Some odd issues with D-Bus on Solaris

Havoc Pennington hp at redhat.com
Wed Sep 5 11:27:30 PDT 2007 

Hi,

On 9/5/07, Brian Cameron <Brian.Cameron at sun.com> wrote:
> Could you list common things that use such system-wide services?
> I think this might help me understand if we are shipping such things
> on Solaris.  (aside from PackageKit).

I think only PackageKit so far. The system-wide service launching
feature is brand new. You should expect several more such things to
start appearing though, probably.

> On Solaris, there are a bunch of services in /usr/share/dbus-1/services
> and nothing in /usr/share/dbus-1/system-services.

Right, so you have no system services yet that can be launched
automatically by the bus daemon.

> In /etc/dbus-1/session.d, there are no files, and in /etc/dbus-1/system.d
> we only ship a hal.conf file.  Once we update to using the new D-Bus
> version of GDM we will also need to have a ConsoleKit.conf and a gdm.conf.

These are different. These are config directories that allow modifying
the configuration, usually to change the security policy to allow
through messages that a particular app needs.

The /usr/share/dbus-1/system-services directory contains .service
files with services that can be *launched* which is what the helper is
used for.

> Would this indicate that we are using systemwide services or not?

The .conf files indicate that you have systemwide services that need
to send messages, and the .service files indicate that you have
systemwide services that can be launched automatically on demand by
the bus daemon. The launch helper is only relevant to the latter.

> When you say remove the launch helper and the service directory configuration
> from system.conf I assume you mean /etc/dbus-1/system.conf.  Do you mean these
> lines:
>
>   <servicehelper>/usr/lib/dbus-daemon-launch-helper</servicehelper>
> [...]
>   <!-- Config files are placed here that among other things, punch
>        holes in the above policy for specific services. -->
>   <includedir>system.d</includedir>

Only the first line, and then the line with
<standard_system_servicedirs/> or something like that which refers to
the /usr/share/dbus-1/system-services directory.
This would disable automatic on-demand service launching by the bus daemon.

If you remove the system.d that will break essentially all usage of
the systemwide message bus because without the .conf files there are
no holes punched in the security policy, and the security policy
blocks essentially all messages by default.

> If you comment out these lines, does setting --with-dbus-user=root
> make sense?

It's not related to the user you run the bus as. The reason for
changing the bus daemon user is to reduce privileges of the bus
daemon. You can either do this or not, depending on other mechanisms
you have to reduce privileges as Artem mentioned, or depending on how
much you trust the bus daemon code.

If you reduce privileges via any mechanism, and you want to support
automatic service launching, then you probably need the setuid helper
because the launched service may require arbitrary privileges.

If it's helpful you could also write your own launch helper process
and set it up in the config file, that worked in some way other than
being setuid, but I don't know if there is a better way really.

Havoc

More information about the dbus mailing list