diff options
| author | Simon McVittie <smcv@collabora.com> | 2018-01-15 15:26:33 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2018-03-02 14:48:24 +0000 |
| commit | be4670767377a08b0c6cabbca1000ca614174c2c (patch) | |
| tree | a658592184c9c3e0b68dd29832030901d24962dc /bus/activation.c | |
| parent | 454ffd0d0ecc802b7f6245fdaa71a579cce84fa8 (diff) | |
| download | dbus-be4670767377a08b0c6cabbca1000ca614174c2c.tar.gz | |
bus: Don't pass systemd environment variables to activated services
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104641
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Diffstat (limited to 'bus/activation.c')
| -rw-r--r-- | bus/activation.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/bus/activation.c b/bus/activation.c index edf96a2c..66640ba6 100644 --- a/bus/activation.c +++ b/bus/activation.c @@ -848,6 +848,36 @@ populate_environment (BusActivation *activation) retval = _dbus_hash_table_from_array (activation->environment, environment, '='); dbus_free_string_array (environment); + /* + * These environment variables are set by systemd for the dbus-daemon + * itself, and are not applicable to our child processes. + * + * Of the other environment variables listed in systemd.exec(5): + * + * - XDG_RUNTIME_DIR, XDG_SESSION_ID, XDG_SEAT, XDG_VTNR: Properties of + * the session and equally true for the activated service, should not + * be reset + * - PATH, LANG, USER, LOGNAME, HOME, SHELL, MANAGERPID: Equally true for + * the activated service, should not be reset + * - TERM, WATCHDOG_*: Should not be set for dbus-daemon, so not applicable + * - MAINPID, SERVICE_RESULT, EXIT_CODE, EXIT_STATUS: Not set for ExecStart, + * so not applicable + * - INVOCATION_ID: TODO: Do we want to clear this or not? It isn't clear. + */ + + /* We give activated services their own Journal stream to avoid their + * logging being attributed to dbus-daemon */ + _dbus_hash_table_remove_string (activation->environment, "JOURNAL_STREAM"); + + /* This is dbus-daemon's listening socket, not the activatable service's */ + _dbus_hash_table_remove_string (activation->environment, "LISTEN_FDNAMES"); + _dbus_hash_table_remove_string (activation->environment, "LISTEN_FDS"); + _dbus_hash_table_remove_string (activation->environment, "LISTEN_PID"); + + /* This is dbus-daemon's status notification, not the activatable service's + * (and NotifyAccess wouldn't let it write here anyway) */ + _dbus_hash_table_remove_string (activation->environment, "NOTIFY_SOCKET"); + return retval; } |