-<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<?xml version='1.0'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1+ -->
-<!--
- This file is part of systemd.
-
- Copyright 2014 Zbigniew Jędrzejewski-Szmek
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
--->
-
-<refentry id="sd_bus_creds_get_pid">
+<refentry id="sd_bus_creds_get_pid" xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>sd_bus_creds_get_pid</title>
<productname>systemd</productname>
-
- <authorgroup>
- <author>
- <contrib>A monkey with a typewriter</contrib>
- <firstname>Zbigniew</firstname>
- <surname>Jędrzejewski-Szmek</surname>
- <email>zbyszek@in.waw.pl</email>
- </author>
- </authorgroup>
</refentryinfo>
<refmeta>
<filename>/proc/<replaceable>pid</replaceable>/task/<replaceable>tid</replaceable>/comm</filename>).
</para>
- <para><function>sd_bus_creds_get_exe()</function> will retrieve
- the path to the program executable (as stored in the
- <filename>/proc/<replaceable>pid</replaceable>/exe</filename>
- link, but with the <literal> (deleted)</literal> suffix removed). Note
- that kernel threads do not have an executable path, in which case
- -ENXIO is returned.</para>
+ <para><function>sd_bus_creds_get_exe()</function> will retrieve the path to the program executable (as
+ stored in the <filename>/proc/<replaceable>pid</replaceable>/exe</filename> link, but with the <literal>
+ (deleted)</literal> suffix removed). Note that kernel threads do not have an executable path, in which
+ case -ENXIO is returned. Note that this property should not be used for more than explanatory
+ information, in particular it should not be used for security-relevant decisions. That's because the
+ executable might have been replaced or removed by the time the value can be processed. Moreover, the
+ kernel exports this information in an ambiguous way (i.e. a deleted executable cannot be safely
+ distinguished from one whose name suffix is <literal> (deleted)</literal>).</para>
<para><function>sd_bus_creds_get_cmdline()</function> will
retrieve an array of command line arguments (as stored in
-ENXIO is returned.</para>
<para><function>sd_bus_creds_get_cgroup()</function> will retrieve
- the cgroup path. See <ulink
- url="https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>.
+ the c
ontrol group path. See <ulink
+ url="https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt">cgroups.txt</ulink>.
</para>
<para><function>sd_bus_creds_get_unit()</function> will retrieve
<para><function>sd_bus_creds_get_session()</function> will
retrieve the identifier of the login session that the process is
- a part of. See
- <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. For
- processes that are not part of a session, returns -ENXIO.
- </para>
+ a part of. Please note the login session may be limited to a stub
+ process or two. User processes may instead be started from their
+ systemd user manager, e.g. GUI applications started using DBus
+ activation, as well as service processes which are shared between
+ multiple logins of the same user. For processes that are not part
+ of a session, returns -ENXIO.</para>
<para><function>sd_bus_creds_get_owner_uid()</function> will
retrieve the numeric UID (user identifier) of the user who owns
- the login session that the process is a part of. See
+ the user unit or login session that the process is a part of. See
<citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
- For processes that are not part of a session, returns -ENXIO.
+ For processes that are not part of a user unit or session, returns
+ -ENXIO.
</para>
- <para><function>sd_bus_creds_has_effective_cap()</function> will
- check whether the capability specified by
- <parameter>capability</parameter> was set in the effective
- capabilities mask. A positive return value means that is was
- set, zero means that it was not set, and a negative return
- value indicates an error. See
- <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
- and <varname>Capabilities=</varname> and
- <varname>CapabilityBoundingSet=</varname> settings in
+ <para><function>sd_bus_creds_has_effective_cap()</function> will check whether the capability specified by
+ <parameter>capability</parameter> was set in the effective capabilities mask. A positive return value means that it
+ was set, zero means that it was not set, and a negative return value indicates an error. See <citerefentry
+ project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> and the
+ <varname>AmbientCapabilities=</varname> and <varname>CapabilityBoundingSet=</varname> settings in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
<para>On success, these calls return 0 or a positive integer. On
failure, these calls return a negative errno-style error code.
</para>
- </refsect1>
- <refsect1>
- <title>Errors</title>
-
- <para>Returned errors may indicate the following problems:</para>
-
- <variablelist>
- <varlistentry>
- <term><constant>-ENODATA</constant></term>
-
- <listitem><para>The given field is not available in the
- credentials object <parameter>c</parameter>.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><constant>-ENXIO</constant></term>
-
- <listitem><para>The given field is not specified for the described
- process or peer. This will be returned by
- <function>sd_bus_get_unit()</function>,
- <function>sd_bus_get_slice()</function>,
- <function>sd_bus_get_user_unit()</function>,
- <function>sd_bus_get_user_slice()</function>,
- <function>sd_bus_get_session()</function>, and
- <function>sd_bus_get_owner_uid()</function> if the process is
- not part of a systemd system unit, systemd user unit, systemd
- slice, or logind session. It will also be returned by
- <function>sd_bus_creds_get_exe()</function> and
- <function>sd_bus_creds_get_cmdline()</function> for kernel
- threads (since these are not started from an executable binary,
- nor have a command line), and by
- <function>sd_bus_creds_get_audit_session_id()</function> and
- <function>sd_bus_creds_get_audit_login_uid()</function> when
- the process is not part of an audit session, and
- <function>sd_bus_creds_get_tty()</function> if the process has
- no controlling TTY.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><constant>-EINVAL</constant></term>
-
- <listitem><para>Specified pointer parameter is <constant>NULL</constant>.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><constant>-ENOMEM</constant></term>
-
- <listitem><para>Memory allocation failed.</para></listitem>
- </varlistentry>
- </variablelist>
+ <refsect2>
+ <title>Errors</title>
+
+ <para>Returned errors may indicate the following problems:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><constant>-ENODATA</constant></term>
+
+ <listitem><para>The given field is not available in the credentials object
+ <parameter>c</parameter>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>-ENXIO</constant></term>
+
+ <listitem><para>The given field is not specified for the described process or peer. This will be
+ returned by <function>sd_bus_creds_get_unit()</function>,
+ <function>sd_bus_creds_get_slice()</function>, <function>sd_bus_creds_get_user_unit()</function>,
+ <function>sd_bus_creds_get_user_slice()</function>, and
+ <function>sd_bus_creds_get_session()</function> if the process is not part of a systemd system
+ unit, systemd user unit, systemd slice, or logind session. It will be returned by
+ <function>sd_bus_creds_get_owner_uid()</function> if the process is not part of a systemd user unit
+ or logind session. It will also be returned by <function>sd_bus_creds_get_exe()</function> and
+ <function>sd_bus_creds_get_cmdline()</function> for kernel threads (since these are not started
+ from an executable binary, nor have a command line), and by
+ <function>sd_bus_creds_get_audit_session_id()</function> and
+ <function>sd_bus_creds_get_audit_login_uid()</function> when the process is not part of an audit
+ session, and <function>sd_bus_creds_get_tty()</function> if the process has no controlling
+ TTY.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>-EINVAL</constant></term>
+
+ <listitem><para>Specified pointer parameter is <constant>NULL</constant>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><constant>-ENOMEM</constant></term>
+
+ <listitem><para>Memory allocation failed.</para></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect2>
</refsect1>
- <refsect1>
- <title>Notes</title>
-
- <para><function>sd_bus_creds_get_pid()</function> and the other
- functions described here are available as a shared library, which
- can be compiled and linked to with the
- <constant>libsystemd</constant> <citerefentry
- project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- file.</para>
- </refsect1>
+ <xi:include href="libsystemd-pkgconfig.xml" />
<refsect1>
<title>See Also</title>
projects / thirdparty / systemd.git / blobdiff