option(DBUS_DISABLE_ASSERT "Disable assertion checking" OFF)
option(DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF)
-option(DBUS_ENABLE_CONTAINERS "enable restricted servers for app-containers" OFF)
option(ENABLE_TRADITIONAL_ACTIVATION "Enable traditional activation (without using systemd)" ON)
if(DBUS_LINUX)
// enable bus daemon usage statistics
DBUS_ENABLE_STATS:BOOL=OFF
-// enable restricted servers for app containers
-DBUS_ENABLE_CONTAINERS:BOOL=OFF
-
// build with systemd at_console support
ENABLE_SYSTEMD:STRING=AUTO
#ifdef DBUS_ENABLE_CONTAINERS
+#error This feature is not ready for production use
+
#ifndef DBUS_UNIX
# error DBUS_ENABLE_CONTAINERS requires DBUS_UNIX
#endif
dbus_pid_t pid = DBUS_PID_UNSET;
const char *windows_sid = NULL;
const char *linux_security_label = NULL;
+#ifdef DBUS_ENABLE_CONTAINERS
const char *path;
+#endif
if (credentials == NULL && conn != NULL)
credentials = _dbus_connection_get_credentials (conn);
return FALSE;
}
+#ifdef DBUS_ENABLE_CONTAINERS
/* This has to come from the connection, not the credentials */
if (conn != NULL &&
bus_containers_connection_is_contained (conn, &path, NULL, NULL))
path))
return FALSE;
}
+#endif
return TRUE;
}
<limit name="max_names_per_connection">50000</limit>
<limit name="max_match_rules_per_connection">50000</limit>
<limit name="max_replies_per_connection">50000</limit>
- <limit name="max_containers">10000</limit>
- <limit name="max_containers_per_user">10000</limit>
- <limit name="max_container_metadata_bytes">1000000000</limit>
- <!-- This is relatively low so that app-containers (which we do not fully
- trust) do not cause DoS. -->
- <limit name="max_connections_per_container">16</limit>
</busconfig>
<!-- <limit name="max_names_per_connection">512</limit> -->
<!-- <limit name="max_match_rules_per_connection">512</limit> -->
<!-- <limit name="max_replies_per_connection">128</limit> -->
- <!-- <limit name="max_containers">512</limit> -->
- <!-- <limit name="max_containers_per_user">16</limit> -->
- <!-- <limit name="max_container_metadata_bytes">4096</limit> -->
- <!-- <limit name="max_connections_per_container">8</limit> -->
<!-- Config files are placed here that among other things, punch
holes in the above policy for specific services. -->
#cmakedefine DBUS_RUNSTATEDIR "@DBUS_RUNSTATEDIR@"
#cmakedefine DBUS_ENABLE_STATS
-#cmakedefine DBUS_ENABLE_CONTAINERS
#cmakedefine ENABLE_TRADITIONAL_ACTIVATION
#define TEST_LISTEN "@TEST_LISTEN@"
AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
[test "x$enable_user_session" = xyes])
-AC_ARG_ENABLE([containers],
- [AS_HELP_STRING([--enable-containers],
- [enable restricted servers for app containers])],
- [], [enable_containers=no])
-AS_IF([test "x$enable_containers" = xyes && test "x$dbus_unix" != xyes],
- [AC_MSG_ERROR([Restricted servers for app containers require Unix])])
-AS_IF([test "x$enable_containers" = xyes],
- [AC_DEFINE([DBUS_ENABLE_CONTAINERS], [1],
- [Define to enable restricted servers for app containers])])
-
AC_CONFIG_FILES([
Doxyfile
dbus/Version
Building assertions: ${enable_asserts}
Building checks: ${enable_checks}
Building bus stats API: ${enable_stats}
- Building container API: ${enable_containers}
Building SELinux support: ${have_selinux}
Building AppArmor support: ${have_apparmor}
Building inotify support: ${have_inotify}
*/
/** The interface exported by the object with #DBUS_SERVICE_DBUS and #DBUS_PATH_DBUS */
#define DBUS_INTERFACE_DBUS "org.freedesktop.DBus"
-/** The restricted container interface exported by the dbus-daemon */
-#define DBUS_INTERFACE_CONTAINERS1 "org.freedesktop.DBus.Containers1"
/** The monitoring interface exported by the dbus-daemon */
#define DBUS_INTERFACE_MONITORING "org.freedesktop.DBus.Monitoring"
(number of calls-in-progress)
"reply_timeout" : milliseconds (thousandths)
until a method call times out
- "max_containers" : max number of restricted servers for use
- in app-containers, in total
- "max_containers_per_user" : max number of app-containers per Unix uid
- "max_container_metadata_bytes": max number of bytes of metadata to store
- for each app-container
- "max_connections_per_container": max number of (authenticated or
- unauthenticated) connections to each
- app-container
</literallayout> <!-- .fi -->
#include "test-utils-glib.h"
+#define DBUS_INTERFACE_CONTAINERS1 "org.freedesktop.DBus.Containers1"
+
typedef struct {
TestMainContext *ctx;
gboolean skip;
<!-- Allow anyone to own anything -->
<allow own="*"/>
</policy>
-
- <limit name="max_containers">5</limit>
- <limit name="max_containers_per_user">3</limit>
- <limit name="max_container_metadata_bytes">4096</limit>
- <limit name="max_connections_per_container">3</limit>
</busconfig>
<limit name="max_names_per_connection">50000</limit>
<limit name="max_match_rules_per_connection">50000</limit>
<limit name="max_replies_per_connection">50000</limit>
- <limit name="max_containers">10000</limit>
- <limit name="max_containers_per_user">10000</limit>
- <limit name="max_container_metadata_bytes">1000000000</limit>
- <!-- This is relatively low so that app-containers (which we do not fully
- trust) do not cause DoS. -->
- <limit name="max_connections_per_container">16</limit>
-
</busconfig>
g_assert_not_reached ();
#endif
}
- else if (g_str_has_prefix (name, DBUS_INTERFACE_CONTAINERS1 "."))
- {
- g_assert_not_reached ();
- }
dbus_message_iter_next (&arr_iter);
}
projects / thirdparty / dbus.git / commitdiff
