The wording and formatting used here is consistent with other
semi-recently-added match keys.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Wrap BecomeMonitor in <literal> as per Philip's review]
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567
This is no longer true, and it seems less misleading to raise an
error than to obey the letter of the spec by quietly ignoring calls
from an inappropriate caller.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567
These are like unix:tmpdir=/something, except that the resulting
socket is always path-based, never abstract.
This is desirable for two reasons:
* If a Linux container manager wants to expose a path-based socket
into the container, it can do so by bind-mounting it in the
container's filesystem namespace. That cannot work for abstract
sockets because they are not files.
* Conversely, if a Linux container manager does not want to expose
a path-based socket in the container, it can avoid bind-mounting it,
or bind-mount some harmless object like /dev/null over it.
That cannot work for abstract sockets because access to abstract
sockets is part of the network namespace, which is all-or-nothing.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567
This was previously written in an unusual message-passing-oriented
style, which obscured the meaning. Use a more method-call-oriented
style instead.
[smcv: separated out from a larger commit, added commit message]
Reviewed-by: Simon McVittie <smcv@collabora.com>
This was previously written in an unusual message-passing-oriented
style, which obscured the meaning. Use a more method-call-oriented
style instead.
[smcv: separated out from a larger commit, added commit message]
Reviewed-by: Simon McVittie <smcv@collabora.com>
This was previously written in an unusual message-passing-oriented
style, which obscured the meaning. Use a more method-call-oriented
style instead.
[smcv: separated out from a larger commit, added commit message]
Reviewed-by: Simon McVittie <smcv@collabora.com>
Tom Gundersen pointed out that RequestName, ReleaseName and
ListQueuedOwners were documented in their own section instead of being
put together with the other method calls, which makes it more difficult
to apply changes consistently across all methods.
I'm moving them one at a time to make the changes reviewable, since
the diff resulting from moving all three as a unit is too large to
review sensibly.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Tom Gundersen pointed out that RequestName, ReleaseName and
ListQueuedOwners were documented in their own section instead of being
put together with the other method calls, which makes it more difficult
to apply changes consistently across all methods.
I'm moving them one at a time to make the changes reviewable, since
the diff resulting from moving all three as a unit is too large to
review sensibly.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Tom Gundersen pointed out that RequestName, ReleaseName and
ListQueuedOwners were documented in their own section instead of being
put together with the other method calls, which makes it more difficult
to apply changes consistently across all methods.
I'm moving them one at a time to make the changes reviewable, since
the diff resulting from moving all three as a unit is too large to
review sensibly.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Each U+002D HYPHEN-MINUS in [0-9A-Za-z_-/.\] is treated as a member of a
range. The third one, which appears to have been intended to be a
literal, is part of an empty range because the starting point
U+005F LOW LINE is greater than the endpoint U+002F SOLIDUS, resulting
in at least some grep implementations not considering U+002D, U+002F
or U+005F to match the pattern. This resulted in one of the
dbus-launch tests being unintentionally skipped when it used a
regex based on the one in the spec.
regex(7) suggests "To include a literal '-' [in a bracketed character
set], make it the first or last character".
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100686
The documentation generally only mentioned the directory in /etc, even
though we actually prefer security policies to be installed in
/usr/share to allow for stateless and volatile systems (i.e. booting up
with an empty /etc).
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99901
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
For Unix, this partially duplicates the D-Bus Specification, but
provides more detail about the intention of each search path element.
It also documents the non-standardized path elements searched by the
reference implementation.
For Windows, there are no standardized path elements in the D-Bus
Specification (and it isn't clear how useful it would be to standardize
them, since Windows software that uses D-Bus tends to be installed
as an integrated "stack" with a bundled copy of a suitable dbus-daemon),
so we just document what the reference implementation does.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99825
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: fix formatting nitpicks]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
We're treating transient services as higher-priority than those in
the XDG_DATA_HOME or XDG_DATA_DIRS, which is consistent with systemd.
The specific list used by the standard session dbus-daemon will be
added to dbus-daemon(1) in the next commit.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99825
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Clarify its intended behaviour in two situations:
• For interfaces which have no properties.
• Where some properties are not visible to the caller (due to access
control, for example).
The intention here is for this behaviour to be mandatory, but given that
this is quite late on in the specification’s life, and various D-Bus
libraries like dbus-glib and telepathy-glib cannot support access
control at a per-property level, for example. GDBus can, although it’s
questionable whether this is a good idea. Deliberately leave the
specification open to allow access control at a higher level as well
(such as per-(object, interface)).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=36190
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Using versioned names here reinforces the advice given in
<https://dbus.freedesktop.org/doc/dbus-api-design.html#api-versioning>.
I haven't added versions to the sample parameters "com.example.tea" and
"com.example.cappuccino" for methods that query information about
names, on the basis that I assume they are more likely to be intended
to represent an implementation than an API.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98671
We didn't say that SystemdService existed. Now we do, together with
enough context to make it make sense.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98671
For something we recommend, that is important enough to have its own
header flag, it doesn't have very good documentation. Redo the text
to suggest that auto-starting is the normal thing and
StartServiceByName is the oddity. That's usually a good principle
to follow, since it dodges time-of-check/time-of-use issues, and the
method call that you presumably wanted to do needs to handle errors
anyway.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98671
The spec previously mentioned that CORBA calls this activation, but
did not explicitly say that D-Bus has copied this jargon term.
It's 2016, and developers are probably more likely to be familiar
with D-Bus than with CORBA at this point: explicitly say that *our*
jargon term for this action is activation.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98671
Install them to $(datadir)/xml/dbus-1, which seems to be the standard
location for installed DTDs. This means that developers can use them to
validate their introspection XML, and sysadmins can use them to validate
their bus configuration files.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89011
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This is widely used in practice (especially by GLib — just look at files
in /usr/share/dbus-1/interfaces/), and there is no reason not to allow
it. Update the specification, introspection DTD and XSL file to allow
and represent it.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86162
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
This adds a space in the output between ‘annotation’ and the key of the
annotation. A Saturday afternoon cosmetic fix.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86162
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Like --fork and --nofork, these override what the configuration says.
Use --syslog-only to force the systemd services to log to the Journal
(via syslog, which means we see the severity metadata) instead of
testing sd_booted() in the configuration implementation.
Signed-off-by: Simon McVittie <smcv@debian.org>
This is more suitable for distributions' Xsession scripts: it verifies
that X is already available, and so never results in an attempt to poll
stdin.
We read the machine UUID because it is needed to set the X atoms.
x11_init() assumes that the machine UUID (global variable) has been
set, either via read_machine_uuid_if_needed() or save_machine_uuid().
This is pretty tangled, but to make The Right Thing happen
automatically, we'd need to redo dbus-launch in terms of DBusError.
Reviewed-by: Will Thompson
Reviewed-by: Thiago Macieira
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39197
Signed-off-by: Simon McVittie <smcv@debian.org>
This is an attempt to make that section a little clearer. I don’t think
any factual inaccuracies have been fixed (because I couldn’t find any).
Including some wording and an example by Simon McVittie.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93382
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
It's generally a good idea to avoid trailing whitespace in order to keep
patchs minimal. While it's common to enforce such restrictions for C code,
it's important for docbok XML files too. Hence, let's clean this up and
remove all trailing whitespace currently in place.
[By policy we do not clean up historical trailing whitespace and
tab-indentation in the C source code unless we are modifying those lines
anyway, to retain the ability to merge stable-branch bugfixes into the
development branch. However, the copy of the spec in the development
branch is the only one that receives any updates, so that concern
doesn't apply here. -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91755
Allowing to send replies when NO_REPLY_EXPECTED is set is useless in
practice: Clients need to be careful not to send these replies, because
bus policy could deny these messages. The spec even mentions that this
issue exists.
To make this more clear and misbehaving clients less likely, disallow
sending unexpected replies entirely.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75749
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
If OS builders (distributions) have chosen to use the per-user bus,
this provides two possible modes of operation for compatibility with
existing X session startup hooks.
A legacy-free system can just upload DISPLAY, XAUTHORITY and possibly
DBUS_SESSION_BUS_ADDRESS into dbus-daemon's and systemd's activation
environments, similar to
http://cgit.freedesktop.org/systemd/systemd/tree/xorg/50-systemd-user.sh
installed by systemd (but unlike systemctl,
dbus-update-activation-environment works for traditional
D-Bus-activated services, not just for systemd services).
A system where compatibility is required for environment variables
exported by snippets in /etc/X11/xinit/xinitrc.d (in Red Hat derivatives,
Gentoo, etc.) or /etc/X11/Xsession.d (Debian derivatives) can upload
the entire environment of the X session, minus some selected environment
variables which are specific to a login session (notably XDG_SESSION_ID).
In Debian, I plan to put the former in a new dbus-user-session package
that enables a user-session-centric mode of operation for D-Bus,
and the latter in the existing dbus-x11 package, with the intention that
dbus-x11 eventually becomes a tool for change-averse setups or goes
away entirely.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
This is not used by default, but can be configured by OS builders (or
regression-test environments) if desired.
If used, this listens on $XDG_RUNTIME_DIR/bus, or fails if $XDG_RUNTIME_DIR
is not set. Fallback behaviour is unnecessary, because it is already
possible to use a string of semicolon-separated addresses like
<listen>unix:runtime=yes;unix:tmpdir=/tmp</listen>, resulting in
listening on either $XDG_RUNTIME_DIR/bus or /tmp/something.
We use a non-abstract socket here, because that is desirable for
use with Linux containers: abstract sockets are attached to the
network namespace, whereas non-abstract sockets are part of the
filesystem and can be bind-mounted between domains if necessary.
The major advantage of abstract sockets is that they do not need
cleanup, but the specification of XDG_RUNTIME_DIR guarantees to
provide cleanup anyway.
Based on prior work by Simon McVittie, Colin Walters and Alexander
Larsson.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61303
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
