diff options
-rw-r--r-- | src/core/kmod-setup.c | 2 | ||||
-rw-r--r-- | src/core/main.c | 1 | ||||
-rw-r--r-- | src/core/manager.c | 7 | ||||
-rw-r--r-- | src/core/mount-setup.c | 22 | ||||
-rw-r--r-- | src/core/mount-setup.h | 1 | ||||
-rw-r--r-- | src/core/namespace.c | 9 | ||||
-rw-r--r-- | src/dbus1-generator/dbus1-generator.c | 2 | ||||
-rw-r--r-- | src/libsystemd/sd-bus/PORTING-DBUS1 | 10 | ||||
-rw-r--r-- | src/libsystemd/sd-bus/bus-kernel.c | 60 | ||||
-rw-r--r-- | src/libsystemd/sd-bus/bus-kernel.h | 1 | ||||
-rw-r--r-- | src/libsystemd/sd-bus/kdbus.h | 40 | ||||
-rw-r--r-- | src/libsystemd/sd-bus/sd-bus.c | 2 | ||||
-rw-r--r-- | src/login/pam_systemd.c | 2 | ||||
-rw-r--r-- | src/nspawn/nspawn.c | 62 | ||||
-rw-r--r-- | src/shared/def.h | 4 | ||||
-rw-r--r-- | units/systemd-bus-proxyd@.service.in | 2 | ||||
-rw-r--r-- | units/user/systemd-bus-proxyd@.service.in | 2 |
17 files changed, 64 insertions, 165 deletions
diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c index 38e1726e08..8136d3c0f8 100644 --- a/src/core/kmod-setup.c +++ b/src/core/kmod-setup.c @@ -71,7 +71,7 @@ int kmod_setup(void) { { "unix", "/proc/net/unix", true, NULL }, /* IPC is needed before we bring up any other services */ - { "kdbus", "/sys/bus/kdbus", false, cmdline_check_kdbus }, + { "kdbus", "/sys/fs/kdbus", false, cmdline_check_kdbus }, }; struct kmod_ctx *ctx = NULL; unsigned int i; diff --git a/src/core/main.c b/src/core/main.c index 56a1f6193c..d563ae3509 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1556,6 +1556,7 @@ int main(int argc, char *argv[]) { #ifdef HAVE_KMOD kmod_setup(); #endif + mount_setup_late(); hostname_setup(); machine_id_setup(NULL); loopback_setup(); diff --git a/src/core/manager.c b/src/core/manager.c index 1bc36a6c41..2bc1058436 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -729,13 +729,6 @@ static int manager_setup_kdbus(Manager *m) { } log_debug("Successfully set up kdbus on %s", p); - - /* Create the namespace directory here, so that the contents - * of that directory is not visible to non-root users. This is - * necessary to ensure that users cannot get access to busses - * of virtualized users when no UID namespacing is used. */ - if (m->running_as == SYSTEMD_SYSTEM) - mkdir_p_label("/dev/kdbus/domain", 0700); #endif return 0; diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index cda25ede13..e9a2ec6886 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -110,6 +110,13 @@ static const MountPoint mount_table[] = { #endif }; +static const MountPoint mount_table_late[] = { +#ifdef ENABLE_KDBUS + { "kdbusfs", "/sys/fs/kdbus", "kdbusfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_IN_CONTAINER }, +#endif +}; + /* These are API file systems that might be mounted by other software, * we just list them here so that we know that we should ignore them */ @@ -221,6 +228,21 @@ int mount_setup_early(void) { return r; } +int mount_setup_late(void) { + unsigned i; + int r = 0; + + for (i = 0; i < ELEMENTSOF(mount_table_late); i ++) { + int j; + + j = mount_one(mount_table_late + i, false); + if (r == 0) + r = j; + } + + return r; +} + int mount_cgroup_controllers(char ***join_controllers) { _cleanup_set_free_free_ Set *controllers = NULL; _cleanup_fclose_ FILE *f; diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h index 4b521ad0e1..928bd6edfe 100644 --- a/src/core/mount-setup.h +++ b/src/core/mount-setup.h @@ -24,6 +24,7 @@ #include <stdbool.h> int mount_setup_early(void); +int mount_setup_late(void); int mount_setup(bool loaded_policy); diff --git a/src/core/namespace.c b/src/core/namespace.c index 4bc288de1d..eb7f2ad60d 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -145,7 +145,7 @@ static int mount_dev(BindMount *m) { "/dev/tty\0"; char temporary_mount[] = "/tmp/namespace-dev-XXXXXX"; - const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devkdbus = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL; + const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL; _cleanup_umask_ mode_t u; int r; @@ -185,10 +185,6 @@ static int mount_dev(BindMount *m) { mkdir(devmqueue, 0755); mount("/dev/mqueue", devmqueue, NULL, MS_BIND, NULL); - devkdbus = strappenda(temporary_mount, "/dev/kdbus"); - mkdir(devkdbus, 0755); - mount("/dev/kdbus", devkdbus, NULL, MS_BIND, NULL); - devhugepages = strappenda(temporary_mount, "/dev/hugepages"); mkdir(devhugepages, 0755); mount("/dev/hugepages", devhugepages, NULL, MS_BIND, NULL); @@ -254,9 +250,6 @@ fail: if (devshm) umount(devshm); - if (devkdbus) - umount(devkdbus); - if (devhugepages) umount(devhugepages); diff --git a/src/dbus1-generator/dbus1-generator.c b/src/dbus1-generator/dbus1-generator.c index 3c4522b589..57af80c0e9 100644 --- a/src/dbus1-generator/dbus1-generator.c +++ b/src/dbus1-generator/dbus1-generator.c @@ -319,7 +319,7 @@ int main(int argc, char *argv[]) { umask(0022); - if (access("/dev/kdbus/control", F_OK) < 0) + if (access("/sys/fs/kdbus/control", F_OK) < 0) return 0; r = cg_pid_get_owner_uid(0, NULL); diff --git a/src/libsystemd/sd-bus/PORTING-DBUS1 b/src/libsystemd/sd-bus/PORTING-DBUS1 index 81e94132b3..2dedb28bcf 100644 --- a/src/libsystemd/sd-bus/PORTING-DBUS1 +++ b/src/libsystemd/sd-bus/PORTING-DBUS1 @@ -14,11 +14,11 @@ GVariant compatible marshaler to your library first. After you have done that: here's the basic principle how kdbus works: -You connect to a bus by opening its bus node in /dev/kdbus/. All +You connect to a bus by opening its bus node in /sys/fs/kdbus/. All buses have a device node there, it starts with a numeric UID of the owner of the bus, followed by a dash and a string identifying the -bus. The system bus is thus called /dev/kdbus/0-system, and for user -buses the device node is /dev/kdbus/1000-user (if 1000 is your user +bus. The system bus is thus called /sys/fs/kdbus/0-system, and for user +buses the device node is /sys/fs/kdbus/1000-user (if 1000 is your user id). (Before we proceed, please always keep a copy of libsystemd next @@ -496,12 +496,12 @@ parameter. Client libraries should use the following connection string when connecting to the system bus: - kernel:path=/dev/kdbus/0-system/bus;unix:path=/var/run/dbus/system_bus_socket + kernel:path=/sys/fs/kdbus/0-system/bus;unix:path=/var/run/dbus/system_bus_socket This will ensure that kdbus is preferred over the legacy AF_UNIX socket, but compatibility is kept. For the user bus use: - kernel:path=/dev/kdbus/$UID-user/bus;unix:path=$XDG_RUNTIME_DIR/bus + kernel:path=/sys/fs/kdbus/$UID-user/bus;unix:path=$XDG_RUNTIME_DIR/bus With $UID replaced by the callers numer user ID, and $XDG_RUNTIME_DIR following the XDG basedir spec. diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c index 5e7bc12239..afac3b6bcc 100644 --- a/src/libsystemd/sd-bus/bus-kernel.c +++ b/src/libsystemd/sd-bus/bus-kernel.c @@ -1282,7 +1282,7 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { assert(name); assert(s); - fd = open("/dev/kdbus/control", O_RDWR|O_NOCTTY|O_CLOEXEC); + fd = open("/sys/fs/kdbus/control", O_RDWR|O_NOCTTY|O_CLOEXEC); if (fd < 0) return -errno; @@ -1323,7 +1323,7 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) { if (s) { char *p; - p = strjoin("/dev/kdbus/", n->str, "/bus", NULL); + p = strjoin("/sys/fs/kdbus/", n->str, "/bus", NULL); if (!p) { safe_close(fd); return -ENOMEM; @@ -1403,7 +1403,7 @@ int bus_kernel_open_bus_fd(const char *bus, char **path) { int fd; size_t len; - len = strlen("/dev/kdbus/") + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + strlen("/bus") + 1; + len = strlen("/sys/fs/kdbus/") + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + strlen("/bus") + 1; if (path) { p = malloc(len); @@ -1412,7 +1412,7 @@ int bus_kernel_open_bus_fd(const char *bus, char **path) { *path = p; } else p = alloca(len); - sprintf(p, "/dev/kdbus/" UID_FMT "-%s/bus", getuid(), bus); + sprintf(p, "/sys/fs/kdbus/" UID_FMT "-%s/bus", getuid(), bus); fd = open(p, O_RDWR|O_NOCTTY|O_CLOEXEC); if (fd < 0) @@ -1585,58 +1585,6 @@ int bus_kernel_make_starter( return fd; } -int bus_kernel_create_domain(const char *name, char **s) { - struct kdbus_cmd_make *make; - struct kdbus_item *n; - int fd; - - assert(name); - assert(s); - - fd = open("/dev/kdbus/control", O_RDWR|O_NOCTTY|O_CLOEXEC); - if (fd < 0) - return -errno; - - make = alloca0_align(ALIGN8(offsetof(struct kdbus_cmd_make, items) + - offsetof(struct kdbus_item, str) + - strlen(name) + 1), - 8); - - n = make->items; - strcpy(n->str, name); - n->size = offsetof(struct kdbus_item, str) + strlen(n->str) + 1; - n->type = KDBUS_ITEM_MAKE_NAME; - - make->size = ALIGN8(offsetof(struct kdbus_cmd_make, items) + n->size); - make->flags = KDBUS_MAKE_ACCESS_WORLD; - - if (ioctl(fd, KDBUS_CMD_DOMAIN_MAKE, make) < 0) { - safe_close(fd); - return -errno; - } - - /* The higher 32bit of the flags field are considered - * 'incompatible flags'. Refuse them all for now. */ - if (make->flags > 0xFFFFFFFFULL) { - safe_close(fd); - return -ENOTSUP; - } - - if (s) { - char *p; - - p = strappend("/dev/kdbus/domain/", name); - if (!p) { - safe_close(fd); - return -ENOMEM; - } - - *s = p; - } - - return fd; -} - int bus_kernel_try_close(sd_bus *bus) { assert(bus); assert(bus->is_kernel); diff --git a/src/libsystemd/sd-bus/bus-kernel.h b/src/libsystemd/sd-bus/bus-kernel.h index f1d832a764..c1ee285cd1 100644 --- a/src/libsystemd/sd-bus/bus-kernel.h +++ b/src/libsystemd/sd-bus/bus-kernel.h @@ -71,7 +71,6 @@ int bus_kernel_make_starter(int fd, const char *name, bool activating, bool acce int bus_kernel_create_bus(const char *name, bool world, char **s); int bus_kernel_create_endpoint(const char *bus_name, const char *ep_name, char **path); -int bus_kernel_create_domain(const char *name, char **s); int bus_kernel_set_endpoint_policy(int fd, uid_t uid, BusEndpoint *ep); diff --git a/src/libsystemd/sd-bus/kdbus.h b/src/libsystemd/sd-bus/kdbus.h index a870b176cf..e3a80c352d 100644 --- a/src/libsystemd/sd-bus/kdbus.h +++ b/src/libsystemd/sd-bus/kdbus.h @@ -635,8 +635,8 @@ enum kdbus_make_flags { * @kernel_flags: Supported flags for the used command, kernel → userspace * @items: Items describing details * - * This structure is used with the KDBUS_CMD_BUS_MAKE, KDBUS_CMD_ENDPOINT_MAKE - * and KDBUS_CMD_DOMAIN_MAKE ioctls. + * This structure is used with the KDBUS_CMD_BUS_MAKE and + * KDBUS_CMD_ENDPOINT_MAKE ioctls. */ struct kdbus_cmd_make { __u64 size; @@ -839,8 +839,6 @@ struct kdbus_cmd_match { * name. The bus is immediately shut down and * cleaned up when the opened "control" device node * is closed. - * KDBUS_CMD_DOMAIN_MAKE: Similar to KDBUS_CMD_BUS_MAKE, but it creates a - * new kdbus domain. * KDBUS_CMD_ENDPOINT_MAKE: Creates a new named special endpoint to talk to * the bus. Such endpoints usually carry a more * restrictive policy and grant restricted access @@ -887,44 +885,42 @@ struct kdbus_cmd_match { */ #define KDBUS_CMD_BUS_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x00, \ struct kdbus_cmd_make) -#define KDBUS_CMD_DOMAIN_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x10, \ - struct kdbus_cmd_make) -#define KDBUS_CMD_ENDPOINT_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x20, \ +#define KDBUS_CMD_ENDPOINT_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x10, \ struct kdbus_cmd_make) -#define KDBUS_CMD_HELLO _IOWR(KDBUS_IOCTL_MAGIC, 0x30, \ +#define KDBUS_CMD_HELLO _IOWR(KDBUS_IOCTL_MAGIC, 0x20, \ struct kdbus_cmd_hello) -#define KDBUS_CMD_BYEBYE _IO(KDBUS_IOCTL_MAGIC, 0x31) \ +#define KDBUS_CMD_BYEBYE _IO(KDBUS_IOCTL_MAGIC, 0x21) \ -#define KDBUS_CMD_MSG_SEND _IOWR(KDBUS_IOCTL_MAGIC, 0x40, \ +#define KDBUS_CMD_MSG_SEND _IOWR(KDBUS_IOCTL_MAGIC, 0x30, \ struct kdbus_msg) -#define KDBUS_CMD_MSG_RECV _IOWR(KDBUS_IOCTL_MAGIC, 0x41, \ +#define KDBUS_CMD_MSG_RECV _IOWR(KDBUS_IOCTL_MAGIC, 0x31, \ struct kdbus_cmd_recv) -#define KDBUS_CMD_MSG_CANCEL _IOW(KDBUS_IOCTL_MAGIC, 0x42, \ +#define KDBUS_CMD_MSG_CANCEL _IOW(KDBUS_IOCTL_MAGIC, 0x32, \ struct kdbus_cmd_cancel) -#define KDBUS_CMD_FREE _IOW(KDBUS_IOCTL_MAGIC, 0x43, \ +#define KDBUS_CMD_FREE _IOW(KDBUS_IOCTL_MAGIC, 0x33, \ struct kdbus_cmd_free) -#define KDBUS_CMD_NAME_ACQUIRE _IOWR(KDBUS_IOCTL_MAGIC, 0x50, \ +#define KDBUS_CMD_NAME_ACQUIRE _IOWR(KDBUS_IOCTL_MAGIC, 0x40, \ struct kdbus_cmd_name) -#define KDBUS_CMD_NAME_RELEASE _IOW(KDBUS_IOCTL_MAGIC, 0x51, \ +#define KDBUS_CMD_NAME_RELEASE _IOW(KDBUS_IOCTL_MAGIC, 0x41, \ struct kdbus_cmd_name) -#define KDBUS_CMD_NAME_LIST _IOWR(KDBUS_IOCTL_MAGIC, 0x52, \ +#define KDBUS_CMD_NAME_LIST _IOWR(KDBUS_IOCTL_MAGIC, 0x42, \ struct kdbus_cmd_name_list) -#define KDBUS_CMD_CONN_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x60, \ +#define KDBUS_CMD_CONN_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x50, \ struct kdbus_cmd_info) -#define KDBUS_CMD_CONN_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x61, \ +#define KDBUS_CMD_CONN_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x51, \ struct kdbus_cmd_update) -#define KDBUS_CMD_BUS_CREATOR_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x62, \ +#define KDBUS_CMD_BUS_CREATOR_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x52, \ struct kdbus_cmd_info) -#define KDBUS_CMD_ENDPOINT_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x71, \ +#define KDBUS_CMD_ENDPOINT_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x61, \ struct kdbus_cmd_update) -#define KDBUS_CMD_MATCH_ADD _IOW(KDBUS_IOCTL_MAGIC, 0x80, \ +#define KDBUS_CMD_MATCH_ADD _IOW(KDBUS_IOCTL_MAGIC, 0x70, \ struct kdbus_cmd_match) -#define KDBUS_CMD_MATCH_REMOVE _IOW(KDBUS_IOCTL_MAGIC, 0x81, \ +#define KDBUS_CMD_MATCH_REMOVE _IOW(KDBUS_IOCTL_MAGIC, 0x71, \ struct kdbus_cmd_match) #endif /* _KDBUS_UAPI_H_ */ diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c index e6b47f7fd8..b1a1f79d86 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -807,7 +807,7 @@ static int parse_container_kernel_address(sd_bus *b, const char **p, char **guid machine = NULL; free(b->kernel); - b->kernel = strdup("/dev/kdbus/0-system/bus"); + b->kernel = strdup("/sys/fs/kdbus/0-system/bus"); if (!b->kernel) return -ENOMEM; diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c index 0c71177deb..9250a6903a 100644 --- a/src/login/pam_systemd.c +++ b/src/login/pam_systemd.c @@ -180,7 +180,7 @@ static int export_legacy_dbus_address( int r; /* skip export if kdbus is not active */ - if (access("/dev/kdbus", F_OK) < 0) + if (access("/sys/fs/kdbus", F_OK) < 0) return PAM_SUCCESS; if (asprintf(&s, KERNEL_USER_BUS_FMT ";" UNIX_USER_BUS_FMT, diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index fca3222a87..c2311b36d5 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -1441,26 +1441,6 @@ static int setup_journal(const char *directory) { return 0; } -static int setup_kdbus(const char *dest, const char *path) { - const char *p; - - if (!path) - return 0; - - p = strappenda(dest, "/dev/kdbus"); - if (mkdir(p, 0755) < 0) { - log_error("Failed to create kdbus path: %m"); - return -errno; - } - - if (mount(path, p, "bind", MS_BIND, NULL) < 0) { - log_error("Failed to mount kdbus domain path: %m"); - return -errno; - } - - return 0; -} - static int drop_capabilities(void) { return capability_bounding_set_drop(~arg_retain, false); } @@ -1546,7 +1526,7 @@ static int register_machine(pid_t pid, int local_ifindex) { return r; } - r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 11, + r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 9, /* Allow the container to * access and create the API * device nodes, so that @@ -1566,18 +1546,7 @@ static int register_machine(pid_t pid, int local_ifindex) { * container to ever create * these device nodes. */ "/dev/pts/ptmx", "rw", - "char-pts", "rw", - /* Allow the container - * access to all kdbus - * devices. Again, the - * container cannot create - * these nodes, only use - * them. We use a pretty - * open match here, so that - * the kernel API can still - * change. */ - "char-kdbus", "rw", - "char-kdbus/*", "rw"); + "char-pts", "rw"); if (r < 0) { log_error("Failed to add device whitelist: %s", strerror(-r)); return r; @@ -2991,9 +2960,9 @@ static int on_orderly_shutdown(sd_event_source *s, const struct signalfd_siginfo int main(int argc, char *argv[]) { - _cleanup_free_ char *kdbus_domain = NULL, *device_path = NULL, *root_device = NULL, *home_device = NULL, *srv_device = NULL; + _cleanup_free_ char *device_path = NULL, *root_device = NULL, *home_device = NULL, *srv_device = NULL; bool root_device_rw = true, home_device_rw = true, srv_device_rw = true; - _cleanup_close_ int master = -1, kdbus_fd = -1, image_fd = -1; + _cleanup_close_ int master = -1, image_fd = -1; _cleanup_close_pair_ int kmsg_socket_pair[2] = { -1, -1 }; _cleanup_fdset_free_ FDSet *fds = NULL; int r = EXIT_FAILURE, k, n_fd_passed, loop_nr = -1; @@ -3140,26 +3109,6 @@ int main(int argc, char *argv[]) { goto finish; } - if (access("/dev/kdbus/control", F_OK) >= 0) { - - if (arg_share_system) { - kdbus_domain = strdup("/dev/kdbus"); - if (!kdbus_domain) { - log_oom(); - goto finish; - } - } else { - const char *ns; - - ns = strappenda("machine-", arg_machine); - kdbus_fd = bus_kernel_create_domain(ns, &kdbus_domain); - if (r < 0) - log_debug("Failed to create kdbus domain: %s", strerror(-r)); - else - log_debug("Successfully created kdbus domain as %s", kdbus_domain); - } - } - if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, kmsg_socket_pair) < 0) { log_error("Failed to create kmsg socket pair: %m"); goto finish; @@ -3365,9 +3314,6 @@ int main(int argc, char *argv[]) { if (mount_tmpfs(arg_directory) < 0) _exit(EXIT_FAILURE); - if (setup_kdbus(arg_directory, kdbus_domain) < 0) - _exit(EXIT_FAILURE); - /* Tell the parent that we are ready, and that * it can cgroupify us to that we lack access * to certain devices and resources. */ diff --git a/src/shared/def.h b/src/shared/def.h index 92394e8183..98e3e10fb6 100644 --- a/src/shared/def.h +++ b/src/shared/def.h @@ -62,7 +62,7 @@ #endif #define UNIX_SYSTEM_BUS_PATH "unix:path=/var/run/dbus/system_bus_socket" -#define KERNEL_SYSTEM_BUS_PATH "kernel:path=/dev/kdbus/0-system/bus" +#define KERNEL_SYSTEM_BUS_PATH "kernel:path=/sys/fs/kdbus/0-system/bus" #ifdef ENABLE_KDBUS # define DEFAULT_SYSTEM_BUS_PATH KERNEL_SYSTEM_BUS_PATH ";" UNIX_SYSTEM_BUS_PATH @@ -71,7 +71,7 @@ #endif #define UNIX_USER_BUS_FMT "unix:path=%s/bus" -#define KERNEL_USER_BUS_FMT "kernel:path=/dev/kdbus/"UID_FMT"-user/bus" +#define KERNEL_USER_BUS_FMT "kernel:path=/sys/fs/kdbus/"UID_FMT"-user/bus" #define PLYMOUTH_SOCKET { \ .un.sun_family = AF_UNIX, \ diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in index eef703f2f7..fdcd3029fd 100644 --- a/units/systemd-bus-proxyd@.service.in +++ b/units/systemd-bus-proxyd@.service.in @@ -12,7 +12,7 @@ Description=Legacy D-Bus Protocol Compatibility Daemon # The first argument will be replaced by the service by information on # the process requesting the proxy, we need a placeholder to keep the # space available for this. -ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges --address=kernel:path=/dev/kdbus/0-system/bus --configuration=/etc/dbus-1/system.conf --configuration=/etc/dbus-1/system-local.conf --configuration=/etc/dbus-1/system.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges --address=kernel:path=/sys/fs/kdbus/0-system/bus --configuration=/etc/dbus-1/system.conf --configuration=/etc/dbus-1/system-local.conf --configuration=/etc/dbus-1/system.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx NotifyAccess=main CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP PrivateTmp=yes diff --git a/units/user/systemd-bus-proxyd@.service.in b/units/user/systemd-bus-proxyd@.service.in index 2f4df7cb5a..48294db266 100644 --- a/units/user/systemd-bus-proxyd@.service.in +++ b/units/user/systemd-bus-proxyd@.service.in @@ -12,5 +12,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon # The first argument will be replaced by the service by information on # the process requesting the proxy, we need a placeholder to keep the # space available for this. -ExecStart=@rootlibexecdir@/systemd-bus-proxyd --address=kernel:path=/dev/kdbus/%U-user/bus --configuration=/etc/dbus-1/session.conf --configuration=/etc/dbus-1/session-local.conf --configuration=/etc/dbus-1/session.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +ExecStart=@rootlibexecdir@/systemd-bus-proxyd --address=kernel:path=/sys/fs/kdbus/%U-user/bus --configuration=/etc/dbus-1/session.conf --configuration=/etc/dbus-1/session-local.conf --configuration=/etc/dbus-1/session.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx NotifyAccess=main |