sd-bus: sync with kdbus upstream (ABI break)

kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:

 * Each time a file system of this type is mounted, a new kdbus
   domain is created.

 * The layout inside each mount point is the same as before, except
   that domains are not hierarchically nested anymore.

 * Domains are therefore also unnamed now.

 * Unmounting a kdbusfs will automatically also detroy the
   associated domain.

 * Hence, the action of creating a kdbus domain is now as
   privileged as mounting a filesystem.

 * This way, we can get around creating dev nodes for everything,
   which is last but not least something that is not limited by
   20-bit minor numbers.

The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.

A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().

6 files changed, 26 insertions, 16 deletions

diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c
index 38e1726e08..8136d3c0f8 100644
--- a/src/core/kmod-setup.c
+++ b/src/core/kmod-setup.c
@@ -71,7 +71,7 @@ int kmod_setup(void) {
                 { "unix",    "/proc/net/unix",         true, NULL },
 
                 /* IPC is needed before we bring up any other services */
-                { "kdbus",   "/sys/bus/kdbus",         false, cmdline_check_kdbus },
+                { "kdbus",   "/sys/fs/kdbus",          false, cmdline_check_kdbus },
         };
         struct kmod_ctx *ctx = NULL;
         unsigned int i;
diff --git a/src/core/main.c b/src/core/main.c
index 56a1f6193c..d563ae3509 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1556,6 +1556,7 @@ int main(int argc, char *argv[]) {
 #ifdef HAVE_KMOD
                 kmod_setup();
 #endif
+                mount_setup_late();
                 hostname_setup();
                 machine_id_setup(NULL);
                 loopback_setup();
diff --git a/src/core/manager.c b/src/core/manager.c
index 1bc36a6c41..2bc1058436 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -729,13 +729,6 @@ static int manager_setup_kdbus(Manager *m) {
         }
 
         log_debug("Successfully set up kdbus on %s", p);
-
-        /* Create the namespace directory here, so that the contents
-         * of that directory is not visible to non-root users. This is
-         * necessary to ensure that users cannot get access to busses
-         * of virtualized users when no UID namespacing is used. */
-        if (m->running_as == SYSTEMD_SYSTEM)
-                mkdir_p_label("/dev/kdbus/domain", 0700);
 #endif
 
         return 0;
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index cda25ede13..e9a2ec6886 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -110,6 +110,13 @@ static const MountPoint mount_table[] = {
 #endif
 };
 
+static const MountPoint mount_table_late[] = {
+#ifdef ENABLE_KDBUS
+        { "kdbusfs",    "/sys/fs/kdbus",             "kdbusfs",    NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+          NULL,       MNT_IN_CONTAINER },
+#endif
+};
+
 /* These are API file systems that might be mounted by other software,
  * we just list them here so that we know that we should ignore them */
 
@@ -221,6 +228,21 @@ int mount_setup_early(void) {
         return r;
 }
 
+int mount_setup_late(void) {
+        unsigned i;
+        int r = 0;
+
+        for (i = 0; i < ELEMENTSOF(mount_table_late); i ++)  {
+                int j;
+
+                j = mount_one(mount_table_late + i, false);
+                if (r == 0)
+                        r = j;
+        }
+
+        return r;
+}
+
 int mount_cgroup_controllers(char ***join_controllers) {
         _cleanup_set_free_free_ Set *controllers = NULL;
         _cleanup_fclose_ FILE *f;
diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h
index 4b521ad0e1..928bd6edfe 100644
--- a/src/core/mount-setup.h
+++ b/src/core/mount-setup.h
@@ -24,6 +24,7 @@
 #include <stdbool.h>
 
 int mount_setup_early(void);
+int mount_setup_late(void);
 
 int mount_setup(bool loaded_policy);
 
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 4bc288de1d..eb7f2ad60d 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -145,7 +145,7 @@ static int mount_dev(BindMount *m) {
                 "/dev/tty\0";
 
         char temporary_mount[] = "/tmp/namespace-dev-XXXXXX";
-        const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devkdbus = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL;
+        const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL;
         _cleanup_umask_ mode_t u;
         int r;
 
@@ -185,10 +185,6 @@ static int mount_dev(BindMount *m) {
         mkdir(devmqueue, 0755);
         mount("/dev/mqueue", devmqueue, NULL, MS_BIND, NULL);
 
-        devkdbus = strappenda(temporary_mount, "/dev/kdbus");
-        mkdir(devkdbus, 0755);
-        mount("/dev/kdbus", devkdbus, NULL, MS_BIND, NULL);
-
         devhugepages = strappenda(temporary_mount, "/dev/hugepages");
         mkdir(devhugepages, 0755);
         mount("/dev/hugepages", devhugepages, NULL, MS_BIND, NULL);
@@ -254,9 +250,6 @@ fail:
         if (devshm)
                 umount(devshm);
 
-        if (devkdbus)
-                umount(devkdbus);
-
         if (devhugepages)
                 umount(devhugepages);