fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-02-05 00:40:27 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Completely remove the Containers1 interface

Browse source 
This interface is still not ready for production use. To minimize
confusion, let's remove it from the 1.16.x stable branch. We can have
another try during the 1.17.x cycle, via dbus/dbus!449.

Signed-off-by: Simon McVittie <smcv@collabora.com>
This commit is contained in:
Simon McVittie 2024-11-19 13:11:13 +00:00
parent 1f5affa322
commit c0d4873704
14 changed files with 2 additions and 3538 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bus/CMakeLists.txt
View file

@ -51,8 +51,6 @@ set(BUS_SOURCES
# config-parser-trivial.c
connection.c
connection.h
containers.c
containers.h
desktop-file.c
desktop-file.h
dir-watch.h

20
bus/bus.c
View file

@ -31,7 +31,6 @@
#include "activation.h"
#include "connection.h"
#include "containers.h"
#include "dispatch.h"
#include "services.h"
#include "utils.h"
@ -73,7 +72,6 @@ struct BusContext
BusMatchmaker *matchmaker;
BusLimits limits;
DBusRLimit *initial_fd_limit;
BusContainers *containers;
unsigned int fork : 1;
unsigned int syslog : 1;
unsigned int keep_umask : 1;
@ -921,14 +919,6 @@ bus_context_new (const DBusString *config_file,
goto failed;
}
context->containers = bus_containers_new ();
if (context->containers == NULL)
{
BUS_SET_OOM (error);
goto failed;
}
/* check user before we fork */
if (context->user != NULL)
{
@ -1227,9 +1217,6 @@ bus_context_shutdown (BusContext *context)
link = _dbus_list_get_next_link (&context->servers, link);
}
if (context->containers != NULL)
bus_containers_stop_listening (context->containers);
}
BusContext *
@ -1300,7 +1287,6 @@ bus_context_unref (BusContext *context)
context->matchmaker = NULL;
}
bus_clear_containers (&context->containers);
dbus_free (context->config_file);
dbus_free (context->log_prefix);
dbus_free (context->type);
@ -1405,12 +1391,6 @@ bus_context_allow_windows_user (BusContext *context,
windows_sid);
}
BusContainers *
bus_context_get_containers (BusContext *context)
{
return context->containers;
}
BusClientPolicy*
bus_context_create_client_policy (BusContext *context,
DBusConnection *connection,

1
bus/bus.h
View file

@ -113,7 +113,6 @@ dbus_bool_t bus_context_allow_unix_user (BusContext
unsigned long uid);
dbus_bool_t bus_context_allow_windows_user (BusContext *context,
const char *windows_sid);
BusContainers *bus_context_get_containers (BusContext *context);
BusClientPolicy* bus_context_create_client_policy (BusContext *context,
DBusConnection *connection,

51
bus/connection.c
View file

@ -26,7 +26,6 @@
#include <config.h>
#include "connection.h"
#include "containers.h"
#include "dispatch.h"
#include "policy.h"
#include "services.h"
@ -311,9 +310,6 @@ bus_connection_disconnected (DBusConnection *connection)
d->link_in_monitors = NULL;
}
bus_containers_remove_connection (bus_context_get_containers (d->connections->context),
connection);
if (d->link_in_connection_list != NULL)
{
if (d->name != NULL)
@ -593,9 +589,6 @@ cache_peer_loginfo_string (BusConnectionData *d,
const char *windows_sid = NULL;
const char *security_label = NULL;
dbus_bool_t prev_added;
const char *container = NULL;
const char *container_type = NULL;
const char *container_name = NULL;
DBusCredentials *credentials;
if (!_dbus_string_init (&loginfo_buf))
@ -676,30 +669,6 @@ cache_peer_loginfo_string (BusConnectionData *d,
prev_added = TRUE;
}
/* This does have to come from the connection, not the credentials */
if (bus_containers_connection_is_contained (connection, &container,
&container_type,
&container_name))
{
dbus_bool_t did_append;
if (prev_added)
{
if (!_dbus_string_append_byte (&loginfo_buf, ' '))
goto oom;
}
did_append = _dbus_string_append_printf (&loginfo_buf,
"container=%s %s=\"%s\")",
container,
container_type,
container_name);
if (!did_append)
goto oom;
else
prev_added = TRUE;
}
if (!_dbus_string_steal_data (&loginfo_buf, &(d->cached_loginfo_string)))
goto oom;
@ -2472,26 +2441,6 @@ bus_transaction_send (BusTransaction *transaction,
d = BUS_CONNECTION_DATA (destination);
_dbus_assert (d != NULL);
/* You might think that this is too late to be setting header fields,
* because the message is locked before sending - but remember that
* the message isn't actually queued to be sent (and hence locked)
* until we know we have enough memory for the entire transaction,
* and that doesn't happen until we know all the recipients.
* So this is about the last possible time we could edit the header. */
if ((d->want_headers & BUS_EXTRA_HEADERS_CONTAINER_INSTANCE) &&
dbus_message_get_container_instance (message) == NULL)
{
const char *path;
if (sender == NULL ||
!bus_containers_connection_is_contained (sender, &path,
NULL, NULL))
path = "/";
if (!dbus_message_set_container_instance (message, path))
return FALSE;
}
to_send = dbus_new (MessageToSend, 1);
if (to_send == NULL)
{

1480
bus/containers.c
View file

File diff suppressed because it is too large Load diff

77
bus/containers.h
View file

@ -1,77 +0,0 @@
/* containers.h - restricted bus servers for containers
*
* Copyright © 2017 Collabora Ltd.
*
* SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
*
* Licensed under the Academic Free License version 2.1
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA
*/
#ifndef BUS_CONTAINERS_H
#define BUS_CONTAINERS_H
#include "bus.h"
#include <dbus/dbus-macros.h>
BusContainers *bus_containers_new (void);
BusContainers *bus_containers_ref (BusContainers *self);
void bus_containers_unref (BusContainers *self);
void bus_containers_stop_listening (BusContainers *self);
dbus_bool_t bus_containers_handle_add_server (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_handle_stop_instance (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_handle_stop_listening (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_handle_get_instance_info (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_handle_get_connection_instance (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_handle_request_header (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_supported_arguments_getter (BusContext *context,
DBusMessageIter *var_iter);
void bus_containers_remove_connection (BusContainers *self,
DBusConnection *connection);
dbus_bool_t bus_containers_connection_is_contained (DBusConnection *connection,
const char **path,
const char **type,
const char **name);
static inline void
bus_clear_containers (BusContainers **containers_p)
{
_dbus_clear_pointer_impl (BusContainers, containers_p, bus_containers_unref);
}
#endif /* multiple-inclusion guard */

72
bus/driver.c
View file

@ -28,7 +28,6 @@
#include "activation.h"
#include "apparmor.h"
#include "connection.h"
#include "containers.h"
#include "driver.h"
#include "dispatch.h"
#include "services.h"
@ -118,19 +117,6 @@ bus_driver_check_caller_is_not_container (DBusConnection *connection,
DBusMessage *message,
DBusError *error)
{
if (bus_containers_connection_is_contained (connection, NULL, NULL, NULL))
{
const char *method = dbus_message_get_member (message);
bus_context_log_and_set_error (bus_transaction_get_context (transaction),
DBUS_SYSTEM_LOG_SECURITY, error, DBUS_ERROR_ACCESS_DENIED,
"rejected attempt to call %s by connection %s (%s) in "
"container", method,
nonnull (bus_connection_get_name (connection), "(inactive)"),
bus_connection_get_loginfo (connection));
return FALSE;
}
return TRUE;
}
@ -1970,9 +1956,6 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
dbus_pid_t pid = DBUS_PID_UNSET;
const char *windows_sid = NULL;
const char *linux_security_label = NULL;
#ifdef DBUS_ENABLE_CONTAINERS
const char *path;
#endif
#ifdef HAVE_UNIX_FD_PASSING
int pid_fd = -1; /* owned by credentials */
#endif
@ -2033,18 +2016,6 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
return FALSE;
}
#ifdef DBUS_ENABLE_CONTAINERS
/* This has to come from the connection, not the credentials */
if (peer_conn != NULL &&
bus_containers_connection_is_contained (peer_conn, &path, NULL, NULL))
{
if (!_dbus_asv_add_object_path (asv_iter,
DBUS_INTERFACE_CONTAINERS1 ".Instance",
path))
return FALSE;
}
#endif
#ifdef HAVE_UNIX_FD_PASSING
if (caller_conn != NULL && pid_fd >= 0 &&
dbus_connection_can_send_type (caller_conn, DBUS_TYPE_UNIX_FD) &&
@ -2500,7 +2471,8 @@ typedef enum
* containers are never privileged. */
METHOD_FLAG_PRIVILEGED = (1 << 1),
/* If set, callers must not be associated with a container instance. */
/* If set, callers must not be associated with a container instance.
* (No-op, the Containers1 interface is not present in this branch.) */
METHOD_FLAG_NO_CONTAINERS = (1 << 2),
METHOD_FLAG_NONE = 0
@ -2649,29 +2621,6 @@ static const MessageHandler introspectable_message_handlers[] = {
{ NULL, NULL, NULL, NULL }
};
#ifdef DBUS_ENABLE_CONTAINERS
static const MessageHandler containers_message_handlers[] = {
{ "AddServer", "ssa{sv}a{sv}", "oays", bus_containers_handle_add_server,
METHOD_FLAG_NO_CONTAINERS },
{ "StopInstance", "o", "", bus_containers_handle_stop_instance,
METHOD_FLAG_NO_CONTAINERS },
{ "StopListening", "o", "", bus_containers_handle_stop_listening,
METHOD_FLAG_NO_CONTAINERS },
{ "GetConnectionInstance", "s", "oa{sv}ssa{sv}",
bus_containers_handle_get_connection_instance,
METHOD_FLAG_NONE },
{ "GetInstanceInfo", "o", "a{sv}ssa{sv}", bus_containers_handle_get_instance_info,
METHOD_FLAG_NONE },
{ "RequestHeader", "", "", bus_containers_handle_request_header,
METHOD_FLAG_NONE },
{ NULL, NULL, NULL, NULL }
};
static const PropertyHandler containers_property_handlers[] = {
{ "SupportedArguments", "as", bus_containers_supported_arguments_getter },
{ NULL, NULL, NULL }
};
#endif
static const MessageHandler monitoring_message_handlers[] = {
{ "BecomeMonitor", "asu", "", bus_driver_handle_become_monitor,
METHOD_FLAG_PRIVILEGED },
@ -2777,13 +2726,6 @@ static InterfaceHandler interface_handlers[] = {
#ifdef DBUS_ENABLE_STATS
{ BUS_INTERFACE_STATS, stats_message_handlers, NULL,
INTERFACE_FLAG_NONE },
#endif
#ifdef DBUS_ENABLE_CONTAINERS
{ DBUS_INTERFACE_CONTAINERS1, containers_message_handlers,
" <signal name=\"InstanceRemoved\">\n"
" <arg type=\"o\" name=\"path\"/>\n"
" </signal>\n",
INTERFACE_FLAG_NONE, containers_property_handlers },
#endif
{ DBUS_INTERFACE_PEER, peer_message_handlers, NULL,
/* Not in the Interfaces property because it's a pseudo-interface
@ -3087,16 +3029,6 @@ bus_driver_handle_message (DBusConnection *connection,
return FALSE;
}
}
else if (mh->flags & METHOD_FLAG_NO_CONTAINERS)
{
if (!bus_driver_check_caller_is_not_container (connection,
transaction,
message, error))
{
_DBUS_ASSERT_ERROR_IS_SET (error);
return FALSE;
}
}
if (!(is_canonical_path || (mh->flags & METHOD_FLAG_ANY_PATH)))
{

1
bus/meson.build
View file

@ -96,7 +96,6 @@ libdbus_daemon_internal_sources = [
'config-parser-common.c',
'config-parser.c',
'connection.c',
'containers.c',
'desktop-file.c',
'dispatch.c',
'driver.c',

5
bus/tmpfiles.d/dbus-containers.conf.in
View file

@ -1,5 +0,0 @@
# Fields: type; path; mode; uid; gid; age; argument (symlink target)
# Create ${runstatedir}/dbus/containers owned by the system bus user.
# org.freedesktop.DBus.Containers1 uses this to create sockets.
d @EXPANDED_RUNSTATEDIR@/dbus/containers 0755 @DBUS_USER@ - - -

9
bus/tmpfiles.d/meson.build
View file

@ -25,12 +25,3 @@ configure_file(
configuration: data_config,
install_dir: get_option('prefix') / 'lib' / 'tmpfiles.d',
)
if get_option('containers')
configure_file(
input: 'dbus-containers.conf.in',
output: 'dbus-containers.conf',
configuration: data_config,
install_dir: get_option('prefix') / 'lib' / 'tmpfiles.d',
)
endif

2
meson.build
View file

@ -1078,7 +1078,6 @@ config.set_quoted('DBUS_SESSION_BUS_CONNECT_ADDRESS', session_bus_connect_addres
config.set('DBUS_ENABLE_STATS', get_option('stats'))
config.set('DBUS_ENABLE_CONTAINERS', get_option('containers'))
enable_user_session = get_option('user_session')
@ -1325,7 +1324,6 @@ summary_dict += {
'Building assertions': asserts,
'Building checks': checks,
'Building bus stats API': get_option('stats'),
'Building container API': get_option('containers'),
'Building SELinux support': config.get('HAVE_SELINUX'),
'Building AppArmor support': apparmor.found(),
'Building inotify support': use_inotify,

7
meson_options.txt
View file

@ -40,13 +40,6 @@ option(
description: 'Check for usage errors at public API'
)
option(
'containers',
type: 'boolean',
value: false,
description: 'Enable restricted servers for app containers'
)
option(
'dbus_daemondir',
type: 'string',

1807
test/containers.c
View file

File diff suppressed because it is too large Load diff

6
test/meson.build
View file

@ -591,12 +591,6 @@ if use_glib
if platform_unix
tests += [
{ 'name': 'containers',
'srcs': [ 'containers.c' ],
'link': [ libdbus_testutils, ],
'deps': [ glib, gio, ],
'suite': ['runs-dbus-daemon'],
},
{ 'name': 'sd-activation',
'srcs': [ 'sd-activation.c' ],
'link': [ libdbus_testutils, ],