Debian 8 'jessie' has reached EOL for mainstream security support,
which puts it outside our usual distribution/OS support policy.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Previously, we built on Debian 9 'stretch' by default, and on
Debian 10 'buster' only on request. Let's reverse that so that we get
more modern toolchains, before Debian 9 'stretch' reaches EOL.
Signed-off-by: Simon McVittie <smcv@collabora.com>
If there is no more memory available within the mentiond function, e.g.,
when checking memory management, the release of memory allocated by
getaddrinfo() is missing.
Coverity CID: 354880
Each connection that is an active monitor holds a pointer to its own
link in this list, via BusConnectionData.link_in_monitors. We can't
validly free the list while these pointers exist: that would be a
use-after-free, when each connection gets disconnected and tries to
remove itself from the list.
Instead, let each connection remove itself from the list, then assert
that the list has become empty.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/291
Instead of creating a fixed memory area on the stack that can lead to
a stack overflow if exceeded, this configuration now uses a DBusString
instance that dynamically manages memory.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/45
This doesn't verify that they're atomic, but does verify that they
return the right things.
This commit adds a new test function _dbus_test_check (a) to make
writing tests easier. It checks the given boolean expression and
generates a "not ok" test result if the expression is false.
Due to the current design of the test api, the test is only compiled
if embedded tests were enabled at the time of configuration.
It was also necessary to move the test_atomic target definitions in
test/Makefile.am to the --enable-embedded-tests section to avoid a
make distcheck build error.
The test case itself has been authored by smcv.
Co-authored-by: Simon McVittie <smcv@collabora.com>
This needs new atomic primitives: we don't have "set to a value",
and in fact that's a bit annoying to implement in terms of gcc
intrinsics. "Set to 0" and "set to nonzero" are easy, though.
Currently, if the "dbus" security class or the associated AV doesn't
exist, dbus-daemon fails to initialize and exits immediately. Also the
security classes or access vector cannot be reordered in the policy.
This can be a problem for people developing their own policy or trying
to access a machine where, for some reasons, there is not policy defined
at all.
The code here copy the behaviour of the selinux_check_access() function.
We cannot use this function here as it doesn't allow us to define the
AVC entry reference.
See the discussion at https://marc.info/?l=selinux&m=152163374332372&w=2
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/198
Commit 724adb2f6 mangled the dbus_message_append_args() code example.
This fixes it by breaking the lines and aligning at the right places.
Signed-off-by: Felipe Franciosi <felipe@nutanix.com>
Spotted by Mubin. This documentation relates to the code in
add_bus_environment() in bus/activation.c.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #275
Clients listening for a signal can match against the 'sender', expecting
it to come from a connection with a specific name. With this change,
dbus-send can send signals to them.
Instead of exposing _dbus_sha_test() as a private exported symbol,
we can expose _dbus_sha_compute(), which is the only thing called by
the test that isn't already exported.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This lets us expose symbols in the embedded-tests build without
expanding the symbol table of the production library.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Some CI environments run build-time tests as root with CAP_AUDIT_WRITE.
In this case we need to close the audit socket so that it will not be
reported as leaked.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The audit module is initialized every time a new BusContext is created,
which is only once in the real dbus-daemon, but can happen several times
in some unit tests.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Some CI systems do the entire build as uid 0 in a throwaway container.
If this is done in a build directory for which the messagebus user
does not have search (+x) permission, then they will be unable to
execute the just-built dbus-daemon binary.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Some CI systems do the build as root in a disposable container, and
run tests without ever having installed dbus. This means we can't
expect to be able to drop privileges from root to the DBUS_USER (usually
named messagebus or dbus) unless we have checked that the
DBUS_USER exists.
Signed-off-by: Simon McVittie <smcv@collabora.com>
