In a Linux user namespace, it is possible that we are uid 0 but are
unable to switch to some other uid like DBUS_USER or DBUS_TEST_USER,
because the other uid is not "mapped" in the user namespace, resulting
in setuid() or setresuid() failing with EINVAL "Invalid argument".
For example, it's easy for this to happen when running under the
bubblewrap tool.
Try to drop privileges in a child process, and skip the test if we
are unable to do so.
Resolves: dbus#407
Signed-off-by: Simon McVittie <smcv@collabora.com>
If we're running in a sandbox, we might not have write access to
oom_score_adj. In the common case where we don't have any special
protection from the OOM-killer, we can detect that with only read
access, and skip the part where we open it for writing.
(We would also not have write access to oom_score_adj if we're running
with elevated Linux capabilities while not root, but that should never
actually happen for dbus-daemon-launch-helper, which is setuid root
for production use or has no capabilities during unit-testing.)
Signed-off-by: Simon McVittie <smcv@collabora.com>
_dbus_warn() normally only logs a warning, but can be made fatal by
environment variables. In particular, we do that during unit testing,
which can result in a build-time test failure if dbus is built in a
sandbox environment that prevents write access.
_dbus_log() does only the logging part of _dbus_warn(), which seems
more appropriate here.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The comment refers to the nul-padding of sockaddr_un member sun_path and
using an addrlen of sizeof(sockaddr_un). There is not much need to
document an old now "broken" behaviour.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Split _dbus_server_listen_platform_specific() to handle unix listenable
address independently, allowing Windows support in following commit.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Split _dbus_transport_open_unix_socket() to leave the "unixexec:"
handling to the unix-specific unit.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Split out the Unix socket handling from open_platform_specific(),
enabling "unix:" connectable addresses on Windows in next patch.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
The function declaration can be moved to system-agnostic header and be
implemented on Windows in following commits.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This can simplify error handling in many situation where a socket is
returned, such as in the following commits.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
PF_UNIX is an old BSD 4.x relic, and even there they promise that PF_UNIX
is the same as AF_UNIX. (Linux socket(2))
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
The X11 connection is opened and never closed. Because dbus-launch
forks and continues to run non-trivial code in a forked child, it is
not clear whether (or where) it would be safe to close it; instead, we
leave it open until process exit, at which point the socket is cleaned
up by the kernel.
Any memory allocated for the X11 connection is only allocated once per
run of dbus-launch, so there's no need to keep track of it, and we can
silence these memory leak warnings as uninteresting.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Otherwise, we'll miss symbols that only appear when _GNU_SOURCE is
defined, like environ in Linux unistd.h.
Signed-off-by: Simon McVittie <smcv@collabora.com>
