diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-08-02 12:28:51 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-08-19 00:50:24 +0200 |
commit | fd63e712b2025d235ce4bfbb512fada10e2690b5 (patch) | |
tree | 467b8bd4f555081a4769db6c5721b6a7f97b10e1 /src/core/selinux-setup.c | |
parent | 8a384842b25fc910859f3aa7121aa61f7f4e3906 (diff) |
core: bypass dynamic user lookups from dbus-daemon
dbus-daemon does NSS name look-ups in order to enforce its bus policy. This
might dead-lock if an NSS module use wants to use D-Bus for the look-up itself,
like our nss-systemd does. Let's work around this by bypassing bus
communication in the NSS module if we run inside of dbus-daemon. To make this
work we keep a bit of extra state in /run/systemd/dynamic-uid/ so that we don't
have to consult the bus, but can still resolve the names.
Note that the normal codepath continues to be via the bus, so that resolving
works from all mount namespaces and is subject to authentication, as before.
This is a bit dirty, but not too dirty, as dbus daemon is kinda special anyway
for PID 1.
Diffstat (limited to 'src/core/selinux-setup.c')
0 files changed, 0 insertions, 0 deletions