On recent Linux systems, systemd sets the hard limit on the number of
file descriptors extremely high (about 1e9, compared with about 1e6 in
previous systemd versions or 4096 in the kernel's historical defaults),
and dbus raises its soft limit to match the hard limit. The result of
sysconf(_SC_OPEN_MAX) is based on the fd limit, and iterating linearly
through that many fds takes long enough for activation to time out.
This particular piece of code is just test instrumentation, which aims to
log (possibly fatal) warnings if any file descriptor is not close-on-exec
as it should be. In practice the test suite doesn't use anywhere near
a thousand fds, so it's sufficient to run this check against a much
smaller number of fds.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/527
Bug-Debian: https://bugs.debian.org/1086148
Signed-off-by: Simon McVittie <smcv@collabora.com>
Solaris does not allow rmdir() to remove the cwd, so chdir() out of
the tempdir before removing it.
Without this fix, misc-internal reported a failure on Solaris 11.4:
not ok 16 - failed to remove test socket directory /tmp/dbus-test-tduvWc
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Other tests have different requirements for fds (and already check for
them), so move this check into the specific test (mirroring what those
other tests already do) instead of blocking the whole test program,
incorrectly using autoconf test return codes instead of TAP protocol,
as discussed in #176.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Many of these tests require more than the default fd limit on some systems,
so raise the limit, if we can, to give them a better chance of being able
to run.
Closes#176
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Needed when building with support for Solaris audit API, otherwise
linking fails with:
Undefined first referenced
symbol in file
adt_export_session_data dbus/libdbus-1.so.3.38.1.p/dbus-sysdeps-unix.c.o
adt_start_session dbus/libdbus-1.so.3.38.1.p/dbus-sysdeps-unix.c.o
adt_end_session dbus/libdbus-1.so.3.38.1.p/dbus-sysdeps-unix.c.o
adt_set_from_ucred dbus/libdbus-1.so.3.38.1.p/dbus-sysdeps-unix.c.o
Fixes: cd2e3826 ("Add Meson build system")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Need to declare a variable type to avoid gcc 14 error:
error: type defaults to 'int' in declaration of 'adt_user_context'
[-Wimplicit-int]
Fixes: cd2e3826 ("Add Meson build system")
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
This is useful when an asset manager wants to install a system
service while /usr/ is read-only (e.g.: portable services running
on a different namespaced image). Also recommend searching in /run/
following the now-standard pattern, for ephemeral services.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Tthis is useful when an asset manager wants to install a system
service while /usr/ is read-only (e.g.: portable
services running on a different namespaced image). Unlike other
directories, enforce strict naming and do not set up an inotify,
as the directories might not even exist until much later. Also
search in /run/ for ephemeral services that will disappear after
a reboot.
Signed-off-by: Luca Boccassi <bluca@debian.org>
This was only used in the Autotools build system, which we deleted.
Fixes: 8ea959b2 "Remove autotools related files"
Signed-off-by: Simon McVittie <smcv@collabora.com>
The logic that sets the dbus-daemon-launcher-helper setuid does not
handle the case where the group named the same as the dbus_user does not
exist.
This makes the assumption that the primary group of the dbus_user
has the same name as the dbus_user.
This may not be the case.
To remedy these issues, obtain the group id for dbus_user instead of
attempting to retrieve the group id by name.
To avoid a failure when the user does not exist, handle the KeyError
exception from the pwd.getpwnam function by printing a warning and
skipping the logic to set the binary setuid.
Perform an additional check to ensure that the dbus_user's primary group
has only a single member.
Fail similarly if it has more than one member.
Resolves: #492
Signed-off-by: Simon McVittie <smcv@collabora.com>
Readers of the message bus specification might be encountering Properties
for the first time, so for the basic properties in the o.fd.DBus
interface, link to the interface definition.
I'm not intending to add similar text for extension interfaces like
Containers.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Previously, we arbitrarily divided o.fd.DBus into "messages"
(methods and signals), in one sect2, and Properties, in another sect2;
and for the only extended interface that is documented so far,
o.fd.DBus.Monitoring, we included its single method in the list of
o.fd.DBus methods.
This is putting too much weight on implementation details of how the
D-Bus protocol is implemented (with Properties being "less core" than
methods and signals), and not enough weight on how interfaces are
conceptually structured. It's more usual to group together all aspects
of an interface into one document or section, and the current arbitrary
separation is going to look more and more odd as we start documenting
more interfaces like Containers (dbus!449), Stats and Verbose.
Instead, repurpose the "Message Bus Messages" section to become the
documentation for the o.fd.DBus interface, and introduce a separate
section for each other interface that the message bus provides.
Each one contains a full list of methods, signals and properties (if any)
if it is specific to the message bus, or a cross-reference to a more
generic interface description if it is equally applicable to the message
bus and its clients.
Prompted by discussion on dbus!449.
Signed-off-by: Simon McVittie <smcv@collabora.com>
doc/index.html.in is common to the Meson and CMake build systems, so
every time a new variable gets substituted into it, both the Meson and
CMake build systems need to provide a value for that variable.
Fixes: b58ca0e1 "cmake: Inclusion of a link in html overview file corrected"
Signed-off-by: Simon McVittie <smcv@collabora.com>
This ensures that the Doxygen-built documentation has the same layout
in the installed files that it does in the build tree and on the
website. If we don't keep the same layout, then there is no value for
the `DBUS_APIDOC_LINK` in index.html that would be correct for both
the build tree and the installed tree. The build tree effectively has
a html subdirectory hard-coded, because that's how Doxygen lays out
its outputs.
This commit is the Meson equivalent of
commit 522633b4 "cmake: install api docs in html subdir" in the CMake
build system (dbus!473, dbus#519).
Signed-off-by: Simon McVittie <smcv@collabora.com>
The newest release of the reference message bus that did not support
GetConnectionCredentials was 1.6.30, almost a decade ago.
It's entirely reasonable for new code to assume that
GetConnectionCredentials will succeed, and not implement a fallback.
Signed-off-by: Simon McVittie <smcv@collabora.com>
`<xref>` will typically be replaced by something like
"the section called “Foo”", so if we want to name a specific method
in running text, we need to use `<link>`.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The `AppArmor` feature flag is a case-sensitive string literal,
so consistently use its correct case-combination.
Signed-off-by: Simon McVittie <smcv@collabora.com>
There's no need to make readers go looking for these in a larger section,
we can link directly to the individual interfaces.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Debian 11 recently reached EOL, and we should really be using the
latest stable release as our reference.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This choice of exe_wrapper doesn't appear to work on Debian 12, causing
a build failure while checking that the output of the C++ compiler is
executable.
Another advantage of this is that if we're not running the test suite,
we can do a more traditional cross-build where running host-architecture
executables is impossible, which doubles as a way to prove that this
still works.
Signed-off-by: Simon McVittie <smcv@collabora.com>
On Debian 12, this is necessary to get libclang-rt-14-dev (which
contains the headers for LeakSanitizer) without hard-coding the clang
major version.
Signed-off-by: Simon McVittie <smcv@collabora.com>
This has been noted to be unreliable (dbus#509) and we now have more
realistic test coverage on actual Windows.
I'm marking these CI jobs to do the build but not run the tests,
instead of skipping them completely, because having coverage for a
successful build on mingw-w64 (32-bit, 64-bit) bit × (release, debug)
does still seem like a useful thing for us to have.
Signed-off-by: Simon McVittie <smcv@collabora.com>
If we're building on Unix with the message bus and tools enabled, then
we need to compile dbus-launch before we can expect this test to pass.
Continuation of commit 55e60abe "test: add missing test dependencies".
Signed-off-by: Simon McVittie <smcv@collabora.com>
CMake has previously installed the api documentation in the api/
subdirectory, but api/html is required to correspond to the link
in the generated index file (index.html).
Fix#519
check_valid_fd() does not touch its second parameter if the fd is not,
in fact, a valid fd. Initialize the "out" parameter to the opposite
of the value we are hoping for, so that both assertions will fail if
there is a problem.
Signed-off-by: Simon McVittie <smcv@collabora.com>
If passed an invalid DBusSystemLogSeverity, the default case for the
switch construct is to crash out with an assertion failure, but the
assertion failure itself is not compiled in if we are doing a production
build without assertions.
Detected by compiling with gcc 14, which does some static analysis
by default.
Signed-off-by: Simon McVittie <smcv@collabora.com>
