
+assert(i);
+if (i->type != SET_XATTR)
+return 0;
+
+if (!i->argument) {
+log_error("%s: Argument can't be empty!", i->path);
+return -EBADMSG;
+}
+xattr = new0(char, strlen(i->argument)+1);
+if (!xattr)
+return log_oom();
+
+tmp = strv_split(i->argument, WHITESPACE);
+if (!tmp)
+return log_oom();
+
+strv_len = strv_length(tmp);
+for (n = 0; n < strv_len; ++n) {


Sounds like a job for the STRV_FOREACH() macro. Since you don't actually
need the strv as strv here it sounds like you actually really want to
use FOREACH_WORD_QUOTED() for this, which will also do the unquoting for
you.


Well, FOREACH_WORD_QUOTED() won't work properly, because quotation marks
aren't first chars in strings (e.g. user.name="John Smith"). Maybe better
idea would be to introduce mandatory separator (e.g. semicolon) instead of
quotation marks.

regards,

--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCHv5] tmpfiles, man: Add xattr support to tmpfiles

2013-12-04 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
I'm sorry for late reply, but there were some unexpected events which
excluded me from life for a while.

v5:
* fixes for HAVE_XATTR undefined
* use cunescape() instead of strreplace()
* cache result of strv_length()
* fix typo in manpage

v4:
* grammar fix in man
* style fix

v3:
* "may be used" instead of "should be used" in manpage
* use strv_isempty() instead of != NULL
* rework item_set_xattrs() with split_pair()
* remove copy_item_contents()
* use hashmap_replace() instead of removed copy_item_contents()
* use strv_extend() instead of strv_append()
* cleanup
---
 man/tmpfiles.d.xml  |  26 +-
 src/tmpfiles/tmpfiles.c | 216 +---
 2 files changed, 225 insertions(+), 17 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 1c079f6..676eded 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -248,6 +248,21 @@ L/tmp/foobar ----   
/dev/null
 place of normal path
 names.
 
+
+
+t
+Set extended
+attributes on item. It may be
+used in conjunction with other
+types (only d, D, f, F, L, p, c, b, z
+makes sense). If used as a standalone
+line, then systemd-tmpfiles
+ will try to set extended
+attributes on specified path.
+This can be especially used to set
+SMACK labels.
+
+
 
 
 
@@ -312,7 +327,7 @@ L/tmp/foobar ----   
/dev/null
 objects. For z, Z lines, if omitted or when set
 to -, the file access mode will not be
 modified. This parameter is ignored for x, r,
-R, L lines.
+R, L, t lines.
 
 
 
@@ -324,7 +339,7 @@ L/tmp/foobar ----   
/dev/null
 omitted or when set to -, the default 0 (root)
 is used. For z, Z lines, when omitted or when set to -,
 the file ownership will not be modified.
-These parameters are ignored for x, r, R, L 
lines.
+These parameters are ignored for x, r, R, L, t 
lines.
 
 
 
@@ -377,8 +392,10 @@ L/tmp/foobar ----   
/dev/null
 minor formatted as integers, separated by :,
 e.g. "1:3". For f, F, w may be used to specify
 a short string that is written to the file,
-suffixed by a newline. Ignored for all other
+suffixed by a newline. For t determines extended
+attributes to be set. Ignored for all other
 lines.
+
 
 
 
@@ -390,7 +407,8 @@ L/tmp/foobar ----   
/dev/null
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /var/run/screens  1777 root root 10d
-d /var/run/uscreens 0755 root root 10d12h
+d /var/run/uscreens 0755 root root 10d12h
+t /var/run/screen - - - - user.name="John Koval" 
security.SMACK64=screen
 
 
 /etc/tmpfiles.d/abrt.conf example
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index b7f6a2e..ec5efb6 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,9 @@
 #include 
 #include 
 #include 
+#ifdef HAVE_XATTR
+#include 
+#endif
 
 #include "log.h"
 #include "util.h"
@@ -78,7 +81,10 @@ typedef enum ItemType {
 REMOVE_PATH = 'r',
 RECURSIVE_REMOVE_PATH = 'R',
 RELABEL_PATH = 'z',
-RECURSIVE_RELABEL_PATH = 'Z'
+RECURSIVE_RELABEL_PATH = 'Z',
+
+/* Th

[systemd-devel] [PATCHv2] "-" prefix for InaccessibleDirectories and ReadOnlyDirectories

2013-08-21 Thread Maciej Wereski
---
v2:
- modify manpage
---
 TODO |  3 ---
 man/systemd.exec.xml |  6 +-
 src/core/namespace.c | 12 +++-
 src/shared/conf-parser.c | 27 +--
 4 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/TODO b/TODO
index 9bc14fd..97f2bcf 100644
--- a/TODO
+++ b/TODO
@@ -287,9 +287,6 @@ Features:
 
 * timedate: have global on/off switches for auto-time (NTP), and auto-timezone 
that connman can subscribe to.
 
-* Honour "-" prefix for InaccessibleDirectories= and ReadOnlyDirectories= to
-  suppress errors of the specified path doesn't exist
-
 * dev-setup.c: when running in a container, create a tiny stub udev
   database with the systemd tag set for all network interfaces found,
   so that libudev reports them as present, and systemd's .device units
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index c0e1d86..93be660 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -828,7 +828,11 @@
 the empty string is assigned to this
 option the specific list is reset, and
 all prior assignments have no
-effect.
+effect.
+If paths in 
ReadOnlyDirectories=
+or InaccessibleDirectories=
+start with "-", then errors will be
+supressed if path doesn't 
exist.
 
 
 
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 7e33d84..16b132b 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -51,6 +51,7 @@ typedef struct BindMount {
 const char *path;
 MountMode mode;
 bool done;
+bool ignore;
 } BindMount;
 
 static int append_mounts(BindMount **p, char **strv, MountMode mode) {
@@ -58,6 +59,13 @@ static int append_mounts(BindMount **p, char **strv, 
MountMode mode) {
 
 STRV_FOREACH(i, strv) {
 
+(*p)->ignore = false;
+
+if ((mode == INACCESSIBLE || mode == READONLY) && (*i)[0] == 
'-') {
+(*p)->ignore = true;
+(*i)++;
+}
+
 if (!path_is_absolute(*i))
 return -EINVAL;
 
@@ -155,6 +163,8 @@ static int apply_mount(
 r = mount(what, m->path, NULL, MS_BIND|MS_REC, NULL);
 if (r >= 0)
 log_debug("Successfully mounted %s to %s", what, m->path);
+else if (m->ignore && errno == ENOENT)
+r = 0;
 
 return r;
 }
@@ -168,7 +178,7 @@ static int make_read_only(BindMount *m) {
 return 0;
 
 r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, 
NULL);
-if (r < 0)
+if (r < 0 && !(m->ignore && errno == ENOENT))
 return -errno;
 
 return 0;
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index 2303d9a..b27c7eb 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -611,11 +611,11 @@ int config_parse_path(const char *unit,
 return 0;
 }
 
-if (!path_is_absolute(rvalue)) {
-log_syntax(unit, LOG_ERR, filename, line, EINVAL,
-   "Not an absolute path, ignoring: %s", rvalue);
-return 0;
-}
+if (streq(lvalue, "InaccessibleDirectories") || streq(lvalue, 
"ReadOnlyDirectories")) {
+if (!path_is_absolute(rvalue) && (rvalue[0] != '-' || 
!path_is_absolute(rvalue+1)))
+goto fail;
+} else if (!path_is_absolute(rvalue)) 
+goto fail;
 
 n = strdup(rvalue);
 if (!n)
@@ -627,6 +627,9 @@ int config_parse_path(const char *unit,
 *s = n;
 
 return 0;
+fail:
+log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Not an absolute 
path, ignoring: %s", rvalue);
+return 0;
 }
 
 int config_parse_strv(const char *unit,
@@ -724,11 +727,11 @@ int config_parse_path_strv(const char *unit,
 continue;
 }
 
-if (!path_is_absolute(n)) {
-log_syntax(unit, LOG_ERR, filename, line, EINVAL,
-   "Not an absolute path, ignoring: %s", 
rvalue);
-continue;
-}
+if (streq(lvalue, "InaccessibleDirectories") || streq(lvalue, 
"ReadOnlyDirectories")) {
+if (!path_is_absolute(n) && (n[0] != '-' || 
!path_is_absolute(n+1)))
+goto fail;
+} else if (!path_is_absolute(n))
+goto fail;
 
 path_kill_slashes(n);
 r = strv_extend(sv, n);
@@ -737,6 +740,10 @@ int config_parse_path_strv(const char *unit,
 }
 

[systemd-devel] [PATCH] "-" prefix for InaccessibleDirectories and ReadOnlyDirectories

2013-08-21 Thread Maciej Wereski
---
 TODO |  3 ---
 src/core/namespace.c | 12 +++-
 src/shared/conf-parser.c | 27 +--
 3 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/TODO b/TODO
index 9bc14fd..97f2bcf 100644
--- a/TODO
+++ b/TODO
@@ -287,9 +287,6 @@ Features:
 
 * timedate: have global on/off switches for auto-time (NTP), and auto-timezone 
that connman can subscribe to.
 
-* Honour "-" prefix for InaccessibleDirectories= and ReadOnlyDirectories= to
-  suppress errors of the specified path doesn't exist
-
 * dev-setup.c: when running in a container, create a tiny stub udev
   database with the systemd tag set for all network interfaces found,
   so that libudev reports them as present, and systemd's .device units
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 7e33d84..16b132b 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -51,6 +51,7 @@ typedef struct BindMount {
 const char *path;
 MountMode mode;
 bool done;
+bool ignore;
 } BindMount;
 
 static int append_mounts(BindMount **p, char **strv, MountMode mode) {
@@ -58,6 +59,13 @@ static int append_mounts(BindMount **p, char **strv, 
MountMode mode) {
 
 STRV_FOREACH(i, strv) {
 
+(*p)->ignore = false;
+
+if ((mode == INACCESSIBLE || mode == READONLY) && (*i)[0] == 
'-') {
+(*p)->ignore = true;
+(*i)++;
+}
+
 if (!path_is_absolute(*i))
 return -EINVAL;
 
@@ -155,6 +163,8 @@ static int apply_mount(
 r = mount(what, m->path, NULL, MS_BIND|MS_REC, NULL);
 if (r >= 0)
 log_debug("Successfully mounted %s to %s", what, m->path);
+else if (m->ignore && errno == ENOENT)
+r = 0;
 
 return r;
 }
@@ -168,7 +178,7 @@ static int make_read_only(BindMount *m) {
 return 0;
 
 r = mount(NULL, m->path, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_REC, 
NULL);
-if (r < 0)
+if (r < 0 && !(m->ignore && errno == ENOENT))
 return -errno;
 
 return 0;
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index 2303d9a..b27c7eb 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -611,11 +611,11 @@ int config_parse_path(const char *unit,
 return 0;
 }
 
-if (!path_is_absolute(rvalue)) {
-log_syntax(unit, LOG_ERR, filename, line, EINVAL,
-   "Not an absolute path, ignoring: %s", rvalue);
-return 0;
-}
+if (streq(lvalue, "InaccessibleDirectories") || streq(lvalue, 
"ReadOnlyDirectories")) {
+if (!path_is_absolute(rvalue) && (rvalue[0] != '-' || 
!path_is_absolute(rvalue+1)))
+goto fail;
+} else if (!path_is_absolute(rvalue)) 
+goto fail;
 
 n = strdup(rvalue);
 if (!n)
@@ -627,6 +627,9 @@ int config_parse_path(const char *unit,
 *s = n;
 
 return 0;
+fail:
+log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Not an absolute 
path, ignoring: %s", rvalue);
+return 0;
 }
 
 int config_parse_strv(const char *unit,
@@ -724,11 +727,11 @@ int config_parse_path_strv(const char *unit,
 continue;
 }
 
-if (!path_is_absolute(n)) {
-log_syntax(unit, LOG_ERR, filename, line, EINVAL,
-   "Not an absolute path, ignoring: %s", 
rvalue);
-continue;
-}
+if (streq(lvalue, "InaccessibleDirectories") || streq(lvalue, 
"ReadOnlyDirectories")) {
+if (!path_is_absolute(n) && (n[0] != '-' || 
!path_is_absolute(n+1)))
+goto fail;
+} else if (!path_is_absolute(n))
+goto fail;
 
 path_kill_slashes(n);
 r = strv_extend(sv, n);
@@ -737,6 +740,10 @@ int config_parse_path_strv(const char *unit,
 }
 
 return 0;
+
+fail:
+log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Not an absolute 
path, ignoring: %s", rvalue);
+return 0;
 }
 
 int config_parse_mode(const char *unit,
-- 
1.8.3.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCH] service: prohibit Restart= set when Type=oneshot

2013-08-09 Thread Maciej Wereski
---
 TODO   | 2 --
 src/core/service.c | 6 ++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/TODO b/TODO
index ead699c..60622f7 100644
--- a/TODO
+++ b/TODO
@@ -88,8 +88,6 @@ Features:
   full, make sure to write how many messages are lost as first thing
   to syslog when it works again.
 
-* prohibit Restart= set with Type=oneshot
-
 * man: the documentation of Restart= currently is very misleading and suggests 
the tools from ExecStartPre= might get restarted.
 
 * load .d/*.conf dropins for device units
diff --git a/src/core/service.c b/src/core/service.c
index b98f11a..e77bd37 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -,6 +,12 @@ static int service_verify(Service *s) {
 return -EINVAL;
 }
 
+if (s->type == SERVICE_ONESHOT && s->restart != SERVICE_RESTART_NO) {
+log_error_unit(UNIT(s)->id,
+"%s has Restart setting other than no, which 
isn't allowed for Type=oneshot services. Refusing.", UNIT(s)->id);
+return -EINVAL;
+}
+
 if (s->type == SERVICE_DBUS && !s->bus_name) {
 log_error_unit(UNIT(s)->id,
"%s is of type D-Bus but no D-Bus service name 
has been specified. Refusing.", UNIT(s)->id);
-- 
1.8.3.4

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCHv4] tmpfiles, man: Add xattr support to tmpfiles

2013-08-08 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
v4:
* grammar fix in man
* style fix

v3:
* "may be used" instead of "should be used" in manpage
* use strv_isempty() instead of != NULL
* rework item_set_xattrs() with split_pair()
* remove copy_item_contents()
* use hashmap_replace() instead of removed copy_item_contents()
* use strv_extend() instead of strv_append()
* cleanup
---
 man/tmpfiles.d.xml  |  26 ++-
 src/tmpfiles/tmpfiles.c | 203 +---
 2 files changed, 213 insertions(+), 16 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 6a2193d..41226c3 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -229,6 +229,21 @@ L/tmp/foobar ----   
/dev/null
 place of normal path
 names.
 
+
+
+t
+Set extended
+attributes on item. It may be
+used in conjunction with other
+types (only d, D, f, F, L, p, c, b, z
+makes sense). If used as a standalone
+line, then systemd-tmpfiles
+ will try to set extended
+attributes on specified path.
+This can be especially used to set
+SMACK labels.
+
+
 
 
 
@@ -242,7 +257,7 @@ L/tmp/foobar ----   
/dev/null
 objects. For z, Z lines if omitted or when set
 to - the file access mode will not be
 modified. This parameter is ignored for x, r,
-R, L lines.
+R, L, t lines.
 
 
 
@@ -254,7 +269,7 @@ L/tmp/foobar ----   
/dev/null
 omitted or when set to - the default 0 (root)
 is used. For z, Z lines when omitted or when set to -
 the file ownership will not be modified.
-These parameters are ignored for x, r, R, L 
lines.
+These parameters are ignored for x, r, R, L, t 
lines.
 
 
 
@@ -307,8 +322,10 @@ L/tmp/foobar ----   
/dev/null
 minor formatted as integers, separated by :,
 e.g. "1:3". For f, F, w may be used to specify
 a short string that is written to the file,
-suffixed by a newline. Ignored for all other
+suffixed by a newline. Fot t determines extended
+attributes to be set. Ignored for all other
 lines.
+
 
 
 
@@ -320,7 +337,8 @@ L/tmp/foobar ----   
/dev/null
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /var/run/screens  1777 root root 10d
-d /var/run/uscreens 0755 root root 10d12h
+d /var/run/uscreens 0755 root root 10d12h
+t /var/run/screen - - - - user.name="John Koval" 
security.SMACK64=screen
 
 
 
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 5eca82a..a6594b1 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,9 @@
 #include 
 #include 
 #include 
+#ifdef HAVE_XATTR
+#include 
+#endif
 
 #include "log.h"
 #include "util.h"
@@ -75,7 +78,10 @@ typedef enum ItemType {
 REMOVE_PATH = 'r',
 RECURSIVE_REMOVE_PATH = 'R',
 RELABEL_PATH = 'z',
-RECURSIVE_RELABEL_PATH = 'Z'
+RECURSIVE_RELABEL_PATH = 'Z',
+
+/* These ones are options/additional operations */
+SET_XATTR = 't'
 } ItemType;
 
 typedef struct Item {
@@ -83,6 +89,7 @@ typedef struct Item {
 
 char *path;
 char *argument;
+char **xattrs;
 uid_t uid;
 gid_t gid;
 mode_t mode;
@@ -448,6 +455,45 @@ stati

[systemd-devel] [PATCHv3] tmpfiles, man: Add xattr support to tmpfiles

2013-07-22 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
changes since v2:
* "may be used" instead of "should be used" in manpage
* use strv_isempty() instead of != NULL
* rework item_set_xattrs() with split_pair()
* remove copy_item_contents()
* use hashmap_replace() instead of removed copy_item_contents()
* use strv_extend() instead of strv_append()
* cleanup
---
 man/tmpfiles.d.xml  |  26 +-
 src/tmpfiles/tmpfiles.c | 205 +---
 2 files changed, 215 insertions(+), 16 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 6a2193d..2b17dca 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -229,6 +229,21 @@ L/tmp/foobar ----   
/dev/null
 place of normal path
 names.
 
+
+
+t
+Set extended
+attributes on item. It may be
+used with conjunction with other
+types (only d, D, f, F, L, p, c, b, z
+makes sense). If used as a standalone
+line, then systemd-tmpfiles
+ will try to set extended
+attributes on specified path.
+This can be especially used to set
+SMACK labels.
+
+
 
 
 
@@ -242,7 +257,7 @@ L/tmp/foobar ----   
/dev/null
 objects. For z, Z lines if omitted or when set
 to - the file access mode will not be
 modified. This parameter is ignored for x, r,
-R, L lines.
+R, L, t lines.
 
 
 
@@ -254,7 +269,7 @@ L/tmp/foobar ----   
/dev/null
 omitted or when set to - the default 0 (root)
 is used. For z, Z lines when omitted or when set to -
 the file ownership will not be modified.
-These parameters are ignored for x, r, R, L 
lines.
+These parameters are ignored for x, r, R, L, t 
lines.
 
 
 
@@ -307,8 +322,10 @@ L/tmp/foobar ----   
/dev/null
 minor formatted as integers, separated by :,
 e.g. "1:3". For f, F, w may be used to specify
 a short string that is written to the file,
-suffixed by a newline. Ignored for all other
+suffixed by a newline. Fot t determines extended
+attributes to be set. Ignored for all other
 lines.
+
 
 
 
@@ -320,7 +337,8 @@ L/tmp/foobar ----   
/dev/null
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /var/run/screens  1777 root root 10d
-d /var/run/uscreens 0755 root root 10d12h
+d /var/run/uscreens 0755 root root 10d12h
+t /var/run/screen - - - - user.name="John Koval" 
security.SMACK64=screen
 
 
 
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index eae993e..12f84c1 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,9 @@
 #include 
 #include 
 #include 
+#ifdef HAVE_XATTR
+#include 
+#endif
 
 #include "log.h"
 #include "util.h"
@@ -75,7 +78,10 @@ typedef enum ItemType {
 REMOVE_PATH = 'r',
 RECURSIVE_REMOVE_PATH = 'R',
 RELABEL_PATH = 'z',
-RECURSIVE_RELABEL_PATH = 'Z'
+RECURSIVE_RELABEL_PATH = 'Z',
+
+/* These ones are options/additional operations */
+SET_XATTR = 't'
 } ItemType;
 
 typedef struct Item {
@@ -83,6 +89,7 @@ typedef struct Item {
 
 char *path;
 char *argument;
+char **xattrs;
 uid_t uid;
 gid_t gid;
 mode_t mode;
@@ -447,6 +454,45 @@ static int item_set_perms(It

[systemd-devel] [PATCH] NEWS: fix mistake

2013-07-22 Thread Maciej Wereski
---
 NEWS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index d44e6fe..8f81ec1 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ CHANGES WITH 206:
 
 * systemctl now supports filtering the unit list output by
   load state, active state and sub state, using the new
-  --type= parameter.
+  --state= parameter.
 
 * "systemctl status" will now show the results of the
   condition checks (like ConditionPathExists= and similar) of
-- 
1.8.3.3

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCH] tmpfiles: Fix memory leak in parse_line()

2013-07-19 Thread Maciej Wereski
---
 src/tmpfiles/tmpfiles.c | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 555347a..4a1ce36 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -119,6 +119,14 @@ static const char conf_file_dirs[] =
 
 #define MAX_DEPTH 256
 
+static void item_free(Item *);
+static inline void item_freep(Item **i) {
+if (*i)
+item_free(*i);
+}
+
+#define _cleanup_item_free_ _cleanup_(item_freep)
+
 static bool needs_glob(ItemType t) {
 return t == IGNORE_PATH || t == IGNORE_DIRECTORY_PATH || t == 
REMOVE_PATH || t == RECURSIVE_REMOVE_PATH || t == RELABEL_PATH || t == 
RECURSIVE_RELABEL_PATH;
 }
@@ -1013,7 +1021,7 @@ static bool item_equal(Item *a, Item *b) {
 }
 
 static int parse_line(const char *fname, unsigned line, const char *buffer) {
-_cleanup_free_ Item *i = NULL;
+_cleanup_item_free_ Item *i = NULL;
 Item *existing;
 _cleanup_free_ char
 *mode = NULL, *user = NULL, *group = NULL, *age = NULL;
-- 
1.8.3.3

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCHv2] systemctl: warn about use of deprecated options

2013-07-19 Thread Maciej Wereski
---
I should have thought about it in previous commit, sorry for that!

since v1:
* fixed typo
---
 src/systemctl/systemctl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index c9f9981..f09ccca 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -5012,6 +5012,7 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
  * in --types= too for compatibility
  * with old versions */
 if (unit_load_state_from_string(optarg) >= 0) {
+log_warning("Using --type for load 
states is deprecated, please use --state instead.");
 if (strv_push(&arg_states, type) < 0)
 return log_oom();
 type = NULL;
@@ -5128,6 +5129,7 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
 break;
 
 case ARG_FAILED:
+log_warning("Use of --failed is deprecated, please use 
--state=failed instead.");
 if (strv_extend(&arg_states, "failed") < 0)
 return log_oom();
 
-- 
1.8.3.3

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCH] systemctl: warn about use of deprecated options

2013-07-19 Thread Maciej Wereski
---
I should have thought about it in previous commit, sorry for that!
---
 src/systemctl/systemctl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index c9f9981..f09ccca 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -5012,6 +5012,7 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
  * in --types= too for compatibility
  * with old versions */
 if (unit_load_state_from_string(optarg) >= 0) {
+log_warning("Using --type for load 
states is depreciated, please use --state instead.");
 if (strv_push(&arg_states, type) < 0)
 return log_oom();
 type = NULL;
@@ -5128,6 +5129,7 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
 break;
 
 case ARG_FAILED:
+log_warning("Use of --failed is deprecated, please use 
--state=failed instead.");
 if (strv_extend(&arg_states, "failed") < 0)
 return log_oom();
 
-- 
1.8.3.3

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] [PATCH v2, ping?] tmpfiles, man: Add xattr support to tmpfiles

2013-07-18 Thread Maciej Wereski

Hello,

16.07.2013 at 00:31 Lennart Poettering  wrote:


+STRV_FOREACH(x, i->xattrs) {
+value = *x;
+name = strsep(&value, "=");


I'd really prefer if we didn't corrupt the string here. Maybe use
strv_split_quoted() here? That handles all the values for you anyway...


You mean strv_split() (I'm splitting by "=")? This has one issue: it
splits by all separator occurrences and I need to split after first one.
If corrupting string is the issue, I can make a copy of it. If you prefer
strv_split(), then I can just join if strv_length > 2.


+for (n = 0; n < strv_length(tmp); ++n) {
+len = strlen(tmp[n]);
+strncpy(xattr, tmp[n], len+1);
+p = strchr(xattr, '=');
+if (!p) {
+log_error("%s: Attribute has incorrect  
format.", i->path);

+return -EBADMSG;
+}
+if (p[1] == '\"') {
+while (true) {
+if (!p)
+p = tmp[n];
+else
+p += 2;
+p = strchr(p, '\"');
+if (p && xattr[p-xattr-1] != '\\')
+break;
+p = NULL;
+++n;
+if (n == strv_length(tmp))
+break;
+len += strlen(tmp[n]) + 1;
+strncat(xattr, " ", 1);
+strncat(xattr, tmp[n], len);
+}
+}
+strstrip(xattr);
+f = i->xattrs;
+i->xattrs = strv_append(i->xattrs, xattr);
+if (!i->xattrs){
+strv_free(f);
+return log_oom();
+}


For this stuf I'd really prefer using one of our already existing
quoting APIs, like strv_spit_quoted() or FOREACH_WORD_QUOTED or so.


Well, I've tried it in the beginning, but in doesn't work properly in this
case. split_quoted() expects quote on the beginning of a string (ignoring
whitespace occurrences). If there's no such case string will be split using
whitespace. Example of extended attribute with quotes:

user.test="This will \" fail"

So how would you like this case to be solved?

regards,
Maciej

--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCHv5] systemctl, man: option to list units by state

2013-07-18 Thread Maciej Wereski
This allows to show only units with specified LOAD or SUB or ACTIVE state.

Signed-off-by: Maciej Wereski 
---
changes since v4:
* removed help information about deprecated behaviour

Sorry, that I've forgot about this in previous patch!

regards,
Maciej
---
 man/systemctl.xml | 29 -
 src/systemctl/systemctl.c | 40 +++-
 2 files changed, 39 insertions(+), 30 deletions(-)

diff --git a/man/systemctl.xml b/man/systemctl.xml
index f550215..9820517 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -94,19 +94,13 @@ along with systemd; If not, see 
<http://www.gnu.org/licenses/>.
 
   The argument should be a comma-separated list of unit
   types such as service and
-  socket, or unit load states such as
-  loaded and masked
-  (types and states can be mixed).
+  socket.
+  
 
   If one of the arguments is a unit type, when listing
   units, limit display to certain unit types. Otherwise, units
   of all types will be shown.
 
-  If one of the arguments is a unit load state, when
-  listing units, limit display to certain unit
-  types. Otherwise, units of in all load states will be
-  shown.
-
   As a special case, if one of the arguments is
   help, a list of allowed values will be
   printed and the program will exit.
@@ -114,6 +108,16 @@ along with systemd; If not, see 
<http://www.gnu.org/licenses/>.
   
 
   
+--state=
+
+
+Argument should be a comma-separated list of unit LOAD
+or SUB or ACTIVE states. When listing units show only those
+with specified LOAD or SUB or ACTIVE state.
+
+  
+
+  
 -p
 --property=
 
@@ -166,15 +170,6 @@ along with systemd; If not, see 
<http://www.gnu.org/licenses/>.
   
 
   
---failed
-
-
-  When listing units, show only failed units. Do not
-  confuse with --fail.
-
-  
-
-  
 -l
 --full
 
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index b3b679e..c15d099 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -93,13 +93,13 @@ static bool arg_quiet = false;
 static bool arg_full = false;
 static int arg_force = 0;
 static bool arg_ask_password = true;
-static bool arg_failed = false;
 static bool arg_runtime = false;
 static char **arg_wall = NULL;
 static const char *arg_kill_who = NULL;
 static int arg_signal = SIGTERM;
 static const char *arg_root = NULL;
 static usec_t arg_when = 0;
+static char **arg_state = NULL;
 static enum action {
 ACTION_INVALID,
 ACTION_SYSTEMCTL,
@@ -301,8 +301,8 @@ static int compare_unit_info(const void *a, const void *b) {
 static bool output_show_unit(const struct unit_info *u) {
 const char *dot;
 
-if (arg_failed)
-return streq(u->active_state, "failed");
+if (!strv_isempty(arg_state))
+return strv_contains(arg_state, u->load_state) || 
strv_contains(arg_state, u->sub_state) || strv_contains(arg_state, 
u->active_state);
 
 return (!arg_types || ((dot = strrchr(u->id, '.')) &&
strv_find(arg_types, dot+1))) &&
@@ -4705,12 +4705,12 @@ static int systemctl_help(void) {
"  -h --help   Show this help\n"
" --versionShow package version\n"
"  -t --type=TYPE  List only units of a particular type\n"
+   " --state=STATEShow only units with particular LOAD or 
SUB or ACTIVE state\n"
"  -p --property=NAME  Show only properties by this name\n"
"  -a --allShow all loaded units/properties, 
including dead/empty\n"
"  ones. To list all units installed on the 
system, use\n"
"  the 'list-unit-files' command instead.\n"
" --reverseShow reverse dependencies with 
'list-dependencies'\n"
-   " --failed Show only failed units\n"
"  -l --full   Don't ellipsize unit names on output\n"
" --fail   When queueing a new job, fail if 
conflicting jobs are\n"
"  pending\n"
@@ -4896,13 +4896,6 @@ static int help_types(void) {
 puts(t);
 }
 
-puts("\nAvailable unit load states: ");
-for(i = 0; i < _UNIT_LOAD_STATE_MAX; i++) {
-t = unit_load_state_to_string(i);
-if (t)
- 

[systemd-devel] [PATCHv4] systemctl, man: option to list units by state

2013-07-18 Thread Maciej Wereski
This allows to show only units with specified LOAD or SUB or ACTIVE state.

Signed-off-by: Maciej Wereski 
---
 man/systemctl.xml | 15 +--
 src/systemctl/systemctl.c | 34 --
 2 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/man/systemctl.xml b/man/systemctl.xml
index f550215..e8f043c 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -114,6 +114,16 @@ along with systemd; If not, see 
<http://www.gnu.org/licenses/>.
   
 
   
+--state=
+
+
+Argument should be a comma-separated list of unit LOAD
+or SUB or ACTIVE states. When listing units show only those
+with specified LOAD or SUB or ACTIVE state.
+
+  
+
+  
 -p
 --property=
 
@@ -169,8 +179,9 @@ along with systemd; If not, see 
<http://www.gnu.org/licenses/>.
 --failed
 
 
-  When listing units, show only failed units. Do not
-  confuse with --fail.
+  When listing units, show only failed units.
+  This is the same as --state=failed.
+  Do not confuse with --fail.
 
   
 
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index b3b679e..11239b9 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -93,13 +93,13 @@ static bool arg_quiet = false;
 static bool arg_full = false;
 static int arg_force = 0;
 static bool arg_ask_password = true;
-static bool arg_failed = false;
 static bool arg_runtime = false;
 static char **arg_wall = NULL;
 static const char *arg_kill_who = NULL;
 static int arg_signal = SIGTERM;
 static const char *arg_root = NULL;
 static usec_t arg_when = 0;
+static char **arg_state = NULL;
 static enum action {
 ACTION_INVALID,
 ACTION_SYSTEMCTL,
@@ -301,8 +301,8 @@ static int compare_unit_info(const void *a, const void *b) {
 static bool output_show_unit(const struct unit_info *u) {
 const char *dot;
 
-if (arg_failed)
-return streq(u->active_state, "failed");
+if (!strv_isempty(arg_state))
+return strv_contains(arg_state, u->load_state) || 
strv_contains(arg_state, u->sub_state) || strv_contains(arg_state, 
u->active_state);
 
 return (!arg_types || ((dot = strrchr(u->id, '.')) &&
strv_find(arg_types, dot+1))) &&
@@ -4705,12 +4705,13 @@ static int systemctl_help(void) {
"  -h --help   Show this help\n"
" --versionShow package version\n"
"  -t --type=TYPE  List only units of a particular type\n"
+   " --state=STATEShow only units with particular LOAD or 
SUB or ACTIVE state\n"
"  -p --property=NAME  Show only properties by this name\n"
"  -a --allShow all loaded units/properties, 
including dead/empty\n"
"  ones. To list all units installed on the 
system, use\n"
"  the 'list-unit-files' command instead.\n"
" --reverseShow reverse dependencies with 
'list-dependencies'\n"
-   " --failed Show only failed units\n"
+   " --failed Show only failed units (the same as 
--state=failed)\n"
"  -l --full   Don't ellipsize unit names on output\n"
" --fail   When queueing a new job, fail if 
conflicting jobs are\n"
"  pending\n"
@@ -4931,7 +4932,8 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
 ARG_FAILED,
 ARG_RUNTIME,
 ARG_FORCE,
-ARG_PLAIN
+ARG_PLAIN,
+ARG_STATE
 };
 
 static const struct option options[] = {
@@ -4970,6 +4972,7 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
 { "lines", required_argument, NULL, 'n'   },
 { "output",required_argument, NULL, 'o'   },
 { "plain", no_argument,   NULL, ARG_PLAIN },
+{ "state", required_argument, NULL, ARG_STATE },
 { NULL,0, NULL, 0 }
 };
 
@@ -5131,7 +5134,12 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
 break;
 
 case ARG_FAILED:
-arg_failed = true;
+if (!strv_contains(arg_state, "failed")) {
+int r;
+   

[systemd-devel] [PATCHv3] systemctl, man: option to list units by state

2013-07-17 Thread Maciej Wereski
This allows to show only units with specified SUB or ACTIVE state.

Signed-off-by: Maciej Wereski 
---
 man/systemctl.xml | 15 +--
 src/systemctl/systemctl.c | 43 +--
 2 files changed, 50 insertions(+), 8 deletions(-)

diff --git a/man/systemctl.xml b/man/systemctl.xml
index f550215..2fb74c5 100644
--- a/man/systemctl.xml
+++ b/man/systemctl.xml
@@ -114,6 +114,16 @@ along with systemd; If not, see 
<http://www.gnu.org/licenses/>.
   
 
   
+--state=
+
+
+Argument should be a comma-separated list of unit
+SUB or ACTIVE states. When listing units show only those
+with specified SUB or ACTIVE state.
+
+  
+
+  
 -p
 --property=
 
@@ -169,8 +179,9 @@ along with systemd; If not, see 
<http://www.gnu.org/licenses/>.
 --failed
 
 
-  When listing units, show only failed units. Do not
-  confuse with --fail.
+  When listing units, show only failed units.
+  This is the same as --state=failed.
+  Do not confuse with --fail.
 
   
 
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 9574ff2..61b4730 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -93,13 +93,13 @@ static bool arg_quiet = false;
 static bool arg_full = false;
 static int arg_force = 0;
 static bool arg_ask_password = true;
-static bool arg_failed = false;
 static bool arg_runtime = false;
 static char **arg_wall = NULL;
 static const char *arg_kill_who = NULL;
 static int arg_signal = SIGTERM;
 static const char *arg_root = NULL;
 static usec_t arg_when = 0;
+static char **arg_state = NULL;
 static enum action {
 ACTION_INVALID,
 ACTION_SYSTEMCTL,
@@ -301,8 +301,8 @@ static int compare_unit_info(const void *a, const void *b) {
 static bool output_show_unit(const struct unit_info *u) {
 const char *dot;
 
-if (arg_failed)
-return streq(u->active_state, "failed");
+if (!strv_isempty(arg_state))
+return strv_contains(arg_state, u->sub_state) || 
strv_contains(arg_state, u->active_state);
 
 return (!arg_types || ((dot = strrchr(u->id, '.')) &&
strv_find(arg_types, dot+1))) &&
@@ -4660,12 +4660,13 @@ static int systemctl_help(void) {
"  -h --help   Show this help\n"
" --versionShow package version\n"
"  -t --type=TYPE  List only units of a particular type\n"
+   " --state=STATEShow only units with particular SUB or 
ACTIVE state\n"
"  -p --property=NAME  Show only properties by this name\n"
"  -a --allShow all loaded units/properties, 
including dead/empty\n"
"  ones. To list all units installed on the 
system, use\n"
"  the 'list-unit-files' command instead.\n"
" --reverseShow reverse dependencies with 
'list-dependencies'\n"
-   " --failed Show only failed units\n"
+   " --failed Show only failed units (the same as 
--state=failed)\n"
"  -l --full   Don't ellipsize unit names on output\n"
" --fail   When queueing a new job, fail if 
conflicting jobs are\n"
"  pending\n"
@@ -4886,7 +4887,8 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
 ARG_FAILED,
 ARG_RUNTIME,
 ARG_FORCE,
-ARG_PLAIN
+ARG_PLAIN,
+ARG_STATE
 };
 
 static const struct option options[] = {
@@ -4925,6 +4927,7 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
 { "lines", required_argument, NULL, 'n'   },
 { "output",required_argument, NULL, 'o'   },
 { "plain", no_argument,   NULL, ARG_PLAIN },
+{ "state", required_argument, NULL, ARG_STATE },
 { NULL,0, NULL, 0 }
 };
 
@@ -5086,7 +5089,14 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
 break;
 
 case ARG_FAILED:
-arg_failed = true;
+if (!strv_contains(arg_state, "failed")) {
+char **tmp = arg_state;
+arg_state = strv_append(arg_state, "failed");
+ 

[systemd-devel] [PATCH v2, ping?] tmpfiles, man: Add xattr support to tmpfiles

2013-07-15 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
I've used "t" because IMHO "a" will be better for acl. To sum up: when
"t" is met and it's not in hashmap, then it will be added. Then if other
line for the same file appears, then it replaces SET_XATTR item in
hashmap and has extended attributes added. If item earler existed in
hashmap, then extended attributes are merged to existing entry. This
means that there can be more than one "t" lines for one file. There is
also posibility to have standalone "t" line. I hope that this is desired
behaviour.

regards,
Maciej
---
 man/tmpfiles.d.xml  |  26 -
 src/tmpfiles/tmpfiles.c | 274 ++--
 2 files changed, 285 insertions(+), 15 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 519f9bc..92157b5 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -229,6 +229,21 @@ L/tmp/foobar ----   
/dev/null
 place of normal path
 names.
 
+
+
+t
+Set extended
+attributes on item. It should be
+used with conjunction with other
+types (only d, D, f, F, L, p, c, b, z
+makes sense). If used as a standalone
+line, then systemd-tmpfiles
+ will try to set extended
+attributes on specified path.
+This can be especially used to set
+SMACK labels.
+
+
 
 
 
@@ -242,7 +257,7 @@ L/tmp/foobar ----   
/dev/null
 objects. For z, Z lines if omitted or when set
 to - the file access mode will not be
 modified. This parameter is ignored for x, r,
-R, L lines.
+R, L, t lines.
 
 
 
@@ -254,7 +269,7 @@ L/tmp/foobar ----   
/dev/null
 omitted or when set to - the default 0 (root)
 is used. For z, Z lines when omitted or when set to -
 the file ownership will not be modified.
-These parameters are ignored for x, r, R, L 
lines.
+These parameters are ignored for x, r, R, L, t 
lines.
 
 
 
@@ -307,8 +322,10 @@ L/tmp/foobar ----   
/dev/null
 minor formatted as integers, separated by :,
 e.g. "1:3". For f, F, w may be used to specify
 a short string that is written to the file,
-suffixed by a newline. Ignored for all other
+suffixed by a newline. Fot t determines extended
+attributes to be set. Ignored for all other
 lines.
+
 
 
 
@@ -320,7 +337,8 @@ L/tmp/foobar ----   
/dev/null
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /var/run/screens  1777 root root 10d
-d /var/run/uscreens 0755 root root 10d12h
+d /var/run/uscreens 0755 root root 10d12h
+t /var/run/screen - - - - user.name="John Koval" 
security.SMACK64=screen
 
 
 
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 555347a..098413f 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,9 @@
 #include 
 #include 
 #include 
+#ifdef HAVE_XATTR
+#include 
+#endif
 
 #include "log.h"
 #include "util.h"
@@ -75,7 +78,10 @@ typedef enum ItemType {
 REMOVE_PATH = 'r',
 RECURSIVE_REMOVE_PATH = 'R',
 RELABEL_PATH = 'z',
-RECURSIVE_RELABEL_PATH = 'Z'
+RECURSIVE_RELABEL_PATH = 'Z',
+
+/* These ones are options/additional operations */
+SET_XATTR = 't'
 } ItemType;
 
 typedef struct Item {
@@ -83,

Re: [systemd-devel] [PATCH v2] tmpfiles, man: Add xattr support to tmpfiles

2013-07-05 Thread Maciej Wereski

ping?

28.06.2013 at 17:39 Maciej Wereski  wrote:


This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
I've used "t" because IMHO "a" will be better for acl. To sum up: when
"t" is met and it's not in hashmap, then it will be added. Then if other
line for the same file appears, then it replaces SET_XATTR item in
hashmap and has extended attributes added. If item earler existed in
hashmap, then extended attributes are merged to existing entry. This
means that there can be more than one "t" lines for one file. There is
also posibility to have standalone "t" line. I hope that this is desired
behaviour.

regards,
Maciej
---
 man/tmpfiles.d.xml  |  26 -
 src/tmpfiles/tmpfiles.c | 274  
++--

 2 files changed, 285 insertions(+), 15 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 519f9bc..92157b5 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -229,6 +229,21 @@ L/tmp/foobar ----
/dev/null

 place of normal path
 names.
 
+
+
+ 
t

+Set extended
+attributes on item. It should be
+used with conjunction with other
+types (only d, D, f, F, L, p,  
c, b, z
+makes sense). If used as a  
standalone
+line, then  
systemd-tmpfiles
+ will try to set  
extended

+attributes on specified path.
+This can be especially used to  
set

+SMACK labels.
+
+
 
 
@@ -242,7 +257,7 @@ L/tmp/foobar ----
/dev/null

 objects. For z, Z lines if omitted or when set
 to - the file access mode will not be
 modified. This parameter is ignored for x, r,
-R, L lines.
+R, L, t lines.
 

@@ -254,7 +269,7 @@ L/tmp/foobar ----
/dev/null

 omitted or when set to - the default 0 (root)
 is used. For z, Z lines when omitted or when  
set to -

 the file ownership will not be modified.
-These parameters are ignored for x, r, R, L  
lines.
+These parameters are ignored for x, r, R, L, t  
lines.

 

@@ -307,8 +322,10 @@ L/tmp/foobar ----
/dev/null

 minor formatted as integers, separated by :,
 e.g. "1:3". For f, F, w may be used to specify
 a short string that is written to the file,
-suffixed by a newline. Ignored for all other
+suffixed by a newline. Fot t determines extended
+attributes to be set. Ignored for all other
 lines.
+
 

@@ -320,7 +337,8 @@ L/tmp/foobar ----
/dev/null
 screen needs two  
directories created at boot with specific modes and ownership.
d /var/run/screens  1777 root  
root 10d

-d /var/run/uscreens 0755 root root 10d12h
+d /var/run/uscreens 0755 root root 10d12h
+t /var/run/screen - - - - user.name="John Koval"  
security.SMACK64=screen

 
 
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 555347a..098413f 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,9 @@
 #include 
 #include 
 #include 
+#ifdef HAVE_XATTR
+#include 
+#endif
#include "log.h"
 #include "util.h"
@@ -75,7 +78,10 @@ typedef enum ItemType {
 REMOVE_PATH = 'r',
 RECURSIVE_REMOVE_PATH = 'R',
 RELABEL_PATH = 'z&#x

[systemd-devel] [PATCH v2] tmpfiles, man: Add xattr support to tmpfiles

2013-06-28 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

It is done by adding new line of type "t". Such line should contain
attributes in Argument field, using following format:

name=value

All other fields are ignored.

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
D /var/run/cups - - - -
t /var/run/cups - - - - security.SMACK64=printing
---
I've used "t" because IMHO "a" will be better for acl. To sum up: when
"t" is met and it's not in hashmap, then it will be added. Then if other
line for the same file appears, then it replaces SET_XATTR item in
hashmap and has extended attributes added. If item earler existed in
hashmap, then extended attributes are merged to existing entry. This
means that there can be more than one "t" lines for one file. There is
also posibility to have standalone "t" line. I hope that this is desired
behaviour.

regards,
Maciej
---
 man/tmpfiles.d.xml  |  26 -
 src/tmpfiles/tmpfiles.c | 274 ++--
 2 files changed, 285 insertions(+), 15 deletions(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 519f9bc..92157b5 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -229,6 +229,21 @@ L/tmp/foobar ----   
/dev/null
 place of normal path
 names.
 
+
+
+t
+Set extended
+attributes on item. It should be
+used with conjunction with other
+types (only d, D, f, F, L, p, c, b, z
+makes sense). If used as a standalone
+line, then systemd-tmpfiles
+ will try to set extended
+attributes on specified path.
+This can be especially used to set
+SMACK labels.
+
+
 
 
 
@@ -242,7 +257,7 @@ L/tmp/foobar ----   
/dev/null
 objects. For z, Z lines if omitted or when set
 to - the file access mode will not be
 modified. This parameter is ignored for x, r,
-R, L lines.
+R, L, t lines.
 
 
 
@@ -254,7 +269,7 @@ L/tmp/foobar ----   
/dev/null
 omitted or when set to - the default 0 (root)
 is used. For z, Z lines when omitted or when set to -
 the file ownership will not be modified.
-These parameters are ignored for x, r, R, L 
lines.
+These parameters are ignored for x, r, R, L, t 
lines.
 
 
 
@@ -307,8 +322,10 @@ L/tmp/foobar ----   
/dev/null
 minor formatted as integers, separated by :,
 e.g. "1:3". For f, F, w may be used to specify
 a short string that is written to the file,
-suffixed by a newline. Ignored for all other
+suffixed by a newline. Fot t determines extended
+attributes to be set. Ignored for all other
 lines.
+
 
 
 
@@ -320,7 +337,8 @@ L/tmp/foobar ----   
/dev/null
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /var/run/screens  1777 root root 10d
-d /var/run/uscreens 0755 root root 10d12h
+d /var/run/uscreens 0755 root root 10d12h
+t /var/run/screen - - - - user.name="John Koval" 
security.SMACK64=screen
 
 
 
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 555347a..098413f 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,9 @@
 #include 
 #include 
 #include 
+#ifdef HAVE_XATTR
+#include 
+#endif
 
 #include "log.h"
 #include "util.h"
@@ -75,7 +78,10 @@ typedef enum ItemType {
 REMOVE_PATH = 'r',
 RECURSIVE_REMOVE_PATH = 'R',
 RELABEL_PATH = 'z',
-RECURSIVE_RELABEL_PATH = 'Z'
+RECURSIVE_RELABEL_PATH = 'Z',
+
+/* These ones are options/additional operations */
+SET_XATTR = 't'
 } ItemType;
 
 typedef struct Item {
@@ -83,

Re: [systemd-devel] [PATCH] tmpfiles, man: Add xattr support to tmpfiles

2013-06-19 Thread Maciej Wereski

Hello,

On 17.06.2013 at 18:18 Lennart Poettering  wrote:


I think adding this certainly makes sense, but I am not sure I like the
syntax. Maybe it would be simpler to add an extra char for this ("a" or
so?). That way creating a dir and applying an xattr would require two
lines instead of one, but the stuff isn't atomic anyway.

Admittedly adding a new "a" isn't particularly nice either, but I have
no better idea than that...


I've looked into your way and found some problems. In parse_line(), after
creating, item is added to hashmap. Key is path, which already exists in
map. So adding "a" would require changing key (path + type?). Problem on
user side is that order matters - if user would add "a" entry first, than
setting attribute would fail, because file wouldn't exist yet.

Should I continue adding "a", look into Karols proposition or my original
patch is acceptable? Anybody having other ideas?

I've also found something which looks like a typo in lines 782 - 787:
 case RELABEL_PATH:

r = glob_item(i, item_set_perms);
if (r < 0)
return 0;
break;

Shouldn't it be "return r"? If it's not, then should I add comment, that
it's on purpose?

regards,
Maciej

--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] [PATCH] tmpfiles, man: Add xattr support to tmpfiles

2013-06-17 Thread Maciej Wereski
This patch makes it possible to set extended attributes on files created
by tmpfiles. This can be especially used to set SMACK security labels on
volatile files and directories.

To keep backwards compatibility Argument field is used. If word starts
with "xattr=", then it is cut out from Argument and parsed. There may be
many xattrs. Full format is:

xattr=name=value

If value contains spaces, then it must be surrounded by quotation marks.
User can also put quotation mark in value by escaping it with backslash.

Example:
d /var/run/cups - - - - xattr=security.SMACK64=printing
---
 man/tmpfiles.d.xml  |  22 ++-
 src/tmpfiles/tmpfiles.c | 158 
 2 files changed, 179 insertions(+), 1 deletion(-)

diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 519f9bc..36021b1 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -309,6 +309,26 @@ L/tmp/foobar ----   
/dev/null
 a short string that is written to the file,
 suffixed by a newline. Ignored for all other
 lines.
+
+If systemd-tmpfiles was 
+compiled with extended attributes support, then 
+argument field can be used to set extended attributes. 
+Such argument should follow format:
+
+
xattr=name=value
+
+Where name is 
extended 
+attribute name and value is 
+value to  be set. If value contains spaces, it must be 
+between quotation marks. If value contains quotation 
+mark, which should be set, then it must be escaped 
with 
+backslash.
+
+Such special arguments are cut out and from 
argument
+field, so there's no influence on other meanigs of 
argument
+field.
+
+xattr= can be especially used to set SMACK 
security labels.
 
 
 
@@ -320,7 +340,7 @@ L/tmp/foobar ----   
/dev/null
 screen needs two directories 
created at boot with specific modes and ownership.
 
 d /var/run/screens  1777 root root 10d
-d /var/run/uscreens 0755 root root 10d12h
+d /var/run/uscreens 0755 root root 10d12h xattr=user.owner="John Koval" 
xattr=security.SMACK64=screen
 
 
 
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index f4885ec..9869e58 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -39,6 +39,9 @@
 #include 
 #include 
 #include 
+#ifdef HAVE_XATTR
+#include 
+#endif
 
 #include "log.h"
 #include "util.h"
@@ -83,6 +86,7 @@ typedef struct Item {
 
 char *path;
 char *argument;
+char **xattrs;
 uid_t uid;
 gid_t gid;
 mode_t mode;
@@ -447,6 +451,52 @@ static int item_set_perms(Item *i, const char *path) {
 return label_fix(path, false, false);
 }
 
+static int item_set_xattrs(Item *i, const char *path) {
+#ifdef HAVE_XATTR
+char *name, *value;
+char **x;
+int n;
+if (!i->xattrs)
+return 0;
+STRV_FOREACH(x, i->xattrs) {
+value = *x;
+name = strsep(&value, "=");
+if (name == NULL || value == NULL) {
+log_warning("%s: %s is not valid xattr, ignoring.", 
path, *x);
+continue;
+}
+n = strlen(value);
+if (value[n-1]  == '\"')
+value[n-1] = '\0';
+if (value[0] == '\"')
+memmove(value, value+1, n);
+value = strreplace(value, "\\\"", "\"");
+if (!value)
+return log_oom();
+n = strlen(value);
+if (i->type == CREATE_SYMLINK) {
+if (lsetxattr(path, name, value, n+1, 0) < 0) {
+log_error("lsetxattr(%s) failed: %m", path);
+free(value);
+return -errno;
+}
+}
+else if (setxattr(path, name, value, n+1, 0) < 0) {
+log_error("setxattr(%s) failed: %m", path);
+free(value);
+return -errno;
+}
+free(value);
+}
+return 0;
+#else
+(void)i;
+(void)path;
+log_error("Setting extended attributes requested, but tmpfiles was 
compiled without XATTR support!");
+return -ENOTSUP;
+#endif
+}
+
 static int write_one_file(Item *i, const char *path) {
 int r, e, fd, flags;
 struct stat st;
@@ -50

Re: [systemd-devel] [PATCH] systemctl, man: option to list units by state

2013-05-17 Thread Maciej Wereski

Hello,

16.05.2013 at 12:02  wrote:


From: Maciej Wereski 

This allows to show only units with specified SUB or ACTIVE state.


I've found 2 typos. I'll upload patch v2 soon.

--
Maciej Wereski
Samsung R&D Institute Poland
Samsung Electronics
m.were...@partner.samsung.com
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel