dbus: extend SocktBind{Allow|Deny}= with ip proto

Support filtering by ip protocol (L4) in SocketBind{Allow|Deny}= properties. The signature of dbus methods must be finalized before new release is cut, hence reserve a parameter for ip protocol. Implementation will follow. Closes https://github.com/systemd/systemd/issues/19891
author: Julia Kartseva <hex@fb.com> 2021-06-15 11:58:54 -0700
committer: Julia Kartseva <hex@fb.com> 2021-06-15 13:45:20 -0700
commit: 4883a04fe1a251741283cff7a7536e1564a834be (patch)
tree: c50ca32591addc4eb0be39fe48e75a5c177f5d57 /src/shared/bus-unit-util.c
parent: 8156422c8f0d94d3444043282f01551084271b22 (diff)
download: systemd-4883a04fe1a251741283cff7a7536e1564a834be.tar.gz
1 files changed, 5 insertions, 4 deletions
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 54d04aae50..4c9fb305e4 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -866,11 +866,12 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
         if (STR_IN_SET(field, "SocketBindAllow",
                               "SocketBindDeny")) {
                 if (isempty(eq))
-                        r = sd_bus_message_append(m, "(sv)", field, "a(iqq)", 0);
+                        r = sd_bus_message_append(m, "(sv)", field, "a(iiqq)", 0);
                 else {
+                        /* No ip protocol specified for now. */
+                        int32_t family = AF_UNSPEC, ip_protocol = 0;
                         const char *address_family, *user_port;
                         _cleanup_free_ char *word = NULL;
-                        int family = AF_UNSPEC;
 
                         r = extract_first_word(&eq, &word, ":", 0);
                         if (r == -ENOMEM)
@@ -888,7 +889,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
 
                         user_port = eq ? eq : word;
                         if (streq(user_port, "any")) {
-                                r = sd_bus_message_append(m, "(sv)", field, "a(iqq)", 1, family, 0, 0);
+                                r = sd_bus_message_append(m, "(sv)", field, "a(iiqq)", 1, family, ip_protocol, 0, 0);
                                 if (r < 0)
                                         return bus_log_create_error(r);
                         } else {
@@ -901,7 +902,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
                                         return log_error_errno(r, "Invalid port or port range: %s", user_port);
 
                                 r = sd_bus_message_append(
-                                                m, "(sv)", field, "a(iqq)", 1, family, port_max - port_min + 1, port_min);
+                                                m, "(sv)", field, "a(iiqq)", 1, family, ip_protocol, port_max - port_min + 1, port_min);
                         }
                 }
                 if (r < 0)
author	Julia Kartseva <hex@fb.com>	2021-06-15 11:58:54 -0700
committer	Julia Kartseva <hex@fb.com>	2021-06-15 13:45:20 -0700
commit	4883a04fe1a251741283cff7a7536e1564a834be (patch)
tree	c50ca32591addc4eb0be39fe48e75a5c177f5d57 /src/shared/bus-unit-util.c
parent	8156422c8f0d94d3444043282f01551084271b22 (diff)
download	systemd-4883a04fe1a251741283cff7a7536e1564a834be.tar.gz