From 3690de9398011383efdb0a5ac462ef6689b75c22 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 20 Oct 2023 15:26:42 +0100 Subject: [PATCH] Revert "Disable the Containers interface" This reverts commit 9d60676ae08b5ff1153ca5cb2e42bb4d5ec563cf. --- CMakeLists.txt | 1 + README.cmake | 3 +++ bus/containers.c | 2 -- bus/driver.c | 4 ---- bus/session.conf.in | 6 ++++++ bus/system.conf.in | 4 ++++ cmake/config.h.cmake | 1 + dbus/dbus-shared.h | 2 ++ doc/dbus-daemon.1.xml.in | 8 ++++++++ test/containers.c | 2 -- test/data/valid-config-files/limit-containers.conf.in | 5 +++++ test/data/valid-config-files/tmp-session.conf.in | 7 +++++++ test/dbus-daemon.c | 4 ++++ 13 files changed, 41 insertions(+), 8 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index d3ec71be..82c15ce0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -124,6 +124,7 @@ endif() option(DBUS_DISABLE_ASSERT "Disable assertion checking" OFF) option(DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF) +option(DBUS_ENABLE_CONTAINERS "enable restricted servers for app-containers" OFF) option(ENABLE_TRADITIONAL_ACTIVATION "Enable traditional activation (without using systemd)" ON) find_package(PkgConfig) diff --git a/README.cmake b/README.cmake index 03e5f27b..2cc4be93 100644 --- a/README.cmake +++ b/README.cmake @@ -149,6 +149,9 @@ ENABLE_QT_HELP:STRING=AUTO // enable bus daemon usage statistics DBUS_ENABLE_STATS:BOOL=OFF +// enable restricted servers for app containers +DBUS_ENABLE_CONTAINERS:BOOL=OFF + // build with systemd at_console support ENABLE_SYSTEMD:STRING=AUTO diff --git a/bus/containers.c b/bus/containers.c index 816f3e1b..aa3116e4 100644 --- a/bus/containers.c +++ b/bus/containers.c @@ -29,8 +29,6 @@ #ifdef DBUS_ENABLE_CONTAINERS -#error This feature is not ready for production use - #ifndef DBUS_UNIX # error DBUS_ENABLE_CONTAINERS requires DBUS_UNIX #endif diff --git a/bus/driver.c b/bus/driver.c index ebd98015..c6bff89d 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -1970,9 +1970,7 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials, dbus_pid_t pid = DBUS_PID_UNSET; const char *windows_sid = NULL; const char *linux_security_label = NULL; -#ifdef DBUS_ENABLE_CONTAINERS const char *path; -#endif #ifdef HAVE_UNIX_FD_PASSING int pid_fd = -1; /* owned by credentials */ #endif @@ -2033,7 +2031,6 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials, return FALSE; } -#ifdef DBUS_ENABLE_CONTAINERS /* This has to come from the connection, not the credentials */ if (peer_conn != NULL && bus_containers_connection_is_contained (peer_conn, &path, NULL, NULL)) @@ -2043,7 +2040,6 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials, path)) return FALSE; } -#endif #ifdef HAVE_UNIX_FD_PASSING if (caller_conn != NULL && pid_fd >= 0 && diff --git a/bus/session.conf.in b/bus/session.conf.in index affa7f1d..ace073c9 100644 --- a/bus/session.conf.in +++ b/bus/session.conf.in @@ -76,5 +76,11 @@ 50000 50000 50000 + 10000 + 10000 + 1000000000 + + 16 diff --git a/bus/system.conf.in b/bus/system.conf.in index d2f3244b..7c79a1ae 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -126,6 +126,10 @@ + + + + diff --git a/cmake/config.h.cmake b/cmake/config.h.cmake index 1cf57286..0575fc75 100644 --- a/cmake/config.h.cmake +++ b/cmake/config.h.cmake @@ -41,6 +41,7 @@ #cmakedefine DBUS_RUNSTATEDIR "@DBUS_RUNSTATEDIR@" #cmakedefine DBUS_ENABLE_STATS +#cmakedefine DBUS_ENABLE_CONTAINERS #cmakedefine ENABLE_TRADITIONAL_ACTIVATION #define TEST_LISTEN "@TEST_LISTEN@" diff --git a/dbus/dbus-shared.h b/dbus/dbus-shared.h index 87c0bd84..59b33e94 100644 --- a/dbus/dbus-shared.h +++ b/dbus/dbus-shared.h @@ -88,6 +88,8 @@ typedef enum */ /** The interface exported by the object with #DBUS_SERVICE_DBUS and #DBUS_PATH_DBUS */ #define DBUS_INTERFACE_DBUS "org.freedesktop.DBus" +/** The restricted container interface exported by the dbus-daemon */ +#define DBUS_INTERFACE_CONTAINERS1 "org.freedesktop.DBus.Containers1" /** The monitoring interface exported by the dbus-daemon */ #define DBUS_INTERFACE_MONITORING "org.freedesktop.DBus.Monitoring" diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index ae9b5aa3..e3ce49b0 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -840,6 +840,14 @@ Available limit names are: (number of calls-in-progress) "reply_timeout" : milliseconds (thousandths) until a method call times out + "max_containers" : max number of restricted servers for use + in app-containers, in total + "max_containers_per_user" : max number of app-containers per Unix uid + "max_container_metadata_bytes": max number of bytes of metadata to store + for each app-container + "max_connections_per_container": max number of (authenticated or + unauthenticated) connections to each + app-container diff --git a/test/containers.c b/test/containers.c index 79636460..f5bf5407 100644 --- a/test/containers.c +++ b/test/containers.c @@ -47,8 +47,6 @@ #include "test-utils-glib.h" -#define DBUS_INTERFACE_CONTAINERS1 "org.freedesktop.DBus.Containers1" - typedef struct { TestMainContext *ctx; gboolean skip; diff --git a/test/data/valid-config-files/limit-containers.conf.in b/test/data/valid-config-files/limit-containers.conf.in index 44dd3979..3cc3bb05 100644 --- a/test/data/valid-config-files/limit-containers.conf.in +++ b/test/data/valid-config-files/limit-containers.conf.in @@ -13,4 +13,9 @@ + + 5 + 3 + 4096 + 3 diff --git a/test/data/valid-config-files/tmp-session.conf.in b/test/data/valid-config-files/tmp-session.conf.in index d1effae1..502619dd 100644 --- a/test/data/valid-config-files/tmp-session.conf.in +++ b/test/data/valid-config-files/tmp-session.conf.in @@ -57,4 +57,11 @@ 50000 50000 50000 + 10000 + 10000 + 1000000000 + + 16 + diff --git a/test/dbus-daemon.c b/test/dbus-daemon.c index 1288fe0c..772fac5f 100644 --- a/test/dbus-daemon.c +++ b/test/dbus-daemon.c @@ -637,6 +637,10 @@ test_creds (Fixture *f, g_assert_not_reached (); #endif } + else if (g_str_has_prefix (name, DBUS_INTERFACE_CONTAINERS1 ".")) + { + g_assert_not_reached (); + } dbus_message_iter_next (&arr_iter); }