git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Mon, 14 Dec 2020 12:16:39 +0000 (13:16 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 15 Dec 2020 17:00:06 +0000 (18:00 +0100)
commit	f8ecc2c00df7bd810557f3056ec12f6a0730812d
tree	2703468740339cf06442c8fd181b4c00d2f701db	tree \| snapshot
parent	79485fc27a5b18ac8957960eaccbc8a960e1bd64	commit \| diff

sd-bus: make credential acquisition more graceful

So far when asked for augmented bus credentials and the process was
already gone we'd fail fatally. Let's make this graceful instead, and
never allow augmenting fail due to PID having vanished — unless the
augmenting is the explicit and only purpose of the requested operation.

This should be safe as clients have to explicitly query the acquired
creds anyway and handle if they couldn't be acquired. Moreover we
already handle permission problems gracefully, thus clients must be
ready to deal with missing creds.

This is useful to make selinux authorization work for short-lived client
proceses. PReviously we'd augment creds to have more info to log about
(the selinux decision would not be based on augmented data however,
because that'd be unsafe), and would fail if we couldn't get it. Now,
we'll try to acquire the data, but if we cannot acquire it, we'll still
do the selinux check, except that logging will be more limited.

src/libsystemd/sd-bus/bus-control.c		diff \| blob \| blame \| history
src/libsystemd/sd-bus/bus-convenience.c		diff \| blob \| blame \| history