This effectively reverts fa6f37c043 just for TEST-04, as we nuke the
journal repeatedly in this test which makes it particularly hard to
debug. Let's hope the issue behind fa6f37c043 won't bite us back in this
case.
Follow-up for: fa6f37c043
Reverts: 8f7c876bdc
This is no longer necessary, as the test for which this was introduced
in the first place has this handled explicitly (testsuite-04.journal.sh).
Follow-up to 9457dd8bae.
These are unused or used in the same order. So, this patch does not
change any behavior, just for naming consistency with the function
prototype.
Closes#30570.
Let's get networkd onto Varlink. This only adds the most basic of
operations.
I'd love to see networkd do Varlink for all its basic operations so that
networkctl can use that, and work correctly before D-Bus is up. Right
now, many of networkctls calls simply don't work before D-Bus, and I'd
like to see that improved.
We cannot determine the SELinux label ahead of time if RootImage= is
used, since we'd have to mount the image then, hence don't, and handle
this cleanly, and gracefully.
While we are at it, stop "reaching over" so much from the socket code to
the service code, and instead provide function that most of the hard
work in service.c that socket.c just calls.
While we are at it, add debug logging and stuff.
I noticed the issue when also noticing #30560, but that one is harder to
fix, hence I avoided it for now.
This simplifies bus_verify_polkit_async() and related calls quite a bit:
1. This removes any support for authentication-by-Linux-capability. This
is ultimately a kdbus leftover: with classic AF_UNIX transports we
cannot authenticate by capabilities securely (because we cannot
acquire it from the peer without races), hence we never actually did.
Since the necessary kernel work didn't materialize in the last 10y,
and is unlikely to be added, let's just kill this context. We cannot
quite remove the caps stuff from sd-bus for API compat, but for our
polkit logic let's kill it.
2. The "good_uid" and "interactive" params are only necessary in very
few cases, hence let's move them to a new call
bus_verify_polkit_async_full() and make bus_verify_polkit_async() a
wrapper around it without those two parameters.
This also fixes a bunch of wrong uses of the "interactive" bool. The
bool makes no sense today as the ALLOW_INTERACTIVE_AUTHORIZATION field
in the D-Bus message header replaces it fully. We only need it to
implement method calls we introduced prior to that header field becoming
available in D-Bus. And it should only be used on such old method calls,
and otherwise always be set to false.
This does not change behaviour in any way. Just simplifies stuff.
Fixes: #21586
