Age | Commit message (Collapse) | Author |
|
Fix comment typo and clarify that this is not about privileges but can
have rather arbitrary reasons.
|
|
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
|
|
|
|
This does not make a difference, but the code was confusing.
|
|
This exposes an IP port on the container as local port using DNAT.
|
|
Just a simple variable rename, and a dropped flag that sd-bus didn't make
use of.
|
|
|
|
needlessly send it if we don't actually need it
|
|
Make sure to append bloom-filters to all signal-messages, not only
broadcasts.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
"org.freedesktop.DBus" and "org.freedesktop.DBus.Local" and refuse them
|
|
With this change it is possible to send file descriptors to PID 1, via
sd_pid_notify_with_fds() which PID 1 will store individually for each
service, and pass via the usual fd passing logic on next invocation.
This is useful for enable daemon reload schemes where daemons serialize
their state to /run, push their fds into PID 1 and terminate, restoring
their state on next start from the data in /run and passed in from PID
1.
The fds are kept by PID 1 as long as no POLLHUP or POLLERR is seen on
them, and the service they belong to are either not dead or failed, or
have a job queued.
|
|
Catch up with latest changes in kdbus.ko:
* Signals can be sent as unicast now, hence they need to be marked as
such with the KDBUS_MSG_SIGNAL in the message flags.
* Follow ioctl number change for KDBUS_CMD_FREE
|
|
|
|
|
|
https://github.com/vlajos/misspell_fixer
https://github.com/torstehu/systemd/commit/b6fdeb618cf2f3ce1645b3315f15f482710c7ffa
Thanks to Torstein Husebo <torstein@huseboe.net>.
|
|
ENOSYS is used to signify compiled-out functionality. Using it for
different kinds of error is misleading.
For BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, logind-action.c uses ENOTSUP
already, so changing it to ENOTSUP makes the dbus and action paths
behave the same.
|
|
This implements two new helpers, discussed on systemd-devel about 1 year
ago:
sd_bus_emit_object_added()
sd_bus_emit_object_removed()
Both calls are equivalent to their respective counterpart
sd_bus_emit_interfaces_{added/removed}(), but can figure out the list of
interfaces themselves, instead of requiring the caller to provide them.
Furthermore, both calls properly deal with builtin interfaces provided via
org.freedesktop.DBus.* and alike.
Both calls simply traverse a node and all its parent nodes to figure out a
list of all interfaces registered as vtable or fallback. It then appends
each of them, similar to the interfaces_{added/removed}() helpers.
Note that interfaces_{added/removed}() runs a parent traversal for *each*
passed interface. Therefore, it can simply bail out, once it found a
parent node that implements a given interface.
With object_{added/removed}() we cannot know the registered interfaces in
advance, thus, we cannot run one traversal per node. Instead, we run a
single traversal and remember all interfaces that we added. Therefore, a
child-interface overrides all conflicting parent-interfaces. We keep a
"Set *s" context to track those while climbing up the tree.
|
|
The kernel provides capabilities as a u32 array, sd-bus uses an u8 array.
This works fine on little-endian as both are encoded the same way.
However, this fails on big-endian if we do not perform sufficient
byte-swapping on each u32 entry.
This patch makes sd-bus use u32, too. We avoid changing any kernel
provided data so we can keep pointing into kdbus pool buffers which
contain u32 arrays.
|
|
The number of available caps can be read from
/proc/sys/kernel/cap_last_cap during runtime. Our helper cap_last_cap()
does that, so there's no reason to remember the size of any capability
cache. We can just pre-allocate arrays with a suitable size for all
available caps and reject any higher caps.
The kernel capability API uses u32 as base so make sure we do the same.
Note that this is specified by POSIX, so it's unlikely to change.
|
|
systemd-nspawn for containers
This is basically just a shortcut for "systemctl enable
systemd-nspawn@<foobar>.service", but does escaping.
|
|
|
|
Drop spurious 'we'.
|
|
All we care about is that the kernel (pid==0) sent the message. Verifying the sender uid
seems to break when using userns.
Reported by Stéphane Graber.
|
|
Only a minor change as the timeout would be hit soon thereafetr at the next loop.
|
|
This caused rtnl_poll to always return true immediately in sd_rtnl_call().
|
|
Read the message form the socket or we will loop trying to read the
same message repeatedly.
|
|
We should just try again instead.
|
|
We drop messages received from the wrong uid/pid, log this at debug level.
|
|
|
|
They do not use any functions from libcap directly. The CAP_SYS_ADMIN constant
in use by bus-objects.c comes from <linux/capability.h> imported through
"missing.h". The "missing.h" header is imported through "util.h" which gets
imported in "bus-util.h".
Tested that everything builds cleanly after this change.
|
|
Pretty much everywhere else we use the generic term "machine" when
referring to containers in API, so let's do though in sd-bus too. In
particular, since the concept of a "container" exists in sd-bus too, but
as part of the marshalling system.
|
|
|
|
a PID instead of a container name
|
|
files from core
Stuff in src/shared or src/libsystemd should *never* include code from
src/core or any of the tools, so don't do that here either. It's not OK!
|
|
Kernel notifications carry a timestamp now, so make sure
bus_kernel_translate_message() doesn't complain when it stumbles across
them.
|
|
Sync kdbus.h with upstream changes:
* Two optional cancellation points where added for synchronously
blocking KDBUS_CMD_SEND commands: A sigmask to change the mask
of accepted signals before the task is put to sleep, and a
generic file descriptor that can be written to, in order to cancel
the command. Both methods are currently unused.
* The KDBUS_CMD_CANCEL ioctl was removed. sd-bus was never using
that command, so there's no change needed.
* Some kerneldoc fixes
|
|
|
|
|
|
|
|
Make sure to set send-attach-flags on BUS_MAKE. These control which
information is revealed about the bus-owner.
|
|
Make sure we don't call into any bus_kernel_*() functions before
b->is_kernel is set to true. Hard-code the CMD_FREE just like the other
helpers do.
|
|
Changes:
* bloom parameters are returned in an offset via HELLO
* FREE now takes items just like any other ioctl
|
|
|
|
|