| Age | Commit message (Collapse) | Author |
|---|
|
We changed creds to u32, so fix systemd sd-bus to acknowledge that.
|
|
attached to incoming messages
We don't know what the activated service might want in the end, hence
enable everything current and future, just to be sure.
|
|
|
|
On the system and user busses we create it's the receiver that chooses
which metadata is attched, not the sender, hence set the requirement
mask to ANY, to allow any current of future credential bit to be
attached.
|
|
|
|
dropped broadcast messages and proceeding
|
|
|
|
Also, properly keep track of incoming additional service names.
|
|
kernel messages
|
|
|
|
KDBUS_ITEM_PIDS structure from KDBUS_ITEM_CREDS
Also:
- adds support for euid, suid, fsuid, egid, sgid, fsgid fields.
- makes augmentation of creds with data from /proc explicitly
controllable to give apps better control over this, given that this is
racy.
- enables augmentation for kdbus connections (previously we only did it
for dbus1). This is useful since with recent kdbus versions it is
possible for clients to control the metadata they want to send.
- changes sd_bus_query_sender_privilege() to take the euid of the client
into consideration, if known
- when we don't have permissions to read augmentation data from /proc,
don't fail, just don't add the data in
|
|
kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:
* Each time a file system of this type is mounted, a new kdbus
domain is created.
* The layout inside each mount point is the same as before, except
that domains are not hierarchically nested anymore.
* Domains are therefore also unnamed now.
* Unmounting a kdbusfs will automatically also detroy the
associated domain.
* Hence, the action of creating a kdbus domain is now as
privileged as mounting a filesystem.
* This way, we can get around creating dev nodes for everything,
which is last but not least something that is not limited by
20-bit minor numbers.
The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.
A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().
|
|
kdbus learned to accept both a numerical destination ID as well as a
well-known-name. In that case, kdbus makes sure that the numerical ID is in
fact the owner of the provided name and fails otherwise.
This allows for race-free assertion of a bus name owner while sending a
message, which is a requirement for bus-proxyd.
Add two new fields to sd_bus_message, and set the numerical ID to
verify_destination_id if bus_message_setup_kmsg() is called for a
message with a well-known name.
Also, set the destination's name in the kdbus item to .destination_ptr
if it is non-NULL.
Normal users should not touch these fields, and they're not publicy
accessible.
|
|
|
|
The metadata logic in kdbus has seen a rework, and the only mandatory
change we have to follow for now is that attach_flags in kdbus_cmd_hello
is now split into two parts, attach_flags_send and attach_flags_recv.
|
|
kdbus recently renamed this concept, and so should we in what we expose
in userspace.
|
|
Catch up with some changes in kdbus.h:
* KDBUS_{ITEM,ATTACH}_CONN_NAME were renamed to
KDBUS_{ITEM,ATTACH}_CONN_DESCRIPTION, so the term 'name' is not
overloaded as much.
* The item types were re-ordered a little so they are lined up to the
order of the corresponding KDBUS_ATTACH flags
* A new item type KDBUS_ITEM_OWNED_NAME was introduced, designated to
store a struct kdbus_name in item->name. KDBUS_ITEM_NAME soley
stores data in item->str now
* Some kerneldoc fixes
|
|
|
|
|
|
We really shouldn't create fds ever that have the flag unset.
|
|
Some comment fixes and header cleanups in kdbus.h, and the task capability
meta information has been factored out to its own struct.
|
|
Don't handle clock_gettime() errors gracefully but use assert_se().
|
|
kdbus_msg.timeout_ns now takes an absolute value, based on CLOCK_MONOTONIC,
in order to eventually support automatically restarted syscalls.
Signed-off-by: Daniel Mack <daniel@zonque.org>
|
|
In kdbus.h, the following details changed:
* All commands gained a 'kernel_flags' field to report the flags supported
by the driver. Before, this was done in the 'flags' field in a
bidirectional way, which turned out to be a problem for the code in
sd-bus, as many parts of it reuse the same ioctl struct more than once
and consider them to be owned by userspace.
* Name listings are now returned by a new struct instead of reusing struct
kdbus_cmd_name for that matter. This way, we don't add more unneeded
fields to it and make the API cleaner.
* 'conn_flags' was renamed to 'flags' in struct kdbus_cmd_hello to make
the API a bit more unified.
|
|
kdbus.h now has KDBUS_ATTACH_COMM split into KDBUS_ATTACH_TID_COMM and
KDBUS_ATTACH_PID_COMM. The items were split already, so the change in
systemd is easy.
|
|
In kdbus.h, the 'features' field has been dropped again. Instead of
negotiating features that way, we decided to make the kernel return the
set of supported flags in each ioctl struct's .flags field, in both the
success and error cases.
|
|
This reverts commit 1a2409e262da65a4b0ca8ab18fcf5eabd2d404ca.
Support from the kdbus interface was removed. We require
memfds to be supported by all clients.
|
|
kdbus learned KDBUS_HELLO_ACCEPT_MEMFD as new connection negotiation
flag. Set it by default in systemd for now.
|
|
Sync kdbus.h once again. Two thing have changed:
a) KDBUS_CMD_EP_* was renamed to KDBUS_CMD_ENDPOINT_*
b) struct kdbus_cmd_hello and struct kdbus_cmd_make gained a
'features' bitfield (which is currently unused)
|
|
Walk the items first, then free the memory of the message.
Also, while at it, make coverity happy with an explicit (void) prefix.
We intentionally ignore the return value here.
|
|
It is no longer used after d663f1b1a92a778bcdc68f29b8c08cb49431b4f7
|
|
The KDBUS_CMD_FREE ioctl now uses a struct rather than a direct pointer
to the offset to free.
The KDBUS_CMD_MSG_CANCEL ioctl has also changes, but there's no user of
it yet in systemd.
|
|
m is always non-null at this point. This function is too long anyway.
|
|
keep function invocations and variable declarations separate
|
|
|
|
Just a rename of two struct members to make the header file c++ compatible.
|
|
All kdbus ioctl arguments must be 8byte aligned. Make sure we use
alloca_align() and _alignas_(8) in all situations where gcc doesn't
guarantee 8-byte alignment.
Note that objects on the stack are always 8byte aligned as we put
_alignas_(8) into the structure definition in kdbus.h.
|
|
|
|
Custom endpoints are alternative connection points to a bus, allowing
specific policy to be uploaded.
Add two functions to bus-kernel. One to create such endpoints, and another
one for setting a policy for them.
|
|
In order to re-use the policy definitions, factor them out into their own
files.
|
|
Noticed by Djalal Harouni
|
|
On systems without properly setup systemd, cg_get_root_path returns
-ENOENT. This means that busctl doesn't display much information.
busctl monitor also fails whenever it intercepts messages.
This fix fakes creates a fake "/" root cgroup which lets busctl work
on such systems.
|
|
Unlike earlier versions, the syscall only takes 2 arguments in its
final version, not 3.
|
|
|
|
This makes it easier to debug what is going on.
|
|
It's not safe invoking NSS from PID 1, hence fork off worker processes
that upload the policy into the kernel for busnames.
|
|
No functional change expected :)
|
|
|
|
Add a new config 'Activating' directive which denotes whether a busname
is actually registered on the bus. It defaults to 'yes'.
If set to 'no', the .busname unit only uploads policy, which will remain
active as long as the unit is running.
|
|
messages queued for it
This way we can be sure that the service the messages are ultimately
intended for finds all fields it might need.
|
