if (arg_running_as == SYSTEMD_SYSTEM)
bump_rlimit_nofile(&saved_rlimit_nofile);
- r = manager_new(arg_running_as, !!serialization, &m);
+ r = manager_new(arg_running_as, &m);
if (r < 0) {
log_error("Failed to allocate manager object: %s", strerror(-r));
goto finish;
#include "dbus-unit.h"
#include "dbus-job.h"
#include "dbus-manager.h"
+#include "bus-kernel.h"
/* As soon as 5s passed since a unit was added to our GC queue, make sure to run a gc sweep */
#define GC_QUEUE_USEC_MAX (10*USEC_PER_SEC)
return 0;
}
-int manager_new(SystemdRunningAs running_as, bool reexecuting, Manager **_m) {
+static int manager_setup_kdbus(Manager *m) {
+ _cleanup_free_ char *p = NULL;
+
+ assert(m);
+
+ if (m->kdbus_fd >= 0)
+ return 0;
+
+ /* If there's already a bus address set, don't set up kdbus */
+ if (m->running_as == SYSTEMD_USER && getenv("DBUS_SESSION_BUS_ADDRESS"))
+ return 0;
+
+ m->kdbus_fd = bus_kernel_create(m->running_as == SYSTEMD_SYSTEM ? "system" : "user", &p);
+ if (m->kdbus_fd < 0) {
+ log_debug("Failed to set up kdbus: %s", strerror(-m->kdbus_fd));
+ return m->kdbus_fd;
+ }
+
+ log_info("Successfully set up kdbus on %s", p);
+ return 0;
+}
+
+static int manager_connect_bus(Manager *m, bool reexecuting) {
+ bool try_bus_connect;
+
+ assert(m);
+
+ try_bus_connect =
+ m->kdbus_fd >= 0 ||
+ reexecuting ||
+ (m->running_as == SYSTEMD_USER && getenv("DBUS_SESSION_BUS_ADDRESS"));
+
+ /* Try to connect to the busses, if possible. */
+ return bus_init(m, try_bus_connect);
+}
+
+int manager_new(SystemdRunningAs running_as, Manager **_m) {
Manager *m;
- int r = -ENOMEM;
- bool try_bus_connect = false;
+ int r;
assert(_m);
assert(running_as >= 0);
m->idle_pipe[0] = m->idle_pipe[1] = m->idle_pipe[2] = m->idle_pipe[3] = -1;
- m->pin_cgroupfs_fd = m->notify_fd = m->signal_fd = m->time_change_fd = m->dev_autofs_fd = m->private_listen_fd = -1;
+ m->pin_cgroupfs_fd = m->notify_fd = m->signal_fd = m->time_change_fd = m->dev_autofs_fd = m->private_listen_fd = m->kdbus_fd = -1;
m->current_job_id = 1; /* start as id #1, so that we can leave #0 around as "null-like" value */
r = manager_default_environment(m);
goto fail;
}
- if (running_as == SYSTEMD_SYSTEM)
- try_bus_connect = reexecuting;
- else if (getenv("DBUS_SESSION_BUS_ADDRESS"))
- try_bus_connect = true;
- else
- log_debug("Skipping DBus session bus connection attempt - no DBUS_SESSION_BUS_ADDRESS set...");
-
- /* Try to connect to the busses, if possible. */
- r = bus_init(m, try_bus_connect);
- if (r < 0)
- goto fail;
-
m->taint_usr = dir_is_empty("/usr") > 0;
*_m = m;
close_nointr_nofail(m->notify_fd);
if (m->time_change_fd >= 0)
close_nointr_nofail(m->time_change_fd);
+ if (m->kdbus_fd >= 0)
+ close_nointr_nofail(m->kdbus_fd);
manager_close_idle_pipe(m);
r = q;
}
+ /* We might have deserialized the kdbus control fd, but if we
+ * didn't, then let's create the bus now. */
+ manager_setup_kdbus(m);
+ manager_connect_bus(m, !!serialization);
+
/* Third, fire things up! */
q = manager_coldplug(m);
if (q < 0)
_cleanup_free_ char *ce;
ce = cescape(*e);
- if (ce)
- fprintf(f, "env=%s\n", *e);
+ if (!ce)
+ return -ENOMEM;
+
+ fprintf(f, "env=%s\n", *e);
}
}
+ if (m->kdbus_fd >= 0) {
+ int copy;
+
+ copy = fdset_put_dup(fds, m->kdbus_fd);
+ if (copy < 0)
+ return copy;
+
+ fprintf(f, "kdbus-fd=%i\n", copy);
+ }
+
bus_serialize(m, f);
fputc('\n', f);
} else if (startswith(l, "taint-usr=")) {
int b;
- if ((b = parse_boolean(l+10)) < 0)
+ b = parse_boolean(l+10);
+ if (b < 0)
log_debug("Failed to parse taint /usr flag %s", l+10);
else
m->taint_usr = m->taint_usr || b;
strv_free(m->environment);
m->environment = e;
+
+ } else if (startswith(l, "kdbus-fd=")) {
+ int fd;
+
+ if (safe_atoi(l + 9, &fd) < 0 || !fdset_contains(fds, fd))
+ log_debug("Failed to parse kdbus fd: %s", l + 9);
+ else {
+ if (m->kdbus_fd >= 0)
+ close_nointr_nofail(m->kdbus_fd);
+
+ m->kdbus_fd = fdset_remove(fds, fd);
+ }
+
} else if (bus_deserialize_item(m, l) == 0)
log_debug("Unknown serialization item '%s'", l);
}
* them. It's a hashmap with a path string as key and a Set as
* value where Unit objects are contained. */
Hashmap *units_requiring_mounts_for;
+
+ /* Reference to the kdbus bus control fd */
+ int kdbus_fd;
};
-int manager_new(SystemdRunningAs running_as, bool reexecuting, Manager **m);
+int manager_new(SystemdRunningAs running_as, Manager **m);
void manager_free(Manager *m);
int manager_enumerate(Manager *m);
return translate[found->type - _KDBUS_ITEM_KERNEL_BASE](bus, k, found);
}
-int kdbus_translate_attach_flags(uint64_t mask, uint64_t *kdbus_mask) {
-
- uint64_t m = 0;
-
- SET_FLAG(m, KDBUS_ATTACH_CREDS,
- !!(mask & (SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID|SD_BUS_CREDS_PID_STARTTIME|SD_BUS_CREDS_TID)));
-
- SET_FLAG(m, KDBUS_ATTACH_COMM,
- !!(mask & (SD_BUS_CREDS_COMM|SD_BUS_CREDS_TID_COMM)));
-
- SET_FLAG(m, KDBUS_ATTACH_EXE,
- !!(mask & SD_BUS_CREDS_EXE));
-
- SET_FLAG(m, KDBUS_ATTACH_CMDLINE,
- !!(mask & SD_BUS_CREDS_CMDLINE));
-
- SET_FLAG(m, KDBUS_ATTACH_CGROUP,
- !!(mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID)));
-
- SET_FLAG(m, KDBUS_ATTACH_CAPS,
- !!(mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS)));
-
- SET_FLAG(m, KDBUS_ATTACH_SECLABEL,
- !!(mask & SD_BUS_CREDS_SELINUX_CONTEXT));
-
- SET_FLAG(m, KDBUS_ATTACH_AUDIT,
- !!(mask & (SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID)));
-
- *kdbus_mask = m;
-
- return 0;
-}
-
static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k) {
sd_bus_message *m = NULL;
struct kdbus_item *d;
return r < 0 ? r : 1;
}
-int bus_kernel_create(const char *name, char **s) {
- struct kdbus_cmd_bus_make *make;
- struct kdbus_item *n;
- size_t l;
- int fd;
- char *p;
-
- assert(name);
- assert(s);
-
- fd = open("/dev/kdbus/control", O_RDWR|O_NOCTTY|O_CLOEXEC);
- if (fd < 0)
- return -errno;
-
- l = strlen(name);
- make = alloca0(offsetof(struct kdbus_cmd_bus_make, items) +
- KDBUS_PART_HEADER_SIZE + sizeof(uint64_t) +
- KDBUS_PART_HEADER_SIZE + DECIMAL_STR_MAX(uid_t) + 1 + l + 1);
-
- n = make->items;
- n->type = KDBUS_MAKE_NAME;
- sprintf(n->str, "%lu-%s", (unsigned long) getuid(), name);
- n->size = KDBUS_PART_HEADER_SIZE + strlen(n->str) + 1;
-
- make->size = offsetof(struct kdbus_cmd_bus_make, items) + n->size;
- make->flags = KDBUS_MAKE_POLICY_OPEN;
- make->bus_flags = 0;
- make->bloom_size = BLOOM_SIZE;
- assert_cc(BLOOM_SIZE % 8 == 0);
-
- p = strjoin("/dev/kdbus/", n->str, "/bus", NULL);
- if (!p)
- return -ENOMEM;
-
- if (ioctl(fd, KDBUS_CMD_BUS_MAKE, make) < 0) {
- close_nointr_nofail(fd);
- free(p);
- return -errno;
- }
-
- if (s)
- *s = p;
-
- return fd;
-}
-
int bus_kernel_pop_memfd(sd_bus *bus, void **address, size_t *size) {
struct memfd_cache *c;
int fd;
close_and_munmap(b->memfd_cache[i].fd, b->memfd_cache[i].address, b->memfd_cache[i].size);
}
-int kdbus_translate_request_name_flags(uint64_t sd_bus_flags, uint64_t *kdbus_flags) {
+int kdbus_translate_request_name_flags(uint64_t flags, uint64_t *kdbus_flags) {
+ uint64_t f = 0;
- assert_return(kdbus_flags != NULL, -EINVAL);
+ assert(kdbus_flags);
- *kdbus_flags = 0;
+ if (flags & SD_BUS_NAME_ALLOW_REPLACEMENT)
+ f |= KDBUS_NAME_ALLOW_REPLACEMENT;
- if (sd_bus_flags & SD_BUS_NAME_ALLOW_REPLACEMENT)
- *kdbus_flags |= KDBUS_NAME_ALLOW_REPLACEMENT;
+ if (flags & SD_BUS_NAME_REPLACE_EXISTING)
+ f |= KDBUS_NAME_REPLACE_EXISTING;
- if (sd_bus_flags & SD_BUS_NAME_REPLACE_EXISTING)
- *kdbus_flags |= KDBUS_NAME_REPLACE_EXISTING;
+ if (!(flags & SD_BUS_NAME_DO_NOT_QUEUE))
+ f |= KDBUS_NAME_QUEUE;
- if (!(sd_bus_flags & SD_BUS_NAME_DO_NOT_QUEUE))
- *kdbus_flags |= KDBUS_NAME_QUEUE;
+ *kdbus_flags = f;
+ return 0;
+}
+
+int kdbus_translate_attach_flags(uint64_t mask, uint64_t *kdbus_mask) {
+ uint64_t m = 0;
+
+ assert(kdbus_mask);
+
+ if (mask & (SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID|SD_BUS_CREDS_PID_STARTTIME|SD_BUS_CREDS_TID))
+ m |= KDBUS_ATTACH_CREDS;
+
+ if (mask & (SD_BUS_CREDS_COMM|SD_BUS_CREDS_TID_COMM))
+ m |= KDBUS_ATTACH_COMM;
+
+ if (mask & SD_BUS_CREDS_EXE)
+ m |= KDBUS_ATTACH_EXE;
+
+ if (mask & SD_BUS_CREDS_CMDLINE)
+ m |= KDBUS_ATTACH_CMDLINE;
+
+ if (mask & (SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID))
+ m |= KDBUS_ATTACH_CGROUP;
+
+ if (mask & (SD_BUS_CREDS_EFFECTIVE_CAPS|SD_BUS_CREDS_PERMITTED_CAPS|SD_BUS_CREDS_INHERITABLE_CAPS|SD_BUS_CREDS_BOUNDING_CAPS))
+ m |= KDBUS_ATTACH_CAPS;
+
+ if (mask & SD_BUS_CREDS_SELINUX_CONTEXT)
+ m |= KDBUS_ATTACH_SECLABEL;
+ if (mask & (SD_BUS_CREDS_AUDIT_SESSION_ID|SD_BUS_CREDS_AUDIT_LOGIN_UID))
+ m |= KDBUS_ATTACH_AUDIT;
+
+ *kdbus_mask = m;
return 0;
}
+
+int bus_kernel_create(const char *name, char **s) {
+ struct kdbus_cmd_bus_make *make;
+ struct kdbus_item *n;
+ int fd;
+
+ assert(name);
+ assert(s);
+
+ fd = open("/dev/kdbus/control", O_RDWR|O_NOCTTY|O_CLOEXEC);
+ if (fd < 0)
+ return -errno;
+
+ make = alloca0(ALIGN8(offsetof(struct kdbus_cmd_bus_make, items) +
+ offsetof(struct kdbus_item, str) +
+ DECIMAL_STR_MAX(uid_t) + 1 + strlen(name) + 1));
+
+ n = make->items;
+ sprintf(n->str, "%lu-%s", (unsigned long) getuid(), name);
+ n->size = offsetof(struct kdbus_item, str) + strlen(n->str) + 1;
+ n->type = KDBUS_MAKE_NAME;
+
+ make->size = ALIGN8(offsetof(struct kdbus_cmd_bus_make, items) + n->size);
+ make->flags = KDBUS_MAKE_POLICY_OPEN;
+ make->bus_flags = 0;
+ make->bloom_size = BLOOM_SIZE;
+ assert_cc(BLOOM_SIZE % 8 == 0);
+
+ if (ioctl(fd, KDBUS_CMD_BUS_MAKE, make) < 0) {
+ close_nointr_nofail(fd);
+ return -errno;
+ }
+
+ if (s) {
+ char *p;
+
+ p = strjoin("/dev/kdbus/", n->str, "/bus", NULL);
+ if (!p) {
+ close_nointr_nofail(fd);
+ return -ENOMEM;
+ }
+
+ *s = p;
+ }
+
+ return fd;
+}
enum {
_KDBUS_MAKE_NULL,
KDBUS_MAKE_NAME,
- KDBUS_MAKE_CRED, /* allow translator services which connect
- * to the bus on behalf of somebody else,
- * allow specifying the credentials of the
- * client to connect on behalf on. Needs
- * privileges */
};
struct kdbus_cmd_bus_make {
return r;
e = secure_getenv("DBUS_SYSTEM_BUS_ADDRESS");
- if (e) {
+ if (e)
r = sd_bus_set_address(b, e);
- if (r < 0)
- goto fail;
- } else {
- b->sockaddr.un.sun_family = AF_UNIX;
- strncpy(b->sockaddr.un.sun_path, "/run/dbus/system_bus_socket", sizeof(b->sockaddr.un.sun_path));
- b->sockaddr_size = offsetof(struct sockaddr_un, sun_path) + sizeof("/run/dbus/system_bus_socket") - 1;
- }
+ else
+ r = sd_bus_set_address(b, "kernel:path=/dev/kdbus/0-system/bus;unix:path=/run/dbus/system_bus_socket");
+
+ if (r < 0)
+ goto fail;
b->bus_client = true;
_public_ int sd_bus_open_user(sd_bus **ret) {
const char *e;
sd_bus *b;
- size_t l;
int r;
assert_return(ret, -EINVAL);
goto fail;
} else {
e = secure_getenv("XDG_RUNTIME_DIR");
- if (!e) {
- r = -ENOENT;
- goto fail;
- }
+ if (e) {
+ _cleanup_free_ char *ee = NULL;
+
+ ee = bus_address_escape(e);
+ if (!ee) {
+ r = -ENOENT;
+ goto fail;
+ }
- l = strlen(e);
- if (l + 4 > sizeof(b->sockaddr.un.sun_path)) {
- r = -E2BIG;
+ asprintf(&b->address, "kernel:path=/dev/kdbus/%lu-user/bus;unix:path=%s/bus", (unsigned long) getuid(), ee);
+ } else
+ asprintf(&b->address, "kernel:path=/dev/kdbus/%lu-user/bus", (unsigned long) getuid());
+
+ if (!b->address) {
+ r = -ENOMEM;
goto fail;
}
-
- b->sockaddr.un.sun_family = AF_UNIX;
- memcpy(mempcpy(b->sockaddr.un.sun_path, e, l), "/bus", 4);
- b->sockaddr_size = offsetof(struct sockaddr_un, sun_path) + l + 4;
}
b->bus_client = true;
/* Prepare the manager. */
assert_se(set_unit_path(TEST_DIR) >= 0);
- r = manager_new(SYSTEMD_USER, false, &m);
+ r = manager_new(SYSTEMD_USER, &m);
if (r == -EPERM || r == -EACCES) {
puts("manager_new: Permission denied. Skipping test.");
return EXIT_TEST_SKIP;
assert_se(set_unit_path("test") >= 0);
- assert_se(manager_new(SYSTEMD_SYSTEM, false, &m) >= 0);
+ assert_se(manager_new(SYSTEMD_SYSTEM, &m) >= 0);
printf("Load1:\n");
assert_se(manager_load_unit(m, "a.service", NULL, NULL, &a) >= 0);
/* prepare the test */
assert_se(set_unit_path(TEST_DIR) >= 0);
- r = manager_new(SYSTEMD_USER, false, &m);
+ r = manager_new(SYSTEMD_USER, &m);
if (r == -EPERM || r == -EACCES || r == -EADDRINUSE || r == -EHOSTDOWN) {
printf("Skipping test: manager_new: %s", strerror(-r));
return EXIT_TEST_SKIP;
assert_se((root = getpwnam("root")));
assert_se(asprintf(&root_uid, "%d", (int) root->pw_uid) > 0);
- r = manager_new(SYSTEMD_USER, false, &m);
+ r = manager_new(SYSTEMD_USER, &m);
if (r == -EPERM || r == -EACCES || r == -EADDRINUSE) {
puts("manager_new: Permission denied. Skipping test.");
return EXIT_TEST_SKIP;