dbus-daemon, passing fd and SELinux

Tom Gundersen teg at jklm.no
Wed Nov 7 19:10:33 UTC 2018 

On Wed, Nov 7, 2018 at 4:49 PM Simon McVittie <smcv at collabora.com> wrote:

> > - Is there a way to grab more info anywhere /why/ the
> GBusNameLostCallback
> >   event occurred?
>
> No, there is currently no protocol by which the dbus-daemon can tell
> a client *why* that client is getting disconnected: fatal errors just
> disconnect the socket. Implementing this would not necessarily be
> straightforward, because the dbus-daemon would need to be able to stop
> reading from the client, but keep the connection alive long enough to
> do all the asynchronous send operations for at least the rest of the
> current partially-sent message if any (to avoid corrupting the stream by
> inserting the error into the middle of an unrelated message), followed
> by the error, followed by disconnection.
>
> Messages can be large enough that they need to be sent in multiple
> sendmsg() transactions (or even large enough that they exceed the socket
> buffer), so we have to get the framing right, and we have to do it all
> asynchronously.
>

For what it is worth, dbus-broker allows this, and in many cases it does.
However, in this particular situation it would also not return an error
before disconnecting. The reason we did not (so far) is that we thought
that if the error was in parsing the message (which this would fall under),
then it would not always be the case that we would even be able to read the
serial to reply to (and we really don't want to be doing unsolicited
errors, as clients simply wouldn't to expect them). It may make sense to be
a bit more clever about this though, and reply with an error whenever we
are able to (as this kind of situation is really not easy to debug).


> I dimly remember once trying to prototype a feature where dbus-daemon
> would try to add a signal or an unsolicited error message into the
> sending socket before disconnecting clients, but it ended up sufficiently
> complicated that I wasn't confident that it was right. Client libraries
> would also have to be modified to look for those messages and use them
> to populate a more specific error indicator.
>

Yeah, I think we would have to restrict ourselves to replying with errors
to method calls that expect a reply, otherwise it would get really
complicated on the client side.

Cheers,

Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dbus/attachments/20181107/3736a209/attachment-0001.html>

More information about the dbus mailing list