fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-01-08 12:50:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
dbus/bus
History
Simon McVittie dc25979ebb Mediate auto-activation attempts through AppArmor 
Because the recipient process is not yet available, we have to make some
assumption about its AppArmor profile. Parsing the first word of
the Exec value and then chasing symlinks seems like too much magic,
so I've gone for something more explicit. If the .service file contains

AssumedAppArmorLabel=/foo/bar

then we will do the AppArmor query on the assumption that the recipient
AppArmor label will be as stated. Otherwise, we will do a query
with an unspecified label, which means that AppArmor rules that do
specify a peer label will never match it.

Regardless of the result of this query, we will do an independent
AppArmor query when the activation has actually happened, this time
with the correct peer label; that second query will still be used
to decide whether to deliver the message. As a result, if this change
has any effect, it is to make the bus more restrictive; it does not
allow anything that would previously have been denied.

Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98666
2016-11-28 12:11:45 +00:00
..
legacy-config On Windows, load local configuration relative to bus setup 2015-10-02 11:24:05 +01:00
systemd-user dbus-daemon: add --syslog, --nosyslog, --syslog-only 2016-09-30 19:36:50 +01:00
.gitignore Update .gitignore files 2015-02-03 15:40:01 +00:00
activation-exit-codes.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
activation-helper-bin.c launch-helper: fix error code parsing 2013-10-09 10:51:39 +01:00
activation-helper.c launch-helper: fix error code parsing 2013-10-09 10:51:39 +01:00
activation-helper.h Add missing include 2016-02-11 20:31:31 +00:00
activation.c Mediate auto-activation attempts through AppArmor 2016-11-28 12:11:45 +00:00
activation.h Mediate auto-activation attempts through AppArmor 2016-11-28 12:11:45 +00:00
apparmor.c Mediate auto-activation attempts through AppArmor 2016-11-28 12:11:45 +00:00
apparmor.h Do not auto-activate services if we could not send a message 2016-11-28 12:11:41 +00:00
audit.c _dbus_change_to_daemon_user (audit code path): set DBusError correctly 2016-08-12 17:34:29 +01:00
audit.h audit: use DBUS_SYSTEM_LOG_WARNING if we cannot open the audit fd 2015-08-06 17:12:37 +01:00
bus.c Do not auto-activate services if we could not send a message 2016-11-28 12:11:41 +00:00
bus.h Do not auto-activate services if we could not send a message 2016-11-28 12:11:41 +00:00
config-loader-expat.c Print XML parse errors correctly 2016-10-13 22:44:12 +01:00
config-parser-common.c Add apparmor element support to bus config parsing 2015-02-18 17:04:00 +00:00
config-parser-common.h Add apparmor element support to bus config parsing 2015-02-18 17:04:00 +00:00
config-parser-trivial.c Remove trailing newlines from _dbus_warn, _dbus_warn_check_failed 2016-09-30 19:36:51 +01:00
config-parser-trivial.h Merge branch 'dbus-1.2' 2010-06-22 17:25:20 +01:00
config-parser.c Be more const-correct 2016-10-13 17:20:28 +01:00
config-parser.h Consistently include <config.h> in all C source files and never in header files. 2010-03-19 20:11:48 +01:00
connection.c Do not auto-activate services if we could not send a message 2016-11-28 12:11:41 +00:00
connection.h Log to syslog if max_completed_connections or max_connections_per_user are exceeded 2016-08-16 16:16:32 +01:00
dbus.service.in dbus-daemon: add --syslog, --nosyslog, --syslog-only 2016-09-30 19:36:50 +01:00
dbus.socket.in systemd: enable the dbus service unconditionally 2010-09-06 03:21:17 +02:00
desktop-file.c Be more const-correct 2016-10-13 17:20:28 +01:00
desktop-file.h Mediate auto-activation attempts through AppArmor 2016-11-28 12:11:45 +00:00
dir-watch-default.c Fix warnings on Windows builds. 2010-04-14 08:26:40 +02:00
dir-watch-inotify.c Remove trailing newlines from _dbus_warn, _dbus_warn_check_failed 2016-09-30 19:36:51 +01:00
dir-watch-kqueue.c Remove trailing newlines from _dbus_warn, _dbus_warn_check_failed 2016-09-30 19:36:51 +01:00
dir-watch.h Clean up inotify watch handling 2010-02-01 16:22:56 -05:00
dispatch.c Do not auto-activate services if we could not send a message 2016-11-28 12:11:41 +00:00
dispatch.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
driver.c Be more const-correct 2016-10-13 17:20:28 +01:00
driver.h Hardening: reject UpdateActivationEnvironment on non-canonical path 2015-01-01 23:32:16 +00:00
example-session-disable-stats.conf.in config: add examples to show how to enable/disable the Stats interface 2014-10-01 16:38:40 +01:00
example-system-enable-stats.conf.in config: add examples to show how to enable/disable the Stats interface 2014-10-01 16:38:40 +01:00
expirelist.c tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
expirelist.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
main.c Add missing function attributes suggested by clang (but not by gcc) 2016-10-13 22:44:13 +01:00
Makefile.am Use AX_CODE_COVERAGE for test-coverage statistics 2016-08-15 14:30:51 +01:00
messagebus-config.in Applied patches from cygwin port. 2010-08-10 08:25:24 +02:00
messagebus.in Fix use of $servicename in status 2010-07-09 11:52:59 -04:00
org.freedesktop.dbus-session.plist.in 10.4 is old so set more sensible launchd defaults. 2010-12-09 08:20:07 +01:00
policy.c Do not auto-activate services if we could not send a message 2016-11-28 12:11:41 +00:00
policy.h tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
rc.messagebus.in [legacy init script] Fix the use of $servicename 2010-04-23 12:02:19 -04:00
selinux.c Do not auto-activate services if we could not send a message 2016-11-28 12:11:41 +00:00
selinux.h Do not auto-activate services if we could not send a message 2016-11-28 12:11:41 +00:00
services.c Log when we exceed max_names_per_connection (aka max_services_per_connection) 2016-08-16 17:44:30 +01:00
services.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
session.conf.in On Windows, load local configuration relative to bus setup 2015-10-02 11:24:05 +01:00
signals.c Print errors parsing match rules correctly 2016-10-13 22:44:12 +01:00
signals.h Mediation of processes eavesdropping 2015-02-18 18:59:46 +00:00
stats.c Merge branch 'dbus-1.8' and prepare 1.9.6 2015-01-01 23:48:13 +00:00
stats.h Implement GetAllMatchRules on the Stats interface 2014-09-25 12:59:50 +01:00
system.conf.in Document default limits in system.conf.in 2016-08-16 18:27:47 +01:00
test-launch-helper.c Add missing function attributes suggested by clang (but not by gcc) 2016-10-13 22:44:13 +01:00
test-main.c Add missing function attributes suggested by clang (but not by gcc) 2016-10-13 22:44:13 +01:00
test-system.c Add missing function attributes suggested by clang (but not by gcc) 2016-10-13 22:44:13 +01:00
test.c Remove trailing newlines from _dbus_warn, _dbus_warn_check_failed 2016-09-30 19:36:51 +01:00
test.h tests to embedded tests: replaced in dbus-daemon 2013-06-28 12:13:28 +01:00
utils.c Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00
utils.h Bug 21161 - Update the FSF address 2009-07-14 15:39:47 -04:00