diff --git a/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch b/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch
index 5d20dd03..4da2379d 100644
--- a/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch
+++ b/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch
@@ -22,7 +22,7 @@ index a6f8db47..4b922a89 100644
+ raise_file_descriptor_limit (context);
+
if (!_dbus_change_to_daemon_user (context->user, error))
- {
- _DBUS_ASSERT_ERROR_IS_SET (error);
---
+ {
+ _DBUS_ASSERT_ERROR_IS_SET (error);
+--
2.14.3
diff --git a/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch b/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch
index f95d3059..16edb9b2 100644
--- a/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch
+++ b/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch
@@ -13,15 +13,16 @@ index affa7f1d..294a051d 100644
--- a/bus/session.conf.in
+++ b/bus/session.conf.in
@@ -69,8 +69,8 @@
- 120000
+ 120000
240000
150000
-- 100000
+- 100000
- 10000
+ 900
+ 92
100000
10000
50000
---
+--
2.13.5
+
diff --git a/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch b/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch
index 19cec178..adafa1a2 100644
--- a/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch
+++ b/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch
@@ -33,14 +33,14 @@ index f788e677..da2b2c1f 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -870,63 +870,72 @@ bus_context_new (const DBusString *config_file,
-
+
context->matchmaker = bus_matchmaker_new ();
if (context->matchmaker == NULL)
{
BUS_SET_OOM (error);
goto failed;
}
-
+
/* check user before we fork */
if (context->user != NULL)
{
@@ -52,21 +52,21 @@ index f788e677..da2b2c1f 100644
goto failed;
}
}
-
+
/* Now become a daemon if appropriate and write out pid file in any case */
{
DBusString u;
-
+
if (context->pidfile)
_dbus_string_init_const (&u, context->pidfile);
-
+
if (((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 && context->fork) ||
(flags & BUS_CONTEXT_FLAG_FORK_ALWAYS))
{
+ const char *working_dir = NULL;
+
_dbus_verbose ("Forking and becoming daemon\n");
-
+
+ if (context->type != NULL && strcmp (context->type, "session") == 0)
+ working_dir = _dbus_getenv ("HOME");
+
@@ -86,7 +86,7 @@ index f788e677..da2b2c1f 100644
else
{
_dbus_verbose ("Fork not requested\n");
-
+
/* Need to write PID file and to PID pipe for ourselves,
* not for the child process. This is a no-op if the pidfile
* is NULL and print_pid_pipe is NULL.
@@ -101,7 +101,7 @@ index f788e677..da2b2c1f 100644
}
}
}
-
+
if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) &&
!_dbus_pipe_is_stdout_or_stderr (print_pid_pipe))
_dbus_pipe_close (print_pid_pipe, NULL);
@@ -113,29 +113,29 @@ index 9b724cc9..30bb1441 100644
#include
#include
#include
-
+
#ifdef HAVE_SYSLOG_H
#include
#endif
-
+
#ifdef HAVE_SYS_SYSLIMITS_H
#include
#endif
-
+
#ifdef HAVE_SYSTEMD
#include
#endif
-
+
#ifndef O_BINARY
#define O_BINARY 0
#endif
-
+
/**
* @addtogroup DBusInternalsUtils
* @{
*/
-
-
+
+
/**
* Does the chdir, fork, setsid, etc. to become a daemon process.
*
@@ -156,9 +156,9 @@ index 9b724cc9..30bb1441 100644
const char *s;
pid_t child_pid;
int dev_null_fd;
-
+
_dbus_verbose ("Becoming a daemon...\n");
-
+
- _dbus_verbose ("chdir to /\n");
- if (chdir ("/") < 0)
+ _dbus_verbose ("chdir to %s\n", working_dir);
@@ -169,7 +169,7 @@ index 9b724cc9..30bb1441 100644
+ "Could not chdir() to working directory (%s)", working_dir);
return FALSE;
}
-
+
_dbus_verbose ("forking...\n");
switch ((child_pid = fork ()))
{
@@ -179,21 +179,21 @@ index 9b724cc9..30bb1441 100644
"Failed to fork daemon: %s", _dbus_strerror (errno));
return FALSE;
break;
-
+
case 0:
_dbus_verbose ("in child, closing std file descriptors\n");
-
+
/* silently ignore failures here, if someone
* doesn't have /dev/null we may as well try
* to continue anyhow
*/
-
+
dev_null_fd = open ("/dev/null", O_RDWR);
if (dev_null_fd >= 0)
{
dup2 (dev_null_fd, 0);
dup2 (dev_null_fd, 1);
-
+
s = _dbus_getenv ("DBUS_DEBUG_OUTPUT");
if (s == NULL || *s == '\0')
dup2 (dev_null_fd, 2);
@@ -203,7 +203,7 @@ index 3b754dbf..bfc1cb90 100644
+++ b/dbus/dbus-sysdeps-util-win.c
@@ -27,67 +27,69 @@
#define STRSAFE_NO_DEPRECATE
-
+
#include "dbus-sysdeps.h"
#include "dbus-internals.h"
#include "dbus-protocol.h"
@@ -213,21 +213,21 @@ index 3b754dbf..bfc1cb90 100644
#include "dbus-sockets-win.h"
#include "dbus-memory.h"
#include "dbus-pipe.h"
-
+
#include
#include
#if HAVE_ERRNO_H
#include
#endif
#include // WSA error codes
-
+
#ifndef DBUS_WINCE
#include
#include
#include
#endif
-
-
+
+
/**
* Does the chdir, fork, setsid, etc. to become a daemon process.
*
@@ -249,7 +249,7 @@ index 3b754dbf..bfc1cb90 100644
"Cannot daemonize on Windows");
return FALSE;
}
-
+
/**
* Creates a file containing the process ID.
*
@@ -268,17 +268,17 @@ index 3b754dbf..bfc1cb90 100644
char pidstr[20];
int total;
int bytes_to_write;
-
+
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
-
+
diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
index 0ee45c97..e569b545 100644
--- a/dbus/dbus-sysdeps.h
+++ b/dbus/dbus-sysdeps.h
@@ -498,60 +498,61 @@ int _dbus_printf_string_upper_bound (const char *format,
va_list args);
-
-
+
+
/**
* Portable struct with stat() results
*/
@@ -293,7 +293,7 @@ index 0ee45c97..e569b545 100644
unsigned long mtime; /**< Modify time */
unsigned long ctime; /**< Creation time */
} DBusStat;
-
+
dbus_bool_t _dbus_stat (const DBusString *filename,
DBusStat *statbuf,
DBusError *error);
@@ -302,40 +302,40 @@ index 0ee45c97..e569b545 100644
DBusSocket *fd2,
dbus_bool_t blocking,
DBusError *error);
-
+
void _dbus_print_backtrace (void);
-
+
dbus_bool_t _dbus_become_daemon (const DBusString *pidfile,
+ const char *working_dir,
DBusPipe *print_pid_pipe,
DBusError *error,
dbus_bool_t keep_umask);
-
+
dbus_bool_t _dbus_verify_daemon_user (const char *user);
dbus_bool_t _dbus_change_to_daemon_user (const char *user,
DBusError *error);
-
+
dbus_bool_t _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile,
DBusPipe *print_pid_pipe,
dbus_pid_t pid_to_write,
DBusError *error);
-
+
dbus_bool_t _dbus_command_for_pid (unsigned long pid,
DBusString *str,
int max_len,
DBusError *error);
-
+
/** A UNIX signal handler */
typedef void (* DBusSignalHandler) (int sig);
-
+
void _dbus_set_signal_handler (int sig,
DBusSignalHandler handler);
-
+
dbus_bool_t _dbus_user_at_console (const char *username,
DBusError *error);
-
+
void _dbus_init_system_log (dbus_bool_t is_daemon);
-
+
typedef enum {
diff --git a/doc/dbus-launch.1.xml.in b/doc/dbus-launch.1.xml.in
index 5135d9ca..606c65be 100644
@@ -358,8 +358,8 @@ index 5135d9ca..606c65be 100644
-
-
+
+
DESCRIPTION
The dbus-launch command is used to start a session bus
instance of dbus-daemon from a shell script.
@@ -367,11 +367,11 @@ index 5135d9ca..606c65be 100644
scripts. Unlike the daemon itself, dbus-launch exits, so
backticks or the $() construct can be used to read information from
dbus-launch.
-
+
With no arguments, dbus-launch will launch a session bus
instance and print the address and PID of that instance to standard
output.
-
+
+If the environment variable HOME is set, it is used as the current
+working directory. Otherwise, the root directory (/) is
+used.
@@ -381,17 +381,17 @@ index 5135d9ca..606c65be 100644
variables so the specified program can find the bus, and then execute the
specified program, with the specified arguments. See below for
examples.
-
+
If you launch a program, dbus-launch will not print the
information about the new bus to standard output.
-
+
When dbus-launch prints bus information to standard output, by
default it is in a simple key-value pairs format. However, you may
request several alternate syntaxes using the --sh-syntax, --csh-syntax,
--binary-syntax, or
--auto-syntax options. Several of these cause dbus-launch to emit shell code
to set up the environment.
-
+
With the --auto-syntax option, dbus-launch looks at the value
of the SHELL environment variable to determine which shell syntax
should be used. If SHELL ends in "csh", then csh-compatible code is
@@ -400,11 +400,11 @@ index 5135d9ca..606c65be 100644
--sh-syntax for Bourne syntax, or --csh-syntax for csh syntax.
In scripts, it's more robust to avoid --auto-syntax and you hopefully
know which shell your script is written in.
-
-
+
+
See http://www.freedesktop.org/software/dbus/ for more information
about D-Bus. See also the man page for dbus-daemon.
-
+
diff --git a/tools/dbus-launch.c b/tools/dbus-launch.c
index 80e4a241..a956684c 100644
@@ -422,13 +422,13 @@ index 80e4a241..a956684c 100644
else if (FD_ISSET (tty_fd, &err_set))
{
verbose ("TTY has error condition\n");
-
+
kill_bus_and_exit (0);
}
}
}
}
-
+
static void
babysit (int exit_with_session,
pid_t child_pid,
@@ -437,10 +437,10 @@ index 80e4a241..a956684c 100644
int ret;
int dev_null_fd;
const char *s;
-
+
verbose ("babysitting, exit_with_session = %d, child_pid = %ld, read_bus_pid_fd = %d\n",
exit_with_session, (long) child_pid, read_bus_pid_fd);
-
+
- /* We chdir ("/") since we are persistent and daemon-like, and fork
- * again so dbus-launch can reap the parent. However, we don't
- * setsid() or close fd 0 because the idea is to remain attached
@@ -453,7 +453,7 @@ index 80e4a241..a956684c 100644
+ * remain attached to the tty and the X server in order to kill the
+ * message bus when the session ends.
*/
-
+
- if (chdir ("/") < 0)
+ s = getenv ("HOME");
+
@@ -468,7 +468,7 @@ index 80e4a241..a956684c 100644
+ s, strerror (errno));
exit (1);
}
-
+
/* Close stdout/stderr so we don't block an "eval" or otherwise
* lock up. stdout is still chaining through to dbus-launch
* and in turn to the parent shell.
@@ -490,11 +490,12 @@ index 80e4a241..a956684c 100644
strerror (errno));
/* continue, why not */
}
-
+
ret = fork ();
-
+
if (ret < 0)
{
fprintf (stderr, "fork() failed in babysitter: %s\n",
---
+--
2.17.1
+
diff --git a/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch b/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch
index 5f572883..7d3724bb 100644
--- a/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch
+++ b/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch
@@ -20,7 +20,8 @@ index 67b6dfd2..271435ca 100644
-<type> ::= string | int16 | uint 16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath
+<type> ::= string | int16 | uint16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath
-
+
D-Bus supports more types than these, but dbus-send currently
---
+--
2.13.6
+
diff --git a/SOURCES/dbus-1.10.24-mls-listnames.patch b/SOURCES/dbus-1.10.24-mls-listnames.patch
index 0fe80640..54fb08f6 100644
--- a/SOURCES/dbus-1.10.24-mls-listnames.patch
+++ b/SOURCES/dbus-1.10.24-mls-listnames.patch
@@ -10,11 +10,11 @@ diff -urN dbus-1.10.24.old/bus/driver.c dbus-1.10.24/bus/driver.c
+#endif
DBusMessageIter iter;
DBusMessageIter sub;
-
+
@@ -601,9 +604,58 @@
}
}
-
+
+#ifdef HAVE_SELINUX
+ mls_enabled = bus_selinux_mls_enabled ();
+#endif
@@ -76,16 +76,16 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c
@@ -61,6 +61,9 @@
/* Store the value telling us if SELinux is enabled in the kernel. */
static dbus_bool_t selinux_enabled = FALSE;
-
+
+/* Store the value telling us if SELinux with MLS is enabled in the kernel. */
+static dbus_bool_t selinux_mls_enabled = FALSE;
+
/* Store an avc_entry_ref to speed AVC decisions. */
static struct avc_entry_ref aeref;
-
+
@@ -273,6 +276,20 @@
}
-
+
/**
+ * Return whether or not SELinux with MLS support is enabled; must be
+ * called after bus_selinux_init.
@@ -106,7 +106,7 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c
dbus_bool_t
@@ -292,6 +309,16 @@
}
-
+
selinux_enabled = r != 0;
+
+ r = is_selinux_mls_enabled ();
@@ -126,11 +126,11 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c
/* security dbus class constants */
#define SECCLASS_DBUS 1
+#define SECCLASS_CONTEXT 2
-
+
/* dbus's per access vector constants */
#define DBUS__ACQUIRE_SVC 1
#define DBUS__SEND_MSG 2
-
+
+#define CONTEXT__CONTAINS 1
+
#ifdef HAVE_SELINUX
@@ -142,7 +142,7 @@ diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c
#endif /* HAVE_SELINUX */
@@ -734,6 +765,102 @@
#endif /* HAVE_SELINUX */
-
+
/**
+ * Check if SELinux security controls allow one connection to determine the
+ * name of the other, taking into account MLS considerations.
@@ -249,20 +249,20 @@ diff -urN dbus-1.10.24.old/bus/selinux.h dbus-1.10.24/bus/selinux.h
+++ dbus-1.10.24/bus/selinux.h 2018-02-13 10:15:09.573439444 +0000
@@ -32,6 +32,7 @@
void bus_selinux_shutdown (void);
-
+
dbus_bool_t bus_selinux_enabled (void);
+dbus_bool_t bus_selinux_mls_enabled (void);
-
+
void bus_selinux_id_ref (BusSELinuxID *sid);
void bus_selinux_id_unref (BusSELinuxID *sid);
@@ -54,6 +55,10 @@
- const char *service_name,
- DBusError *error);
-
+ const char *service_name,
+ DBusError *error);
+
+dbus_bool_t bus_selinux_allows_name (DBusConnection *source,
+ DBusConnection *destination,
+ DBusError *error);
+
dbus_bool_t bus_selinux_allows_send (DBusConnection *sender,
DBusConnection *proposed_recipient,
- const char *msgtype, /* Supplementary audit data */
+ const char *msgtype, /* Supplementary audit data */
diff --git a/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch b/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch
index b04a3e7b..5f0ef18b 100644
--- a/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch
+++ b/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch
@@ -27,7 +27,7 @@ index d2c37a7..dd6e61d 100644
+++ b/dbus/dbus-auth.c
@@ -1572,7 +1572,15 @@ process_ok(DBusAuth *auth,
_dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server));
-
+
if (auth->unix_fd_possible)
- return send_negotiate_unix_fd(auth);
+ {
@@ -39,8 +39,9 @@ index d2c37a7..dd6e61d 100644
+
+ return TRUE;
+ }
-
+
_dbus_verbose("Not negotiating unix fd passing, since not possible\n");
return send_begin (auth);
---
+--
2.2.1
+
diff --git a/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch b/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch
index 60d0cc3e..51949543 100644
--- a/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch
+++ b/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch
@@ -21,7 +21,7 @@ index 2fb4a8b..13361aa 100644
@@ -412,14 +412,14 @@ bus_selinux_full_init (void)
bus_context = NULL;
bus_sid = SECSID_WILD;
-
+
- if (getcon (&bus_context) < 0)
+ if (getcon_raw (&bus_context) < 0)
{
@@ -29,7 +29,7 @@ index 2fb4a8b..13361aa 100644
_dbus_strerror (errno));
return FALSE;
}
-
+
- if (avc_context_to_sid (bus_context, &bus_sid) < 0)
+ if (avc_context_to_sid_raw (bus_context, &bus_sid) < 0)
{
@@ -38,7 +38,7 @@ index 2fb4a8b..13361aa 100644
@@ -713,7 +713,7 @@ bus_selinux_append_context (DBusMessage *message,
#ifdef HAVE_SELINUX
char *context;
-
+
- if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0)
+ if (avc_sid_to_context_raw (SELINUX_SID_FROM_BUS (sid), &context) < 0)
{
@@ -47,20 +47,21 @@ index 2fb4a8b..13361aa 100644
@@ -766,7 +766,7 @@ bus_connection_read_selinux_context (DBusConnection *connection,
return FALSE;
}
-
+
- if (getpeercon (fd, con) < 0)
+ if (getpeercon_raw (fd, con) < 0)
{
_dbus_verbose ("Error getting context of socket peer: %s\n",
_dbus_strerror (errno));
@@ -901,7 +901,7 @@ bus_selinux_init_connection_id (DBusConnection *connection,
-
+
_dbus_verbose ("Converting context to SID to store on connection\n");
-
+
- if (avc_context_to_sid (con, &sid) < 0)
+ if (avc_context_to_sid_raw (con, &sid) < 0)
{
if (errno == ENOMEM)
BUS_SET_OOM (error);
---
+--
2.7.4
+