Age | Commit message (Collapse) | Author |
|
|
|
|
|
same time
|
|
|
|
|
|
already is in the set
|
|
it for a future "busctl introspect" command
|
|
The lease is usually tied to the client ID, so users of the
lease may want to know what client ID it was acquired with.
|
|
The client identifier can be in many different formats, not just
the one that systemd creates from the Ethernet MAC address. Non-
ethernet interfaces may have different client IDs formats. Users
may also have custom client IDs that the wish to use to preserve
lease options delivered by servers configured with the existing
client ID.
|
|
Based on patch by Dan Williams.
|
|
client->secs wasn't getting set in the REBOOT state, causing
an assertion. REBOOT should work the same way as INIT, per
RFC 2131:
secs 2 Filled in by client, seconds elapsed since client
began address acquisition or renewal process.
REBOOT is necessary because some DHCP servers (eg on
home routers) do not hand back the same IP address unless the
'ciaddr' field is filled with that address, which DISCOVER
cannot do per the RFCs. This leads to multiple leases
on machine reboot or DHCP client restart.
|
|
fix:
CID 1237553 (#1 of 6): Unchecked return value from library
(CHECKED_RETURN
CID 1237553 (#3 of 6): Unchecked return value from library
(CHECKED_RETURN)
CID 1237553 (#4 of 6): Unchecked return value from library
(CHECKED_RETURN)
CID 1237553 (#5 of 6): Unchecked return value from library
(CHECKED_RETURN
CID 1237553 (#6 of 6): Unchecked return value from library
(CHECKED_RETURN)
|
|
|
|
|
|
fix 1237557 Unchecked return value from library
|
|
CID#979416. There is no real race here to fix, but lets make coverity
happy and rework the code.
Note that we still fail if the directory is removed _after_ we ran
mkdir(), so the same race is still there. Coverity is complaining, though.
Rewrite the code to make it happy.
(David: rewrote the commit-message to note that this is not a race. If I'm
wrong, blame me, not Ronny!)
|
|
username was already checked with isempty() and cannot be null at
this point.
CID#1237766
|
|
Our API calls check the validity of bus names anyway, hence we don't
have to do this before calling them...
|
|
|
|
The access check call was broken (as it tried to read a service name
from the UpdateActivationEnvironment() method call which doesn't carry
any). Also, it's unnecessary to make any access checks here, as we just
forward the call to PID 1 which should do the access checks necessary.
|
|
We really shouldn't check for words with "strstr()"...
|
|
|
|
object properties
|
|
Turns out we can just do kmod_setup() earlier, before we do mount_setup(),
so there's no need for mount_setup_late() anymore. Instead, put kdbusfs in
mount_table[].
|
|
|
|
|
|
any body
|
|
kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:
* Each time a file system of this type is mounted, a new kdbus
domain is created.
* The layout inside each mount point is the same as before, except
that domains are not hierarchically nested anymore.
* Domains are therefore also unnamed now.
* Unmounting a kdbusfs will automatically also detroy the
associated domain.
* Hence, the action of creating a kdbus domain is now as
privileged as mounting a filesystem.
* This way, we can get around creating dev nodes for everything,
which is last but not least something that is not limited by
20-bit minor numbers.
The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.
A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().
|
|
There are issues to investigate on with policies shipped by some
packages, which we'll address later. Move that topic out of the
way for now to bring sd-bus in sync with upstream kdbus.
|
|
|
|
|
|
|
|
|
|
add tests for the following directives:
- WorkingDirectory
- Personality
- IgnoreSIGPIPE
- PrivateTmp
- SystemCallFilter: It makes test/TEST-04-SECCOMP obsolete, so it has
been removed.
- SystemCallErrorNumber
- User
- Group
- Environment
|
|
Otherwise we cannot know when a service exited
|
|
|
|
|
|
kdbus learned parsing the attach flags for the KDBUS_CMD_BUS_CREATOR_INFO
ioctl. Bits not set in this mask will not be exported. Set that field to
_KDBUS_ATTACH_ALL for now.
Signed-off-by: Daniel Mack <daniel@zonque.org>
|
|
|
|
In order to check for matching policy entries at message transfers, we
have to consider the following:
* check the currently owned names of both the sending and the receiving
peer. If the sending peer is connected via kdbus, the currently owned
names are already attached to the message. If it was originated by the
connection we're proxying for, we store the owned names in our own strv
so we can check against them.
* Walk the list of names to check which name would allow the message to
pass, and explicitly use that name as destination of the message. If the
destination is on kdbus, store both the connection's unique name and the
chosen well-known-name in the message. That way, the kernel will make sure
the supplied name is owned by the supplied unique name, at the time of
sending, and return -EREMCHG otherwise.
* Make the policy checks optional by retrieving the bus owner creds, and
when the uid matches the current user's uid and is non-null, don't check
the bus policy.
|
|
This reverts commit 5bb24cccbce846c0d77e71b70a3be7f4b2ba6c0e.
It does not even compile (unbalanced {)
|
|
Retrieve the bus owner creds, and when the uid matches the current user's
uid and is non-null, don't check the bus policy.
|
|
We need to figure out which of the possible names satisfied the policy,
so we cannot do the iteration in check_policy_item() but have to leave it
to the users.
Test cases amended accordingly.
|
|
|
|
|
|
|
|
Store names successfully acquired by the legacy client into a hashmap.
We need to take these names into account when checking for send policies.
|
|
kdbus learned to accept both a numerical destination ID as well as a
well-known-name. In that case, kdbus makes sure that the numerical ID is in
fact the owner of the provided name and fails otherwise.
This allows for race-free assertion of a bus name owner while sending a
message, which is a requirement for bus-proxyd.
Add two new fields to sd_bus_message, and set the numerical ID to
verify_destination_id if bus_message_setup_kmsg() is called for a
message with a well-known name.
Also, set the destination's name in the kdbus item to .destination_ptr
if it is non-NULL.
Normal users should not touch these fields, and they're not publicy
accessible.
|
|
This should make the unquoting scheme a bit less naive.
|
|
end-of-line and end-of-item marks
|