From: Simon McVittie Date: Sun, 2 Oct 2022 10:43:30 +0000 (+0100) Subject: NEWS: Describe the behaviour change resulting from fixing dbus#416 X-Git-Tag: dbus-1.15.2~11^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8246113fb14771f8faf1165aa4f9c4a1536e48b2;p=thirdparty%2Fdbus.git NEWS: Describe the behaviour change resulting from fixing dbus#416 Signed-off-by: Simon McVittie --- diff --git a/NEWS b/NEWS index d092bcac8..ec183183e 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,27 @@ dbus 1.15.2 (UNRELEASED) ======================== -... +Behaviour changes: + +• On Linux, dbus-daemon and other uses of DBusServer now create a + path-based Unix socket, unix:path=..., when asked to listen on a + unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to + unix:dir=... on all platforms. + Previous versions would have created an abstract socket, unix:abstract=..., + in this situation. + This change primarily affects the well-known session bus when run via + dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring + dbus with --enable-user-session and running it on a systemd system, + already used path-based Unix sockets and is unaffected by this change. + This behaviour change prevents a sandbox escape via the session bus socket + in sandboxing frameworks that can share the network namespace with the host + system, such as Flatpak. + This change might cause a regression in situations where the abstract socket + is intentionally shared between the host system and a chroot or container, + such as some use-cases of schroot(1). That regression can be resolved by + using a bind-mount to share either the D-Bus socket, or the whole /tmp + directory, with the chroot or container. + (dbus#416, Simon McVittie) dbus 1.15.0 (2022-09-22) ========================