1. 13 Jun, 2019 2 commits
  2. 12 Jun, 2019 1 commit
  3. 05 Jun, 2019 3 commits
  4. 27 May, 2019 3 commits
  5. 11 Apr, 2019 4 commits
  6. 22 Mar, 2019 2 commits
    • Christian Kellner's avatar
      names: define BOLT_ENV_RUNTIME_DIRECTORY · 7ae87e9a
      Christian Kellner authored
      Define BOLT_ENV_RUNTIME_DIRECTORY as "RUNTIME_DIRECTORY". Will
      be set by systemd >= 240 to if RuntimeDirectory= is set in the
      unit file, which is the case for the unit file we ship.
      7ae87e9a
    • Christian Kellner's avatar
      names: define BOLT_ENV_STATE_DIRECTORY · b7234c59
      Christian Kellner authored
      Defined as "STATE_DIRECTORY" set by systemd >= 240 if the unit
      file contains the StateDirectory= setting. Quoting from the
      systemd 240 NEWS file:
      
          When the RuntimeDirectory=, StateDirectory=, CacheDirectory=,
          LogsDirectory=, ConfigurationDirectory= settings are used in a
          service the executed processes will now receive a set of
          environment variables containing the full paths of these
          directories. Specifically, RUNTIME_DIRECTORY=, STATE_DIRECTORY,
          CACHE_DIRECTORY, LOGS_DIRECTORY, CONFIGURATION_DIRECTORY are now
          set if these options are used. Note that these options may be used
          multiple times per service in which case the resulting paths will
          be concatenated and separated by colons.
      b7234c59
  7. 20 Mar, 2019 1 commit
  8. 13 Mar, 2019 2 commits
  9. 12 Mar, 2019 3 commits
  10. 22 Feb, 2019 5 commits
    • Christian Kellner's avatar
      enums: helper for AuthMode to string · 4b72cc8c
      Christian Kellner authored
      Simple wrapper around bolt_flags_to_string. Ignores errors.
      4b72cc8c
    • Christian Kellner's avatar
      enums: function to format security + iommu status · 14618b66
      Christian Kellner authored
      Fromat the current "security" meta status as combination of the iommu
      status and the security level; basically like bolt_security_to_string
      if iommu is not active.
      
      Will be one of:
          iommu+secure, iommu+user, iommu, none, dponly, usb, unknown
      14618b66
    • Christian Kellner's avatar
      enums: introduce new BOLT_POLICY_IOMMU policy · 709c581e
      Christian Kellner authored
      A new policy for devices designed for the new iommu protection
      mechanism of modern hardware/kernels. The whole point of this
      new security scheme is to NOT have to ask the user for device
      authorization but automatically authorize/enroll newly connected
      devices. On subsequent connects these devices should automatically
      be authorize as with the AUTO policy. But on the other hand, when
      on future boots the iommu support is absent again (disabled in the
      BIOS) the device CANNOT be trusted anymore and therefore should
      NOT be automatically be authorized.
      Therefore the IOMMU policy should be like AUTO when iommu is active
      but like MANUAL if not.
      709c581e
    • Christian Kellner's avatar
      common: add bolt_security_is_interactive helper · 0e2d920a
      Christian Kellner authored
      Checks if the current security level is one where the user has to
      manually, i.e. interactively, authorize the device before it can
      be used. Currently the two known levels for which that is the case
      are "user" and "secure".
      0e2d920a
    • Christian Kellner's avatar
      names: +BOLT_SYSFS_IOMMU · 1fccc793
      Christian Kellner authored
      Add BOLT_SYSFS_IOMMU which is the name of the sysfs attribute that
      contains information about the iommu dma protection of the system.
      From the kernel doc:
      
        Recent systems shipping with Windows 10 version 1803 or later may
        support a feature called Kernel DMA Protection for Thunderbolt 3.
        This means that Thunderbolt security is handled by an IOMMU so
        connected devices cannot access memory regions outside of what is
        allocated for them by drivers.  When Linux is running on such
        system it automatically enables IOMMU if not enabled by the user
        already. These systems can be identified by reading 1 from
        /sys/bus/thunderbolt/devices/domainX/iommu_dma_protection
        attribute.
      1fccc793
  11. 14 Feb, 2019 5 commits
  12. 01 Feb, 2019 1 commit
    • Christian Kellner's avatar
      names: expose object path generation method · a396eb98
      Christian Kellner authored
      Export the method used in BoltExported to generate the object path
      for a object based on the 'base path' (e.g. /org/freedesktop/bolt)
      and the 'object id' (e.g. the uuid of the device or domain).
      
      For the origin and other justification of why the generation is
      done in that way see the original commit that introduced that
      feature in BoltExported: 298b180a
      a396eb98
  13. 21 Dec, 2018 3 commits
    • Christian Kellner's avatar
      common: add implementation of sd_notify · e77de53a
      Christian Kellner authored
      Add bolt_sd_notify_literal, a simple implementation of the IPC
      protocol used by systemd to communicate process status (and more).
      Rolling a custom implementation is easy enough and avoid linking
      to libsystemd.
      e77de53a
    • Christian Kellner's avatar
      common: io: earlier precondition checks · 589a6340
      Christian Kellner authored
      Do the precondition checks (e.g. for the error out variable) before
      any operation that allocates are resource (here: file descriptors),
      so they are not leaked in the case the precondition guard returns.
      Uncovered by coverity (CID 328208, 328209).
      589a6340
    • Christian Kellner's avatar
      common: remove unnecessary call to g_steal_pointer · 64396956
      Christian Kellner authored
      Instead of calling g_steal_pointer, just use the already prepared
      "src" variable and then directly set the "source" to NULL.
      64396956
  14. 19 Dec, 2018 1 commit
    • Christian Kellner's avatar
      *: use bolt_error_propagate where appropriate · b0199fff
      Christian Kellner authored
      The bolt_error_propagate is basically a short form for doing:
      
          g_propagate_error (dest, g_steal_pointer (&source));
          return error != NULL ? FALSE : TRUE;
      
      which has the advantage that this pattern can be replaced by a one
      line function call.
      b0199fff
  15. 18 Dec, 2018 4 commits