[systemd-commits] 2 commits - src/bus-proxyd src/core src/dbus1-generator src/libsystemd src/login src/nspawn src/shared units/systemd-bus-proxyd at .service.in units/user
Daniel Mack
zonque at kemper.freedesktop.org
Thu Nov 13 11:44:28 PST 2014
src/bus-proxyd/bus-proxyd.c | 2
src/core/kmod-setup.c | 2
src/core/main.c | 1
src/core/manager.c | 7 ---
src/core/mount-setup.c | 22 ++++++++++
src/core/mount-setup.h | 1
src/core/namespace.c | 9 ----
src/dbus1-generator/dbus1-generator.c | 2
src/libsystemd/sd-bus/PORTING-DBUS1 | 10 ++--
src/libsystemd/sd-bus/bus-kernel.c | 60 +----------------------------
src/libsystemd/sd-bus/bus-kernel.h | 1
src/libsystemd/sd-bus/kdbus.h | 40 ++++++++-----------
src/libsystemd/sd-bus/sd-bus.c | 2
src/login/pam_systemd.c | 2
src/nspawn/nspawn.c | 62 +-----------------------------
src/shared/def.h | 4 -
units/systemd-bus-proxyd at .service.in | 2
units/user/systemd-bus-proxyd at .service.in | 2
18 files changed, 66 insertions(+), 165 deletions(-)
New commits:
commit 63cc4c3138fd0ce9cc97884373a2dd8959a13ee9
Author: Daniel Mack <daniel at zonque.org>
Date: Thu Nov 13 20:33:03 2014 +0100
sd-bus: sync with kdbus upstream (ABI break)
kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:
* Each time a file system of this type is mounted, a new kdbus
domain is created.
* The layout inside each mount point is the same as before, except
that domains are not hierarchically nested anymore.
* Domains are therefore also unnamed now.
* Unmounting a kdbusfs will automatically also detroy the
associated domain.
* Hence, the action of creating a kdbus domain is now as
privileged as mounting a filesystem.
* This way, we can get around creating dev nodes for everything,
which is last but not least something that is not limited by
20-bit minor numbers.
The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.
A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().
diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c
index 38e1726..8136d3c 100644
--- a/src/core/kmod-setup.c
+++ b/src/core/kmod-setup.c
@@ -71,7 +71,7 @@ int kmod_setup(void) {
{ "unix", "/proc/net/unix", true, NULL },
/* IPC is needed before we bring up any other services */
- { "kdbus", "/sys/bus/kdbus", false, cmdline_check_kdbus },
+ { "kdbus", "/sys/fs/kdbus", false, cmdline_check_kdbus },
};
struct kmod_ctx *ctx = NULL;
unsigned int i;
diff --git a/src/core/main.c b/src/core/main.c
index 56a1f61..d563ae3 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1556,6 +1556,7 @@ int main(int argc, char *argv[]) {
#ifdef HAVE_KMOD
kmod_setup();
#endif
+ mount_setup_late();
hostname_setup();
machine_id_setup(NULL);
loopback_setup();
diff --git a/src/core/manager.c b/src/core/manager.c
index 1bc36a6..2bc1058 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -729,13 +729,6 @@ static int manager_setup_kdbus(Manager *m) {
}
log_debug("Successfully set up kdbus on %s", p);
-
- /* Create the namespace directory here, so that the contents
- * of that directory is not visible to non-root users. This is
- * necessary to ensure that users cannot get access to busses
- * of virtualized users when no UID namespacing is used. */
- if (m->running_as == SYSTEMD_SYSTEM)
- mkdir_p_label("/dev/kdbus/domain", 0700);
#endif
return 0;
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index cda25ed..e9a2ec6 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -110,6 +110,13 @@ static const MountPoint mount_table[] = {
#endif
};
+static const MountPoint mount_table_late[] = {
+#ifdef ENABLE_KDBUS
+ { "kdbusfs", "/sys/fs/kdbus", "kdbusfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ NULL, MNT_IN_CONTAINER },
+#endif
+};
+
/* These are API file systems that might be mounted by other software,
* we just list them here so that we know that we should ignore them */
@@ -221,6 +228,21 @@ int mount_setup_early(void) {
return r;
}
+int mount_setup_late(void) {
+ unsigned i;
+ int r = 0;
+
+ for (i = 0; i < ELEMENTSOF(mount_table_late); i ++) {
+ int j;
+
+ j = mount_one(mount_table_late + i, false);
+ if (r == 0)
+ r = j;
+ }
+
+ return r;
+}
+
int mount_cgroup_controllers(char ***join_controllers) {
_cleanup_set_free_free_ Set *controllers = NULL;
_cleanup_fclose_ FILE *f;
diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h
index 4b521ad..928bd6e 100644
--- a/src/core/mount-setup.h
+++ b/src/core/mount-setup.h
@@ -24,6 +24,7 @@
#include <stdbool.h>
int mount_setup_early(void);
+int mount_setup_late(void);
int mount_setup(bool loaded_policy);
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 4bc288d..eb7f2ad 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -145,7 +145,7 @@ static int mount_dev(BindMount *m) {
"/dev/tty\0";
char temporary_mount[] = "/tmp/namespace-dev-XXXXXX";
- const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devkdbus = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL;
+ const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL;
_cleanup_umask_ mode_t u;
int r;
@@ -185,10 +185,6 @@ static int mount_dev(BindMount *m) {
mkdir(devmqueue, 0755);
mount("/dev/mqueue", devmqueue, NULL, MS_BIND, NULL);
- devkdbus = strappenda(temporary_mount, "/dev/kdbus");
- mkdir(devkdbus, 0755);
- mount("/dev/kdbus", devkdbus, NULL, MS_BIND, NULL);
-
devhugepages = strappenda(temporary_mount, "/dev/hugepages");
mkdir(devhugepages, 0755);
mount("/dev/hugepages", devhugepages, NULL, MS_BIND, NULL);
@@ -254,9 +250,6 @@ fail:
if (devshm)
umount(devshm);
- if (devkdbus)
- umount(devkdbus);
-
if (devhugepages)
umount(devhugepages);
diff --git a/src/dbus1-generator/dbus1-generator.c b/src/dbus1-generator/dbus1-generator.c
index 3c4522b..57af80c 100644
--- a/src/dbus1-generator/dbus1-generator.c
+++ b/src/dbus1-generator/dbus1-generator.c
@@ -319,7 +319,7 @@ int main(int argc, char *argv[]) {
umask(0022);
- if (access("/dev/kdbus/control", F_OK) < 0)
+ if (access("/sys/fs/kdbus/control", F_OK) < 0)
return 0;
r = cg_pid_get_owner_uid(0, NULL);
diff --git a/src/libsystemd/sd-bus/PORTING-DBUS1 b/src/libsystemd/sd-bus/PORTING-DBUS1
index 81e9413..2dedb28 100644
--- a/src/libsystemd/sd-bus/PORTING-DBUS1
+++ b/src/libsystemd/sd-bus/PORTING-DBUS1
@@ -14,11 +14,11 @@ GVariant compatible marshaler to your library first.
After you have done that: here's the basic principle how kdbus works:
-You connect to a bus by opening its bus node in /dev/kdbus/. All
+You connect to a bus by opening its bus node in /sys/fs/kdbus/. All
buses have a device node there, it starts with a numeric UID of the
owner of the bus, followed by a dash and a string identifying the
-bus. The system bus is thus called /dev/kdbus/0-system, and for user
-buses the device node is /dev/kdbus/1000-user (if 1000 is your user
+bus. The system bus is thus called /sys/fs/kdbus/0-system, and for user
+buses the device node is /sys/fs/kdbus/1000-user (if 1000 is your user
id).
(Before we proceed, please always keep a copy of libsystemd next
@@ -496,12 +496,12 @@ parameter.
Client libraries should use the following connection string when
connecting to the system bus:
- kernel:path=/dev/kdbus/0-system/bus;unix:path=/var/run/dbus/system_bus_socket
+ kernel:path=/sys/fs/kdbus/0-system/bus;unix:path=/var/run/dbus/system_bus_socket
This will ensure that kdbus is preferred over the legacy AF_UNIX
socket, but compatibility is kept. For the user bus use:
- kernel:path=/dev/kdbus/$UID-user/bus;unix:path=$XDG_RUNTIME_DIR/bus
+ kernel:path=/sys/fs/kdbus/$UID-user/bus;unix:path=$XDG_RUNTIME_DIR/bus
With $UID replaced by the callers numer user ID, and $XDG_RUNTIME_DIR
following the XDG basedir spec.
diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c
index 5e7bc12..afac3b6 100644
--- a/src/libsystemd/sd-bus/bus-kernel.c
+++ b/src/libsystemd/sd-bus/bus-kernel.c
@@ -1282,7 +1282,7 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) {
assert(name);
assert(s);
- fd = open("/dev/kdbus/control", O_RDWR|O_NOCTTY|O_CLOEXEC);
+ fd = open("/sys/fs/kdbus/control", O_RDWR|O_NOCTTY|O_CLOEXEC);
if (fd < 0)
return -errno;
@@ -1323,7 +1323,7 @@ int bus_kernel_create_bus(const char *name, bool world, char **s) {
if (s) {
char *p;
- p = strjoin("/dev/kdbus/", n->str, "/bus", NULL);
+ p = strjoin("/sys/fs/kdbus/", n->str, "/bus", NULL);
if (!p) {
safe_close(fd);
return -ENOMEM;
@@ -1403,7 +1403,7 @@ int bus_kernel_open_bus_fd(const char *bus, char **path) {
int fd;
size_t len;
- len = strlen("/dev/kdbus/") + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + strlen("/bus") + 1;
+ len = strlen("/sys/fs/kdbus/") + DECIMAL_STR_MAX(uid_t) + 1 + strlen(bus) + strlen("/bus") + 1;
if (path) {
p = malloc(len);
@@ -1412,7 +1412,7 @@ int bus_kernel_open_bus_fd(const char *bus, char **path) {
*path = p;
} else
p = alloca(len);
- sprintf(p, "/dev/kdbus/" UID_FMT "-%s/bus", getuid(), bus);
+ sprintf(p, "/sys/fs/kdbus/" UID_FMT "-%s/bus", getuid(), bus);
fd = open(p, O_RDWR|O_NOCTTY|O_CLOEXEC);
if (fd < 0)
@@ -1585,58 +1585,6 @@ int bus_kernel_make_starter(
return fd;
}
-int bus_kernel_create_domain(const char *name, char **s) {
- struct kdbus_cmd_make *make;
- struct kdbus_item *n;
- int fd;
-
- assert(name);
- assert(s);
-
- fd = open("/dev/kdbus/control", O_RDWR|O_NOCTTY|O_CLOEXEC);
- if (fd < 0)
- return -errno;
-
- make = alloca0_align(ALIGN8(offsetof(struct kdbus_cmd_make, items) +
- offsetof(struct kdbus_item, str) +
- strlen(name) + 1),
- 8);
-
- n = make->items;
- strcpy(n->str, name);
- n->size = offsetof(struct kdbus_item, str) + strlen(n->str) + 1;
- n->type = KDBUS_ITEM_MAKE_NAME;
-
- make->size = ALIGN8(offsetof(struct kdbus_cmd_make, items) + n->size);
- make->flags = KDBUS_MAKE_ACCESS_WORLD;
-
- if (ioctl(fd, KDBUS_CMD_DOMAIN_MAKE, make) < 0) {
- safe_close(fd);
- return -errno;
- }
-
- /* The higher 32bit of the flags field are considered
- * 'incompatible flags'. Refuse them all for now. */
- if (make->flags > 0xFFFFFFFFULL) {
- safe_close(fd);
- return -ENOTSUP;
- }
-
- if (s) {
- char *p;
-
- p = strappend("/dev/kdbus/domain/", name);
- if (!p) {
- safe_close(fd);
- return -ENOMEM;
- }
-
- *s = p;
- }
-
- return fd;
-}
-
int bus_kernel_try_close(sd_bus *bus) {
assert(bus);
assert(bus->is_kernel);
diff --git a/src/libsystemd/sd-bus/bus-kernel.h b/src/libsystemd/sd-bus/bus-kernel.h
index f1d832a..c1ee285 100644
--- a/src/libsystemd/sd-bus/bus-kernel.h
+++ b/src/libsystemd/sd-bus/bus-kernel.h
@@ -71,7 +71,6 @@ int bus_kernel_make_starter(int fd, const char *name, bool activating, bool acce
int bus_kernel_create_bus(const char *name, bool world, char **s);
int bus_kernel_create_endpoint(const char *bus_name, const char *ep_name, char **path);
-int bus_kernel_create_domain(const char *name, char **s);
int bus_kernel_set_endpoint_policy(int fd, uid_t uid, BusEndpoint *ep);
diff --git a/src/libsystemd/sd-bus/kdbus.h b/src/libsystemd/sd-bus/kdbus.h
index a870b17..e3a80c3 100644
--- a/src/libsystemd/sd-bus/kdbus.h
+++ b/src/libsystemd/sd-bus/kdbus.h
@@ -635,8 +635,8 @@ enum kdbus_make_flags {
* @kernel_flags: Supported flags for the used command, kernel → userspace
* @items: Items describing details
*
- * This structure is used with the KDBUS_CMD_BUS_MAKE, KDBUS_CMD_ENDPOINT_MAKE
- * and KDBUS_CMD_DOMAIN_MAKE ioctls.
+ * This structure is used with the KDBUS_CMD_BUS_MAKE and
+ * KDBUS_CMD_ENDPOINT_MAKE ioctls.
*/
struct kdbus_cmd_make {
__u64 size;
@@ -839,8 +839,6 @@ struct kdbus_cmd_match {
* name. The bus is immediately shut down and
* cleaned up when the opened "control" device node
* is closed.
- * KDBUS_CMD_DOMAIN_MAKE: Similar to KDBUS_CMD_BUS_MAKE, but it creates a
- * new kdbus domain.
* KDBUS_CMD_ENDPOINT_MAKE: Creates a new named special endpoint to talk to
* the bus. Such endpoints usually carry a more
* restrictive policy and grant restricted access
@@ -887,44 +885,42 @@ struct kdbus_cmd_match {
*/
#define KDBUS_CMD_BUS_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x00, \
struct kdbus_cmd_make)
-#define KDBUS_CMD_DOMAIN_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x10, \
- struct kdbus_cmd_make)
-#define KDBUS_CMD_ENDPOINT_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x20, \
+#define KDBUS_CMD_ENDPOINT_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x10, \
struct kdbus_cmd_make)
-#define KDBUS_CMD_HELLO _IOWR(KDBUS_IOCTL_MAGIC, 0x30, \
+#define KDBUS_CMD_HELLO _IOWR(KDBUS_IOCTL_MAGIC, 0x20, \
struct kdbus_cmd_hello)
-#define KDBUS_CMD_BYEBYE _IO(KDBUS_IOCTL_MAGIC, 0x31) \
+#define KDBUS_CMD_BYEBYE _IO(KDBUS_IOCTL_MAGIC, 0x21) \
-#define KDBUS_CMD_MSG_SEND _IOWR(KDBUS_IOCTL_MAGIC, 0x40, \
+#define KDBUS_CMD_MSG_SEND _IOWR(KDBUS_IOCTL_MAGIC, 0x30, \
struct kdbus_msg)
-#define KDBUS_CMD_MSG_RECV _IOWR(KDBUS_IOCTL_MAGIC, 0x41, \
+#define KDBUS_CMD_MSG_RECV _IOWR(KDBUS_IOCTL_MAGIC, 0x31, \
struct kdbus_cmd_recv)
-#define KDBUS_CMD_MSG_CANCEL _IOW(KDBUS_IOCTL_MAGIC, 0x42, \
+#define KDBUS_CMD_MSG_CANCEL _IOW(KDBUS_IOCTL_MAGIC, 0x32, \
struct kdbus_cmd_cancel)
-#define KDBUS_CMD_FREE _IOW(KDBUS_IOCTL_MAGIC, 0x43, \
+#define KDBUS_CMD_FREE _IOW(KDBUS_IOCTL_MAGIC, 0x33, \
struct kdbus_cmd_free)
-#define KDBUS_CMD_NAME_ACQUIRE _IOWR(KDBUS_IOCTL_MAGIC, 0x50, \
+#define KDBUS_CMD_NAME_ACQUIRE _IOWR(KDBUS_IOCTL_MAGIC, 0x40, \
struct kdbus_cmd_name)
-#define KDBUS_CMD_NAME_RELEASE _IOW(KDBUS_IOCTL_MAGIC, 0x51, \
+#define KDBUS_CMD_NAME_RELEASE _IOW(KDBUS_IOCTL_MAGIC, 0x41, \
struct kdbus_cmd_name)
-#define KDBUS_CMD_NAME_LIST _IOWR(KDBUS_IOCTL_MAGIC, 0x52, \
+#define KDBUS_CMD_NAME_LIST _IOWR(KDBUS_IOCTL_MAGIC, 0x42, \
struct kdbus_cmd_name_list)
-#define KDBUS_CMD_CONN_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x60, \
+#define KDBUS_CMD_CONN_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x50, \
struct kdbus_cmd_info)
-#define KDBUS_CMD_CONN_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x61, \
+#define KDBUS_CMD_CONN_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x51, \
struct kdbus_cmd_update)
-#define KDBUS_CMD_BUS_CREATOR_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x62, \
+#define KDBUS_CMD_BUS_CREATOR_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x52, \
struct kdbus_cmd_info)
-#define KDBUS_CMD_ENDPOINT_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x71, \
+#define KDBUS_CMD_ENDPOINT_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x61, \
struct kdbus_cmd_update)
-#define KDBUS_CMD_MATCH_ADD _IOW(KDBUS_IOCTL_MAGIC, 0x80, \
+#define KDBUS_CMD_MATCH_ADD _IOW(KDBUS_IOCTL_MAGIC, 0x70, \
struct kdbus_cmd_match)
-#define KDBUS_CMD_MATCH_REMOVE _IOW(KDBUS_IOCTL_MAGIC, 0x81, \
+#define KDBUS_CMD_MATCH_REMOVE _IOW(KDBUS_IOCTL_MAGIC, 0x71, \
struct kdbus_cmd_match)
#endif /* _KDBUS_UAPI_H_ */
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index e6b47f7..b1a1f79 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -807,7 +807,7 @@ static int parse_container_kernel_address(sd_bus *b, const char **p, char **guid
machine = NULL;
free(b->kernel);
- b->kernel = strdup("/dev/kdbus/0-system/bus");
+ b->kernel = strdup("/sys/fs/kdbus/0-system/bus");
if (!b->kernel)
return -ENOMEM;
diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
index 0c71177..9250a69 100644
--- a/src/login/pam_systemd.c
+++ b/src/login/pam_systemd.c
@@ -180,7 +180,7 @@ static int export_legacy_dbus_address(
int r;
/* skip export if kdbus is not active */
- if (access("/dev/kdbus", F_OK) < 0)
+ if (access("/sys/fs/kdbus", F_OK) < 0)
return PAM_SUCCESS;
if (asprintf(&s, KERNEL_USER_BUS_FMT ";" UNIX_USER_BUS_FMT,
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index fca3222..c2311b3 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1441,26 +1441,6 @@ static int setup_journal(const char *directory) {
return 0;
}
-static int setup_kdbus(const char *dest, const char *path) {
- const char *p;
-
- if (!path)
- return 0;
-
- p = strappenda(dest, "/dev/kdbus");
- if (mkdir(p, 0755) < 0) {
- log_error("Failed to create kdbus path: %m");
- return -errno;
- }
-
- if (mount(path, p, "bind", MS_BIND, NULL) < 0) {
- log_error("Failed to mount kdbus domain path: %m");
- return -errno;
- }
-
- return 0;
-}
-
static int drop_capabilities(void) {
return capability_bounding_set_drop(~arg_retain, false);
}
@@ -1546,7 +1526,7 @@ static int register_machine(pid_t pid, int local_ifindex) {
return r;
}
- r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 11,
+ r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 9,
/* Allow the container to
* access and create the API
* device nodes, so that
@@ -1566,18 +1546,7 @@ static int register_machine(pid_t pid, int local_ifindex) {
* container to ever create
* these device nodes. */
"/dev/pts/ptmx", "rw",
- "char-pts", "rw",
- /* Allow the container
- * access to all kdbus
- * devices. Again, the
- * container cannot create
- * these nodes, only use
- * them. We use a pretty
- * open match here, so that
- * the kernel API can still
- * change. */
- "char-kdbus", "rw",
- "char-kdbus/*", "rw");
+ "char-pts", "rw");
if (r < 0) {
log_error("Failed to add device whitelist: %s", strerror(-r));
return r;
@@ -2991,9 +2960,9 @@ static int on_orderly_shutdown(sd_event_source *s, const struct signalfd_siginfo
int main(int argc, char *argv[]) {
- _cleanup_free_ char *kdbus_domain = NULL, *device_path = NULL, *root_device = NULL, *home_device = NULL, *srv_device = NULL;
+ _cleanup_free_ char *device_path = NULL, *root_device = NULL, *home_device = NULL, *srv_device = NULL;
bool root_device_rw = true, home_device_rw = true, srv_device_rw = true;
- _cleanup_close_ int master = -1, kdbus_fd = -1, image_fd = -1;
+ _cleanup_close_ int master = -1, image_fd = -1;
_cleanup_close_pair_ int kmsg_socket_pair[2] = { -1, -1 };
_cleanup_fdset_free_ FDSet *fds = NULL;
int r = EXIT_FAILURE, k, n_fd_passed, loop_nr = -1;
@@ -3140,26 +3109,6 @@ int main(int argc, char *argv[]) {
goto finish;
}
- if (access("/dev/kdbus/control", F_OK) >= 0) {
-
- if (arg_share_system) {
- kdbus_domain = strdup("/dev/kdbus");
- if (!kdbus_domain) {
- log_oom();
- goto finish;
- }
- } else {
- const char *ns;
-
- ns = strappenda("machine-", arg_machine);
- kdbus_fd = bus_kernel_create_domain(ns, &kdbus_domain);
- if (r < 0)
- log_debug("Failed to create kdbus domain: %s", strerror(-r));
- else
- log_debug("Successfully created kdbus domain as %s", kdbus_domain);
- }
- }
-
if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, kmsg_socket_pair) < 0) {
log_error("Failed to create kmsg socket pair: %m");
goto finish;
@@ -3365,9 +3314,6 @@ int main(int argc, char *argv[]) {
if (mount_tmpfs(arg_directory) < 0)
_exit(EXIT_FAILURE);
- if (setup_kdbus(arg_directory, kdbus_domain) < 0)
- _exit(EXIT_FAILURE);
-
/* Tell the parent that we are ready, and that
* it can cgroupify us to that we lack access
* to certain devices and resources. */
diff --git a/src/shared/def.h b/src/shared/def.h
index 92394e8..98e3e10 100644
--- a/src/shared/def.h
+++ b/src/shared/def.h
@@ -62,7 +62,7 @@
#endif
#define UNIX_SYSTEM_BUS_PATH "unix:path=/var/run/dbus/system_bus_socket"
-#define KERNEL_SYSTEM_BUS_PATH "kernel:path=/dev/kdbus/0-system/bus"
+#define KERNEL_SYSTEM_BUS_PATH "kernel:path=/sys/fs/kdbus/0-system/bus"
#ifdef ENABLE_KDBUS
# define DEFAULT_SYSTEM_BUS_PATH KERNEL_SYSTEM_BUS_PATH ";" UNIX_SYSTEM_BUS_PATH
@@ -71,7 +71,7 @@
#endif
#define UNIX_USER_BUS_FMT "unix:path=%s/bus"
-#define KERNEL_USER_BUS_FMT "kernel:path=/dev/kdbus/"UID_FMT"-user/bus"
+#define KERNEL_USER_BUS_FMT "kernel:path=/sys/fs/kdbus/"UID_FMT"-user/bus"
#define PLYMOUTH_SOCKET { \
.un.sun_family = AF_UNIX, \
diff --git a/units/systemd-bus-proxyd at .service.in b/units/systemd-bus-proxyd at .service.in
index eef703f..fdcd302 100644
--- a/units/systemd-bus-proxyd at .service.in
+++ b/units/systemd-bus-proxyd at .service.in
@@ -12,7 +12,7 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
# The first argument will be replaced by the service by information on
# the process requesting the proxy, we need a placeholder to keep the
# space available for this.
-ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges --address=kernel:path=/dev/kdbus/0-system/bus --configuration=/etc/dbus-1/system.conf --configuration=/etc/dbus-1/system-local.conf --configuration=/etc/dbus-1/system.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges --address=kernel:path=/sys/fs/kdbus/0-system/bus --configuration=/etc/dbus-1/system.conf --configuration=/etc/dbus-1/system-local.conf --configuration=/etc/dbus-1/system.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NotifyAccess=main
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
PrivateTmp=yes
diff --git a/units/user/systemd-bus-proxyd at .service.in b/units/user/systemd-bus-proxyd at .service.in
index 2f4df7c..48294db 100644
--- a/units/user/systemd-bus-proxyd at .service.in
+++ b/units/user/systemd-bus-proxyd at .service.in
@@ -12,5 +12,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
# The first argument will be replaced by the service by information on
# the process requesting the proxy, we need a placeholder to keep the
# space available for this.
-ExecStart=@rootlibexecdir@/systemd-bus-proxyd --address=kernel:path=/dev/kdbus/%U-user/bus --configuration=/etc/dbus-1/session.conf --configuration=/etc/dbus-1/session-local.conf --configuration=/etc/dbus-1/session.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+ExecStart=@rootlibexecdir@/systemd-bus-proxyd --address=kernel:path=/sys/fs/kdbus/%U-user/bus --configuration=/etc/dbus-1/session.conf --configuration=/etc/dbus-1/session-local.conf --configuration=/etc/dbus-1/session.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NotifyAccess=main
commit c1ec25a0634bba8ef82b69ac603597d4749baf9d
Author: Daniel Mack <daniel at zonque.org>
Date: Thu Nov 13 11:59:29 2014 +0100
bus-proxyd: temporarily disable policy checks again
There are issues to investigate on with policies shipped by some
packages, which we'll address later. Move that topic out of the
way for now to bring sd-bus in sync with upstream kdbus.
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index d6607ed..cbbafcf 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -1478,8 +1478,10 @@ int main(int argc, char *argv[]) {
assert_se(sd_bus_creds_get_uid(bus_creds, &uid) == 0);
+/*
if (uid == 0 || uid != ucred.uid)
p = &policy;
+*/
/* We officially got EOF, let's quit */
if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected")) {
More information about the systemd-commits
mailing list