fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-01-08 10:30:20 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch '1.16-no-containers' into dbus-1.16

Browse source
This commit is contained in:
Simon McVittie 2024-12-06 13:43:29 +00:00
commit ef4440f8cd
14 changed files with 2 additions and 3538 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bus/CMakeLists.txt
View file

@ -51,8 +51,6 @@ set(BUS_SOURCES
# config-parser-trivial.c
connection.c
connection.h
containers.c
containers.h
desktop-file.c
desktop-file.h
dir-watch.h

20
bus/bus.c
View file

@ -31,7 +31,6 @@
#include "activation.h"
#include "connection.h"
#include "containers.h"
#include "dispatch.h"
#include "services.h"
#include "utils.h"
@ -73,7 +72,6 @@ struct BusContext
BusMatchmaker *matchmaker;
BusLimits limits;
DBusRLimit *initial_fd_limit;
BusContainers *containers;
unsigned int fork : 1;
unsigned int syslog : 1;
unsigned int keep_umask : 1;
@ -921,14 +919,6 @@ bus_context_new (const DBusString *config_file,
goto failed;
}
context->containers = bus_containers_new ();
if (context->containers == NULL)
{
BUS_SET_OOM (error);
goto failed;
}
/* check user before we fork */
if (context->user != NULL)
{
@ -1227,9 +1217,6 @@ bus_context_shutdown (BusContext *context)
link = _dbus_list_get_next_link (&context->servers, link);
}
if (context->containers != NULL)
bus_containers_stop_listening (context->containers);
}
BusContext *
@ -1300,7 +1287,6 @@ bus_context_unref (BusContext *context)
context->matchmaker = NULL;
}
bus_clear_containers (&context->containers);
dbus_free (context->config_file);
dbus_free (context->log_prefix);
dbus_free (context->type);
@ -1405,12 +1391,6 @@ bus_context_allow_windows_user (BusContext *context,
windows_sid);
}
BusContainers *
bus_context_get_containers (BusContext *context)
{
return context->containers;
}
BusClientPolicy*
bus_context_create_client_policy (BusContext *context,
DBusConnection *connection,

1
bus/bus.h
View file

@ -113,7 +113,6 @@ dbus_bool_t bus_context_allow_unix_user (BusContext
unsigned long uid);
dbus_bool_t bus_context_allow_windows_user (BusContext *context,
const char *windows_sid);
BusContainers *bus_context_get_containers (BusContext *context);
BusClientPolicy* bus_context_create_client_policy (BusContext *context,
DBusConnection *connection,

51
bus/connection.c
View file

@ -26,7 +26,6 @@
#include <config.h>
#include "connection.h"
#include "containers.h"
#include "dispatch.h"
#include "policy.h"
#include "services.h"
@ -311,9 +310,6 @@ bus_connection_disconnected (DBusConnection *connection)
d->link_in_monitors = NULL;
}
bus_containers_remove_connection (bus_context_get_containers (d->connections->context),
connection);
if (d->link_in_connection_list != NULL)
{
if (d->name != NULL)
@ -593,9 +589,6 @@ cache_peer_loginfo_string (BusConnectionData *d,
const char *windows_sid = NULL;
const char *security_label = NULL;
dbus_bool_t prev_added;
const char *container = NULL;
const char *container_type = NULL;
const char *container_name = NULL;
DBusCredentials *credentials;
if (!_dbus_string_init (&loginfo_buf))
@ -676,30 +669,6 @@ cache_peer_loginfo_string (BusConnectionData *d,
prev_added = TRUE;
}
/* This does have to come from the connection, not the credentials */
if (bus_containers_connection_is_contained (connection, &container,
&container_type,
&container_name))
{
dbus_bool_t did_append;
if (prev_added)
{
if (!_dbus_string_append_byte (&loginfo_buf, ' '))
goto oom;
}
did_append = _dbus_string_append_printf (&loginfo_buf,
"container=%s %s=\"%s\")",
container,
container_type,
container_name);
if (!did_append)
goto oom;
else
prev_added = TRUE;
}
if (!_dbus_string_steal_data (&loginfo_buf, &(d->cached_loginfo_string)))
goto oom;
@ -2472,26 +2441,6 @@ bus_transaction_send (BusTransaction *transaction,
d = BUS_CONNECTION_DATA (destination);
_dbus_assert (d != NULL);
/* You might think that this is too late to be setting header fields,
* because the message is locked before sending - but remember that
* the message isn't actually queued to be sent (and hence locked)
* until we know we have enough memory for the entire transaction,
* and that doesn't happen until we know all the recipients.
* So this is about the last possible time we could edit the header. */
if ((d->want_headers & BUS_EXTRA_HEADERS_CONTAINER_INSTANCE) &&
dbus_message_get_container_instance (message) == NULL)
{
const char *path;
if (sender == NULL ||
!bus_containers_connection_is_contained (sender, &path,
NULL, NULL))
path = "/";
if (!dbus_message_set_container_instance (message, path))
return FALSE;
}
to_send = dbus_new (MessageToSend, 1);
if (to_send == NULL)
{

1480
bus/containers.c
View file

File diff suppressed because it is too large Load diff

77
bus/containers.h
View file

@ -1,77 +0,0 @@
/* containers.h - restricted bus servers for containers
*
* Copyright © 2017 Collabora Ltd.
*
* SPDX-License-Identifier: AFL-2.1 OR GPL-2.0-or-later
*
* Licensed under the Academic Free License version 2.1
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA
*/
#ifndef BUS_CONTAINERS_H
#define BUS_CONTAINERS_H
#include "bus.h"
#include <dbus/dbus-macros.h>
BusContainers *bus_containers_new (void);
BusContainers *bus_containers_ref (BusContainers *self);
void bus_containers_unref (BusContainers *self);
void bus_containers_stop_listening (BusContainers *self);
dbus_bool_t bus_containers_handle_add_server (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_handle_stop_instance (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_handle_stop_listening (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_handle_get_instance_info (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_handle_get_connection_instance (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_handle_request_header (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error);
dbus_bool_t bus_containers_supported_arguments_getter (BusContext *context,
DBusMessageIter *var_iter);
void bus_containers_remove_connection (BusContainers *self,
DBusConnection *connection);
dbus_bool_t bus_containers_connection_is_contained (DBusConnection *connection,
const char **path,
const char **type,
const char **name);
static inline void
bus_clear_containers (BusContainers **containers_p)
{
_dbus_clear_pointer_impl (BusContainers, containers_p, bus_containers_unref);
}
#endif /* multiple-inclusion guard */

72
bus/driver.c
View file

@ -28,7 +28,6 @@
#include "activation.h"
#include "apparmor.h"
#include "connection.h"
#include "containers.h"
#include "driver.h"
#include "dispatch.h"
#include "services.h"
@ -118,19 +117,6 @@ bus_driver_check_caller_is_not_container (DBusConnection *connection,
DBusMessage *message,
DBusError *error)
{
if (bus_containers_connection_is_contained (connection, NULL, NULL, NULL))
{
const char *method = dbus_message_get_member (message);
bus_context_log_and_set_error (bus_transaction_get_context (transaction),
DBUS_SYSTEM_LOG_SECURITY, error, DBUS_ERROR_ACCESS_DENIED,
"rejected attempt to call %s by connection %s (%s) in "
"container", method,
nonnull (bus_connection_get_name (connection), "(inactive)"),
bus_connection_get_loginfo (connection));
return FALSE;
}
return TRUE;
}
@ -1970,9 +1956,6 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
dbus_pid_t pid = DBUS_PID_UNSET;
const char *windows_sid = NULL;
const char *linux_security_label = NULL;
#ifdef DBUS_ENABLE_CONTAINERS
const char *path;
#endif
#ifdef HAVE_UNIX_FD_PASSING
int pid_fd = -1; /* owned by credentials */
#endif
@ -2033,18 +2016,6 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
return FALSE;
}
#ifdef DBUS_ENABLE_CONTAINERS
/* This has to come from the connection, not the credentials */
if (peer_conn != NULL &&
bus_containers_connection_is_contained (peer_conn, &path, NULL, NULL))
{
if (!_dbus_asv_add_object_path (asv_iter,
DBUS_INTERFACE_CONTAINERS1 ".Instance",
path))
return FALSE;
}
#endif
#ifdef HAVE_UNIX_FD_PASSING
if (caller_conn != NULL && pid_fd >= 0 &&
dbus_connection_can_send_type (caller_conn, DBUS_TYPE_UNIX_FD) &&
@ -2500,7 +2471,8 @@ typedef enum
* containers are never privileged. */
METHOD_FLAG_PRIVILEGED = (1 << 1),
/* If set, callers must not be associated with a container instance. */
/* If set, callers must not be associated with a container instance.
* (No-op, the Containers1 interface is not present in this branch.) */
METHOD_FLAG_NO_CONTAINERS = (1 << 2),
METHOD_FLAG_NONE = 0
@ -2649,29 +2621,6 @@ static const MessageHandler introspectable_message_handlers[] = {
{ NULL, NULL, NULL, NULL }
};
#ifdef DBUS_ENABLE_CONTAINERS
static const MessageHandler containers_message_handlers[] = {
{ "AddServer", "ssa{sv}a{sv}", "oays", bus_containers_handle_add_server,
METHOD_FLAG_NO_CONTAINERS },
{ "StopInstance", "o", "", bus_containers_handle_stop_instance,
METHOD_FLAG_NO_CONTAINERS },
{ "StopListening", "o", "", bus_containers_handle_stop_listening,
METHOD_FLAG_NO_CONTAINERS },
{ "GetConnectionInstance", "s", "oa{sv}ssa{sv}",
bus_containers_handle_get_connection_instance,
METHOD_FLAG_NONE },
{ "GetInstanceInfo", "o", "a{sv}ssa{sv}", bus_containers_handle_get_instance_info,
METHOD_FLAG_NONE },
{ "RequestHeader", "", "", bus_containers_handle_request_header,
METHOD_FLAG_NONE },
{ NULL, NULL, NULL, NULL }
};
static const PropertyHandler containers_property_handlers[] = {
{ "SupportedArguments", "as", bus_containers_supported_arguments_getter },
{ NULL, NULL, NULL }
};
#endif
static const MessageHandler monitoring_message_handlers[] = {
{ "BecomeMonitor", "asu", "", bus_driver_handle_become_monitor,
METHOD_FLAG_PRIVILEGED },
@ -2777,13 +2726,6 @@ static InterfaceHandler interface_handlers[] = {
#ifdef DBUS_ENABLE_STATS
{ BUS_INTERFACE_STATS, stats_message_handlers, NULL,
INTERFACE_FLAG_NONE },
#endif
#ifdef DBUS_ENABLE_CONTAINERS
{ DBUS_INTERFACE_CONTAINERS1, containers_message_handlers,
" <signal name=\"InstanceRemoved\">\n"
" <arg type=\"o\" name=\"path\"/>\n"
" </signal>\n",
INTERFACE_FLAG_NONE, containers_property_handlers },
#endif
{ DBUS_INTERFACE_PEER, peer_message_handlers, NULL,
/* Not in the Interfaces property because it's a pseudo-interface
@ -3087,16 +3029,6 @@ bus_driver_handle_message (DBusConnection *connection,
return FALSE;
}
}
else if (mh->flags & METHOD_FLAG_NO_CONTAINERS)
{
if (!bus_driver_check_caller_is_not_container (connection,
transaction,
message, error))
{
_DBUS_ASSERT_ERROR_IS_SET (error);
return FALSE;
}
}
if (!(is_canonical_path || (mh->flags & METHOD_FLAG_ANY_PATH)))
{

1
bus/meson.build
View file

@ -96,7 +96,6 @@ libdbus_daemon_internal_sources = [
'config-parser-common.c',
'config-parser.c',
'connection.c',
'containers.c',
'desktop-file.c',
'dispatch.c',
'driver.c',

5
bus/tmpfiles.d/dbus-containers.conf.in
View file

@ -1,5 +0,0 @@
# Fields: type; path; mode; uid; gid; age; argument (symlink target)
# Create ${runstatedir}/dbus/containers owned by the system bus user.
# org.freedesktop.DBus.Containers1 uses this to create sockets.
d @EXPANDED_RUNSTATEDIR@/dbus/containers 0755 @DBUS_USER@ - - -

9
bus/tmpfiles.d/meson.build
View file

@ -25,12 +25,3 @@ configure_file(
configuration: data_config,
install_dir: get_option('prefix') / 'lib' / 'tmpfiles.d',
)
if get_option('containers')
configure_file(
input: 'dbus-containers.conf.in',
output: 'dbus-containers.conf',
configuration: data_config,
install_dir: get_option('prefix') / 'lib' / 'tmpfiles.d',
)
endif

2
meson.build
View file

@ -1104,7 +1104,6 @@ config.set_quoted('DBUS_SESSION_BUS_CONNECT_ADDRESS', session_bus_connect_addres
config.set('DBUS_ENABLE_STATS', get_option('stats'))
config.set('DBUS_ENABLE_CONTAINERS', get_option('containers'))
enable_user_session = get_option('user_session')
@ -1353,7 +1352,6 @@ summary_dict += {
'Building assertions': asserts,
'Building checks': checks,
'Building bus stats API': get_option('stats'),
'Building container API': get_option('containers'),
'Building SELinux support': config.get('HAVE_SELINUX'),
'Building AppArmor support': apparmor.found(),
'Building inotify support': use_inotify,

7
meson_options.txt
View file

@ -40,13 +40,6 @@ option(
description: 'Check for usage errors at public API'
)
option(
'containers',
type: 'boolean',
value: false,
description: 'Enable restricted servers for app containers'
)
option(
'dbus_daemondir',
type: 'string',

1807
test/containers.c
View file

File diff suppressed because it is too large Load diff

6
test/meson.build
View file

@ -591,12 +591,6 @@ if use_glib
if platform_unix
tests += [
{ 'name': 'containers',
'srcs': [ 'containers.c' ],
'link': [ libdbus_testutils, ],
'deps': [ glib, gio, ],
'suite': ['runs-dbus-daemon'],
},
{ 'name': 'sd-activation',
'srcs': [ 'sd-activation.c' ],
'link': [ libdbus_testutils, ],