Simon McVittie [Wed, 10 Feb 2016 13:15:56 +0000 (13:15 +0000)]
AppArmor: do not mix dbus_bool_t with int
libdbus uses dbus_bool_t for booleans; that type is unsigned 32-bit.
However, libapparmor uses int, which is signed, leading to
-Wpointer-sign warnings when we pass a dbus_bool_t * where an int *
was expected.
This file is Linux-specific, and all Linux platforms have 32-bit int
and an in-memory representation of the integers 0 and 1 that is
independent of signedness, so the previous code was harmless
in practice.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93069 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Wed, 10 Feb 2016 13:11:28 +0000 (13:11 +0000)]
Consistently use socklen_t for getsockname, getsockopt etc.
This fixes signedness mismatch warnings on platforms where socklen_t
is unsigned, notably Linux (where it's an unsigned int).
We still use int for the fallback case where the platform does not
define socklen_t, because that was the traditional (pre-POSIX) type:
for details see NOTES in Linux accept(2),
<http://manpages.debian.org/cgi-bin/man.cgi?query=accept&sektion=2>.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93069 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Nick Lewycky [Thu, 28 Jan 2016 20:24:56 +0000 (12:24 -0800)]
marshal-validate: run all the tests instead of just the even ones
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93908 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[smcv: Re-enable the failing test that Nick disabled, and fix the
expected result; the result given by our current implementation is
reasonable.]
Simon McVittie [Mon, 8 Feb 2016 17:25:38 +0000 (17:25 +0000)]
configure.ac: support large-file for stat64
dbus-daemon is not expected to open files with large *sizes*, but without
large file support, calling [f]stat() on a file that happens to have a
large inode number will fail with EOVERFLOW (see stat(2)). For example,
files mounted from an NFS server might have large inode numbers.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93545 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
[smcv: shorten and clarify commit message; move AC_SYS_LARGEFILE
after AC_USE_SYSTEM_EXTENSIONS because nothing should compile C before
that point] Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Tue, 1 Dec 2015 17:31:18 +0000 (17:31 +0000)]
add travis-ci.org build machinery
The idea is that .travis.yml is specific to Travis-CI, but most of the
actual work is done in tools/ci-build.sh, which should be reasonably
CI-platform-agnostic (it currently assumes that build-dependendencies are
preinstalled, that the "native" platform we're building on is GNU/Linux
or something very close, and that "mingw" means mingw-w64 as packaged
in Debian and Ubuntu).
Simon McVittie [Fri, 27 Nov 2015 11:50:57 +0000 (11:50 +0000)]
Fix shell syntax for installcheck-local with no DESTDIR
A closing brace must be preceded by a semicolon. The CI integration
added later in this branch actually runs "make installcheck"
with no DESTDIR; apparently nobody else has ever tried that.
Simon McVittie [Fri, 27 Nov 2015 11:31:03 +0000 (11:31 +0000)]
Do not require systemd to have a service file if using it for activation
With --systemd-activation we special-case the name
org.freedesktop.systemd1 by assuming that it will eventually connect
to the bus. With that in mind, we can ignore whether it has a
.service file, and let it be "activated" regardless.
This fixes a regression test failure on non-systemd systems such
as the Ubuntu 14.04 OS on travis-ci.org: UpdateActivationEnvironment
failed, because it tried to update the (fake) systemd environment,
but because systemd was not actually installed, there was no
service file for it in the system's search paths. We could address this
by placing a dummy service file with Exec=/bin/false in our search path
like the real systemd does, but it seems cleaner to not require this;
this would eventually enable the real systemd to stop installing
that dummy service file.
This would not happen outside the regression tests, because there is
no sense in using --systemd-activation without systemd installed.
Simon McVittie [Tue, 24 Nov 2015 01:19:27 +0000 (01:19 +0000)]
embedded tests: accept and ignore --tap argument
This makes them semi-command-line-compatible with a way we can
invoke the GLib-based tests to get more useful debug logs.
These tests still do not actually produce TAP output yet; I tried
implementing that, but it requires changing a lot of noise on stdout
to come out of stderr, and there was something weird going on with
subprocesses restarting the test numbering which will need further
investigation before making that change.
Simon McVittie [Tue, 1 Dec 2015 17:31:18 +0000 (17:31 +0000)]
add travis-ci.org build machinery
The idea is that .travis.yml is specific to Travis-CI, but most of the
actual work is done in tools/ci-build.sh, which should be reasonably
CI-platform-agnostic (it currently assumes that build-dependendencies are
preinstalled, that the "native" platform we're building on is GNU/Linux
or something very close, and that "mingw" means mingw-w64 as packaged
in Debian and Ubuntu).
Simon McVittie [Fri, 27 Nov 2015 11:50:57 +0000 (11:50 +0000)]
Fix shell syntax for installcheck-local with no DESTDIR
A closing brace must be preceded by a semicolon. The CI integration
added later in this branch actually runs "make installcheck"
with no DESTDIR; apparently nobody else has ever tried that.
Simon McVittie [Fri, 27 Nov 2015 11:31:03 +0000 (11:31 +0000)]
Do not require systemd to have a service file if using it for activation
With --systemd-activation we special-case the name
org.freedesktop.systemd1 by assuming that it will eventually connect
to the bus. With that in mind, we can ignore whether it has a
.service file, and let it be "activated" regardless.
This fixes a regression test failure on non-systemd systems such
as the Ubuntu 14.04 OS on travis-ci.org: UpdateActivationEnvironment
failed, because it tried to update the (fake) systemd environment,
but because systemd was not actually installed, there was no
service file for it in the system's search paths. We could address this
by placing a dummy service file with Exec=/bin/false in our search path
like the real systemd does, but it seems cleaner to not require this;
this would eventually enable the real systemd to stop installing
that dummy service file.
This would not happen outside the regression tests, because there is
no sense in using --systemd-activation without systemd installed.
Simon McVittie [Tue, 24 Nov 2015 01:19:27 +0000 (01:19 +0000)]
embedded tests: accept and ignore --tap argument
This makes them semi-command-line-compatible with a way we can
invoke the GLib-based tests to get more useful debug logs.
These tests still do not actually produce TAP output yet; I tried
implementing that, but it requires changing a lot of noise on stdout
to come out of stderr, and there was something weird going on with
subprocesses restarting the test numbering which will need further
investigation before making that change.
Initialize SELinux and Apparmor after capabilities are set
avc_init() in the SELinux code path is creating a new thread, we need to
set to capabilities before it gets created so it has the permission to
send audit messages.
It also make more sense to open the audit netlink before the different
logging callbacks are set.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92832
[smcv: add comments explaining why initialization must happen in this
specific order] Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Thu, 26 Nov 2015 10:37:48 +0000 (10:37 +0000)]
Do not attempt to call child_setup on Windows
child_setup() is defined to be called after fork() and before exec(),
but Windows' process model does not have fork(): the equivalent of
those two operations is a single CreateProcess() call. This means
that there is no point at which we could call child_setup() and
have it affect only the child's process-global state. At the point
where it is currently executed, it affects the parent's process-global
state instead, which would be actively harmful if we used any
child_setup() function that was not a no-op on Windows.
The equivalent function in GLib, g_spawn_async_with_pipes(), documents
child_setup() as unused on Windows. Do the same here.
In practice, our only use of child_setup() outside tests
is #ifdef DBUS_UNIX anyway, so this change has no practical effect
right now.
Simon McVittie [Fri, 20 Nov 2015 17:19:51 +0000 (17:19 +0000)]
uid-permissions test: don't assert that root can UpdateActivationEnvironment
Since 1.10.4 this is hard-coded to be disallowed when an activation
helper is used. That would be a security flaw waiting to happen,
and makes little sense anyway, because the activation helper sanitises
its environment.
Use BecomeMonitor() instead, as our way to assert that root and
messagebus are privileged.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93036 Reviewed-by: Iain Lane
Simon McVittie [Fri, 6 Nov 2015 14:52:51 +0000 (15:52 +0100)]
monitor: use the addressed_recipient to select matches
This means we respect the destination keyword in arguments to
BecomeMonitor.
In bus_dispatch(), this means that we need to defer capturing until
we have decided whether there is an addressed recipient; so instead
of capturing once, we capture at each leaf of the decision tree.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92074 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> Reviewed-by: Lars Uebernickel <lars@uebernic.de>
Simon McVittie [Tue, 17 Nov 2015 16:42:01 +0000 (16:42 +0000)]
name-test: don't run these tests with autotools if targeting Windows.
The wrapper shell script that sets up their environment is nowhere
near being portable. In particular, it uses dbus-run-session,
which is Unix-specific.
[rh: Add autotools scope in commit title]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92899 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Rewieved-by: Ralf Habacker <ralf.habacker@freenet.de>
bus-driver: Support returning org.freedesktop.DBus UID and PID
Attempting to call SetEnvironment on systemd causes it to inquire
about the caller's connection UID and PID. If this check fails,
the call is rejected.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92857 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[smcv: go back to DBUS_ERROR_UNIX_PROCESS_ID_UNKNOWN as the error code
for failure to determine the pid]
bus_driver_handle_update_activation_environment: Forward to systemd
If we use systemd activation, forward all UpdateActivationEnvironment
requests to org.freedesktop.systemd1.Manager.SetEnvironment, in order
to ensure variables needed by D-Bus services are available when these
services are launched by systemd.
Since UpdateActivationEnvironment is not available on the system bus,
this only applies to user buses.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92857 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
bus_driver_handle_update_activation_environment: Error on system buses
The default policy already disallows calls on system buses. Since any
bus with a service helper cleans the environment anyway, there's no
point in allowing this to be called.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92857 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Tue, 17 Nov 2015 13:23:30 +0000 (13:23 +0000)]
fdpass test: assert that TCP connections don't say they can pass fds
As well as slightly increasing our test coverage, this ensures
that at least one test-case in this test is not skipped, working
around CMake's lack of support for the Automake-style exit code
produced by GTest executables (they exit 77 if everything was skipped).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92887 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Sat, 7 Nov 2015 12:06:52 +0000 (13:06 +0100)]
Stop statically enabling dbus.socket in dbus.target
dbus.target was relevant in early versions of systemd, but is not
used or installed any more. We also enable the socket in sockets.target,
which is the right place to do this sort of thing.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78412
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757913 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Lennart Poettering
Simon McVittie [Sat, 7 Nov 2015 12:03:47 +0000 (13:03 +0100)]
Drop [Install] sections from user services
We install the symlink to enable dbus.socket statically, so it doesn't
make much sense to invoke `systemctl enable` on it; and
dbus.service should normally be started by socket activation
(or possibly an explicit dependency) rather than manually.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92402 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Lennart Poettering
It's generally a good idea to avoid trailing whitespace in order to keep
patchs minimal. While it's common to enforce such restrictions for C code,
it's important for docbok XML files too. Hence, let's clean this up and
remove all trailing whitespace currently in place.
[By policy we do not clean up historical trailing whitespace and
tab-indentation in the C source code unless we are modifying those lines
anyway, to retain the ability to merge stable-branch bugfixes into the
development branch. However, the copy of the spec in the development
branch is the only one that receives any updates, so that concern
doesn't apply here. -smcv]
Allowing to send replies when NO_REPLY_EXPECTED is set is useless in
practice: Clients need to be careful not to send these replies, because
bus policy could deny these messages. The spec even mentions that this
issue exists.
To make this more clear and misbehaving clients less likely, disallow
sending unexpected replies entirely.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75749 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Ralf Habacker [Fri, 6 Nov 2015 13:03:23 +0000 (14:03 +0100)]
Fix test cases running client and server dispatch design issue.
DBus test cases running the server *and* client loop in the same
process assumed that all messages send from the server has to be
received in one client dispatch, which is not the case in all
environments.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92721 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
projects / thirdparty / dbus.git / log
