Explicitly don't search XDG_DATA_DIRS for system services, and document it

In practice, it never works, because the activation helper doesn't respect environment variables for security reasons. If you want to vary the search path, alter system.conf instead, to replace or augment <standard_system_servicedirs/> with your preferred search path. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=21620 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2026-05-05 05:18:00 +02:00 · 2012-02-08 16:11:35 +00:00 · 2012-02-08 16:11:35 +00:00 · fccb5a0fe1
commit fccb5a0fe1
parent 6b01c6cdfd
3 changed files with 40 additions and 42 deletions
--- a/bus/config-parser.c
+++ b/bus/config-parser.c
@ -3393,8 +3393,8 @@ test_default_session_servicedirs (void)
 static const char *test_system_service_dir_matches[] = 
        {
 #ifdef DBUS_UNIX
-         "/testusr/testlocal/testshare/dbus-1/system-services",
-         "/testusr/testshare/dbus-1/system-services",
+         "/usr/local/share/dbus-1/system-services",
+         "/usr/share/dbus-1/system-services",
 #endif
         DBUS_DATADIR"/dbus-1/system-services",
 #ifdef DBUS_UNIX
--- a/dbus/dbus-sysdeps-unix.c
+++ b/dbus/dbus-sysdeps-unix.c
@ -3691,54 +3691,27 @@ _dbus_get_standard_session_servicedirs (DBusList **dirs)
 dbus_bool_t
 _dbus_get_standard_system_servicedirs (DBusList **dirs)
 {
-  const char *xdg_data_dirs;
-  DBusString servicedir_path;
-
-  if (!_dbus_string_init (&servicedir_path))
-    return FALSE;
-
-  xdg_data_dirs = _dbus_getenv ("XDG_DATA_DIRS");
-
-  if (xdg_data_dirs != NULL)
-    {
-      if (!_dbus_string_append (&servicedir_path, xdg_data_dirs))
-        goto oom;
-
-      if (!_dbus_string_append (&servicedir_path, ":"))
-        goto oom;
-    }
-  else
-    {
-      if (!_dbus_string_append (&servicedir_path, "/usr/local/share:/usr/share:"))
-        goto oom;
-    }
-
  /*
-   * Add configured datadir to defaults. This may be the same as one
-   * of the XDG directories. However, the config parser should take
-   * care of the duplicates.
+   * DBUS_DATADIR may be the same as one of the standard directories. However,
+   * the config parser should take care of the duplicates.
   *
   * Also, append /lib as counterpart of /usr/share on the root
   * directory (the root directory does not know /share), in order to
   * facilitate early boot system bus activation where /usr might not
   * be available.
   */
-  if (!_dbus_string_append (&servicedir_path,
-                            DBUS_DATADIR":"
-                            "/lib:"))
-        goto oom;
+  static const char standard_search_path[] =
+    "/usr/local/share:"
+    "/usr/share:"
+    DBUS_DATADIR ":"
+    "/lib";
+  DBusString servicedir_path;

-  if (!_dbus_split_paths_and_append (&servicedir_path,
-                                     DBUS_UNIX_STANDARD_SYSTEM_SERVICEDIR,
-                                     dirs))
-    goto oom;
+  _dbus_string_init_const (&servicedir_path, standard_search_path);

-  _dbus_string_free (&servicedir_path);
-  return TRUE;
-
- oom:
-  _dbus_string_free (&servicedir_path);
-  return FALSE;
+  return _dbus_split_paths_and_append (&servicedir_path,
+                                       DBUS_UNIX_STANDARD_SYSTEM_SERVICEDIR,
+                                       dirs);
 }

 /**
--- a/doc/dbus-specification.xml
+++ b/doc/dbus-specification.xml
@ -4545,7 +4545,32 @@
          </footnote>
        </para>
        <para>
-          [FIXME specify location of system bus .service files]
+          On Unix systems, the system bus should default to searching
+          for .service files in
+          <literal>/usr/local/share/dbus-1/system-services</literal>,
+          <literal>/usr/share/dbus-1/system-services</literal> and
+          <literal>/lib/dbus-1/system-services</literal>, with that order
+          of precedence. It may also search other implementation-specific
+          locations, but should not vary these locations based on environment
+          variables.
+          <footnote>
+            <para>
+              The system bus is security-sensitive and is typically executed
+              by an init system with a clean environment. Its launch helper
+              process is particularly security-sensitive, and specifically
+              clears its own environment.
+            </para>
+          </footnote>
+        </para>
+        <para>
+          Software packages should install their system .service
+          files to their configured
+          <literal>${datadir}/dbus-1/system-services</literal>,
+          where <literal>${datadir}</literal> is as defined by the GNU
+          coding standards. System administrators can arrange
+          for these service files to be read by editing the system bus'
+          configuration file or by symlinking them into the default
+          locations.
        </para>
      </sect3>
    </sect2>