basebuilder_pel7x64builder0
5 years ago
9 changed files with 2216 additions and 0 deletions
@ -0,0 +1,17 @@ |
|||||||
|
#!/bin/sh |
||||||
|
# Copyright (C) 2008 Red Hat, Inc. |
||||||
|
# |
||||||
|
# All rights reserved. This copyrighted material is made available to anyone |
||||||
|
# wishing to use, modify, copy, or redistribute it subject to the terms and |
||||||
|
# conditions of the GNU General Public License version 2. |
||||||
|
# |
||||||
|
# You should have received a copy of the GNU General Public License |
||||||
|
# along with this program; if not, write to the Free Software |
||||||
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
||||||
|
# |
||||||
|
|
||||||
|
DBUS_SESSION_BUS_ADDRESS=`printenv DBUS_SESSION_BUS_ADDRESS` |
||||||
|
|
||||||
|
if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then |
||||||
|
eval `dbus-launch --sh-syntax --exit-with-session` |
||||||
|
fi |
@ -0,0 +1,28 @@ |
|||||||
|
From 8e3c46c33f32290bc2f205de62a7d9ba01994f72 Mon Sep 17 00:00:00 2001 |
||||||
|
From: David King <dking@redhat.com> |
||||||
|
Date: Wed, 7 Feb 2018 14:37:24 +0000 |
||||||
|
Subject: [PATCH] bus: raise fd limits before dropping privs |
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1529044 |
||||||
|
--- |
||||||
|
bus/bus.c | 5 +++++ |
||||||
|
1 file changed, 5 insertions(+) |
||||||
|
|
||||||
|
diff --git a/bus/bus.c b/bus/bus.c |
||||||
|
index a6f8db47..4b922a89 100644 |
||||||
|
--- a/bus/bus.c |
||||||
|
+++ b/bus/bus.c |
||||||
|
@@ -940,6 +940,11 @@ bus_context_new (const DBusString *confi |
||||||
|
*/ |
||||||
|
if (context->user != NULL) |
||||||
|
{ |
||||||
|
+ /* Raise the file descriptor limits before dropping the privileges |
||||||
|
+ * required to do so. |
||||||
|
+ */ |
||||||
|
+ raise_file_descriptor_limit (context); |
||||||
|
+ |
||||||
|
if (!_dbus_change_to_daemon_user (context->user, error)) |
||||||
|
{ |
||||||
|
_DBUS_ASSERT_ERROR_IS_SET (error); |
||||||
|
-- |
||||||
|
2.14.3 |
@ -0,0 +1,27 @@ |
|||||||
|
From f988e7327e5d8f372cc0c7d1478d12a74be113d3 Mon Sep 17 00:00:00 2001 |
||||||
|
From: David King <amigadave@amigadave.com> |
||||||
|
Date: Fri, 15 Sep 2017 14:01:53 +0100 |
||||||
|
Subject: [PATCH] Reduce default session bus max fd limits |
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1133732 |
||||||
|
--- |
||||||
|
bus/session.conf.in | 4 ++-- |
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-) |
||||||
|
|
||||||
|
diff --git a/bus/session.conf.in b/bus/session.conf.in |
||||||
|
index affa7f1d..294a051d 100644 |
||||||
|
--- a/bus/session.conf.in |
||||||
|
+++ b/bus/session.conf.in |
||||||
|
@@ -69,8 +69,8 @@ |
||||||
|
<limit name="service_start_timeout">120000</limit> |
||||||
|
<limit name="auth_timeout">240000</limit> |
||||||
|
<limit name="pending_fd_timeout">150000</limit> |
||||||
|
- <limit name="max_completed_connections">100000</limit> |
||||||
|
- <limit name="max_incomplete_connections">10000</limit> |
||||||
|
+ <limit name="max_completed_connections">900</limit> |
||||||
|
+ <limit name="max_incomplete_connections">92</limit> |
||||||
|
<limit name="max_connections_per_user">100000</limit> |
||||||
|
<limit name="max_pending_service_starts">10000</limit> |
||||||
|
<limit name="max_names_per_connection">50000</limit> |
||||||
|
-- |
||||||
|
2.13.5 |
@ -0,0 +1,500 @@ |
|||||||
|
From dc2074588d3e7b5a216cb8c0b82094157c3cf773 Mon Sep 17 00:00:00 2001 |
||||||
|
From: David King <dking@redhat.com> |
||||||
|
Date: Mon, 25 Jun 2018 14:46:14 -0400 |
||||||
|
Subject: [PATCH] daemon: use HOME as the working directory |
||||||
|
|
||||||
|
Session buses started as part of a systemd --user session are launched |
||||||
|
with the current working directory being the home directory of the user. |
||||||
|
Applications which are launched via dbus activation inherit the working |
||||||
|
directory from the session bus dbus-daemon. |
||||||
|
|
||||||
|
When dbus-launch is used to start dbus-daemon, as is commonly the case |
||||||
|
with a session manager such as gnome-session, this leads to applications |
||||||
|
having a default working directory of "/", which is undesirable (as an |
||||||
|
example, the default directory in a GTK+ save dialog becomes "/"). |
||||||
|
|
||||||
|
As an improvement, make dbus-launch use the value of the environment |
||||||
|
variable HOME, if it is set, as the current working directory. |
||||||
|
|
||||||
|
Signed-off-by: David King <dking@redhat.com> |
||||||
|
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106987 |
||||||
|
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1470310 |
||||||
|
--- |
||||||
|
bus/bus.c | 9 +++++++++ |
||||||
|
dbus/dbus-sysdeps-util-unix.c | 8 +++++--- |
||||||
|
dbus/dbus-sysdeps-util-win.c | 2 ++ |
||||||
|
dbus/dbus-sysdeps.h | 1 + |
||||||
|
doc/dbus-launch.1.xml.in | 4 ++++ |
||||||
|
tools/dbus-launch.c | 22 ++++++++++++++-------- |
||||||
|
6 files changed, 35 insertions(+), 11 deletions(-) |
||||||
|
|
||||||
|
diff --git a/bus/bus.c b/bus/bus.c |
||||||
|
index f788e677..da2b2c1f 100644 |
||||||
|
--- a/bus/bus.c |
||||||
|
+++ b/bus/bus.c |
||||||
|
@@ -870,63 +870,72 @@ bus_context_new (const DBusString *config_file, |
||||||
|
|
||||||
|
context->matchmaker = bus_matchmaker_new (); |
||||||
|
if (context->matchmaker == NULL) |
||||||
|
{ |
||||||
|
BUS_SET_OOM (error); |
||||||
|
goto failed; |
||||||
|
} |
||||||
|
|
||||||
|
/* check user before we fork */ |
||||||
|
if (context->user != NULL) |
||||||
|
{ |
||||||
|
if (!_dbus_verify_daemon_user (context->user)) |
||||||
|
{ |
||||||
|
dbus_set_error (error, DBUS_ERROR_FAILED, |
||||||
|
"Could not get UID and GID for username \"%s\"", |
||||||
|
context->user); |
||||||
|
goto failed; |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
/* Now become a daemon if appropriate and write out pid file in any case */ |
||||||
|
{ |
||||||
|
DBusString u; |
||||||
|
|
||||||
|
if (context->pidfile) |
||||||
|
_dbus_string_init_const (&u, context->pidfile); |
||||||
|
|
||||||
|
if (((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 && context->fork) || |
||||||
|
(flags & BUS_CONTEXT_FLAG_FORK_ALWAYS)) |
||||||
|
{ |
||||||
|
+ const char *working_dir = NULL; |
||||||
|
+ |
||||||
|
_dbus_verbose ("Forking and becoming daemon\n"); |
||||||
|
|
||||||
|
+ if (context->type != NULL && strcmp (context->type, "session") == 0) |
||||||
|
+ working_dir = _dbus_getenv ("HOME"); |
||||||
|
+ |
||||||
|
+ if (working_dir == NULL) |
||||||
|
+ working_dir = "/"; |
||||||
|
+ |
||||||
|
if (!_dbus_become_daemon (context->pidfile ? &u : NULL, |
||||||
|
+ working_dir, |
||||||
|
print_pid_pipe, |
||||||
|
error, |
||||||
|
context->keep_umask)) |
||||||
|
{ |
||||||
|
_DBUS_ASSERT_ERROR_IS_SET (error); |
||||||
|
goto failed; |
||||||
|
} |
||||||
|
} |
||||||
|
else |
||||||
|
{ |
||||||
|
_dbus_verbose ("Fork not requested\n"); |
||||||
|
|
||||||
|
/* Need to write PID file and to PID pipe for ourselves, |
||||||
|
* not for the child process. This is a no-op if the pidfile |
||||||
|
* is NULL and print_pid_pipe is NULL. |
||||||
|
*/ |
||||||
|
if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL, |
||||||
|
print_pid_pipe, |
||||||
|
_dbus_getpid (), |
||||||
|
error)) |
||||||
|
{ |
||||||
|
_DBUS_ASSERT_ERROR_IS_SET (error); |
||||||
|
goto failed; |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) && |
||||||
|
!_dbus_pipe_is_stdout_or_stderr (print_pid_pipe)) |
||||||
|
_dbus_pipe_close (print_pid_pipe, NULL); |
||||||
|
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c |
||||||
|
index 9b724cc9..30bb1441 100644 |
||||||
|
--- a/dbus/dbus-sysdeps-util-unix.c |
||||||
|
+++ b/dbus/dbus-sysdeps-util-unix.c |
||||||
|
@@ -49,82 +49,84 @@ |
||||||
|
#include <sys/socket.h> |
||||||
|
#include <dirent.h> |
||||||
|
#include <sys/un.h> |
||||||
|
|
||||||
|
#ifdef HAVE_SYSLOG_H |
||||||
|
#include <syslog.h> |
||||||
|
#endif |
||||||
|
|
||||||
|
#ifdef HAVE_SYS_SYSLIMITS_H |
||||||
|
#include <sys/syslimits.h> |
||||||
|
#endif |
||||||
|
|
||||||
|
#ifdef HAVE_SYSTEMD |
||||||
|
#include <systemd/sd-daemon.h> |
||||||
|
#endif |
||||||
|
|
||||||
|
#ifndef O_BINARY |
||||||
|
#define O_BINARY 0 |
||||||
|
#endif |
||||||
|
|
||||||
|
/** |
||||||
|
* @addtogroup DBusInternalsUtils |
||||||
|
* @{ |
||||||
|
*/ |
||||||
|
|
||||||
|
|
||||||
|
/** |
||||||
|
* Does the chdir, fork, setsid, etc. to become a daemon process. |
||||||
|
* |
||||||
|
* @param pidfile #NULL, or pidfile to create |
||||||
|
+ * @param working_dir directory to chdir to |
||||||
|
* @param print_pid_pipe pipe to print daemon's pid to, or -1 for none |
||||||
|
* @param error return location for errors |
||||||
|
* @param keep_umask #TRUE to keep the original umask |
||||||
|
* @returns #FALSE on failure |
||||||
|
*/ |
||||||
|
dbus_bool_t |
||||||
|
_dbus_become_daemon (const DBusString *pidfile, |
||||||
|
+ const char *working_dir, |
||||||
|
DBusPipe *print_pid_pipe, |
||||||
|
DBusError *error, |
||||||
|
dbus_bool_t keep_umask) |
||||||
|
{ |
||||||
|
const char *s; |
||||||
|
pid_t child_pid; |
||||||
|
int dev_null_fd; |
||||||
|
|
||||||
|
_dbus_verbose ("Becoming a daemon...\n"); |
||||||
|
|
||||||
|
- _dbus_verbose ("chdir to /\n"); |
||||||
|
- if (chdir ("/") < 0) |
||||||
|
+ _dbus_verbose ("chdir to %s\n", working_dir); |
||||||
|
+ if (chdir (working_dir) < 0) |
||||||
|
{ |
||||||
|
dbus_set_error (error, DBUS_ERROR_FAILED, |
||||||
|
- "Could not chdir() to root directory"); |
||||||
|
+ "Could not chdir() to working directory (%s)", working_dir); |
||||||
|
return FALSE; |
||||||
|
} |
||||||
|
|
||||||
|
_dbus_verbose ("forking...\n"); |
||||||
|
switch ((child_pid = fork ())) |
||||||
|
{ |
||||||
|
case -1: |
||||||
|
_dbus_verbose ("fork failed\n"); |
||||||
|
dbus_set_error (error, _dbus_error_from_errno (errno), |
||||||
|
"Failed to fork daemon: %s", _dbus_strerror (errno)); |
||||||
|
return FALSE; |
||||||
|
break; |
||||||
|
|
||||||
|
case 0: |
||||||
|
_dbus_verbose ("in child, closing std file descriptors\n"); |
||||||
|
|
||||||
|
/* silently ignore failures here, if someone |
||||||
|
* doesn't have /dev/null we may as well try |
||||||
|
* to continue anyhow |
||||||
|
*/ |
||||||
|
|
||||||
|
dev_null_fd = open ("/dev/null", O_RDWR); |
||||||
|
if (dev_null_fd >= 0) |
||||||
|
{ |
||||||
|
dup2 (dev_null_fd, 0); |
||||||
|
dup2 (dev_null_fd, 1); |
||||||
|
|
||||||
|
s = _dbus_getenv ("DBUS_DEBUG_OUTPUT"); |
||||||
|
if (s == NULL || *s == '\0') |
||||||
|
dup2 (dev_null_fd, 2); |
||||||
|
diff --git a/dbus/dbus-sysdeps-util-win.c b/dbus/dbus-sysdeps-util-win.c |
||||||
|
index 3b754dbf..bfc1cb90 100644 |
||||||
|
--- a/dbus/dbus-sysdeps-util-win.c |
||||||
|
+++ b/dbus/dbus-sysdeps-util-win.c |
||||||
|
@@ -27,67 +27,69 @@ |
||||||
|
#define STRSAFE_NO_DEPRECATE |
||||||
|
|
||||||
|
#include "dbus-sysdeps.h" |
||||||
|
#include "dbus-internals.h" |
||||||
|
#include "dbus-protocol.h" |
||||||
|
#include "dbus-string.h" |
||||||
|
#include "dbus-sysdeps.h" |
||||||
|
#include "dbus-sysdeps-win.h" |
||||||
|
#include "dbus-sockets-win.h" |
||||||
|
#include "dbus-memory.h" |
||||||
|
#include "dbus-pipe.h" |
||||||
|
|
||||||
|
#include <stdio.h> |
||||||
|
#include <stdlib.h> |
||||||
|
#if HAVE_ERRNO_H |
||||||
|
#include <errno.h> |
||||||
|
#endif |
||||||
|
#include <winsock2.h> // WSA error codes |
||||||
|
|
||||||
|
#ifndef DBUS_WINCE |
||||||
|
#include <io.h> |
||||||
|
#include <lm.h> |
||||||
|
#include <sys/stat.h> |
||||||
|
#endif |
||||||
|
|
||||||
|
|
||||||
|
/** |
||||||
|
* Does the chdir, fork, setsid, etc. to become a daemon process. |
||||||
|
* |
||||||
|
* @param pidfile #NULL, or pidfile to create |
||||||
|
+ * @param working_dir directory to chdir to |
||||||
|
* @param print_pid_pipe file descriptor to print daemon's pid to, or -1 for none |
||||||
|
* @param error return location for errors |
||||||
|
* @param keep_umask #TRUE to keep the original umask |
||||||
|
* @returns #FALSE on failure |
||||||
|
*/ |
||||||
|
dbus_bool_t |
||||||
|
_dbus_become_daemon (const DBusString *pidfile, |
||||||
|
+ const char *working_dir, |
||||||
|
DBusPipe *print_pid_pipe, |
||||||
|
DBusError *error, |
||||||
|
dbus_bool_t keep_umask) |
||||||
|
{ |
||||||
|
dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, |
||||||
|
"Cannot daemonize on Windows"); |
||||||
|
return FALSE; |
||||||
|
} |
||||||
|
|
||||||
|
/** |
||||||
|
* Creates a file containing the process ID. |
||||||
|
* |
||||||
|
* @param filename the filename to write to |
||||||
|
* @param pid our process ID |
||||||
|
* @param error return location for errors |
||||||
|
* @returns #FALSE on failure |
||||||
|
*/ |
||||||
|
static dbus_bool_t |
||||||
|
_dbus_write_pid_file (const DBusString *filename, |
||||||
|
unsigned long pid, |
||||||
|
DBusError *error) |
||||||
|
{ |
||||||
|
const char *cfilename; |
||||||
|
HANDLE hnd; |
||||||
|
char pidstr[20]; |
||||||
|
int total; |
||||||
|
int bytes_to_write; |
||||||
|
|
||||||
|
_DBUS_ASSERT_ERROR_IS_CLEAR (error); |
||||||
|
|
||||||
|
diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h |
||||||
|
index 0ee45c97..e569b545 100644 |
||||||
|
--- a/dbus/dbus-sysdeps.h |
||||||
|
+++ b/dbus/dbus-sysdeps.h |
||||||
|
@@ -498,60 +498,61 @@ int _dbus_printf_string_upper_bound (const char *format, |
||||||
|
va_list args); |
||||||
|
|
||||||
|
|
||||||
|
/** |
||||||
|
* Portable struct with stat() results |
||||||
|
*/ |
||||||
|
typedef struct |
||||||
|
{ |
||||||
|
unsigned long mode; /**< File mode */ |
||||||
|
unsigned long nlink; /**< Number of hard links */ |
||||||
|
dbus_uid_t uid; /**< User owning file */ |
||||||
|
dbus_gid_t gid; /**< Group owning file */ |
||||||
|
unsigned long size; /**< Size of file */ |
||||||
|
unsigned long atime; /**< Access time */ |
||||||
|
unsigned long mtime; /**< Modify time */ |
||||||
|
unsigned long ctime; /**< Creation time */ |
||||||
|
} DBusStat; |
||||||
|
|
||||||
|
dbus_bool_t _dbus_stat (const DBusString *filename, |
||||||
|
DBusStat *statbuf, |
||||||
|
DBusError *error); |
||||||
|
DBUS_PRIVATE_EXPORT |
||||||
|
dbus_bool_t _dbus_socketpair (DBusSocket *fd1, |
||||||
|
DBusSocket *fd2, |
||||||
|
dbus_bool_t blocking, |
||||||
|
DBusError *error); |
||||||
|
|
||||||
|
void _dbus_print_backtrace (void); |
||||||
|
|
||||||
|
dbus_bool_t _dbus_become_daemon (const DBusString *pidfile, |
||||||
|
+ const char *working_dir, |
||||||
|
DBusPipe *print_pid_pipe, |
||||||
|
DBusError *error, |
||||||
|
dbus_bool_t keep_umask); |
||||||
|
|
||||||
|
dbus_bool_t _dbus_verify_daemon_user (const char *user); |
||||||
|
dbus_bool_t _dbus_change_to_daemon_user (const char *user, |
||||||
|
DBusError *error); |
||||||
|
|
||||||
|
dbus_bool_t _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile, |
||||||
|
DBusPipe *print_pid_pipe, |
||||||
|
dbus_pid_t pid_to_write, |
||||||
|
DBusError *error); |
||||||
|
|
||||||
|
dbus_bool_t _dbus_command_for_pid (unsigned long pid, |
||||||
|
DBusString *str, |
||||||
|
int max_len, |
||||||
|
DBusError *error); |
||||||
|
|
||||||
|
/** A UNIX signal handler */ |
||||||
|
typedef void (* DBusSignalHandler) (int sig); |
||||||
|
|
||||||
|
void _dbus_set_signal_handler (int sig, |
||||||
|
DBusSignalHandler handler); |
||||||
|
|
||||||
|
dbus_bool_t _dbus_user_at_console (const char *username, |
||||||
|
DBusError *error); |
||||||
|
|
||||||
|
void _dbus_init_system_log (dbus_bool_t is_daemon); |
||||||
|
|
||||||
|
typedef enum { |
||||||
|
diff --git a/doc/dbus-launch.1.xml.in b/doc/dbus-launch.1.xml.in |
||||||
|
index 5135d9ca..606c65be 100644 |
||||||
|
--- a/doc/dbus-launch.1.xml.in |
||||||
|
+++ b/doc/dbus-launch.1.xml.in |
||||||
|
@@ -23,60 +23,64 @@ |
||||||
|
<command>dbus-launch</command> |
||||||
|
<arg choice='opt'>--version </arg> |
||||||
|
<arg choice='opt'>--help </arg> |
||||||
|
<arg choice='opt'>--sh-syntax </arg> |
||||||
|
<arg choice='opt'>--csh-syntax </arg> |
||||||
|
<arg choice='opt'>--auto-syntax </arg> |
||||||
|
<arg choice='opt'>--binary-syntax </arg> |
||||||
|
<arg choice='opt'>--close-stderr </arg> |
||||||
|
<arg choice='opt'>--exit-with-session </arg> |
||||||
|
<arg choice='opt'>--autolaunch=<replaceable>MACHINEID</replaceable></arg> |
||||||
|
<arg choice='opt'>--config-file=<replaceable>FILENAME</replaceable></arg> |
||||||
|
<arg choice='opt'><replaceable>PROGRAM</replaceable></arg> |
||||||
|
<arg choice='opt' rep='repeat'><replaceable>ARGS</replaceable></arg> |
||||||
|
<sbr/> |
||||||
|
</cmdsynopsis> |
||||||
|
</refsynopsisdiv> |
||||||
|
|
||||||
|
|
||||||
|
<refsect1 id='description'><title>DESCRIPTION</title> |
||||||
|
<para>The <command>dbus-launch</command> command is used to start a session bus |
||||||
|
instance of <emphasis remap='I'>dbus-daemon</emphasis> from a shell script. |
||||||
|
It would normally be called from a user's login |
||||||
|
scripts. Unlike the daemon itself, <command>dbus-launch</command> exits, so |
||||||
|
backticks or the $() construct can be used to read information from |
||||||
|
<command>dbus-launch</command>.</para> |
||||||
|
|
||||||
|
<para>With no arguments, <command>dbus-launch</command> will launch a session bus |
||||||
|
instance and print the address and PID of that instance to standard |
||||||
|
output.</para> |
||||||
|
|
||||||
|
+<para>If the environment variable HOME is set, it is used as the current |
||||||
|
+working directory. Otherwise, the root directory (<filename>/</filename>) is |
||||||
|
+used.</para> |
||||||
|
+ |
||||||
|
<para>You may specify a program to be run; in this case, <command>dbus-launch</command> |
||||||
|
will launch a session bus instance, set the appropriate environment |
||||||
|
variables so the specified program can find the bus, and then execute the |
||||||
|
specified program, with the specified arguments. See below for |
||||||
|
examples.</para> |
||||||
|
|
||||||
|
<para>If you launch a program, <command>dbus-launch</command> will not print the |
||||||
|
information about the new bus to standard output.</para> |
||||||
|
|
||||||
|
<para>When <command>dbus-launch</command> prints bus information to standard output, by |
||||||
|
default it is in a simple key-value pairs format. However, you may |
||||||
|
request several alternate syntaxes using the --sh-syntax, --csh-syntax, |
||||||
|
--binary-syntax, or |
||||||
|
--auto-syntax options. Several of these cause <command>dbus-launch</command> to emit shell code |
||||||
|
to set up the environment.</para> |
||||||
|
|
||||||
|
<para>With the --auto-syntax option, <command>dbus-launch</command> looks at the value |
||||||
|
of the SHELL environment variable to determine which shell syntax |
||||||
|
should be used. If SHELL ends in "csh", then csh-compatible code is |
||||||
|
emitted; otherwise Bourne shell code is emitted. Instead of passing |
||||||
|
--auto-syntax, you may explicitly specify a particular one by using |
||||||
|
--sh-syntax for Bourne syntax, or --csh-syntax for csh syntax. |
||||||
|
In scripts, it's more robust to avoid --auto-syntax and you hopefully |
||||||
|
know which shell your script is written in.</para> |
||||||
|
|
||||||
|
|
||||||
|
<para>See <ulink url='http://www.freedesktop.org/software/dbus/'>http://www.freedesktop.org/software/dbus/</ulink> for more information |
||||||
|
about D-Bus. See also the man page for <emphasis remap='I'>dbus-daemon</emphasis>.</para> |
||||||
|
|
||||||
|
</refsect1> |
||||||
|
diff --git a/tools/dbus-launch.c b/tools/dbus-launch.c |
||||||
|
index 80e4a241..a956684c 100644 |
||||||
|
--- a/tools/dbus-launch.c |
||||||
|
+++ b/tools/dbus-launch.c |
||||||
|
@@ -592,71 +592,77 @@ kill_bus_when_session_ends (void) |
||||||
|
/* This shouldn't happen I don't think; to avoid |
||||||
|
* spinning on the fd forever we exit. |
||||||
|
*/ |
||||||
|
fprintf (stderr, "dbus-launch: error reading from stdin: %s\n", |
||||||
|
strerror (errno)); |
||||||
|
kill_bus_and_exit (0); |
||||||
|
} |
||||||
|
} |
||||||
|
else if (FD_ISSET (tty_fd, &err_set)) |
||||||
|
{ |
||||||
|
verbose ("TTY has error condition\n"); |
||||||
|
|
||||||
|
kill_bus_and_exit (0); |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
static void |
||||||
|
babysit (int exit_with_session, |
||||||
|
pid_t child_pid, |
||||||
|
int read_bus_pid_fd) /* read pid from here */ |
||||||
|
{ |
||||||
|
int ret; |
||||||
|
int dev_null_fd; |
||||||
|
const char *s; |
||||||
|
|
||||||
|
verbose ("babysitting, exit_with_session = %d, child_pid = %ld, read_bus_pid_fd = %d\n", |
||||||
|
exit_with_session, (long) child_pid, read_bus_pid_fd); |
||||||
|
|
||||||
|
- /* We chdir ("/") since we are persistent and daemon-like, and fork |
||||||
|
- * again so dbus-launch can reap the parent. However, we don't |
||||||
|
- * setsid() or close fd 0 because the idea is to remain attached |
||||||
|
- * to the tty and the X server in order to kill the message bus |
||||||
|
- * when the session ends. |
||||||
|
+ /* We chdir () since we are persistent and daemon-like, either to $HOME |
||||||
|
+ * to match the behaviour of a session bus started by systemd --user, or |
||||||
|
+ * otherwise "/". We fork again so dbus-launch can reap the parent. |
||||||
|
+ * However, we don't setsid() or close fd 0 because the idea is to |
||||||
|
+ * remain attached to the tty and the X server in order to kill the |
||||||
|
+ * message bus when the session ends. |
||||||
|
*/ |
||||||
|
|
||||||
|
- if (chdir ("/") < 0) |
||||||
|
+ s = getenv ("HOME"); |
||||||
|
+ |
||||||
|
+ if (s == NULL || *s == '\0') |
||||||
|
+ s = "/"; |
||||||
|
+ |
||||||
|
+ if (chdir (s) < 0) |
||||||
|
{ |
||||||
|
- fprintf (stderr, "Could not change to root directory: %s\n", |
||||||
|
- strerror (errno)); |
||||||
|
+ fprintf (stderr, "Could not change to working directory \"%s\": %s\n", |
||||||
|
+ s, strerror (errno)); |
||||||
|
exit (1); |
||||||
|
} |
||||||
|
|
||||||
|
/* Close stdout/stderr so we don't block an "eval" or otherwise |
||||||
|
* lock up. stdout is still chaining through to dbus-launch |
||||||
|
* and in turn to the parent shell. |
||||||
|
*/ |
||||||
|
dev_null_fd = open ("/dev/null", O_RDWR); |
||||||
|
if (dev_null_fd >= 0) |
||||||
|
{ |
||||||
|
if (!exit_with_session) |
||||||
|
dup2 (dev_null_fd, 0); |
||||||
|
dup2 (dev_null_fd, 1); |
||||||
|
s = getenv ("DBUS_DEBUG_OUTPUT"); |
||||||
|
if (s == NULL || *s == '\0') |
||||||
|
dup2 (dev_null_fd, 2); |
||||||
|
close (dev_null_fd); |
||||||
|
} |
||||||
|
else |
||||||
|
{ |
||||||
|
fprintf (stderr, "Failed to open /dev/null: %s\n", |
||||||
|
strerror (errno)); |
||||||
|
/* continue, why not */ |
||||||
|
} |
||||||
|
|
||||||
|
ret = fork (); |
||||||
|
|
||||||
|
if (ret < 0) |
||||||
|
{ |
||||||
|
fprintf (stderr, "fork() failed in babysitter: %s\n", |
||||||
|
-- |
||||||
|
2.17.1 |
@ -0,0 +1,26 @@ |
|||||||
|
From b98c85f2803434eec3192cdc3e9e86425fe33428 Mon Sep 17 00:00:00 2001 |
||||||
|
From: David King <dking@redhat.com> |
||||||
|
Date: Tue, 3 Oct 2017 13:34:03 +0100 |
||||||
|
Subject: [PATCH] doc: Fix dbus-send.1 uint16 typo |
||||||
|
|
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=103075 |
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1467415 |
||||||
|
--- |
||||||
|
doc/dbus-send.1.xml.in | 2 +- |
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/doc/dbus-send.1.xml.in b/doc/dbus-send.1.xml.in |
||||||
|
index 67b6dfd2..271435ca 100644 |
||||||
|
--- a/doc/dbus-send.1.xml.in |
||||||
|
+++ b/doc/dbus-send.1.xml.in |
||||||
|
@@ -65,7 +65,7 @@ may include containers (arrays, dicts, and variants) as described below.</para> |
||||||
|
<array> ::= array:<type>:<value>[,<value>...] |
||||||
|
<dict> ::= dict:<type>:<type>:<key>,<value>[,<key>,<value>...] |
||||||
|
<variant> ::= variant:<type>:<value> |
||||||
|
-<type> ::= string | int16 | uint 16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath |
||||||
|
+<type> ::= string | int16 | uint16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath |
||||||
|
</literallayout> <!-- .fi --> |
||||||
|
|
||||||
|
<para>D-Bus supports more types than these, but <command>dbus-send</command> currently |
||||||
|
-- |
||||||
|
2.13.6 |
@ -0,0 +1,268 @@ |
|||||||
|
diff -urN dbus-1.10.24.old/bus/driver.c dbus-1.10.24/bus/driver.c |
||||||
|
--- dbus-1.10.24.old/bus/driver.c 2017-09-25 16:20:08.000000000 +0100 |
||||||
|
+++ dbus-1.10.24/bus/driver.c 2018-02-13 10:15:09.570439595 +0000 |
||||||
|
@@ -555,6 +555,9 @@ |
||||||
|
char **services; |
||||||
|
BusRegistry *registry; |
||||||
|
int i; |
||||||
|
+#ifdef HAVE_SELINUX |
||||||
|
+ dbus_bool_t mls_enabled; |
||||||
|
+#endif |
||||||
|
DBusMessageIter iter; |
||||||
|
DBusMessageIter sub; |
||||||
|
|
||||||
|
@@ -601,9 +604,58 @@ |
||||||
|
} |
||||||
|
} |
||||||
|
|
||||||
|
+#ifdef HAVE_SELINUX |
||||||
|
+ mls_enabled = bus_selinux_mls_enabled (); |
||||||
|
+#endif |
||||||
|
i = 0; |
||||||
|
while (i < len) |
||||||
|
{ |
||||||
|
+#ifdef HAVE_SELINUX |
||||||
|
+ if (mls_enabled) |
||||||
|
+ { |
||||||
|
+ const char *requester; |
||||||
|
+ BusService *service; |
||||||
|
+ DBusString str; |
||||||
|
+ DBusConnection *service_conn; |
||||||
|
+ DBusConnection *requester_conn; |
||||||
|
+ |
||||||
|
+ requester = dbus_message_get_destination (reply); |
||||||
|
+ _dbus_string_init_const (&str, requester); |
||||||
|
+ service = bus_registry_lookup (registry, &str); |
||||||
|
+ |
||||||
|
+ if (service == NULL) |
||||||
|
+ { |
||||||
|
+ _dbus_warn_check_failed ("service lookup failed: %s", requester); |
||||||
|
+ ++i; |
||||||
|
+ continue; |
||||||
|
+ } |
||||||
|
+ requester_conn = bus_service_get_primary_owners_connection (service); |
||||||
|
+ _dbus_string_init_const (&str, services[i]); |
||||||
|
+ service = bus_registry_lookup (registry, &str); |
||||||
|
+ if (service == NULL) |
||||||
|
+ { |
||||||
|
+ _dbus_warn_check_failed ("service lookup failed: %s", services[i]); |
||||||
|
+ ++i; |
||||||
|
+ continue; |
||||||
|
+ } |
||||||
|
+ service_conn = bus_service_get_primary_owners_connection (service); |
||||||
|
+ |
||||||
|
+ if (!bus_selinux_allows_name (requester_conn, service_conn, error)) |
||||||
|
+ { |
||||||
|
+ if (dbus_error_is_set (error) && |
||||||
|
+ dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) |
||||||
|
+ { |
||||||
|
+ dbus_free_string_array (services); |
||||||
|
+ dbus_message_unref (reply); |
||||||
|
+ return FALSE; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ /* Skip any services which are disallowed by SELinux policy. */ |
||||||
|
+ ++i; |
||||||
|
+ continue; |
||||||
|
+ } |
||||||
|
+ } |
||||||
|
+#endif |
||||||
|
if (!dbus_message_iter_append_basic (&sub, DBUS_TYPE_STRING, |
||||||
|
&services[i])) |
||||||
|
{ |
||||||
|
diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c |
||||||
|
--- dbus-1.10.24.old/bus/selinux.c 2017-07-28 07:24:16.000000000 +0100 |
||||||
|
+++ dbus-1.10.24/bus/selinux.c 2018-02-13 10:35:14.311477447 +0000 |
||||||
|
@@ -61,6 +61,9 @@ |
||||||
|
/* Store the value telling us if SELinux is enabled in the kernel. */ |
||||||
|
static dbus_bool_t selinux_enabled = FALSE; |
||||||
|
|
||||||
|
+/* Store the value telling us if SELinux with MLS is enabled in the kernel. */ |
||||||
|
+static dbus_bool_t selinux_mls_enabled = FALSE; |
||||||
|
+ |
||||||
|
/* Store an avc_entry_ref to speed AVC decisions. */ |
||||||
|
static struct avc_entry_ref aeref; |
||||||
|
|
||||||
|
@@ -273,6 +276,20 @@ |
||||||
|
} |
||||||
|
|
||||||
|
/** |
||||||
|
+ * Return whether or not SELinux with MLS support is enabled; must be |
||||||
|
+ * called after bus_selinux_init. |
||||||
|
+ */ |
||||||
|
+dbus_bool_t |
||||||
|
+bus_selinux_mls_enabled (void) |
||||||
|
+{ |
||||||
|
+#ifdef HAVE_SELINUX |
||||||
|
+ return selinux_mls_enabled; |
||||||
|
+#else |
||||||
|
+ return FALSE; |
||||||
|
+#endif /* HAVE_SELINUX */ |
||||||
|
+} |
||||||
|
+ |
||||||
|
+/** |
||||||
|
* Do early initialization; determine whether SELinux is enabled. |
||||||
|
*/ |
||||||
|
dbus_bool_t |
||||||
|
@@ -292,6 +309,16 @@ |
||||||
|
} |
||||||
|
|
||||||
|
selinux_enabled = r != 0; |
||||||
|
+ |
||||||
|
+ r = is_selinux_mls_enabled (); |
||||||
|
+ if (r < 0) |
||||||
|
+ { |
||||||
|
+ _dbus_warn ("Could not tell if SELinux MLS is enabled: %s\n", |
||||||
|
+ _dbus_strerror (errno)); |
||||||
|
+ return FALSE; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ selinux_mls_enabled = r != 0; |
||||||
|
return TRUE; |
||||||
|
#else |
||||||
|
return TRUE; |
||||||
|
@@ -304,14 +331,18 @@ |
||||||
|
*/ |
||||||
|
/* security dbus class constants */ |
||||||
|
#define SECCLASS_DBUS 1 |
||||||
|
+#define SECCLASS_CONTEXT 2 |
||||||
|
|
||||||
|
/* dbus's per access vector constants */ |
||||||
|
#define DBUS__ACQUIRE_SVC 1 |
||||||
|
#define DBUS__SEND_MSG 2 |
||||||
|
|
||||||
|
+#define CONTEXT__CONTAINS 1 |
||||||
|
+ |
||||||
|
#ifdef HAVE_SELINUX |
||||||
|
static struct security_class_mapping dbus_map[] = { |
||||||
|
{ "dbus", { "acquire_svc", "send_msg", NULL } }, |
||||||
|
+ { "context", { "contains", NULL } }, |
||||||
|
{ NULL } |
||||||
|
}; |
||||||
|
#endif /* HAVE_SELINUX */ |
||||||
|
@@ -734,6 +765,102 @@ |
||||||
|
#endif /* HAVE_SELINUX */ |
||||||
|
|
||||||
|
/** |
||||||
|
+ * Check if SELinux security controls allow one connection to determine the |
||||||
|
+ * name of the other, taking into account MLS considerations. |
||||||
|
+ * |
||||||
|
+ * @param source the requester of the name. |
||||||
|
+ * @param destination the name being requested. |
||||||
|
+ * @returns whether the name should be visible by the source of the request |
||||||
|
+ */ |
||||||
|
+dbus_bool_t |
||||||
|
+bus_selinux_allows_name (DBusConnection *source, |
||||||
|
+ DBusConnection *destination, |
||||||
|
+ DBusError *error) |
||||||
|
+{ |
||||||
|
+#ifdef HAVE_SELINUX |
||||||
|
+ int err; |
||||||
|
+ char *policy_type; |
||||||
|
+ unsigned long spid, tpid; |
||||||
|
+ BusSELinuxID *source_sid; |
||||||
|
+ BusSELinuxID *dest_sid; |
||||||
|
+ dbus_bool_t ret; |
||||||
|
+ dbus_bool_t string_alloced; |
||||||
|
+ DBusString auxdata; |
||||||
|
+ |
||||||
|
+ if (!selinux_mls_enabled) |
||||||
|
+ return TRUE; |
||||||
|
+ |
||||||
|
+ err = selinux_getpolicytype (&policy_type); |
||||||
|
+ if (err < 0) |
||||||
|
+ { |
||||||
|
+ dbus_set_error_const (error, DBUS_ERROR_IO_ERROR, |
||||||
|
+ "Failed to get SELinux policy type"); |
||||||
|
+ return FALSE; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ /* Only check against MLS policy if running under that policy. */ |
||||||
|
+ if (strcmp (policy_type, "mls") != 0) |
||||||
|
+ { |
||||||
|
+ free (policy_type); |
||||||
|
+ return TRUE; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ free (policy_type); |
||||||
|
+ |
||||||
|
+ _dbus_assert (source != NULL); |
||||||
|
+ _dbus_assert (destination != NULL); |
||||||
|
+ |
||||||
|
+ if (!source || !dbus_connection_get_unix_process_id (source, &spid)) |
||||||
|
+ spid = 0; |
||||||
|
+ if (!destination || !dbus_connection_get_unix_process_id (destination, &tpid)) |
||||||
|
+ tpid = 0; |
||||||
|
+ |
||||||
|
+ string_alloced = FALSE; |
||||||
|
+ if (!_dbus_string_init (&auxdata)) |
||||||
|
+ goto oom; |
||||||
|
+ string_alloced = TRUE; |
||||||
|
+ |
||||||
|
+ if (spid) |
||||||
|
+ { |
||||||
|
+ if (!_dbus_string_append (&auxdata, " spid=")) |
||||||
|
+ goto oom; |
||||||
|
+ |
||||||
|
+ if (!_dbus_string_append_uint (&auxdata, spid)) |
||||||
|
+ goto oom; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ if (tpid) |
||||||
|
+ { |
||||||
|
+ if (!_dbus_string_append (&auxdata, " tpid=")) |
||||||
|
+ goto oom; |
||||||
|
+ |
||||||
|
+ if (!_dbus_string_append_uint (&auxdata, tpid)) |
||||||
|
+ goto oom; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ source_sid = bus_connection_get_selinux_id (source); |
||||||
|
+ dest_sid = bus_connection_get_selinux_id (destination); |
||||||
|
+ |
||||||
|
+ ret = bus_selinux_check (source_sid, |
||||||
|
+ dest_sid, |
||||||
|
+ SECCLASS_CONTEXT, |
||||||
|
+ CONTEXT__CONTAINS, |
||||||
|
+ &auxdata); |
||||||
|
+ |
||||||
|
+ _dbus_string_free (&auxdata); |
||||||
|
+ return ret; |
||||||
|
+ |
||||||
|
+ oom: |
||||||
|
+ if (string_alloced) |
||||||
|
+ _dbus_string_free (&auxdata); |
||||||
|
+ BUS_SET_OOM (error); |
||||||
|
+ return FALSE; |
||||||
|
+#else |
||||||
|
+ return TRUE; |
||||||
|
+#endif /* HAVE_SELINUX */ |
||||||
|
+} |
||||||
|
+ |
||||||
|
+/** |
||||||
|
* Read the SELinux ID from the connection. |
||||||
|
* |
||||||
|
* @param connection the connection to read from |
||||||
|
Binary files dbus-1.10.24.old/bus/.selinux.c.swp and dbus-1.10.24/bus/.selinux.c.swp differ |
||||||
|
diff -urN dbus-1.10.24.old/bus/selinux.h dbus-1.10.24/bus/selinux.h |
||||||
|
--- dbus-1.10.24.old/bus/selinux.h 2017-07-28 07:24:16.000000000 +0100 |
||||||
|
+++ dbus-1.10.24/bus/selinux.h 2018-02-13 10:15:09.573439444 +0000 |
||||||
|
@@ -32,6 +32,7 @@ |
||||||
|
void bus_selinux_shutdown (void); |
||||||
|
|
||||||
|
dbus_bool_t bus_selinux_enabled (void); |
||||||
|
+dbus_bool_t bus_selinux_mls_enabled (void); |
||||||
|
|
||||||
|
void bus_selinux_id_ref (BusSELinuxID *sid); |
||||||
|
void bus_selinux_id_unref (BusSELinuxID *sid); |
||||||
|
@@ -54,6 +55,10 @@ |
||||||
|
const char *service_name, |
||||||
|
DBusError *error); |
||||||
|
|
||||||
|
+dbus_bool_t bus_selinux_allows_name (DBusConnection *source, |
||||||
|
+ DBusConnection *destination, |
||||||
|
+ DBusError *error); |
||||||
|
+ |
||||||
|
dbus_bool_t bus_selinux_allows_send (DBusConnection *sender, |
||||||
|
DBusConnection *proposed_recipient, |
||||||
|
const char *msgtype, /* Supplementary audit data */ |
@ -0,0 +1,46 @@ |
|||||||
|
From b17615cda8a7ec80692d84e544b71e8183461aa5 Mon Sep 17 00:00:00 2001 |
||||||
|
From: Roy Li <rongqing.li@windriver.com> |
||||||
|
Date: Wed, 21 Jan 2015 09:28:53 +0000 |
||||||
|
Subject: [PATCH] dbus: clear guid_from_server if send_negotiate_unix_fd failed |
||||||
|
|
||||||
|
Once send_negotiate_unix_fd failed, this failure will happen, since |
||||||
|
auth->guid_from_server has been set to some value before |
||||||
|
send_negotiate_unix_fd. send_negotiate_unix_fd failure will lead to this |
||||||
|
auth be handled by process_ok again, but this auth->guid_from_server is |
||||||
|
not zero. |
||||||
|
|
||||||
|
So we should clear auth->guid_from_server if send_negotiate_unix_fd |
||||||
|
failed. |
||||||
|
|
||||||
|
http://lists.freedesktop.org/archives/dbus/2014-February/016122.html |
||||||
|
https://bugs.freedesktop.org/show_bug.cgi?id=75589 |
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1183755 |
||||||
|
|
||||||
|
Signed-off-by: Roy Li <rongqing.li@windriver.com> |
||||||
|
--- |
||||||
|
dbus/dbus-auth.c | 10 +++++++++- |
||||||
|
1 file changed, 9 insertions(+), 1 deletion(-) |
||||||
|
|
||||||
|
diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c |
||||||
|
index d2c37a7..dd6e61d 100644 |
||||||
|
--- a/dbus/dbus-auth.c |
||||||
|
+++ b/dbus/dbus-auth.c |
||||||
|
@@ -1572,7 +1572,15 @@ process_ok(DBusAuth *auth, |
||||||
|
_dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server)); |
||||||
|
|
||||||
|
if (auth->unix_fd_possible) |
||||||
|
- return send_negotiate_unix_fd(auth); |
||||||
|
+ { |
||||||
|
+ if (!send_negotiate_unix_fd (auth)) |
||||||
|
+ { |
||||||
|
+ _dbus_string_set_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server, 0); |
||||||
|
+ return FALSE; |
||||||
|
+ } |
||||||
|
+ |
||||||
|
+ return TRUE; |
||||||
|
+ } |
||||||
|
|
||||||
|
_dbus_verbose("Not negotiating unix fd passing, since not possible\n"); |
||||||
|
return send_begin (auth); |
||||||
|
-- |
||||||
|
2.2.1 |
@ -0,0 +1,66 @@ |
|||||||
|
From a82e1be24d0211d4358d8ff3b8cd06dae71a9993 Mon Sep 17 00:00:00 2001 |
||||||
|
From: David King <dking@redhat.com> |
||||||
|
Date: Mon, 22 Aug 2016 09:43:29 +0100 |
||||||
|
Subject: [PATCH] Use _raw() calls to avoid SELinux context translation |
||||||
|
|
||||||
|
When the credentials obtained from the client socket are used in future |
||||||
|
security checks, no context translation should be performed, so |
||||||
|
getpeercon() should be replaced with getpeercon_raw(), and similar |
||||||
|
changes should me be made for other calls such as avc_sid_to_context() |
||||||
|
and getcon(). |
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1356141 |
||||||
|
--- |
||||||
|
bus/selinux.c | 10 +++++----- |
||||||
|
1 file changed, 5 insertions(+), 5 deletions(-) |
||||||
|
|
||||||
|
diff --git a/bus/selinux.c b/bus/selinux.c |
||||||
|
index 2fb4a8b..13361aa 100644 |
||||||
|
--- a/bus/selinux.c |
||||||
|
+++ b/bus/selinux.c |
||||||
|
@@ -412,14 +412,14 @@ bus_selinux_full_init (void) |
||||||
|
bus_context = NULL; |
||||||
|
bus_sid = SECSID_WILD; |
||||||
|
|
||||||
|
- if (getcon (&bus_context) < 0) |
||||||
|
+ if (getcon_raw (&bus_context) < 0) |
||||||
|
{ |
||||||
|
_dbus_verbose ("Error getting context of bus: %s\n", |
||||||
|
_dbus_strerror (errno)); |
||||||
|
return FALSE; |
||||||
|
} |
||||||
|
|
||||||
|
- if (avc_context_to_sid (bus_context, &bus_sid) < 0) |
||||||
|
+ if (avc_context_to_sid_raw (bus_context, &bus_sid) < 0) |
||||||
|
{ |
||||||
|
_dbus_verbose ("Error getting SID from bus context: %s\n", |
||||||
|
_dbus_strerror (errno)); |
||||||
|
@@ -713,7 +713,7 @@ bus_selinux_append_context (DBusMessage *message, |
||||||
|
#ifdef HAVE_SELINUX |
||||||
|
char *context; |
||||||
|
|
||||||
|
- if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0) |
||||||
|
+ if (avc_sid_to_context_raw (SELINUX_SID_FROM_BUS (sid), &context) < 0) |
||||||
|
{ |
||||||
|
if (errno == ENOMEM) |
||||||
|
BUS_SET_OOM (error); |
||||||
|
@@ -766,7 +766,7 @@ bus_connection_read_selinux_context (DBusConnection *connection, |
||||||
|
return FALSE; |
||||||
|
} |
||||||
|
|
||||||
|
- if (getpeercon (fd, con) < 0) |
||||||
|
+ if (getpeercon_raw (fd, con) < 0) |
||||||
|
{ |
||||||
|
_dbus_verbose ("Error getting context of socket peer: %s\n", |
||||||
|
_dbus_strerror (errno)); |
||||||
|
@@ -901,7 +901,7 @@ bus_selinux_init_connection_id (DBusConnection *connection, |
||||||
|
|
||||||
|
_dbus_verbose ("Converting context to SID to store on connection\n"); |
||||||
|
|
||||||
|
- if (avc_context_to_sid (con, &sid) < 0) |
||||||
|
+ if (avc_context_to_sid_raw (con, &sid) < 0) |
||||||
|
{ |
||||||
|
if (errno == ENOMEM) |
||||||
|
BUS_SET_OOM (error); |
||||||
|
-- |
||||||
|
2.7.4 |
Loading…
Reference in new issue