| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The message bus which can monitor its conf dirs for changes and reload
confs immediately if dir monitor enabled, for example, inotify in Linux,
kqueue in *BSD.
However, it doesn't apply policy rules change for completed connections,
so to apply policy rules change, the client connection has to disconnect
first and then re-connect to message bus.
For imcomplete connections, it always has the latest review of policy
rules.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39463
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
Previous to the introduction of selinux_set_mapping(), DBus pulled
constants generated from the system's policy at build time. But this
means it's impossible to replace the system policy without rebuilding
userspace components.
This patch maps from arbitrary class/perm indices used by D-Bus and
the policy values and handles all the translation at runtime on
avc_has_perm() calls.
Bug: https://bugs.freedesktop.org/attachment.cgi?id=88719
Reviewed-By: Colin Walters <walters@verbum.org>
Tested-By: Colin Walters <walters@verbum.org>
|
|
This causes the test to fail. The assumption implicitly being made was
"if pid 1 is systemd, then every caller of _dbus_init_system_log() is a
systemd service" which is not valid for the regression test.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63163
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Colin Walters <walters@verbum.org>
|
|
This makes it a bit clearer what's going on.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Lennart Poettering <lennart@poettering.net>
|
|
When used with init systems such as systemd (where PID files are
redundant) this allows us to disable PID files even if a path is
configured for them in the normal bus configuration files.
Make use of this new switch in the systemd unit file.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=45520
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33337
|
|
|
|
mechanisms
Previously, only one auth mechanism was used.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=45106
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
Someone seems to have merged part of master into 1.4. Again. Let's go
back to the "last known good" point (the branch-point of some 1.4
branches I had locally), then we can cherry-pick the changes that
should have gone in.
|
|
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39231
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
|
|
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33337
Bug-NB: NB#197191
|
|
Similar to the previous commit, almost every use of DBusWatch can just
have the main loop call dbus_watch_handle.
The one exception is the bus activation code; it's had a comment
explaining why it's wrong since 2003. We should fix that one day, but for
now, just migrate it to a new _dbus_loop_add_watch_full which preserves
the second-layer callback.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33342
Reviewed-by: Thiago Macieira <thiago@kde.org>
|
|
Instead of supplying 8 tiny wrapper functions around dbus_timeout_handle,
each with a user_data parameter that's a potentially unsafe borrowed
pointer but isn't actually used, we can call dbus_timeout_handle directly
and save a lot of trouble.
One of the wrappers previously called dbus_timeout_handle repeatedly
if it returned FALSE to indicate OOM, but that timeout's handler never
actually returned FALSE, so there was no practical effect. The rest just
ignore the return, which is documented as OK to do.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33342
Reviewed-by: Thiago Macieira <thiago@kde.org>
|
|
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35358
Reviewed-by: Colin Walters <walters@verbum.org>
|
|
On Linux, we previously called openlog() (with different options!) while
initializing SELinux; leave SELinux messages as LOG_USER|LOG_INFO in case
anyone was relying on that, but let the rest of our log messages come
out as LOG_DAEMON.
Also enable LOG_PERROR (copy syslog messages to stderr) unconditionally;
we can make this an autoconf check if anyone's pet Unix doesn't have
LOG_PERROR.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35358
Reviewed-by: Colin Walters <walters@verbum.org>
|
|
In practice, nothing copes with missing broadcast signals, so the least
we can do is make the failure mode visible.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35358
Reviewed-by: Colin Walters <walters@verbum.org>
|
|
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35358
Reviewed-by: Colin Walters <walters@verbum.org>
|
|
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35358
Reviewed-by: Colin Walters <walters@verbum.org>
|
|
The default configuration has hardcoded 2048 complete connections,
and 64 incomplete. We need at least that number of file descriptors,
plus some for internal use.
In the bus, attempt to call setrlimit() before we drop privileges.
Practically speaking for this means the system bus gets it, the
session bus doesn't.
http://bugs.freedesktop.org/show_bug.cgi?id=33474
Reviewed-By: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
Origin: vendor, Maemo
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33128
Bug-NB: NB#180486
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
Origin: vendor, Maemo
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33128
Bug-NB: NB#180486
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
This is allows overriding of the listening address on the command line,
which is particularly useful for systemd socket-based activation.
|
|
Conflicts:
bus/dispatch.c
configure.in
test/name-test/test-names.c
|
|
Otherwise we don't get GCC warnings.
|
|
|
|
|
|
Conflicts:
bus/bus.c
configure.in
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=572769
Previously we'd just continue if AVC initialization failed, but
that didn't really work because then we'd later crash in
avc_has_perm.
Simply treat initialization failures as fatal, and hopefully we
can get data from the system log.
|
|
Previously we were simply logging as "dbus", and it was unclear
whether it was the system bus, or a session bus. And if the latter,
which user?
This patch adds a prefix to the log message with the bus type
and the userid.
|
|
In preparation for a future patch which introduces a fatal logging level,
don't duplicate the API here.
|
|
Conflicts:
bus/bus.c
bus/selinux.c
configure.in
|
|
It's not expected to have to manually SIGHUP the bus after installing
a new .service file. Since our directory monitoring is already set
up to queue a full reload which includes service activation, simply
monitor the servicedirs too.
https://bugs.freedesktop.org/show_bug.cgi?id=23846
|
|
We were incorrectly passing NULL for a DBusList when the usage expected
is a pointer to a NULL DBusList pointer. Also during dbus_shutdown
we need to actually close the inotify fd, and remove our watch.
Move the shutdown handler out of bus.c and into inotify where we
can do all of this cleanly.
(cherry picked from commit 90fe96b1875350f86a4a773d4a0a22009950dd4d)
|
|
We were incorrectly passing NULL for a DBusList when the usage expected
is a pointer to a NULL DBusList pointer. Also during dbus_shutdown
we need to actually close the inotify fd, and remove our watch.
Move the shutdown handler out of bus.c and into inotify where we
can do all of this cleanly.
|
|
|
|
Substantially based on a patch by Matthias Clasen <mclasen@redhat.com>
kqueue implementation by Joe Marcus Clarke <marcus@freebsd.org>
Previously, when we detected a configuration change (which included
the set of config directories to monitor for changes), we would
simply drop all watches, then readd them.
The problem with this is that it introduced a race condition where
we might not be watching one of the config directories for changes.
Rather than dropping and readding, change the OS-dependent monitoring
API to simply take a new set of directories to monitor. Implicit
in this is that the OS-specific layer needs to keep track of the
previously monitored set.
|
|
Conflicts:
bus/Makefile.am
dbus/dbus-sysdeps-util-unix.c
dbus/dbus-transport.c
test/test-service.c
|
|
The reload handling for activation simply dropped all knowledge
of pending activations, which was clearly wrong. Refactor things
so that reload only reloads directories, server address etc.
Based on a patch originally from Matthias Clasen <mclasen@redhat.com>
|
|
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
Conflicts:
dbus/dbus-connection.c
dbus/dbus-message-util.c
dbus/dbus-sysdeps-unix.c
|
|
No comment.
Signed-off-by: Colin Walters <walters@verbum.org>
(cherry picked from commit 5baf2f856a9c6625993234855b07680da1c8916f)
|
|
No comment.
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
Create configuration settings and enforce message unix fd limits the
same way we do for allocated message memory.
|
|
* bus/bus.c: Initialize AVC earlier:
http://lists.freedesktop.org/archives/dbus/2008-October/010493.html
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
Signed-off-by: Colin Walters <walters@verbum.org>
|
|
The requested_reply field is necessary in send denials too because
it's used in the policy language. The connection loginfo lack in
"would deny" was just an oversight.
|
|
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
|
