[systemd-devel] [PATCH][RFC] bus-proxy: add support for "GetConnectionCredentials" method

Djalal Harouni tixxdz at opendz.org
Thu Feb 19 08:44:34 PST 2015


On Thu, Feb 19, 2015 at 01:05:22PM +0000, Simon McVittie wrote:
> On 19/02/15 12:43, Lukasz Skalski wrote:
> >GetConnectionCredentials method was added to dbus-1 specification
> >more than one year ago. This method should return "[...] as many
> >credentials as possible for the process connected to the server",
> >but at this moment only "UnixUserID" and "ProcessID" are defined
> >by the specification. We should add support for next credentials
> >after extending dbus-1 spec.
> 
> As of dbus master (soon to be 1.9.12), LinuxSecurityLabel is also
> defined. It's the bytestring from SO_PEERSEC, whatever that means
> for the current LSM(s), with a trailing '\0' appended if there
> wasn't already one there. AppArmor, SELinux and Smack developers
> have all told me this is valid for their LSMs.
> 
> Spec patches welcome for others, but I don't think there's a great
> deal of point in adding GetConnectionCredentials support for
> additional credentials that can be transferred over kdbus but not
> (securely) over AF_UNIX: anything with enough kdbus knowledge to
> know about those might as well be using kdbus directly.
> 
> >+                r = get_creds_by_message(a, m, SD_BUS_CREDS_PID|SD_BUS_CREDS_EUID, &creds, &error);
> 
> Can this ever return "unknown" (-1?) for creds->pid or creds->euid?
So, I'm missing lot of bits, but pid can be 0, euid can perhaps be
(uid_t)-1 which is also a valid value... that maps to the INVALID_UID


-- 
Djalal Harouni
http://opendz.org


More information about the systemd-devel mailing list