powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

dbus patch updates 

Signed-off-by: basebuilder_pel7ppc64lebuilder0 <basebuilder@powerel.org>
master
basebuilder_pel7ppc64lebuilder0 5 years ago
parent
af698fedac
commit
d3a04ac3fc
7 changed files with 100 additions and 95 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch
  2. 7
      SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch
  3. 125
      SOURCES/dbus-1.10.24-dbus-launch-chdir.patch
  4. 5
      SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch
  5. 30
      SOURCES/dbus-1.10.24-mls-listnames.patch
  6. 7
      SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch
  7. 15
      SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch

6
SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch
Unescape View File

@ -22,7 +22,7 @@ index a6f8db47..4b922a89 100644 @@ -22,7 +22,7 @@ index a6f8db47..4b922a89 100644
+ raise_file_descriptor_limit (context);
+
if (!_dbus_change_to_daemon_user (context->user, error))
{
_DBUS_ASSERT_ERROR_IS_SET (error);
--
{
_DBUS_ASSERT_ERROR_IS_SET (error);
--
2.14.3

7
SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch
Unescape View File

@ -13,15 +13,16 @@ index affa7f1d..294a051d 100644 @@ -13,15 +13,16 @@ index affa7f1d..294a051d 100644
--- a/bus/session.conf.in
+++ b/bus/session.conf.in
@@ -69,8 +69,8 @@
<limit name="service_start_timeout">120000</limit>
<limit name="service_start_timeout">120000</limit>
<limit name="auth_timeout">240000</limit>
<limit name="pending_fd_timeout">150000</limit>
- <limit name="max_completed_connections">100000</limit>
- <limit name="max_completed_connections">100000</limit>
- <limit name="max_incomplete_connections">10000</limit>
+ <limit name="max_completed_connections">900</limit>
+ <limit name="max_incomplete_connections">92</limit>
<limit name="max_connections_per_user">100000</limit>
<limit name="max_pending_service_starts">10000</limit>
<limit name="max_names_per_connection">50000</limit>
--
--
2.13.5


125
SOURCES/dbus-1.10.24-dbus-launch-chdir.patch
Unescape View File

@ -33,14 +33,14 @@ index f788e677..da2b2c1f 100644 @@ -33,14 +33,14 @@ index f788e677..da2b2c1f 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -870,63 +870,72 @@ bus_context_new (const DBusString *config_file,

context->matchmaker = bus_matchmaker_new ();
if (context->matchmaker == NULL)
{
BUS_SET_OOM (error);
goto failed;
}

/* check user before we fork */
if (context->user != NULL)
{
@ -52,21 +52,21 @@ index f788e677..da2b2c1f 100644 @@ -52,21 +52,21 @@ index f788e677..da2b2c1f 100644
goto failed;
}
}

/* Now become a daemon if appropriate and write out pid file in any case */
{
DBusString u;

if (context->pidfile)
_dbus_string_init_const (&u, context->pidfile);

if (((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 && context->fork) ||
(flags & BUS_CONTEXT_FLAG_FORK_ALWAYS))
{
+ const char *working_dir = NULL;
+
_dbus_verbose ("Forking and becoming daemon\n");

+ if (context->type != NULL && strcmp (context->type, "session") == 0)
+ working_dir = _dbus_getenv ("HOME");
+
@ -86,7 +86,7 @@ index f788e677..da2b2c1f 100644 @@ -86,7 +86,7 @@ index f788e677..da2b2c1f 100644
else
{
_dbus_verbose ("Fork not requested\n");

/* Need to write PID file and to PID pipe for ourselves,
* not for the child process. This is a no-op if the pidfile
* is NULL and print_pid_pipe is NULL.
@ -101,7 +101,7 @@ index f788e677..da2b2c1f 100644 @@ -101,7 +101,7 @@ index f788e677..da2b2c1f 100644
}
}
}

if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
!_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
_dbus_pipe_close (print_pid_pipe, NULL);
@ -113,29 +113,29 @@ index 9b724cc9..30bb1441 100644 @@ -113,29 +113,29 @@ index 9b724cc9..30bb1441 100644
#include <sys/socket.h>
#include <dirent.h>
#include <sys/un.h>

#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif

#ifdef HAVE_SYS_SYSLIMITS_H
#include <sys/syslimits.h>
#endif

#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif

#ifndef O_BINARY
#define O_BINARY 0
#endif

/**
* @addtogroup DBusInternalsUtils
* @{
*/


/**
* Does the chdir, fork, setsid, etc. to become a daemon process.
*
@ -156,9 +156,9 @@ index 9b724cc9..30bb1441 100644 @@ -156,9 +156,9 @@ index 9b724cc9..30bb1441 100644
const char *s;
pid_t child_pid;
int dev_null_fd;

_dbus_verbose ("Becoming a daemon...\n");

- _dbus_verbose ("chdir to /\n");
- if (chdir ("/") < 0)
+ _dbus_verbose ("chdir to %s\n", working_dir);
@ -169,7 +169,7 @@ index 9b724cc9..30bb1441 100644 @@ -169,7 +169,7 @@ index 9b724cc9..30bb1441 100644
+ "Could not chdir() to working directory (%s)", working_dir);
return FALSE;
}

_dbus_verbose ("forking...\n");
switch ((child_pid = fork ()))
{
@ -179,21 +179,21 @@ index 9b724cc9..30bb1441 100644 @@ -179,21 +179,21 @@ index 9b724cc9..30bb1441 100644
"Failed to fork daemon: %s", _dbus_strerror (errno));
return FALSE;
break;

case 0:
_dbus_verbose ("in child, closing std file descriptors\n");

/* silently ignore failures here, if someone
* doesn't have /dev/null we may as well try
* to continue anyhow
*/

dev_null_fd = open ("/dev/null", O_RDWR);
if (dev_null_fd >= 0)
{
dup2 (dev_null_fd, 0);
dup2 (dev_null_fd, 1);

s = _dbus_getenv ("DBUS_DEBUG_OUTPUT");
if (s == NULL || *s == '\0')
dup2 (dev_null_fd, 2);
@ -203,7 +203,7 @@ index 3b754dbf..bfc1cb90 100644 @@ -203,7 +203,7 @@ index 3b754dbf..bfc1cb90 100644
+++ b/dbus/dbus-sysdeps-util-win.c
@@ -27,67 +27,69 @@
#define STRSAFE_NO_DEPRECATE

#include "dbus-sysdeps.h"
#include "dbus-internals.h"
#include "dbus-protocol.h"
@ -213,21 +213,21 @@ index 3b754dbf..bfc1cb90 100644 @@ -213,21 +213,21 @@ index 3b754dbf..bfc1cb90 100644
#include "dbus-sockets-win.h"
#include "dbus-memory.h"
#include "dbus-pipe.h"

#include <stdio.h>
#include <stdlib.h>
#if HAVE_ERRNO_H
#include <errno.h>
#endif
#include <winsock2.h> // WSA error codes

#ifndef DBUS_WINCE
#include <io.h>
#include <lm.h>
#include <sys/stat.h>
#endif


/**
* Does the chdir, fork, setsid, etc. to become a daemon process.
*
@ -249,7 +249,7 @@ index 3b754dbf..bfc1cb90 100644 @@ -249,7 +249,7 @@ index 3b754dbf..bfc1cb90 100644
"Cannot daemonize on Windows");
return FALSE;
}

/**
* Creates a file containing the process ID.
*
@ -268,17 +268,17 @@ index 3b754dbf..bfc1cb90 100644 @@ -268,17 +268,17 @@ index 3b754dbf..bfc1cb90 100644
char pidstr[20];
int total;
int bytes_to_write;

_DBUS_ASSERT_ERROR_IS_CLEAR (error);

diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
index 0ee45c97..e569b545 100644
--- a/dbus/dbus-sysdeps.h
+++ b/dbus/dbus-sysdeps.h
@@ -498,60 +498,61 @@ int _dbus_printf_string_upper_bound (const char *format,
va_list args);


/**
* Portable struct with stat() results
*/
@ -293,7 +293,7 @@ index 0ee45c97..e569b545 100644 @@ -293,7 +293,7 @@ index 0ee45c97..e569b545 100644
unsigned long mtime; /**< Modify time */
unsigned long ctime; /**< Creation time */
} DBusStat;

dbus_bool_t _dbus_stat (const DBusString *filename,
DBusStat *statbuf,
DBusError *error);
@ -302,40 +302,40 @@ index 0ee45c97..e569b545 100644 @@ -302,40 +302,40 @@ index 0ee45c97..e569b545 100644
DBusSocket *fd2,
dbus_bool_t blocking,
DBusError *error);

void _dbus_print_backtrace (void);

dbus_bool_t _dbus_become_daemon (const DBusString *pidfile,
+ const char *working_dir,
DBusPipe *print_pid_pipe,
DBusError *error,
dbus_bool_t keep_umask);

dbus_bool_t _dbus_verify_daemon_user (const char *user);
dbus_bool_t _dbus_change_to_daemon_user (const char *user,
DBusError *error);

dbus_bool_t _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile,
DBusPipe *print_pid_pipe,
dbus_pid_t pid_to_write,
DBusError *error);

dbus_bool_t _dbus_command_for_pid (unsigned long pid,
DBusString *str,
int max_len,
DBusError *error);

/** A UNIX signal handler */
typedef void (* DBusSignalHandler) (int sig);

void _dbus_set_signal_handler (int sig,
DBusSignalHandler handler);

dbus_bool_t _dbus_user_at_console (const char *username,
DBusError *error);

void _dbus_init_system_log (dbus_bool_t is_daemon);

typedef enum {
diff --git a/doc/dbus-launch.1.xml.in b/doc/dbus-launch.1.xml.in
index 5135d9ca..606c65be 100644
@ -358,8 +358,8 @@ index 5135d9ca..606c65be 100644 @@ -358,8 +358,8 @@ index 5135d9ca..606c65be 100644
<sbr/>
</cmdsynopsis>
</refsynopsisdiv>


<refsect1 id='description'><title>DESCRIPTION</title>
<para>The <command>dbus-launch</command> command is used to start a session bus
instance of <emphasis remap='I'>dbus-daemon</emphasis> from a shell script.
@ -367,11 +367,11 @@ index 5135d9ca..606c65be 100644 @@ -367,11 +367,11 @@ index 5135d9ca..606c65be 100644
scripts. Unlike the daemon itself, <command>dbus-launch</command> exits, so
backticks or the $() construct can be used to read information from
<command>dbus-launch</command>.</para>

<para>With no arguments, <command>dbus-launch</command> will launch a session bus
instance and print the address and PID of that instance to standard
output.</para>

+<para>If the environment variable HOME is set, it is used as the current
+working directory. Otherwise, the root directory (<filename>/</filename>) is
+used.</para>
@ -381,17 +381,17 @@ index 5135d9ca..606c65be 100644 @@ -381,17 +381,17 @@ index 5135d9ca..606c65be 100644
variables so the specified program can find the bus, and then execute the
specified program, with the specified arguments. See below for
examples.</para>

<para>If you launch a program, <command>dbus-launch</command> will not print the
information about the new bus to standard output.</para>

<para>When <command>dbus-launch</command> prints bus information to standard output, by
default it is in a simple key-value pairs format. However, you may
request several alternate syntaxes using the --sh-syntax, --csh-syntax,
--binary-syntax, or
--auto-syntax options. Several of these cause <command>dbus-launch</command> to emit shell code
to set up the environment.</para>

<para>With the --auto-syntax option, <command>dbus-launch</command> looks at the value
of the SHELL environment variable to determine which shell syntax
should be used. If SHELL ends in "csh", then csh-compatible code is
@ -400,11 +400,11 @@ index 5135d9ca..606c65be 100644 @@ -400,11 +400,11 @@ index 5135d9ca..606c65be 100644
--sh-syntax for Bourne syntax, or --csh-syntax for csh syntax.
In scripts, it's more robust to avoid --auto-syntax and you hopefully
know which shell your script is written in.</para>


<para>See <ulink url='http://www.freedesktop.org/software/dbus/'>http://www.freedesktop.org/software/dbus/</ulink> for more information
about D-Bus. See also the man page for <emphasis remap='I'>dbus-daemon</emphasis>.</para>

</refsect1>
diff --git a/tools/dbus-launch.c b/tools/dbus-launch.c
index 80e4a241..a956684c 100644
@ -422,13 +422,13 @@ index 80e4a241..a956684c 100644 @@ -422,13 +422,13 @@ index 80e4a241..a956684c 100644
else if (FD_ISSET (tty_fd, &err_set))
{
verbose ("TTY has error condition\n");

kill_bus_and_exit (0);
}
}
}
}

static void
babysit (int exit_with_session,
pid_t child_pid,
@ -437,10 +437,10 @@ index 80e4a241..a956684c 100644 @@ -437,10 +437,10 @@ index 80e4a241..a956684c 100644
int ret;
int dev_null_fd;
const char *s;

verbose ("babysitting, exit_with_session = %d, child_pid = %ld, read_bus_pid_fd = %d\n",
exit_with_session, (long) child_pid, read_bus_pid_fd);

- /* We chdir ("/") since we are persistent and daemon-like, and fork
- * again so dbus-launch can reap the parent. However, we don't
- * setsid() or close fd 0 because the idea is to remain attached
@ -453,7 +453,7 @@ index 80e4a241..a956684c 100644 @@ -453,7 +453,7 @@ index 80e4a241..a956684c 100644
+ * remain attached to the tty and the X server in order to kill the
+ * message bus when the session ends.
*/

- if (chdir ("/") < 0)
+ s = getenv ("HOME");
+
@ -468,7 +468,7 @@ index 80e4a241..a956684c 100644 @@ -468,7 +468,7 @@ index 80e4a241..a956684c 100644
+ s, strerror (errno));
exit (1);
}

/* Close stdout/stderr so we don't block an "eval" or otherwise
* lock up. stdout is still chaining through to dbus-launch
* and in turn to the parent shell.
@ -490,11 +490,12 @@ index 80e4a241..a956684c 100644 @@ -490,11 +490,12 @@ index 80e4a241..a956684c 100644
strerror (errno));
/* continue, why not */
}

ret = fork ();

if (ret < 0)
{
fprintf (stderr, "fork() failed in babysitter: %s\n",
--
--
2.17.1


5
SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch
Unescape View File

@ -20,7 +20,8 @@ index 67b6dfd2..271435ca 100644 @@ -20,7 +20,8 @@ index 67b6dfd2..271435ca 100644
-&lt;type&gt; ::= string | int16 | uint 16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath
+&lt;type&gt; ::= string | int16 | uint16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath
</literallayout> <!-- .fi -->

<para>D-Bus supports more types than these, but <command>dbus-send</command> currently
--
--
2.13.6


30
SOURCES/dbus-1.10.24-mls-listnames.patch
Unescape View File

@ -10,11 +10,11 @@ diff -urN dbus-1.10.24.old/bus/driver.c dbus-1.10.24/bus/driver.c @@ -10,11 +10,11 @@ diff -urN dbus-1.10.24.old/bus/driver.c dbus-1.10.24/bus/driver.c
+#endif
DBusMessageIter iter;
DBusMessageIter sub;

@@ -601,9 +604,58 @@
}
}

+#ifdef HAVE_SELINUX
+ mls_enabled = bus_selinux_mls_enabled ();
+#endif
@ -76,16 +76,16 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c @@ -76,16 +76,16 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c
@@ -61,6 +61,9 @@
/* Store the value telling us if SELinux is enabled in the kernel. */
static dbus_bool_t selinux_enabled = FALSE;

+/* Store the value telling us if SELinux with MLS is enabled in the kernel. */
+static dbus_bool_t selinux_mls_enabled = FALSE;
+
/* Store an avc_entry_ref to speed AVC decisions. */
static struct avc_entry_ref aeref;

@@ -273,6 +276,20 @@
}

/**
+ * Return whether or not SELinux with MLS support is enabled; must be
+ * called after bus_selinux_init.
@ -106,7 +106,7 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c @@ -106,7 +106,7 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c
dbus_bool_t
@@ -292,6 +309,16 @@
}

selinux_enabled = r != 0;
+
+ r = is_selinux_mls_enabled ();
@ -126,11 +126,11 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c @@ -126,11 +126,11 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c
/* security dbus class constants */
#define SECCLASS_DBUS 1
+#define SECCLASS_CONTEXT 2

/* dbus's per access vector constants */
#define DBUS__ACQUIRE_SVC 1
#define DBUS__SEND_MSG 2

+#define CONTEXT__CONTAINS 1
+
#ifdef HAVE_SELINUX
@ -142,7 +142,7 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c @@ -142,7 +142,7 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c
#endif /* HAVE_SELINUX */
@@ -734,6 +765,102 @@
#endif /* HAVE_SELINUX */

/**
+ * Check if SELinux security controls allow one connection to determine the
+ * name of the other, taking into account MLS considerations.
@ -249,20 +249,20 @@ diff -urN dbus-1.10.24.old/bus/selinux.h dbus-1.10.24/bus/selinux.h @@ -249,20 +249,20 @@ diff -urN dbus-1.10.24.old/bus/selinux.h dbus-1.10.24/bus/selinux.h
+++ dbus-1.10.24/bus/selinux.h 2018-02-13 10:15:09.573439444 +0000
@@ -32,6 +32,7 @@
void bus_selinux_shutdown (void);

dbus_bool_t bus_selinux_enabled (void);
+dbus_bool_t bus_selinux_mls_enabled (void);

void bus_selinux_id_ref (BusSELinuxID *sid);
void bus_selinux_id_unref (BusSELinuxID *sid);
@@ -54,6 +55,10 @@
const char *service_name,
DBusError *error);

const char *service_name,
DBusError *error);
+dbus_bool_t bus_selinux_allows_name (DBusConnection *source,
+ DBusConnection *destination,
+ DBusError *error);
+
dbus_bool_t bus_selinux_allows_send (DBusConnection *sender,
DBusConnection *proposed_recipient,
const char *msgtype, /* Supplementary audit data */
const char *msgtype, /* Supplementary audit data */

7
SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch
Unescape View File

@ -27,7 +27,7 @@ index d2c37a7..dd6e61d 100644 @@ -27,7 +27,7 @@ index d2c37a7..dd6e61d 100644
+++ b/dbus/dbus-auth.c
@@ -1572,7 +1572,15 @@ process_ok(DBusAuth *auth,
_dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server));

if (auth->unix_fd_possible)
- return send_negotiate_unix_fd(auth);
+ {
@ -39,8 +39,9 @@ index d2c37a7..dd6e61d 100644 @@ -39,8 +39,9 @@ index d2c37a7..dd6e61d 100644
+
+ return TRUE;
+ }

_dbus_verbose("Not negotiating unix fd passing, since not possible\n");
return send_begin (auth);
--
--
2.2.1


15
SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch
Unescape View File

@ -21,7 +21,7 @@ index 2fb4a8b..13361aa 100644 @@ -21,7 +21,7 @@ index 2fb4a8b..13361aa 100644
@@ -412,14 +412,14 @@ bus_selinux_full_init (void)
bus_context = NULL;
bus_sid = SECSID_WILD;

- if (getcon (&bus_context) < 0)
+ if (getcon_raw (&bus_context) < 0)
{
@ -29,7 +29,7 @@ index 2fb4a8b..13361aa 100644 @@ -29,7 +29,7 @@ index 2fb4a8b..13361aa 100644
_dbus_strerror (errno));
return FALSE;
}

- if (avc_context_to_sid (bus_context, &bus_sid) < 0)
+ if (avc_context_to_sid_raw (bus_context, &bus_sid) < 0)
{
@ -38,7 +38,7 @@ index 2fb4a8b..13361aa 100644 @@ -38,7 +38,7 @@ index 2fb4a8b..13361aa 100644
@@ -713,7 +713,7 @@ bus_selinux_append_context (DBusMessage *message,
#ifdef HAVE_SELINUX
char *context;

- if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0)
+ if (avc_sid_to_context_raw (SELINUX_SID_FROM_BUS (sid), &context) < 0)
{
@ -47,20 +47,21 @@ index 2fb4a8b..13361aa 100644 @@ -47,20 +47,21 @@ index 2fb4a8b..13361aa 100644
@@ -766,7 +766,7 @@ bus_connection_read_selinux_context (DBusConnection *connection,
return FALSE;
}

- if (getpeercon (fd, con) < 0)
+ if (getpeercon_raw (fd, con) < 0)
{
_dbus_verbose ("Error getting context of socket peer: %s\n",
_dbus_strerror (errno));
@@ -901,7 +901,7 @@ bus_selinux_init_connection_id (DBusConnection *connection,

_dbus_verbose ("Converting context to SID to store on connection\n");

- if (avc_context_to_sid (con, &sid) < 0)
+ if (avc_context_to_sid_raw (con, &sid) < 0)
{
if (errno == ENOMEM)
BUS_SET_OOM (error);
--
--
2.7.4


Write Preview
Loading…
Cancel
Save