[systemd-commits] 2 commits - TODO src/bus-proxyd src/libsystemd
Lennart Poettering
lennart at kemper.freedesktop.org
Mon Dec 8 14:52:40 PST 2014
TODO | 14 +++++++++++---
src/bus-proxyd/bus-proxyd.c | 12 +++++++-----
src/libsystemd/sd-bus/bus-control.c | 7 ++++---
src/libsystemd/sd-bus/bus-control.h | 2 ++
4 files changed, 24 insertions(+), 11 deletions(-)
New commits:
commit e7100587da6d147fa601c911122d13ad4257e963
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Dec 8 23:52:08 2014 +0100
update TODO
diff --git a/TODO b/TODO
index 94b3f99..b0ae84a 100644
--- a/TODO
+++ b/TODO
@@ -1,3 +1,13 @@
+Preparations for 218:
+
+* port libmount hookup to use API's own inotify interface
+
+* rhbz
+
+* fdobz
+
+* Backport: git notes
+
Bugfixes:
* Should systemctl status \* work on all unit types, not just .service?
@@ -292,10 +302,8 @@ Features:
ReadOnlyDirectories=... for whitelisting files for a service.
* sd-bus:
- - xml policy inforcement and bus activated services is broken?
- - how can we make the xml enforcement for native clients unnecessary?
+ - kdbus: PID/TID goes missing for method calls from outside the PID namespace?
- kdbus: the kernel should not allow messages to be delivered that have a reply serial != 0, reply-expect unset, but no appropriate window
- - kdbus: when we fake creds euid being (uint32_t) -1 is weirdly translated
- kdbus: timestamps on kernel's NameOwnerChanged messages?
- kdbus' busnames.target should get pulled in by basic.target
- Ignore .busname units on classic D-Bus boots, systemd-resolved cannot be started on kdbus
commit 0aa72be6a02e8bbcb364526b8e1904a94b81a547
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Dec 8 23:47:19 2014 +0100
bus-proxy: fix compat with autostarted services
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 2e34cc9..42fb0da 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -45,6 +45,7 @@
#include "def.h"
#include "capability.h"
#include "bus-policy.h"
+#include "bus-control.h"
static char *arg_address = NULL;
static char *arg_command_line_buffer = NULL;
@@ -1002,7 +1003,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
}
if (granted) {
- /* Then check whether us, the recipient can recieve from the sender's name */
+ /* Then check whether us (the recipient) can recieve from the sender's name */
if (strv_isempty(sender_names)) {
if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
return 0;
@@ -1038,9 +1039,10 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
/* The message came from the legacy client, and is sent to kdbus. */
if (m->destination) {
- r = sd_bus_get_name_creds(to, m->destination,
- SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
- SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, &destination_creds);
+ r = bus_get_name_creds_kdbus(to, m->destination,
+ SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
+ SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID,
+ true, &destination_creds);
if (r < 0)
return r;
@@ -1056,7 +1058,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
(void) sd_bus_creds_get_gid(destination_creds, &destination_gid);
}
- /* First check if we, the sender can send to this name */
+ /* First check if we (the sender) can send to this name */
if (strv_isempty(destination_names)) {
if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
granted = true;
diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
index a9a0c1e..6a9e9b2 100644
--- a/src/libsystemd/sd-bus/bus-control.c
+++ b/src/libsystemd/sd-bus/bus-control.c
@@ -600,10 +600,11 @@ static int bus_populate_creds_from_items(
return 0;
}
-static int bus_get_name_creds_kdbus(
+int bus_get_name_creds_kdbus(
sd_bus *bus,
const char *name,
uint64_t mask,
+ bool allow_activator,
sd_bus_creds **creds) {
_cleanup_bus_creds_unref_ sd_bus_creds *c = NULL;
@@ -652,7 +653,7 @@ static int bus_get_name_creds_kdbus(
conn_info = (struct kdbus_info *) ((uint8_t *) bus->kdbus_buffer + cmd->offset);
/* Non-activated names are considered not available */
- if (conn_info->flags & KDBUS_HELLO_ACTIVATOR) {
+ if (!allow_activator && (conn_info->flags & KDBUS_HELLO_ACTIVATOR)) {
if (name[0] == ':')
r = -ENXIO;
else
@@ -875,7 +876,7 @@ _public_ int sd_bus_get_name_creds(
return -ENOTCONN;
if (bus->is_kernel)
- return bus_get_name_creds_kdbus(bus, name, mask, creds);
+ return bus_get_name_creds_kdbus(bus, name, mask, false, creds);
else
return bus_get_name_creds_dbus1(bus, name, mask, creds);
}
diff --git a/src/libsystemd/sd-bus/bus-control.h b/src/libsystemd/sd-bus/bus-control.h
index aa290ed..5009ca8 100644
--- a/src/libsystemd/sd-bus/bus-control.h
+++ b/src/libsystemd/sd-bus/bus-control.h
@@ -29,3 +29,5 @@ int bus_remove_match_internal(sd_bus *bus, const char *match, uint64_t cookie);
int bus_add_match_internal_kernel(sd_bus *bus, struct bus_match_component *components, unsigned n_components, uint64_t cookie);
int bus_remove_match_internal_kernel(sd_bus *bus, uint64_t cookie);
+
+int bus_get_name_creds_kdbus(sd_bus *bus, const char *name, uint64_t mask, bool allow_activator, sd_bus_creds **creds);
More information about the systemd-commits
mailing list