[systemd-commits] 6 commits - src/core src/dbus1-generator src/journal src/libsystemd src/login src/network src/shared src/udev units/org.freedesktop.DBus.busname units/org.freedesktop.hostname1.busname units/org.freedesktop.locale1.busname units/org.freedesktop.login1.busname units/org.freedesktop.machine1.busname units/org.freedesktop.timedate1.busname
Daniel Mack
zonque at kemper.freedesktop.org
Fri Mar 7 12:50:55 PST 2014
src/core/busname.c | 11 +++-
src/core/busname.h | 34 ++++++++++++
src/core/job.c | 2
src/core/load-fragment-gperf.gperf.m4 | 4 +
src/core/load-fragment.c | 85 ++++++++++++++++++++++++++++++++
src/core/load-fragment.h | 1
src/core/path.c | 4 -
src/core/unit.c | 2
src/dbus1-generator/dbus1-generator.c | 4 +
src/journal/journald-server.c | 8 +--
src/libsystemd/sd-bus/bus-kernel.c | 69 +++++++++++++++++++++++--
src/libsystemd/sd-bus/bus-kernel.h | 3 -
src/libsystemd/sd-bus/kdbus.h | 79 ++++++++++-------------------
src/login/logind-session.c | 2
src/network/networkd-netdev.c | 4 -
src/shared/log.c | 2
src/udev/net/ethtool-util.c | 4 -
src/udev/net/link-config.c | 4 -
units/org.freedesktop.DBus.busname | 2
units/org.freedesktop.hostname1.busname | 2
units/org.freedesktop.locale1.busname | 2
units/org.freedesktop.login1.busname | 2
units/org.freedesktop.machine1.busname | 2
units/org.freedesktop.timedate1.busname | 2
24 files changed, 256 insertions(+), 78 deletions(-)
New commits:
commit 2c5859afecee81e345fc9526b1083bf79990ffb8
Author: Daniel Mack <zonque at gmail.com>
Date: Fri Mar 7 21:38:48 2014 +0100
Make tables for DEFINE_STRING_TABLE_LOOKUP consistent
Bring some arrays that are used for DEFINE_STRING_TABLE_LOOKUP() in the
same order than the enums they reference.
Also, pass the corresponding _MAX value to the array initalizer where
appropriate.
diff --git a/src/core/job.c b/src/core/job.c
index 9c099c6..8e98bd9 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -1150,9 +1150,9 @@ static const char* const job_mode_table[_JOB_MODE_MAX] = {
[JOB_REPLACE] = "replace",
[JOB_REPLACE_IRREVERSIBLY] = "replace-irreversibly",
[JOB_ISOLATE] = "isolate",
+ [JOB_FLUSH] = "flush",
[JOB_IGNORE_DEPENDENCIES] = "ignore-dependencies",
[JOB_IGNORE_REQUIREMENTS] = "ignore-requirements",
- [JOB_FLUSH] = "flush",
};
DEFINE_STRING_TABLE_LOOKUP(job_mode, JobMode);
diff --git a/src/core/path.c b/src/core/path.c
index 1d6c6cc..93c51bb 100644
--- a/src/core/path.c
+++ b/src/core/path.c
@@ -761,16 +761,16 @@ DEFINE_STRING_TABLE_LOOKUP(path_state, PathState);
static const char* const path_type_table[_PATH_TYPE_MAX] = {
[PATH_EXISTS] = "PathExists",
[PATH_EXISTS_GLOB] = "PathExistsGlob",
+ [PATH_DIRECTORY_NOT_EMPTY] = "DirectoryNotEmpty",
[PATH_CHANGED] = "PathChanged",
[PATH_MODIFIED] = "PathModified",
- [PATH_DIRECTORY_NOT_EMPTY] = "DirectoryNotEmpty"
};
DEFINE_STRING_TABLE_LOOKUP(path_type, PathType);
static const char* const path_result_table[_PATH_RESULT_MAX] = {
[PATH_SUCCESS] = "success",
- [PATH_FAILURE_RESOURCES] = "resources"
+ [PATH_FAILURE_RESOURCES] = "resources",
};
DEFINE_STRING_TABLE_LOOKUP(path_result, PathResult);
diff --git a/src/core/unit.c b/src/core/unit.c
index 85250ca..aa723cb 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3278,9 +3278,9 @@ static const char* const unit_dependency_table[_UNIT_DEPENDENCY_MAX] = {
[UNIT_TRIGGERED_BY] = "TriggeredBy",
[UNIT_PROPAGATES_RELOAD_TO] = "PropagatesReloadTo",
[UNIT_RELOAD_PROPAGATED_FROM] = "ReloadPropagatedFrom",
+ [UNIT_JOINS_NAMESPACE_OF] = "JoinsNamespaceOf",
[UNIT_REFERENCES] = "References",
[UNIT_REFERENCED_BY] = "ReferencedBy",
- [UNIT_JOINS_NAMESPACE_OF] = "JoinsNamespaceOf",
};
DEFINE_STRING_TABLE_LOOKUP(unit_dependency, UnitDependency);
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 2a90b44..8680650 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -70,7 +70,7 @@
#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
-static const char* const storage_table[] = {
+static const char* const storage_table[_STORAGE_MAX] = {
[STORAGE_AUTO] = "auto",
[STORAGE_VOLATILE] = "volatile",
[STORAGE_PERSISTENT] = "persistent",
@@ -80,10 +80,10 @@ static const char* const storage_table[] = {
DEFINE_STRING_TABLE_LOOKUP(storage, Storage);
DEFINE_CONFIG_PARSE_ENUM(config_parse_storage, storage, Storage, "Failed to parse storage setting");
-static const char* const split_mode_table[] = {
- [SPLIT_NONE] = "none",
+static const char* const split_mode_table[_SPLIT_MAX] = {
+ [SPLIT_LOGIN] = "login",
[SPLIT_UID] = "uid",
- [SPLIT_LOGIN] = "login"
+ [SPLIT_NONE] = "none",
};
DEFINE_STRING_TABLE_LOOKUP(split_mode, SplitMode);
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index 3700522..33ab09e 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -1115,10 +1115,10 @@ static const char* const session_state_table[_SESSION_STATE_MAX] = {
DEFINE_STRING_TABLE_LOOKUP(session_state, SessionState);
static const char* const session_type_table[_SESSION_TYPE_MAX] = {
+ [SESSION_UNSPECIFIED] = "unspecified",
[SESSION_TTY] = "tty",
[SESSION_X11] = "x11",
[SESSION_WAYLAND] = "wayland",
- [SESSION_UNSPECIFIED] = "unspecified",
};
DEFINE_STRING_TABLE_LOOKUP(session_type, SessionType);
diff --git a/src/network/networkd-netdev.c b/src/network/networkd-netdev.c
index 9f580ae..5796032 100644
--- a/src/network/networkd-netdev.c
+++ b/src/network/networkd-netdev.c
@@ -28,7 +28,7 @@
#define VLANID_MAX 4094
-static const char* const netdev_kind_table[] = {
+static const char* const netdev_kind_table[_NETDEV_KIND_MAX] = {
[NETDEV_KIND_BRIDGE] = "bridge",
[NETDEV_KIND_BOND] = "bond",
[NETDEV_KIND_VLAN] = "vlan",
@@ -38,7 +38,7 @@ static const char* const netdev_kind_table[] = {
DEFINE_STRING_TABLE_LOOKUP(netdev_kind, NetDevKind);
DEFINE_CONFIG_PARSE_ENUM(config_parse_netdev_kind, netdev_kind, NetDevKind, "Failed to parse netdev kind");
-static const char* const macvlan_mode_table[] = {
+static const char* const macvlan_mode_table[_NETDEV_MACVLAN_MODE_MAX] = {
[NETDEV_MACVLAN_MODE_PRIVATE] = "private",
[NETDEV_MACVLAN_MODE_VEPA] = "vepa",
[NETDEV_MACVLAN_MODE_BRIDGE] = "bridge",
diff --git a/src/shared/log.c b/src/shared/log.c
index 8d1067c..5ea1e3a 100644
--- a/src/shared/log.c
+++ b/src/shared/log.c
@@ -967,7 +967,7 @@ bool log_on_console(void) {
return syslog_fd < 0 && kmsg_fd < 0 && journal_fd < 0;
}
-static const char *const log_target_table[] = {
+static const char *const log_target_table[_LOG_TARGET_MAX] = {
[LOG_TARGET_CONSOLE] = "console",
[LOG_TARGET_KMSG] = "kmsg",
[LOG_TARGET_JOURNAL] = "journal",
diff --git a/src/udev/net/ethtool-util.c b/src/udev/net/ethtool-util.c
index 6346530..3ec245e 100644
--- a/src/udev/net/ethtool-util.c
+++ b/src/udev/net/ethtool-util.c
@@ -31,7 +31,7 @@
#include "log.h"
#include "conf-parser.h"
-static const char* const duplex_table[] = {
+static const char* const duplex_table[_DUP_MAX] = {
[DUP_FULL] = "full",
[DUP_HALF] = "half"
};
@@ -39,7 +39,7 @@ static const char* const duplex_table[] = {
DEFINE_STRING_TABLE_LOOKUP(duplex, Duplex);
DEFINE_CONFIG_PARSE_ENUM(config_parse_duplex, duplex, Duplex, "Failed to parse duplex setting");
-static const char* const wol_table[] = {
+static const char* const wol_table[_WOL_MAX] = {
[WOL_PHY] = "phy",
[WOL_MAGIC] = "magic",
[WOL_OFF] = "off"
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 05225e0..d3f1aff 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -466,7 +466,7 @@ int link_get_driver(link_config_ctx *ctx, struct udev_device *device, char **ret
return 0;
}
-static const char* const mac_policy_table[] = {
+static const char* const mac_policy_table[_MACPOLICY_MAX] = {
[MACPOLICY_PERSISTENT] = "persistent",
[MACPOLICY_RANDOM] = "random"
};
@@ -474,7 +474,7 @@ static const char* const mac_policy_table[] = {
DEFINE_STRING_TABLE_LOOKUP(mac_policy, MACPolicy);
DEFINE_CONFIG_PARSE_ENUM(config_parse_mac_policy, mac_policy, MACPolicy, "Failed to parse MAC address policy");
-static const char* const name_policy_table[] = {
+static const char* const name_policy_table[_NAMEPOLICY_MAX] = {
[NAMEPOLICY_DATABASE] = "database",
[NAMEPOLICY_ONBOARD] = "onboard",
[NAMEPOLICY_SLOT] = "slot",
commit fe8d029277f8077d4537489b358ce7f10d59ecc2
Author: Daniel Mack <zonque at gmail.com>
Date: Fri Mar 7 17:56:53 2014 +0100
units: set 'AllowUser=root own' and 'AllowWorld=talk' own for all .busname files
diff --git a/units/org.freedesktop.DBus.busname b/units/org.freedesktop.DBus.busname
index 68c649d..cab389b 100644
--- a/units/org.freedesktop.DBus.busname
+++ b/units/org.freedesktop.DBus.busname
@@ -10,3 +10,5 @@ Description=Bus Driver Service Bus Name
[BusName]
Service=systemd-bus-driverd.service
+AllowUser=root own
+AllowWorld=talk
diff --git a/units/org.freedesktop.hostname1.busname b/units/org.freedesktop.hostname1.busname
index fb75a07..a1b58b5 100644
--- a/units/org.freedesktop.hostname1.busname
+++ b/units/org.freedesktop.hostname1.busname
@@ -12,3 +12,5 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/hostnamed
[BusName]
Service=systemd-hostnamed.service
+AllowUser=root own
+AllowWorld=talk
diff --git a/units/org.freedesktop.locale1.busname b/units/org.freedesktop.locale1.busname
index 5af2ee7..a2c361a 100644
--- a/units/org.freedesktop.locale1.busname
+++ b/units/org.freedesktop.locale1.busname
@@ -12,3 +12,5 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/localed
[BusName]
Service=systemd-localed.service
+AllowUser=root own
+AllowWorld=talk
diff --git a/units/org.freedesktop.login1.busname b/units/org.freedesktop.login1.busname
index f3b52ed..d7f597f 100644
--- a/units/org.freedesktop.login1.busname
+++ b/units/org.freedesktop.login1.busname
@@ -13,3 +13,5 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/multiseat
[BusName]
Service=systemd-logind.service
+AllowUser=root own
+AllowWorld=talk
diff --git a/units/org.freedesktop.machine1.busname b/units/org.freedesktop.machine1.busname
index e6b8302..0a2241a 100644
--- a/units/org.freedesktop.machine1.busname
+++ b/units/org.freedesktop.machine1.busname
@@ -12,3 +12,5 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/machined
[BusName]
Service=systemd-machined.service
+AllowUser=root own
+AllowWorld=talk
diff --git a/units/org.freedesktop.timedate1.busname b/units/org.freedesktop.timedate1.busname
index ee50e3d..21ae7b9 100644
--- a/units/org.freedesktop.timedate1.busname
+++ b/units/org.freedesktop.timedate1.busname
@@ -12,3 +12,5 @@ Documentation=http://www.freedesktop.org/wiki/Software/systemd/timedated
[BusName]
Service=systemd-timedated.service
+AllowUser=root own
+AllowWorld=talk
commit a9beb58d8df694742775cb5c539ba9f39794e7b4
Author: Daniel Mack <zonque at gmail.com>
Date: Fri Mar 7 17:56:20 2014 +0100
dbus1-generator: set AllowWorld=own for now
diff --git a/src/dbus1-generator/dbus1-generator.c b/src/dbus1-generator/dbus1-generator.c
index a7b36d1..6cfa891 100644
--- a/src/dbus1-generator/dbus1-generator.c
+++ b/src/dbus1-generator/dbus1-generator.c
@@ -127,7 +127,9 @@ static int create_dbus_files(
"Documentation=man:systemd-dbus1-generator(8)\n\n"
"[BusName]\n"
"Name=%s\n"
- "Service=%s\n",
+ "Service=%s\n"
+ "AllowUser=root own\n"
+ "AllowWorld=talk\n",
path,
name,
name,
commit 1683342af1fc85e75ba21264bbcedc26aef0fa39
Author: Daniel Mack <zonque at gmail.com>
Date: Fri Mar 7 17:29:01 2014 +0100
sd-bus: add support for policy upload on activator connections
Activator connections may upload policy when registering to the bus.
This patch contains code to translate between BusNamePolicy objects and
the kdbus specific items.
diff --git a/src/core/busname.c b/src/core/busname.c
index 4806e74..bd7d02d 100644
--- a/src/core/busname.c
+++ b/src/core/busname.c
@@ -233,7 +233,8 @@ static int busname_open_fd(BusName *n) {
if (n->starter_fd >= 0)
return 0;
- n->starter_fd = bus_kernel_create_starter(UNIT(n)->manager->running_as == SYSTEMD_SYSTEM ? "system" : "user", n->name);
+ n->starter_fd = bus_kernel_create_starter(UNIT(n)->manager->running_as == SYSTEMD_SYSTEM ? "system" : "user",
+ n->name, n->policy);
if (n->starter_fd < 0) {
log_warning_unit(UNIT(n)->id, "Failed to create starter fd: %s", strerror(-n->starter_fd));
return n->starter_fd;
diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c
index 3627411..2a1b0b4 100644
--- a/src/libsystemd/sd-bus/bus-kernel.c
+++ b/src/libsystemd/sd-bus/bus-kernel.c
@@ -1338,9 +1338,51 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) {
return fd;
}
-int bus_kernel_create_starter(const char *bus, const char *name) {
+static void bus_kernel_translate_policy(const BusNamePolicy *policy, struct kdbus_item *item)
+{
+ switch (policy->type) {
+ case BUSNAME_POLICY_TYPE_USER:
+ item->policy_access.type = KDBUS_POLICY_ACCESS_USER;
+ item->policy_access.id = policy->uid;
+ break;
+
+ case BUSNAME_POLICY_TYPE_GROUP:
+ item->policy_access.type = KDBUS_POLICY_ACCESS_GROUP;
+ item->policy_access.id = policy->gid;
+ break;
+
+ case BUSNAME_POLICY_TYPE_WORLD:
+ item->policy_access.type = KDBUS_POLICY_ACCESS_WORLD;
+ break;
+
+ default:
+ assert_not_reached("Unknown policy type");
+ }
+
+ switch (policy->access) {
+ case BUSNAME_POLICY_ACCESS_SEE:
+ item->policy_access.access = KDBUS_POLICY_SEE;
+ break;
+
+ case BUSNAME_POLICY_ACCESS_TALK:
+ item->policy_access.access = KDBUS_POLICY_TALK;
+ break;
+
+ case BUSNAME_POLICY_ACCESS_OWN:
+ item->policy_access.access = KDBUS_POLICY_OWN;
+ break;
+
+ default:
+ assert_not_reached("Unknown policy access");
+ }
+}
+
+int bus_kernel_create_starter(const char *bus, const char *name, BusNamePolicy *policy) {
struct kdbus_cmd_hello *hello;
struct kdbus_item *n;
+ size_t policy_cnt = 0;
+ BusNamePolicy *po;
+ size_t size;
char *p;
int fd;
@@ -1354,16 +1396,29 @@ int bus_kernel_create_starter(const char *bus, const char *name) {
if (fd < 0)
return -errno;
- hello = alloca0(ALIGN8(offsetof(struct kdbus_cmd_hello, items) +
- offsetof(struct kdbus_item, str) +
- strlen(name) + 1));
+ LIST_FOREACH(policy, po, policy)
+ policy_cnt++;
+
+ size = ALIGN8(offsetof(struct kdbus_cmd_hello, items)) +
+ ALIGN8(offsetof(struct kdbus_item, str) + strlen(name) + 1) +
+ policy_cnt * ALIGN8(offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access));
+
+ hello = alloca0(size);
n = hello->items;
strcpy(n->str, name);
n->size = offsetof(struct kdbus_item, str) + strlen(n->str) + 1;
n->type = KDBUS_ITEM_NAME;
+ n = KDBUS_ITEM_NEXT(n);
+
+ LIST_FOREACH(policy, po, policy) {
+ n->type = KDBUS_ITEM_POLICY_ACCESS;
+ n->size = offsetof(struct kdbus_item, policy_access) + sizeof(struct kdbus_policy_access);
+ bus_kernel_translate_policy(po, n);
+ n = KDBUS_ITEM_NEXT(n);
+ }
- hello->size = ALIGN8(offsetof(struct kdbus_cmd_hello, items) + n->size);
+ hello->size = size;
hello->conn_flags = KDBUS_HELLO_ACTIVATOR;
hello->pool_size = KDBUS_POOL_SIZE;
diff --git a/src/libsystemd/sd-bus/bus-kernel.h b/src/libsystemd/sd-bus/bus-kernel.h
index 8db418a..c4722cb 100644
--- a/src/libsystemd/sd-bus/bus-kernel.h
+++ b/src/libsystemd/sd-bus/bus-kernel.h
@@ -23,6 +23,7 @@
#include <stdbool.h>
+#include "busname.h"
#include "sd-bus.h"
#define KDBUS_ITEM_NEXT(item) \
@@ -65,7 +66,7 @@ int bus_kernel_read_message(sd_bus *bus, bool hint_priority, int64_t priority);
int bus_kernel_create_bus(const char *name, bool world, char **s);
int bus_kernel_create_domain(const char *name, char **s);
-int bus_kernel_create_starter(const char *bus, const char *name);
+int bus_kernel_create_starter(const char *bus, const char *name, BusNamePolicy *policy);
int bus_kernel_create_monitor(const char *bus);
int bus_kernel_pop_memfd(sd_bus *bus, void **address, size_t *mapped, size_t *allocated);
commit f7c7cd03d1e9a9a4bb6925fb64d8423f4a6a2fdc
Author: Daniel Mack <zonque at gmail.com>
Date: Fri Mar 7 17:14:52 2014 +0100
sd-bus: sync kdbus.h (ABI break)
Bring kdbus.h in sync with recent policy related changes. Most notably,
KDBUS_MAKE_POLICY_OPEN is now gone. The rest doesn't matter for systemd
at this point, as the policy functionality was not yet used.
diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c
index eec62ac..3627411 100644
--- a/src/libsystemd/sd-bus/bus-kernel.c
+++ b/src/libsystemd/sd-bus/bus-kernel.c
@@ -1309,7 +1309,7 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) {
n->type = KDBUS_ITEM_MAKE_NAME;
make->size += ALIGN8(n->size);
- make->flags = KDBUS_MAKE_POLICY_OPEN | (world ? KDBUS_MAKE_ACCESS_WORLD : 0);
+ make->flags = world ? KDBUS_MAKE_ACCESS_WORLD : 0;
if (ioctl(fd, KDBUS_CMD_BUS_MAKE, make) < 0) {
close_nointr_nofail(fd);
@@ -1410,7 +1410,7 @@ int bus_kernel_create_domain(const char *name, char **s) {
n->type = KDBUS_ITEM_MAKE_NAME;
make->size = ALIGN8(offsetof(struct kdbus_cmd_make, items) + n->size);
- make->flags = KDBUS_MAKE_POLICY_OPEN | KDBUS_MAKE_ACCESS_WORLD;
+ make->flags = KDBUS_MAKE_ACCESS_WORLD;
if (ioctl(fd, KDBUS_CMD_DOMAIN_MAKE, make) < 0) {
close_nointr_nofail(fd);
diff --git a/src/libsystemd/sd-bus/kdbus.h b/src/libsystemd/sd-bus/kdbus.h
index c9a8940..4559831 100644
--- a/src/libsystemd/sd-bus/kdbus.h
+++ b/src/libsystemd/sd-bus/kdbus.h
@@ -190,33 +190,14 @@ struct kdbus_name {
* @bits: Access to grant. One of KDBUS_POLICY_*
* @id: For KDBUS_POLICY_ACCESS_USER, the uid
* For KDBUS_POLICY_ACCESS_GROUP, the gid
- *
- * Embedded in:
- * struct kdbus_policy
*/
struct kdbus_policy_access {
__u64 type; /* USER, GROUP, WORLD */
- __u64 bits; /* RECV, SEND, OWN */
+ __u64 access; /* OWN, TALK, SEE */
__u64 id; /* uid, gid, 0 */
};
/**
- * struct kdbus_policy - a policy item
- * @access: Policy access details
- * @name: Well-known name to grant access to
- *
- * Attached to:
- * KDBUS_POLICY_ACCESS
- * KDBUS_ITEM_POLICY_NAME
- */
-struct kdbus_policy {
- union {
- struct kdbus_policy_access access;
- char name[0];
- };
-};
-
-/**
* enum kdbus_item_type - item types to chain data in a list
* @_KDBUS_ITEM_NULL: Uninitialized/invalid
* @_KDBUS_ITEM_USER_BASE: Start of user items
@@ -252,8 +233,7 @@ struct kdbus_policy {
* @KDBUS_ITEM_AUDIT: The audit IDs
* @KDBUS_ITEM_CONN_NAME: The connection's human-readable name (debugging)
* @_KDBUS_ITEM_POLICY_BASE: Start of policy items
- * @KDBUS_ITEM_POLICY_NAME: Policy in struct kdbus_policy
- * @KDBUS_ITEM_POLICY_ACCESS: Policy in struct kdbus_policy
+ * @KDBUS_ITEM_POLICY_ACCESS: Policy access block
* @_KDBUS_ITEM_KERNEL_BASE: Start of kernel-generated message items
* @KDBUS_ITEM_NAME_ADD: Notify in struct kdbus_notify_name_change
* @KDBUS_ITEM_NAME_REMOVE: Notify in struct kdbus_notify_name_change
@@ -294,8 +274,7 @@ enum kdbus_item_type {
KDBUS_ITEM_CONN_NAME,
_KDBUS_ITEM_POLICY_BASE = 0x2000,
- KDBUS_ITEM_POLICY_NAME = _KDBUS_ITEM_POLICY_BASE,
- KDBUS_ITEM_POLICY_ACCESS,
+ KDBUS_ITEM_POLICY_ACCESS = _KDBUS_ITEM_POLICY_BASE,
_KDBUS_ITEM_KERNEL_BASE = 0x8000,
KDBUS_ITEM_NAME_ADD = _KDBUS_ITEM_KERNEL_BASE,
@@ -329,8 +308,7 @@ enum kdbus_item_type {
* KDBUS_ITEM_NAME_CHANGE
* @id_change: KDBUS_ITEM_ID_ADD
* KDBUS_ITEM_ID_REMOVE
- * @policy: KDBUS_ITEM_POLICY_NAME
- * KDBUS_ITEM_POLICY_ACCESS
+ * @policy: KDBUS_ITEM_POLICY_ACCESS
*/
struct kdbus_item {
__u64 size;
@@ -353,7 +331,7 @@ struct kdbus_item {
int fds[0];
struct kdbus_notify_name_change name_change;
struct kdbus_notify_id_change id_change;
- struct kdbus_policy policy;
+ struct kdbus_policy_access policy_access;
};
};
@@ -483,44 +461,37 @@ enum kdbus_policy_access_type {
/**
* enum kdbus_policy_access_flags - mode flags
- * @KDBUS_POLICY_RECV: Allow receive
- * @KDBUS_POLICY_SEND: Allow send
* @KDBUS_POLICY_OWN: Allow to own a well-known name
+ * Implies KDBUS_POLICY_TALK and KDBUS_POLICY_SEE
+ * @KDBUS_POLICY_TALK: Allow communication to a well-known name
+ * Implies KDBUS_POLICY_SEE
+ * @KDBUS_POLICY_SEE: Allow to see a well-known name
*/
enum kdbus_policy_type {
- KDBUS_POLICY_RECV = 1 << 2,
- KDBUS_POLICY_SEND = 1 << 1,
- KDBUS_POLICY_OWN = 1 << 0,
+ KDBUS_POLICY_SEE = 0,
+ KDBUS_POLICY_TALK,
+ KDBUS_POLICY_OWN,
};
/**
- * struct kdbus_cmd_policy - a series of policies to upload
- * @size: The total size of the structure
- * @policies: The policies to upload
- *
- * A KDBUS_POLICY_NAME must always preceeds a KDBUS_POLICY_ACCESS entry.
- * A new KDBUS_POLICY_NAME can be added after KDBUS_POLICY_ACCESS for
- * chaining multiple policies together.
- */
-struct kdbus_cmd_policy {
- __u64 size;
- struct kdbus_item policies[0];
-} __attribute__((aligned(8)));
-
-/**
* enum kdbus_hello_flags - flags for struct kdbus_cmd_hello
* @KDBUS_HELLO_ACCEPT_FD: The connection allows the receiving of
* any passed file descriptors
* @KDBUS_HELLO_ACTIVATOR: Special-purpose connection which registers
* a well-know name for a process to be started
* when traffic arrives
+ * @KDBUS_HELLO_POLICY_HOLDER: Special-purpose connection which registers
+ * policy entries for one or multiple names. The
+ * provided names are not activated, and are not
+ * registered with the name database
* @KDBUS_HELLO_MONITOR: Special-purpose connection to monitor
* bus traffic
*/
enum kdbus_hello_flags {
KDBUS_HELLO_ACCEPT_FD = 1 << 0,
KDBUS_HELLO_ACTIVATOR = 1 << 1,
- KDBUS_HELLO_MONITOR = 1 << 2,
+ KDBUS_HELLO_POLICY_HOLDER = 1 << 2,
+ KDBUS_HELLO_MONITOR = 1 << 3,
};
/**
@@ -584,11 +555,14 @@ struct kdbus_cmd_hello {
struct kdbus_item items[0];
} __attribute__((aligned(8)));
-/* Flags for KDBUS_CMD_{BUS,EP,NS}_MAKE */
+/**
+ * enum kdbus_make_flags - Flags for KDBUS_CMD_{BUS,EP,NS}_MAKE
+ * @KDBUS_MAKE_ACCESS_GROUP: Make the device node group-accessible
+ * @KDBUS_MAKE_ACCESS_WORLD: Make the device node world-accessible
+ */
enum kdbus_make_flags {
KDBUS_MAKE_ACCESS_GROUP = 1 << 0,
KDBUS_MAKE_ACCESS_WORLD = 1 << 1,
- KDBUS_MAKE_POLICY_OPEN = 1 << 2,
};
/**
@@ -874,8 +848,6 @@ enum kdbus_ioctl_type {
KDBUS_CMD_MATCH_ADD = _IOW (KDBUS_IOC_MAGIC, 0x70, struct kdbus_cmd_match),
KDBUS_CMD_MATCH_REMOVE = _IOW (KDBUS_IOC_MAGIC, 0x71, struct kdbus_cmd_match),
- KDBUS_CMD_EP_POLICY_SET = _IOW (KDBUS_IOC_MAGIC, 0x80, struct kdbus_cmd_policy),
-
KDBUS_CMD_MEMFD_NEW = _IOWR(KDBUS_IOC_MAGIC, 0xc0, struct kdbus_cmd_memfd_make),
KDBUS_CMD_MEMFD_SIZE_GET = _IOR (KDBUS_IOC_MAGIC, 0xc1, __u64 *),
KDBUS_CMD_MEMFD_SIZE_SET = _IOW (KDBUS_IOC_MAGIC, 0xc2, __u64 *),
@@ -891,6 +863,9 @@ enum kdbus_ioctl_type {
* @EADDRNOTAVAIL: A message flagged not to activate a service, addressed
* a service which is not currently running.
* @EAGAIN: No messages are queued at the moment.
+ * @EALREADY: A requested name is already owned by the connection,
+ * a connection is already disconnected, memfd is already
+ * sealed or has the requested size.
* @EBADF: File descriptors passed with the message are not valid.
* @EBADFD: A bus connection is in a corrupted state.
* @EBADMSG: Passed data contains a combination of conflicting or
@@ -947,7 +922,7 @@ enum kdbus_ioctl_type {
* @EPIPE: When sending a message, a synchronous reply from the
* receiving connection was expected but the connection
* died before answering.
- * @ESHUTDOWN: A domain or endpoint is currently shutting down;
+ * @ESHUTDOWN: A domain, bus or endpoint is currently shutting down;
* no further operations will be possible.
* @ESRCH: A requested well-known bus name is not found.
* @ETIMEDOUT: A synchronous wait for a message reply did not arrive
commit 54d76c92868838e17d6aad0a3bb0cc7a5b11e35f
Author: Daniel Mack <zonque at gmail.com>
Date: Thu Mar 6 22:42:42 2014 +0100
busname: add parser for bus name policies
There are three directives to specify bus name polices in .busname
files:
* AllowUser [username] [access]
* AllowGroup [groupname] [access]
* AllowWorld [access]
Where [access] is one of
* 'see': The user/group/world is allowed to see a name on the bus
* 'talk': The user/group/world is allowed to talk to a name
* 'own': The user/group/world is allowed to own a name
There is no user added yet in this commit.
diff --git a/src/core/busname.c b/src/core/busname.c
index bca2145..4806e74 100644
--- a/src/core/busname.c
+++ b/src/core/busname.c
@@ -553,6 +553,14 @@ static const char* const busname_result_table[_BUSNAME_RESULT_MAX] = {
DEFINE_STRING_TABLE_LOOKUP(busname_result, BusNameResult);
+static const char* const busname_policy_access_table[_BUSNAME_POLICY_ACCESS_MAX] = {
+ [BUSNAME_POLICY_ACCESS_SEE] = "see",
+ [BUSNAME_POLICY_ACCESS_TALK] = "talk",
+ [BUSNAME_POLICY_ACCESS_OWN] = "own",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(busname_policy_access, BusNamePolicyAccess);
+
const UnitVTable busname_vtable = {
.object_size = sizeof(BusName),
diff --git a/src/core/busname.h b/src/core/busname.h
index 6debd48..f79f510 100644
--- a/src/core/busname.h
+++ b/src/core/busname.h
@@ -22,6 +22,7 @@
***/
typedef struct BusName BusName;
+typedef struct BusNamePolicy BusNamePolicy;
#include "unit.h"
@@ -54,6 +55,36 @@ struct BusName {
BusNameResult result;
sd_event_source *event_source;
+
+ LIST_HEAD(BusNamePolicy, policy);
+};
+
+typedef enum BusNamePolicyType {
+ BUSNAME_POLICY_TYPE_USER,
+ BUSNAME_POLICY_TYPE_GROUP,
+ BUSNAME_POLICY_TYPE_WORLD,
+ _BUSNAME_POLICY_TYPE_MAX,
+ _BUSNAME_POLICY_TYPE_INVALID = -1
+} BusNamePolicyType;
+
+typedef enum BusNamePolicyAccess {
+ BUSNAME_POLICY_ACCESS_SEE,
+ BUSNAME_POLICY_ACCESS_TALK,
+ BUSNAME_POLICY_ACCESS_OWN,
+ _BUSNAME_POLICY_ACCESS_MAX,
+ _BUSNAME_POLICY_ACCESS_INVALID = -1
+} BusNamePolicyAccess;
+
+struct BusNamePolicy {
+ BusNamePolicyType type;
+ BusNamePolicyAccess access;
+
+ union {
+ uid_t uid;
+ gid_t gid;
+ };
+
+ LIST_FIELDS(BusNamePolicy, policy);
};
extern const UnitVTable busname_vtable;
@@ -63,3 +94,6 @@ BusNameState busname_state_from_string(const char *s) _pure_;
const char* busname_result_to_string(BusNameResult i) _const_;
BusNameResult busname_result_from_string(const char *s) _pure_;
+
+const char* busname_policy_access_to_string(BusNamePolicyAccess i) _const_;
+BusNamePolicyAccess busname_policy_access_from_string(const char *s) _pure_;
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 5604ee9..f85d868 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -252,6 +252,10 @@ KILL_CONTEXT_CONFIG_ITEMS(Socket)m4_dnl
m4_dnl
BusName.Name, config_parse_string, 0, offsetof(BusName, name)
BusName.Service, config_parse_busname_service, 0, 0
+BusName.AllowUser, config_parse_bus_policy, 0, 0
+BusName.AllowGroup, config_parse_bus_policy, 0, 0
+BusName.AllowWorld, config_parse_bus_policy, 0, 0
+BusName.SELinuxContext, config_parse_exec_selinux_context, 0, 0
m4_dnl
Mount.What, config_parse_string, 0, offsetof(Mount, parameters_fragment.what)
Mount.Where, config_parse_path, 0, offsetof(Mount, where)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 18dab02..06e3031 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -33,6 +33,8 @@
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/resource.h>
+#include <sys/types.h>
+#include <grp.h>
#ifdef HAVE_SECCOMP
#include <seccomp.h>
@@ -1606,6 +1608,89 @@ int config_parse_busname_service(
return 0;
}
+int config_parse_bus_policy(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ _cleanup_free_ BusNamePolicy *p = NULL;
+ _cleanup_free_ char *id_str = NULL;
+ BusName *busname = data;
+ char *access_str;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ p = new0(BusNamePolicy, 1);
+ if (!p)
+ return log_oom();
+
+ if (streq(lvalue, "AllowUser"))
+ p->type = BUSNAME_POLICY_TYPE_USER;
+ else if (streq(lvalue, "AllowGroup"))
+ p->type = BUSNAME_POLICY_TYPE_GROUP;
+ else if (streq(lvalue, "AllowWorld"))
+ p->type = BUSNAME_POLICY_TYPE_WORLD;
+ else
+ assert_not_reached("Unknown lvalue");
+
+ id_str = strdup(rvalue);
+ if (!id_str)
+ return log_oom();
+
+ if (p->type != BUSNAME_POLICY_TYPE_WORLD) {
+ access_str = strchr(id_str, ' ');
+ if (!access_str) {
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid busname policy value '%s'", rvalue);
+ return 0;
+ }
+
+ *access_str = '\0';
+ access_str++;
+
+ if (p->type == BUSNAME_POLICY_TYPE_USER) {
+ const char *user = id_str;
+
+ r = get_user_creds(&user, &p->uid, NULL, NULL, NULL);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Unable to parse uid from '%s'", id_str);
+ return 0;
+ }
+ } else {
+ const char *group = id_str;
+
+ r = get_group_creds(&group, &p->gid);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, -errno, "Unable to parse gid from '%s'", id_str);
+ return 0;
+ }
+ }
+ } else {
+ access_str = id_str;
+ }
+
+ p->access = busname_policy_access_from_string(access_str);
+ if (p->access < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid busname policy access type '%s'", access_str);
+ return 0;
+ }
+
+ LIST_PREPEND(policy, busname->policy, p);
+ p = NULL;
+
+ return 0;
+}
+
int config_parse_unit_env_file(const char *unit,
const char *filename,
unsigned line,
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index fabbda2..3513851 100644
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -64,6 +64,7 @@ int config_parse_path_spec(const char *unit, const char *filename, unsigned line
int config_parse_socket_service(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_service_sockets(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_busname_service(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_bus_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_unit_env_file(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_ip_tos(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_unit_condition_path(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
More information about the systemd-commits
mailing list