[systemd-devel] [PATCH 3/4] units: differentiate the bus proxy and bus driver for the user manager

Giovanni Campagna scampa.giovanni at gmail.com
Thu Dec 26 14:35:12 PST 2013 

From: Giovanni Campagna <gcampagna at src.gnome.org>

The bus proxy and bus driver need to connect to the user bus when
started by the user manager, so they need different service files.
Also, they cannot have their capability bounding set restricted
(because the unprivileged systemd can't do that), and at the same
time they do need the IPC_OWNER capability, to fake credentials
on kdbus.
---
 Makefile.am                               | 24 ++++++++++++++++++++----
 units/user/systemd-bus-driverd.service.in | 14 ++++++++++++++
 units/user/systemd-bus-proxyd.socket      |  3 ++-
 units/user/systemd-bus-proxyd at .service.in | 16 ++++++++++++++++
 4 files changed, 52 insertions(+), 5 deletions(-)
 create mode 100644 units/user/systemd-bus-driverd.service.in
 create mode 100644 units/user/systemd-bus-proxyd at .service.in

diff --git a/Makefile.am b/Makefile.am
index 87f7558..67ebc3f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1905,6 +1905,7 @@ systemd_bus_proxyd_LDADD = \
 
 bus-proxyd-install-hook:
 	$(AM_V_LN)$(LN_S) -f ../../lib/systemd/systemd-bus-proxyd $(DESTDIR)$(bindir)/systemd-stdio-bridge
+	-$(SETCAP) cap_ipc_owner=ep $(DESTDIR)$(rootlibexecdir)/systemd-bus-proxyd
 
 bus-proxyd-uninstall-hook:
 	rm -f $(DESTDIR)$(bindir)/systemd-stdio-bridge
@@ -1919,15 +1920,19 @@ nodist_systemunit_DATA += \
 dist_systemunit_DATA += \
 	units/systemd-bus-proxyd.socket
 
+nodist_userunit_DATA += \
+	units/user/systemd-bus-proxyd at .service
+
 dist_userunit_DATA += \
 	units/user/systemd-bus-proxyd.socket
 
-USER_UNIT_ALIASES += \
-	$(systemunitdir)/systemd-bus-proxyd at .service systemd-bus-proxyd at .service
+SOCKETS_TARGET_WANTS += systemd-bus-proxyd.socket
+USER_SOCKETS_TARGET_WANTS += systemd-bus-proxyd.socket
 endif
 
 EXTRA_DIST += \
-	units/systemd-bus-proxyd at .service.in
+	units/systemd-bus-proxyd at .service.in \
+	units/user/systemd-bus-proxyd at .service.in
 
 # ------------------------------------------------------------------------------
 systemd_tty_ask_password_agent_SOURCES = \
@@ -3750,14 +3755,25 @@ nodist_systemunit_DATA += \
 dist_systemunit_DATA += \
 	units/org.freedesktop.DBus.busname
 
+nodist_userunit_DATA += \
+	units/user/systemd-bus-driverd.service
+
+dist_userunit_DATA += \
+	units/org.freedesktop.DBus.busname
+
 BUSNAMES_TARGET_WANTS += \
 	org.freedesktop.DBus.busname
-
+USER_BUSNAMES_TARGET_WANTS += \
+	org.freedesktop.DBus.busname
+INSTALL_EXEC_HOOKS += bus-driverd-install-hook
 endif
 
 EXTRA_DIST += \
 	units/systemd-bus-driverd.service.in
 
+bus-driverd-install-hook:
+	-$(SETCAP) cap_ipc_owner=ep $(DESTDIR)$(rootlibexecdir)/systemd-bus-driverd
+
 # ------------------------------------------------------------------------------
 if ENABLE_LOCALED
 systemd_localed_SOURCES = \
diff --git a/units/user/systemd-bus-driverd.service.in b/units/user/systemd-bus-driverd.service.in
new file mode 100644
index 0000000..7f13da0
--- /dev/null
+++ b/units/user/systemd-bus-driverd.service.in
@@ -0,0 +1,14 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Bus Driver Service
+
+[Service]
+ExecStart=@rootlibexecdir@/systemd-bus-driverd --user
+BusName=org.freedesktop.DBus
+WatchdogSec=1min
diff --git a/units/user/systemd-bus-proxyd.socket b/units/user/systemd-bus-proxyd.socket
index 1971063..35bcca4 100644
--- a/units/user/systemd-bus-proxyd.socket
+++ b/units/user/systemd-bus-proxyd.socket
@@ -9,4 +9,5 @@
 Description=Legacy D-Bus Protocol Compatibility Socket
 
 [Socket]
-ListenStream=%r/bus
+ListenStream=%t/bus
+Accept=true
diff --git a/units/user/systemd-bus-proxyd at .service.in b/units/user/systemd-bus-proxyd at .service.in
new file mode 100644
index 0000000..b21e172
--- /dev/null
+++ b/units/user/systemd-bus-proxyd at .service.in
@@ -0,0 +1,16 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Legacy D-Bus Protocol Compatibility Daemon
+
+[Service]
+# The first argument will be replaced by the service by information on
+# the process requesting the proxy, we need a placeholder to keep the
+# space available for this.
+ExecStart=@rootlibexecdir@/systemd-bus-proxyd --address kernel:path=/dev/kdbus/%U-user/bus xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+NotifyAccess=main
-- 
1.8.4.2

More information about the systemd-devel mailing list