From: Simon McVittie Date: Fri, 2 Jun 2017 13:51:54 +0000 (+0100) Subject: driver: Add a stub implementation of the Containers1 interface X-Git-Tag: dbus-1.13.0~57^2~42 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=88b3c319281d988d70253b17d59f7ba687042006;p=thirdparty%2Fdbus.git driver: Add a stub implementation of the Containers1 interface For now, this is considered to be a privileged operation, because the resource-limiting isn't wired up yet. It only contains the bare minimum of API. Signed-off-by: Simon McVittie Reviewed-by: Philip Withnall Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354 --- diff --git a/README.cmake b/README.cmake index 69012fbea..6d5621fd7 100644 --- a/README.cmake +++ b/README.cmake @@ -117,6 +117,9 @@ DBUS_ENABLE_DOXYGEN_DOCS:BOOL=OFF // enable bus daemon usage statistics DBUS_ENABLE_STATS:BOOL=OFF +// enable restricted servers for app containers +DBUS_ENABLE_CONTAINERS:BOOL=OFF + // support verbose debug mode DBUS_ENABLE_VERBOSE_MODE:BOOL=ON diff --git a/bus/Makefile.am b/bus/Makefile.am index 9ae30716b..337514124 100644 --- a/bus/Makefile.am +++ b/bus/Makefile.am @@ -97,6 +97,8 @@ BUS_SOURCES= \ config-parser-common.h \ connection.c \ connection.h \ + containers.c \ + containers.h \ desktop-file.c \ desktop-file.h \ $(DIR_WATCH_SOURCE) \ diff --git a/bus/containers.c b/bus/containers.c new file mode 100644 index 000000000..e8935490c --- /dev/null +++ b/bus/containers.c @@ -0,0 +1,55 @@ +/* containers.c - restricted bus servers for containers + * + * Copyright © 2017 Collabora Ltd. + * + * Licensed under the Academic Free License version 2.1 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#include +#include "containers.h" + +#ifdef DBUS_ENABLE_CONTAINERS + +#ifndef DBUS_UNIX +# error DBUS_ENABLE_CONTAINERS requires DBUS_UNIX +#endif + +dbus_bool_t +bus_containers_handle_add_server (DBusConnection *connection, + BusTransaction *transaction, + DBusMessage *message, + DBusError *error) +{ + dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, "Not yet implemented"); + return FALSE; +} + +dbus_bool_t +bus_containers_supported_arguments_getter (BusContext *context, + DBusMessageIter *var_iter) +{ + DBusMessageIter arr_iter; + + /* There are none so far */ + return dbus_message_iter_open_container (var_iter, DBUS_TYPE_ARRAY, + DBUS_TYPE_STRING_AS_STRING, + &arr_iter) && + dbus_message_iter_close_container (var_iter, &arr_iter); +} + +#endif /* DBUS_ENABLE_CONTAINERS */ diff --git a/bus/containers.h b/bus/containers.h new file mode 100644 index 000000000..3564bbd2f --- /dev/null +++ b/bus/containers.h @@ -0,0 +1,35 @@ +/* containers.h - restricted bus servers for containers + * + * Copyright © 2017 Collabora Ltd. + * + * Licensed under the Academic Free License version 2.1 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301 USA + */ + +#ifndef BUS_CONTAINERS_H +#define BUS_CONTAINERS_H + +#include "bus.h" + +dbus_bool_t bus_containers_handle_add_server (DBusConnection *connection, + BusTransaction *transaction, + DBusMessage *message, + DBusError *error); +dbus_bool_t bus_containers_supported_arguments_getter (BusContext *context, + DBusMessageIter *var_iter); + +#endif /* multiple-inclusion guard */ diff --git a/bus/driver.c b/bus/driver.c index cd0a714df..9529b07c6 100644 --- a/bus/driver.c +++ b/bus/driver.c @@ -26,6 +26,7 @@ #include "activation.h" #include "apparmor.h" #include "connection.h" +#include "containers.h" #include "driver.h" #include "dispatch.h" #include "services.h" @@ -2517,6 +2518,18 @@ static const MessageHandler introspectable_message_handlers[] = { { NULL, NULL, NULL, NULL } }; +#ifdef DBUS_ENABLE_CONTAINERS +static const MessageHandler containers_message_handlers[] = { + { "AddServer", "ssa{sv}a{sv}", "oays", bus_containers_handle_add_server, + METHOD_FLAG_PRIVILEGED }, + { NULL, NULL, NULL, NULL } +}; +static const PropertyHandler containers_property_handlers[] = { + { "SupportedArguments", "as", bus_containers_supported_arguments_getter }, + { NULL, NULL, NULL } +}; +#endif + static const MessageHandler monitoring_message_handlers[] = { { "BecomeMonitor", "asu", "", bus_driver_handle_become_monitor, METHOD_FLAG_PRIVILEGED }, @@ -2620,6 +2633,10 @@ static InterfaceHandler interface_handlers[] = { #ifdef DBUS_ENABLE_STATS { BUS_INTERFACE_STATS, stats_message_handlers, NULL, INTERFACE_FLAG_NONE }, +#endif +#ifdef DBUS_ENABLE_CONTAINERS + { DBUS_INTERFACE_CONTAINERS1, containers_message_handlers, NULL, + INTERFACE_FLAG_NONE, containers_property_handlers }, #endif { DBUS_INTERFACE_PEER, peer_message_handlers, NULL, /* Not in the Interfaces property because it's a pseudo-interface diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt index 3ac71a5ad..cebf81695 100644 --- a/cmake/CMakeLists.txt +++ b/cmake/CMakeLists.txt @@ -128,6 +128,7 @@ endif(NOT WIN32) option (DBUS_DISABLE_ASSERT "Disable assertion checking" OFF) option (DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF) +option (DBUS_ENABLE_CONTAINERS "enable restricted servers for app-containers" OFF) if(WIN32) set(FD_SETSIZE "8192" CACHE STRING "The maximum number of connections that can be handled at once") diff --git a/cmake/bus/CMakeLists.txt b/cmake/bus/CMakeLists.txt index 4c5bdcf20..9e806c4f0 100644 --- a/cmake/bus/CMakeLists.txt +++ b/cmake/bus/CMakeLists.txt @@ -52,6 +52,8 @@ set (BUS_SOURCES # ${BUS_DIR}/config-parser-trivial.c ${BUS_DIR}/connection.c ${BUS_DIR}/connection.h + ${BUS_DIR}/containers.c + ${BUS_DIR}/containers.h ${BUS_DIR}/desktop-file.c ${BUS_DIR}/desktop-file.h ${BUS_DIR}/dir-watch.h diff --git a/cmake/config.h.cmake b/cmake/config.h.cmake index 202c0ab0c..efba76d1a 100644 --- a/cmake/config.h.cmake +++ b/cmake/config.h.cmake @@ -28,6 +28,7 @@ #cmakedefine DBUS_RUNSTATEDIR "@DBUS_RUNSTATEDIR@" #cmakedefine DBUS_ENABLE_STATS +#cmakedefine DBUS_ENABLE_CONTAINERS #define TEST_LISTEN "@TEST_LISTEN@" diff --git a/configure.ac b/configure.ac index ce1f2c56b..2ab704b32 100644 --- a/configure.ac +++ b/configure.ac @@ -1762,6 +1762,16 @@ AC_ARG_ENABLE([user-session], AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION], [test "x$enable_user_session" = xyes]) +AC_ARG_ENABLE([containers], + [AS_HELP_STRING([--enable-containers], + [enable restricted servers for app containers])], + [], [enable_containers=no]) +AS_IF([test "x$enable_containers" = xyes && test "x$dbus_unix" != xyes], + [AC_MSG_ERROR([Restricted servers for app containers require Unix])]) +AS_IF([test "x$enable_containers" = xyes], + [AC_DEFINE([DBUS_ENABLE_CONTAINERS], [1], + [Define to enable restricted servers for app containers])]) + AC_CONFIG_FILES([ Doxyfile dbus/Version @@ -1842,6 +1852,7 @@ echo " Building assertions: ${enable_asserts} Building checks: ${enable_checks} Building bus stats API: ${enable_stats} + Building container API: ${enable_containers} Building SELinux support: ${have_selinux} Building AppArmor support: ${have_apparmor} Building inotify support: ${have_inotify} diff --git a/dbus/dbus-shared.h b/dbus/dbus-shared.h index 7ab91035e..f20c72adf 100644 --- a/dbus/dbus-shared.h +++ b/dbus/dbus-shared.h @@ -86,6 +86,8 @@ typedef enum */ /** The interface exported by the object with #DBUS_SERVICE_DBUS and #DBUS_PATH_DBUS */ #define DBUS_INTERFACE_DBUS "org.freedesktop.DBus" +/** The restricted container interface exported by the dbus-daemon */ +#define DBUS_INTERFACE_CONTAINERS1 "org.freedesktop.DBus.Containers1" /** The monitoring interface exported by the dbus-daemon */ #define DBUS_INTERFACE_MONITORING "org.freedesktop.DBus.Monitoring"