| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The full license texts are not added because they were already
added in a previous commit.
Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de>
see #394
|
|
|
|
|
|
|
| |
This header is GCC specific header that on my system just contains
`#include_next <limits.h>`. FreeBSD also provides this header but it
contains a `#warning` that it should not be used. Replace the one use
with `#include <limit.h>` and drop the configure checks.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we're running in a sandbox, we might not have write access to
oom_score_adj. In the common case where we don't have any special
protection from the OOM-killer, we can detect that with only read
access, and skip the part where we open it for writing.
(We would also not have write access to oom_score_adj if we're running
with elevated Linux capabilities while not root, but that should never
actually happen for dbus-daemon-launch-helper, which is setuid root
for production use or has no capabilities during unit-testing.)
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
|
|
|
|
|
|
|
| |
DBUS_CONSOLE_AUTH_DIR is deprecated since 1.11.18, and was intended to
have been removed in 1.13. Let's drop the related code now.
Fixes: https://gitlab.freedesktop.org/dbus/dbus/-/issues/181
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=101629
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
|
|
|
|
|
|
|
| |
If /proc/self/oom_score_adj does not exist, fd will invalid (-1).
Attempting to set the CLOEXEC flag will obviously fail, and we lose the
original errno value from open().
Bug: https://bugs.gentoo.org/834725
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Previously, we silently ignored this, but now that we're more careful
about the contexts in which we try to reset the OOM score and whether
we log failures as a warning, we can let the dbus-daemon-launch-helper
show a message if it can't write there.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The oom_score_adj parameter is a signed integer, with increasingly
positive values being more likely to be killed by the OOM-killer,
and increasingly negative values being less likely.
Previously, we assumed that oom_score_adj would be negative or zero,
and reset it to zero, which does not require privileges because it
meant we're voluntarily giving up our OOM-killer protection.
In particular, bus/dbus.service.in has OOMScoreAdjust=-900, which
we don't want system services to inherit.
However, systemd >= 250 has started putting a positive oom_score_adj
on user processes, to make it more likely that the OOM killer will kill
a user process rather than a system process. Changing from a positive
oom_score_adj to zero is increasing protection from the OOM-killer,
which only a privileged process is allowed to do, resulting in warnings
whenever we carry out traditional (non-systemd) service activation
on the session bus.
To avoid this, do the equivalent of:
if (oom_score_adj < 0)
oom_score_adj = 0;
which is always allowed.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/374
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
|
| |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
|
|
|
|
|
| |
dbus-daemon fails to launch on macOS 10.5 and above because of a breaking
change in setrlimit, in which RLIM_INFINITY is no longer supported
for RLIMIT_NOFILE. Instead we must use OPEN_MAX.
Resolves: #309
|
|\
| |
| |
| |
| | |
Remove support for non-POSIX getpwnam_r()
See merge request dbus/dbus!11
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Solaris 2.3 and 2.4 took their getpwnam_r() signature from draft 6
of the POSIX threads standard. Since Solaris 2.5 (1995), defining
_POSIX_PTHREAD_SEMANTICS opts-in to the non-draft version of
getpwnam_r(), and since Solaris 11.4 (2018), the non-draft version is
the default.
We already use AC_USE_SYSTEM_EXTENSIONS, which defines
_POSIX_PTHREAD_SEMANTICS, among other useful macros.
Thanks to Alan Coopersmith for assistance with Solaris history.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Linux systems have traditionally set the soft limit to 1024 and the hard
limit to 4096. Recent versions of systemd keep the soft fd limit at
1024 to avoid breaking programs that still use select(), but raise the
hard limit to 512*1024, while in recent Debian versions a complicated
interaction between components gives a soft limit of 1024 and a hard
limit of 1024*1024. If we can, we might as well elevate our soft limit
to match the hard limit, minimizing the chance that we will run out of
file descriptor slots.
Unlike the previous code to raise the hard and soft limits to at least
65536, we do this even if we don't have privileges: privileges are
unnecessary to raise the soft limit up to the hard limit.
If we *do* have privileges, we also continue to raise the hard and soft
limits to at least 65536 if they weren't already that high, making
it harder to carry out a denial of service attack on the system bus on
systems that use the traditional limit (CVE-2014-7824).
As was previously the case on the system bus, we'll drop the limits back
to our initial limits before we execute a subprocess for traditional
(non-systemd) activation, if enabled.
systemd activation doesn't involve us starting subprocesses at all,
so in both cases activated services will still inherit the same limits
they did previously.
Reviewed-by: Lennart Poettering <lennart@poettering.net>
[smcv: Correct a comment based on Lennart's review, reword commit message]
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We don't usually mass-remove trailing whitespace from the actual source
code because it would complicate cherry-picking bug fixes to older
branches, but that reasoning doesn't really apply to the comments
containing copyright and licensing notices.
Removing trailing whitespace makes it much easier to move code around:
we have a commit hook that rejects commits containing trailing
whitespace, but that commit hook counts moving a file as a delete + add
pair, so it objects to moving code that contains trailing whitespace.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It's only used in test code. We have to put it in its own translation
unit with no non-libc dependencies so that we can compile a copy of it
without AddressSanitizer support, because in a subsequent commit we will
special-case test-segfault to be compiled without using AddressSanitizer,
which would make linking to an AddressSanitizer-instrumented libdbus fail.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|/
|
|
| |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
|
|
| |
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/222
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
|
|
|
|
| |
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104641
|
|
|
|
|
|
| |
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104641
|
|
|
|
|
|
| |
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104641
Reviewed-by: Philip Withnall <withnall@endlessm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
stdout and stderr are close-on-exec and buffered, so we can't rely on
their buffers being empty. If we continue to execute application code
after forking (as opposed to immediately exec()ing), then the child
process might later flush the libc stdio buffers, resulting in
output that is printed by the parent also being printed by the child.
In particular, test-bus.log sometimes grows extremely large for
this reason, because this test repeatedly attempts to carry out
legacy activation.
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103601
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This feature is now compile-time conditional, and off by default.
pam_console appears to have been in Fedora and Gentoo until 2007.
pam_foreground seems to be specific to Debian and Ubuntu, where it was
unmaintained since 2008 and removed in 2010. The replacement for both
was ConsoleKit, which has itself been superseded by systemd-logind and
ConsoleKit2.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/101629
Reviewed-by: Philip Withnall <withnall@endlessm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These directories can be used by service managers like `systemd --user`
and its generators, or by session infrastructure like gnome-session,
to synthesize D-Bus service files at runtime from some more canonical
source of information.
The intention is that this is in the XDG_RUNTIME_DIR as defined by the
freedesktop.org Base Directory Specification, which is private to the
user, and has a lifetime equal to the union of all the user's concurrent
login sessions.
This directory is provided on Linux systems that have systemd-logind and
pam_systemd, on other systems with PAM that have pam-xdg-support (which
has been abandoned by Ubuntu in favour of logind, but could be forked
by non-systemd environments that are interested in this functionality),
or any compatible reimplementation.
In practice this is most likely to be useful on systems that run
`dbus-daemon --session` from `systemd --user`.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99825
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
| |
They used to be needed, but are not needed any more, and we were
never completely consistent about including them in any case.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is in preparation for optionally making _dbus_warn() use it.
dbus-daemon closes its stderr under some circumstances, including
when launched by dbus-launch, which makes failures in that
situation rather hard to debug.
_dbus_system_log() is the same on Unix and Windows, so move it
to dbus-sysdeps.c. _dbus_system_logv() remains platform-specific.
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=97009
[smcv: move the #include for syslog.h, too]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=97008
Signed-off-by: Simon McVittie <smcv@debian.org>
Reviewed-by: Thiago Macieira <thiago@kde.org>
|
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93069
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This means we handle OOM correctly, and makes it obvious
that we are not overflowing buffers. This change does not
affect the actual content of the strings.
Instead of redefining DBUS_DATADIR to be a function call
(which hides the fact that DBUS_DATADIR is used),
this patch makes each use explicit: DBUS_DATADIR
is always the #define from configure or cmake, before
replacing the prefix.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83539
Tested-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
| |
It turns out to be easier to implement the Windows version
of these in a relocatable way if it can assume that the
argument starts empty, which is in fact true in practice.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83539
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
| |
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85105
|
|\
| |
| |
| |
| |
| | |
Conflicts:
NEWS
configure.ac
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This ensures that our rlimit is actually high enough to avoid the
denial of service described in CVE-2014-3636 part A.
CVE-2014-7824 has been allocated for this incomplete fix.
Restore the original rlimit for activated services, to avoid
them getting undesired higher limits.
(Thanks to Alban Crequy for various adjustments which have been
included in this commit.)
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85105
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
|
|/
|
|
|
|
|
|
|
| |
This means we can drop our convenience copy of sd-daemon.[ch]. We're
checking for libsd-daemon anyway, to support journald and logind
integration.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71818
Reviewed-by: Lennart Poettering <lennart@poettering.net>
|
|\
| |
| |
| |
| |
| | |
Conflicts:
NEWS
configure.ac
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a file descriptor not being closed when an error codepath is taken.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69182
Reviewed-by: Chengwei Yang <chengwei.yang@intel.com>
[more specific commit message -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This means we don't need to worry about whether it's thread-safe,
and makes libdbus a little smaller.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68610
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65755
|
| |
| |
| |
| |
| |
| | |
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65755
|
| |
| |
| |
| |
| |
| |
| |
| | |
This would crash if HAVE_SYSLOG_H is defined, HAVE_DECL_LOG_PERROR
is false, and the platform calling convention is that va_list is a
struct. Verified on Linux by undefining HAVE_DECL_LOG_PERROR.
Reviewed-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This causes the test to fail. The assumption implicitly being made was
"if pid 1 is systemd, then every caller of _dbus_init_system_log() is a
systemd service" which is not valid for the regression test.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63163
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Colin Walters <walters@verbum.org>
|
| |
| |
| |
| |
| | |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39987
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Otherwise we get duplicated log output, since stdout/stderr are
connected to the journal by default.
https://bugs.freedesktop.org/show_bug.cgi?id=61399
|
|/
|
|
|
|
|
|
|
| |
This patch disables the use of syslog for systems which
do not have it, such as QNX. Log messages are still
printed to stderr.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61176
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=56927
[commit message added -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
| |
It's always defined.
[smcv: commit message added]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53286
|
|
|
|
|
|
|
|
| |
This removes the assumption that DBUS_CONSOLE_AUTH_DIR ends with a
trailing /.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51521
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DBusPipe code was broken by commit 6e214b5b3c2837, which switched
from C runtime API to Win32 API for WinCE's benefit. In a DBusPipe,
fd_or_handle is in fact always a C runtime file descriptor, which can't
be used with the Win32 API (which expects a HANDLE).
This commit goes back to the C runtime API. It might cause WinCE support
to regress, but at least dbus-daemon.exe --print-address works again.
This is enough to make a few tests work under Wine when cross-compiling
from Linux to mingw-w64: in particular, this now works:
DBUS_TEST_DAEMON=bus/dbus-daemon.exe DBUS_TEST_DATA=test/data \
wine test/test-dbus-daemon.exe -p /echo/session
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46049
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|\
| |
| |
| |
| | |
Conflicts:
NEWS
|
| |
| |
| |
| |
| | |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39987
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
|
|/
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39231
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
|