Lennart Poettering [Tue, 19 May 2009 20:34:43 +0000 (22:34 +0200)]
byteswap: make use of glibc specific bytswap primitives
glibc knows three bswap_{16|32|64}() calls that internally make use of a
gcc extension to implement faster byteswapping. We should make use of it
if we can.
Lennart Poettering [Tue, 19 May 2009 20:30:14 +0000 (22:30 +0200)]
atomic: implement atomic operations based on gcc's __sync extension
Newer gccs and intel ccs support a __sync extension for making use of
atomic operations. This patch replaces the handcrafted x86 atomic
operation support with usage of __sync.
__sync is supported by more processors and by more compilers than the
old assembler code. Also, this extension has been available on gcc for
quite a while now for x86, so replacing the old assembler code should
only be a loss when very old compiilers are used.
Lennart Poettering [Tue, 12 May 2009 23:56:54 +0000 (01:56 +0200)]
git: enable whitespace checking commit hook during in autogen.sh
Trailing whitespace sucks. This change modifies autogen.sh to activate
the example pre-commit that ships with git. It will make sure that from
then on no further commits with trailing whitespace can be made
Lennart Poettering [Mon, 4 May 2009 22:01:50 +0000 (00:01 +0200)]
memset: replace memset() by _DBUS_ZERO where applicable
Lennart Poettering [Fri, 24 Apr 2009 02:38:27 +0000 (04:38 +0200)]
auth: add fd passing negotiation support
This adds two new directives to the auth protocol:
NEGOTIATE_UNIX_FD is sent by the client after the authentication was
sucessful, i.e. OK was received.
AGREE_UNIX_FD is then sent by the server if it can do unix fd passing as
well.
ERROR is returned when the server cannot or is unwilling to do unix fd
passing.
This should be compatible with existing D-Bus implementations which will
naturally return ERROR on NEGOTIATE_UNIX_FD.
Lennart Poettering [Wed, 6 May 2009 01:41:50 +0000 (03:41 +0200)]
cloexec: set all sockets that are created with SOCK_CLOEXEC
Since all socket users enable FD_CLOEXEC anyway we can just do that in
_dbus_open_socket() and be done with it for all cases. By side effect
this allows us to use SOCK_CLOEXEC and hence close the CLOEXEC race.
Lennart Poettering [Wed, 22 Apr 2009 02:45:46 +0000 (04:45 +0200)]
cloexec: make use of pipe2(O_CLOEXEC) when available
This should fix another CLOEXEC race.
Lennart Poettering [Wed, 22 Apr 2009 02:43:31 +0000 (04:43 +0200)]
build-system: define _GNU_SOURCE centrally
Instead of having everyone define _GNU_SOURCE and similar macros
seperately, simply do so centrally by using AC_USE_SYSTEM_EXTENSIONS
Lennart Poettering [Wed, 22 Apr 2009 02:22:51 +0000 (04:22 +0200)]
cloexec: set FD_CLOEXEC for all full duplex pipes
All users of full duplex pipes enable FD_CLOEXEC later anyway so let's
just do it as part of _dbus_full_duplex_pipe. By side effect this allows
to make use of SOCK_CLOEXEC which fixes a race when forking/execing from
a different thread at the same time as we ar in this function.
Lennart Poettering [Wed, 22 Apr 2009 02:07:01 +0000 (04:07 +0200)]
unix-fd: add test for passing unix fds
This adds a full test for passing multiple fds across a D-Bus
connection.
Lennart Poettering [Wed, 22 Apr 2009 02:01:01 +0000 (04:01 +0200)]
unix-fd: when sending a message with unix fds verify that the connection can do it
Not all of the send function flavours allow returning proper error
codes. For the cases where this is not easily possible the client should
call dbus_connection_can_send_type() first.
Lennart Poettering [Wed, 22 Apr 2009 01:56:18 +0000 (03:56 +0200)]
unix-fd: introduce dbus_connection_can_send_type()
This is just a wrapper around _dbus_transport_can_pass_unix_fd() however
it is more generic.
The reason for keeping this generic is to ease later addition of more
types without having to add a new API for that.
Lennart Poettering [Wed, 22 Apr 2009 01:41:05 +0000 (03:41 +0200)]
unix-fd: add message encoding/decoding for unix fds
When appending unix fds to the message a new entry in the fd array will
be allocated and the index to it will be written to the message payload.
When parsing unix fds from the message the index will be read from the
payload and then looked up in the fd array.
When we read fds we put them in a queue first. Since each message knows
how many fds are attached to it we will then pop enough fds from this
queue each time we decode a message from the stream.
This should make sending and receiving more portable since we don't make
any strong requirements on the exact semantics of the SCM_RIGHTS
implementation: as long as fds are recieved in order, none or lost and
the arrive at the same time as at least one byte from the actual message
dat we should be able to handle them correctly.
Lennart Poettering [Wed, 22 Apr 2009 01:31:20 +0000 (03:31 +0200)]
unix-fd: add basic marshalling code for unix fds
This is actually pretty boring since we store our fds as indexes that
are stored as uint32_t's.
Lennart Poettering [Wed, 22 Apr 2009 01:32:35 +0000 (03:32 +0200)]
unix-fd: introduce basic protocol definitions
We introduce a new type code for the unix fds. The data stored in unix
fd fields will be an integer index into the array of fds that are
attached to a specific message. We also introduce a new header field
that stores how many fds belong to the message. And finally we introduce
a new error for messages where the payload and the meta data (i.e. unix
fds read for it) don't match up.
Lennart Poettering [Wed, 22 Apr 2009 01:20:27 +0000 (03:20 +0200)]
sysdeps-unix: add basic IO primitives for unix fd passing
This introduces three new functions:
_dbus_read_socket_with_unix_fds
_dbus_write_socket_with_unix_fds
_dbus_read_socket_with_unix_fds_two
These work exactly like their counterpart sans 'with_unix_fds' except
that they also send/recieve file descriptors along with the actual
payload data.
Lennart Poettering [Wed, 22 Apr 2009 01:14:42 +0000 (03:14 +0200)]
sysdeps-unix: introduce _dbus_socket_can_pass_unix_fd()
This function can be used to check if a socket can be used to pass file
descriptors. On platforms that don't support this at all this is
hardcoded to return FALSE.
Lennart Poettering [Wed, 22 Apr 2009 01:08:48 +0000 (03:08 +0200)]
sysdeps-unix: introduce _dbus_dup()
This is a simple wrapper around dup()-like functionality.
Also handles CLOEXEC and makes sure we don't interfere with the standard
I/O file descriptors 0, 1 and 2.
Lennart Poettering [Wed, 22 Apr 2009 01:05:39 +0000 (03:05 +0200)]
sysdeps-unix: if MSG_NOSIGNAL is available don't touch SIGPIPE by default
If we can use MSG_NOSIGNAL we don't have to play games with SIGPIPE
Lennart Poettering [Wed, 22 Apr 2009 00:54:23 +0000 (02:54 +0200)]
sysdeps-unix: Use MSG_NOSIGNAL when available
On Linux send()/sendmsg() know the special flag MSG_NOSIGNAL which if
set makes sure that no SIGPIPE signal is raised when we write to a
socket that has been disconnected.
By using this flag we don't have to play games with SIGPIPE which is
pretty ugly stuff since it touches the global process context.
Lennart Poettering [Wed, 22 Apr 2009 00:48:58 +0000 (02:48 +0200)]
memory: remove semicolons from macros
Due to some unknown reasons the dbus_new() macros had a semicolon at the
end which makes it impossible to use them in some situations.
Lennart Poettering [Wed, 22 Apr 2009 00:46:35 +0000 (02:46 +0200)]
build-system: get rid of config.h inclusion checks
These header files include config.h explicitly anyway. These checks are
hence pointless.
Of course one could argue that including config.h from header files
sucks, but D-Bus generally seems not to have a problem with that, so
let's unify this.
Thiago Macieira [Wed, 13 May 2009 13:52:26 +0000 (15:52 +0200)]
Merge branch 'dbus-1.2'
Thiago Macieira [Wed, 13 May 2009 13:52:18 +0000 (15:52 +0200)]
Merge branch 'dbus-1.2'
Conflicts:
dbus/dbus-sysdeps-util-unix.c
Marc Mutz [Wed, 7 Jan 2009 11:46:53 +0000 (12:46 +0100)]
configure.in: fail abstract socket test gracefully when cross-compiling
* configure.in: only run AC_CACHE_CHECK if enable_abstract_sockets=auto
* configure.in: warn that, when cross-compiling, we're unable to detect
abstract sockets availability automatically
Signed-off-by: Thiago Macieira <thiago@kde.org>
Marc Mutz [Fri, 17 Apr 2009 14:23:42 +0000 (16:23 +0200)]
configure.in: not all gccs support -Wno-pointer-sign
Signed-off-by: Thiago Macieira <thiago@kde.org>
Colin Walters [Mon, 27 Apr 2009 16:13:25 +0000 (12:13 -0400)]
Release 1.2.14
Eamon Walsh [Tue, 21 Apr 2009 23:11:22 +0000 (19:11 -0400)]
libselinux behavior in permissive mode wrt invalid domains
Stephen Smalley wrote:
> On Tue, 2009-04-21 at 16:32 -0400, Joshua Brindle wrote:
>
>> Stephen Smalley wrote:
>>
>>> On Thu, 2009-04-16 at 20:47 -0400, Eamon Walsh wrote:
>>>
>>>> Stephen Smalley wrote:
>>>>
>> <snip>
>>
>>
>>> No, I don't want to change the behavior upon context_to_sid calls in
>>> general, as we otherwise lose all context validity checking in
>>> permissive mode.
>>>
>>> I think I'd rather change compute_sid behavior to preclude the situation
>>> from arising in the first place, possibly altering the behavior in
>>> permissive mode upon an invalid context to fall back on the ssid
>>> (process) or the tsid (object). But I'm not entirely convinced any
>>> change is required here.
>>>
>>>
>> I just want to follow up to make sure we are all on the same page here. Was the
>> suggestion to change avc_has_perm in libselinux or context_to_sid in the kernel
>> or leave the code as is and fix the callers of avc_has_perm to correctly handle
>> error codes?
>>
>> I prefer the last approach because of Eamon's explanation, EINVAL is already
>> passed in errno to specify the context was invalid (and if object managers
>> aren't handling that correctly now there is a good chance they aren't handling
>> the ENOMEM case either).
>>
>
> I'd be inclined to change compute_sid (not context_to_sid) in the kernel
> to prevent invalid contexts from being formed even in permissive mode
> (scenario is a type transition where role is not authorized for the new
> type). That was originally to allow the system to boot in permissive
> mode. But an alternative would be to just stay in the caller's context
> (ssid) in that situation.
>
> Changing the callers of avc_has_perm() to handle EINVAL and/or ENOMEM
> may make sense, but that logic should not depend on enforcing vs.
> permissive mode.
>
>
FWIW, the following patch to D-Bus should help:
bfo21072 - Log SELinux denials better by checking errno for the cause
Note that this does not fully address the bug report since
EINVAL can still be returned in permissive mode. However the log
messages will now reflect the proper cause of the denial.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Colin Walters <walters@verbum.org>
Federico Mena Quintero [Wed, 18 Mar 2009 22:17:00 +0000 (16:17 -0600)]
bfo20738 - Return a useful error message from dbus_signature_validate()
Signed-off-by: Federico Mena Quintero <federico@novell.com>
Federico Mena Quintero [Wed, 18 Mar 2009 22:15:23 +0000 (16:15 -0600)]
bfo20738 - Translate DBusValidity into error message
Signed-off-by: Federico Mena Quintero <federico@novell.com>
William Lachance [Tue, 21 Apr 2009 17:51:46 +0000 (13:51 -0400)]
Bug 19567 - Make marshaling code usable without DBusConnection
Some projects want to reuse the DBus message format, without
actually going through a DBusConnection. This set of changes
makes a few functions from DBusMessage public, and adds a new
function to determine the number of bytes needed to demarshal
a message.
Signed-off-by: Colin Walters <walters@verbum.org>
Colin Walters [Tue, 21 Apr 2009 17:11:54 +0000 (13:11 -0400)]
Followup Bug 19502 - Don't attempt to init va_list, not portable
Kjartan Maraas [Tue, 21 Apr 2009 16:52:22 +0000 (12:52 -0400)]
Bug 19502 - Sparse warning cleanups
This patch makes various things that should be static static,
corrects some "return FALSE" where it should be NULL, etc.
Signed-off-by: Colin Walters <walters@verbum.org>
Eamon Walsh [Fri, 20 Mar 2009 04:26:42 +0000 (00:26 -0400)]
dbus-launch: use InputOnly X window
Working on SELinux policy for X, and came across this issue in dbus-launch:
Windows created for use as property/selection placeholders should be of
class InputOnly, since no drawing is ever done to them.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Thiago Macieira <thiago@kde.org>
Johan Gyllenspetz [Tue, 17 Mar 2009 21:26:03 +0000 (17:26 -0400)]
Bug 20494 - Fix signed confusion for dbus_message_get_reply_serial return
We were incorrectly converting the serial to a signed integer
and comparing it to -1.
Signed-off-by: Colin Walters <walters@verbum.org>
Colin Walters [Wed, 25 Feb 2009 16:10:15 +0000 (11:10 -0500)]
Bug 20137 - Fix alignment usage when demarshaling basics
We can't safely type-pun from e.g. char * to DBusBasicValue *, because
the latter has higher alignment requirements. Instead, create an
explicit pointer for each case.
Also, we mark each one volatile to sidestep strict aliasing issues, for
the future when we turn on strict aliasing support.
Original patch and review from Jay Estabrook <jay.estabrook@hp.com>.
Colin Walters [Thu, 12 Mar 2009 14:31:54 +0000 (10:31 -0400)]
Always append closing quote in log command
Patch suggested by Tomas Hoger <thoger@redhat.com>
Colin Walters [Wed, 1 Apr 2009 16:02:00 +0000 (12:02 -0400)]
Bug 17803 - Fix both test case and validation logic
The previous commit had errors in both the test case and
the validation logic. The test case was missing a trailing
comma before the previous one, so we weren't testing the
signature we thought we were.
The validation logic was wrong because if the type was not valid,
we'd drop through the entire if clause, and thus skip returning
an error code, and accept the signature.
Thiago Macieira [Tue, 28 Apr 2009 13:16:36 +0000 (15:16 +0200)]
Merge branch 'dbus-1.2'
Conflicts:
bus/bus.c
bus/config-parser-common.c
bus/config-parser-common.h
bus/config-parser.c
bus/connection.c
bus/dbus-daemon.1.in
dbus/dbus-marshal-validate-util.c
dbus/dbus-marshal-validate.c
dbus/dbus-sysdeps-util-unix.c
test/name-test/tmp-session-like-system.conf
Marc Mutz [Mon, 20 Apr 2009 11:47:59 +0000 (13:47 +0200)]
configure.in: fix help string alignment
* AC_ARG_ENABLE(libaudit: use AS_HELP_STRING for aligned help messages
Signed-off-by: Thiago Macieira <thiago@kde.org>
(cherry picked from commit
660073925b03cad2f6e95ba9f25a81c2d9727185)
Eamon Walsh [Tue, 21 Apr 2009 23:11:22 +0000 (19:11 -0400)]
libselinux behavior in permissive mode wrt invalid domains
Stephen Smalley wrote:
> On Tue, 2009-04-21 at 16:32 -0400, Joshua Brindle wrote:
>
>> Stephen Smalley wrote:
>>
>>> On Thu, 2009-04-16 at 20:47 -0400, Eamon Walsh wrote:
>>>
>>>> Stephen Smalley wrote:
>>>>
>> <snip>
>>
>>
>>> No, I don't want to change the behavior upon context_to_sid calls in
>>> general, as we otherwise lose all context validity checking in
>>> permissive mode.
>>>
>>> I think I'd rather change compute_sid behavior to preclude the situation
>>> from arising in the first place, possibly altering the behavior in
>>> permissive mode upon an invalid context to fall back on the ssid
>>> (process) or the tsid (object). But I'm not entirely convinced any
>>> change is required here.
>>>
>>>
>> I just want to follow up to make sure we are all on the same page here. Was the
>> suggestion to change avc_has_perm in libselinux or context_to_sid in the kernel
>> or leave the code as is and fix the callers of avc_has_perm to correctly handle
>> error codes?
>>
>> I prefer the last approach because of Eamon's explanation, EINVAL is already
>> passed in errno to specify the context was invalid (and if object managers
>> aren't handling that correctly now there is a good chance they aren't handling
>> the ENOMEM case either).
>>
>
> I'd be inclined to change compute_sid (not context_to_sid) in the kernel
> to prevent invalid contexts from being formed even in permissive mode
> (scenario is a type transition where role is not authorized for the new
> type). That was originally to allow the system to boot in permissive
> mode. But an alternative would be to just stay in the caller's context
> (ssid) in that situation.
>
> Changing the callers of avc_has_perm() to handle EINVAL and/or ENOMEM
> may make sense, but that logic should not depend on enforcing vs.
> permissive mode.
>
>
FWIW, the following patch to D-Bus should help:
bfo21072 - Log SELinux denials better by checking errno for the cause
Note that this does not fully address the bug report since
EINVAL can still be returned in permissive mode. However the log
messages will now reflect the proper cause of the denial.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Colin Walters <walters@verbum.org>
Federico Mena Quintero [Wed, 18 Mar 2009 22:17:00 +0000 (16:17 -0600)]
bfo20738 - Return a useful error message from dbus_signature_validate()
Signed-off-by: Federico Mena Quintero <federico@novell.com>
Federico Mena Quintero [Wed, 18 Mar 2009 22:15:23 +0000 (16:15 -0600)]
bfo20738 - Translate DBusValidity into error message
Signed-off-by: Federico Mena Quintero <federico@novell.com>
William Lachance [Tue, 21 Apr 2009 17:51:46 +0000 (13:51 -0400)]
Bug 19567 - Make marshaling code usable without DBusConnection
Some projects want to reuse the DBus message format, without
actually going through a DBusConnection. This set of changes
makes a few functions from DBusMessage public, and adds a new
function to determine the number of bytes needed to demarshal
a message.
Signed-off-by: Colin Walters <walters@verbum.org>
Colin Walters [Tue, 21 Apr 2009 17:11:54 +0000 (13:11 -0400)]
Followup Bug 19502 - Don't attempt to init va_list, not portable
Kjartan Maraas [Tue, 21 Apr 2009 16:52:22 +0000 (12:52 -0400)]
Bug 19502 - Sparse warning cleanups
This patch makes various things that should be static static,
corrects some "return FALSE" where it should be NULL, etc.
Signed-off-by: Colin Walters <walters@verbum.org>
Thiago Macieira [Tue, 21 Apr 2009 11:00:50 +0000 (13:00 +0200)]
Merge branch 'dbus-1.2'
Marc Mutz [Mon, 20 Apr 2009 11:47:59 +0000 (13:47 +0200)]
configure.in: fix help string alignment
* AC_ARG_ENABLE(libaudit: use AS_HELP_STRING for aligned help messages
Signed-off-by: Thiago Macieira <thiago@kde.org>
(cherry picked from commit
660073925b03cad2f6e95ba9f25a81c2d9727185)
Marc Mutz [Mon, 20 Apr 2009 11:47:59 +0000 (13:47 +0200)]
configure.in: fix help string alignment
* AC_ARG_ENABLE(libaudit: use AS_HELP_STRING for aligned help messages
Signed-off-by: Thiago Macieira <thiago@kde.org>
Colin Walters [Wed, 1 Apr 2009 16:02:00 +0000 (12:02 -0400)]
Bug 17803 - Fix both test case and validation logic
The previous commit had errors in both the test case and
the validation logic. The test case was missing a trailing
comma before the previous one, so we weren't testing the
signature we thought we were.
The validation logic was wrong because if the type was not valid,
we'd drop through the entire if clause, and thus skip returning
an error code, and accept the signature.
Eamon Walsh [Fri, 20 Mar 2009 04:26:42 +0000 (00:26 -0400)]
dbus-launch: use InputOnly X window
Working on SELinux policy for X, and came across this issue in dbus-launch:
Windows created for use as property/selection placeholders should be of
class InputOnly, since no drawing is ever done to them.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Thiago Macieira <thiago@kde.org>
Johan Gyllenspetz [Tue, 17 Mar 2009 21:26:03 +0000 (17:26 -0400)]
Bug 20494 - Fix signed confusion for dbus_message_get_reply_serial return
We were incorrectly converting the serial to a signed integer
and comparing it to -1.
Signed-off-by: Colin Walters <walters@verbum.org>
Colin Walters [Wed, 25 Feb 2009 16:10:15 +0000 (11:10 -0500)]
Bug 20137 - Fix alignment usage when demarshaling basics
We can't safely type-pun from e.g. char * to DBusBasicValue *, because
the latter has higher alignment requirements. Instead, create an
explicit pointer for each case.
Also, we mark each one volatile to sidestep strict aliasing issues, for
the future when we turn on strict aliasing support.
Original patch and review from Jay Estabrook <jay.estabrook@hp.com>.
Colin Walters [Thu, 12 Mar 2009 14:31:54 +0000 (10:31 -0400)]
Always append closing quote in log command
Patch suggested by Tomas Hoger <thoger@redhat.com>
Xan Lopez [Mon, 14 Apr 2008 12:46:33 +0000 (15:46 +0300)]
Fix typo in docs.
Xan Lopez [Mon, 14 Apr 2008 12:46:33 +0000 (15:46 +0300)]
Fix typo in docs.
Colin Walters [Wed, 7 Jan 2009 00:36:11 +0000 (19:36 -0500)]
Bump for unstable cycle
Colin Walters [Wed, 7 Jan 2009 00:35:55 +0000 (19:35 -0500)]
Release 1.2.12.
Colin Walters [Tue, 23 Sep 2008 18:56:41 +0000 (14:56 -0400)]
Add Scott to HACKING
Colin Walters [Mon, 11 Aug 2008 20:50:39 +0000 (16:50 -0400)]
Bug 17060: Explicitly hard fail if expat is not available
* configure.in: Tweak libxml/expat detection and handling.
Lionel Landwerlin [Sat, 18 Oct 2008 18:25:52 +0000 (14:25 -0400)]
Bug 17969: Don't test for abstract sockets if explicitly disabled
Signed-off-by: Colin Walters <walters@verbum.org>
Jon Gosting [Tue, 11 Nov 2008 04:29:05 +0000 (23:29 -0500)]
Bug 18064 - more efficient validation for fixed-size type arrays
* dbus/dbus-marshal-validate.c: If an array is fixed size,
skip validation
Signed-off-by: Colin Walters <walters@verbum.org>
James Carter [Wed, 1 Oct 2008 20:40:33 +0000 (16:40 -0400)]
Initialize AVC earlier so we can look up service security contexts
* bus/bus.c: Initialize AVC earlier:
http://lists.freedesktop.org/archives/dbus/2008-October/010493.html
Signed-off-by: Colin Walters <walters@verbum.org>
Michael Meeks [Fri, 29 Aug 2008 12:48:45 +0000 (08:48 -0400)]
Print serial in dbus-monitor
* tools/dbus-print-message.c: Print serial too.
Signed-off-by: Colin Walters <walters@verbum.org>
Tor Lillqvist [Thu, 18 Sep 2008 23:40:50 +0000 (19:40 -0400)]
[win32] Protect usage of SIGHUP with #ifdef
Signed-off-by: Colin Walters <walters@verbum.org>
Lawrence R. Steeger [Sat, 18 Oct 2008 18:50:49 +0000 (14:50 -0400)]
Bug 15412: Add --address option to dbus-send
Signed-off-by: Colin Walters <walters@verbum.org>
Matt McCutchen [Mon, 10 Nov 2008 13:55:27 +0000 (08:55 -0500)]
Bug 18446: Keep umask for session bus
Signed-off-by: Colin Walters <walters@verbum.org>
Diego E. 'Flameeyes' Pettenò [Sun, 4 Jan 2009 00:16:50 +0000 (01:16 +0100)]
Fix cross-compiling with autotools.
The AC_CANONICAL_TARGET macro and the $target_os variables are used for the
target of compilers and other code-generation tools, and should not be used
during cross-compile of generic software. Replace them with
AC_CANONICAL_HOST and $host_os instead, as they should have been from the
start.
For a breakdown of what host, build and target machines are, please see
http://blog.flameeyes.eu/s/canonical-target .
Peter Breitenlohner [Tue, 6 Jan 2009 21:48:39 +0000 (16:48 -0500)]
Avoid possible use of uninitialized variable
Signed-off-by: Colin Walters <walters@verbum.org>
Colin Walters [Sat, 20 Dec 2008 01:02:14 +0000 (20:02 -0500)]
Enable -Werror by default with --enable-maintainer-mode, and change warnings
Important compiler warnings were being lost in the noise from warnings
we know about but aren't problems, and moreover made using -Werror
difficult. Now we expect *all* developers and testers to be using
-Werror.
Colin Walters [Fri, 19 Dec 2008 23:54:59 +0000 (18:54 -0500)]
Various compiler warning fixes
Colin Walters [Tue, 6 Jan 2009 22:34:20 +0000 (17:34 -0500)]
Bug 19307: Add missing syslog include
Diego E. 'Flameeyes' Pettenò [Sun, 4 Jan 2009 00:16:50 +0000 (01:16 +0100)]
Fix cross-compiling with autotools.
The AC_CANONICAL_TARGET macro and the $target_os variables are used for the
target of compilers and other code-generation tools, and should not be used
during cross-compile of generic software. Replace them with
AC_CANONICAL_HOST and $host_os instead, as they should have been from the
start.
For a breakdown of what host, build and target machines are, please see
http://blog.flameeyes.eu/s/canonical-target .
Peter Breitenlohner [Tue, 6 Jan 2009 21:48:39 +0000 (16:48 -0500)]
Avoid possible use of uninitialized variable
Signed-off-by: Colin Walters <walters@verbum.org>
Colin Walters [Sat, 20 Dec 2008 01:02:14 +0000 (20:02 -0500)]
Enable -Werror by default with --enable-maintainer-mode, and change warnings
Important compiler warnings were being lost in the noise from warnings
we know about but aren't problems, and moreover made using -Werror
difficult. Now we expect *all* developers and testers to be using
-Werror.
Colin Walters [Fri, 19 Dec 2008 23:54:59 +0000 (18:54 -0500)]
Various compiler warning fixes
Colin Walters [Fri, 19 Dec 2008 20:17:49 +0000 (15:17 -0500)]
Bump for unstable cycle
Colin Walters [Fri, 19 Dec 2008 20:17:24 +0000 (15:17 -0500)]
Release 1.2.10
Colin Walters [Thu, 18 Dec 2008 00:29:39 +0000 (19:29 -0500)]
Add requested_reply to send denials, and connection loginfo to "would deny"
The requested_reply field is necessary in send denials too because
it's used in the policy language. The connection loginfo lack in
"would deny" was just an oversight.
Colin Walters [Wed, 17 Dec 2008 21:01:28 +0000 (16:01 -0500)]
Add uid, pid, and command to security logs
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
Colin Walters [Fri, 12 Dec 2008 19:50:21 +0000 (14:50 -0500)]
Clean up and clarify default system policy
The former was too reliant on old bugs and was generally unclear.
This one makes explicit exactly what is allowed and not.
Colin Walters [Thu, 18 Dec 2008 00:29:39 +0000 (19:29 -0500)]
Add requested_reply to send denials, and connection loginfo to "would deny"
The requested_reply field is necessary in send denials too because
it's used in the policy language. The connection loginfo lack in
"would deny" was just an oversight.
Colin Walters [Wed, 17 Dec 2008 21:01:28 +0000 (16:01 -0500)]
Add uid, pid, and command to security logs
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
Colin Walters [Tue, 16 Dec 2008 17:29:04 +0000 (12:29 -0500)]
Colin Walters [Tue, 16 Dec 2008 16:57:27 +0000 (11:57 -0500)]
Add optional logging on allow rules
This lets us have a backwards compatibility allow rule but still easily
see when that rule is being used.
Colin Walters [Tue, 16 Dec 2008 16:57:27 +0000 (11:57 -0500)]
Add optional logging on allow rules
This lets us have a backwards compatibility allow rule but still easily
see when that rule is being used.
Colin Walters [Fri, 12 Dec 2008 21:58:06 +0000 (16:58 -0500)]
Add message type to security syslog entries
It's part of the security check, we should have it in the log.
Colin Walters [Fri, 12 Dec 2008 21:58:06 +0000 (16:58 -0500)]
Add message type to security syslog entries
It's part of the security check, we should have it in the log.
Colin Walters [Wed, 10 Dec 2008 19:17:02 +0000 (14:17 -0500)]
Add syslog of security denials and configuration file reloads
We need to start logging denials so that they become more easily trackable
and debuggable.
Colin Walters [Fri, 12 Dec 2008 19:50:21 +0000 (14:50 -0500)]
Clean up and clarify default system policy
The former was too reliant on old bugs and was generally unclear.
This one makes explicit exactly what is allowed and not.
Colin Walters [Wed, 10 Dec 2008 19:17:02 +0000 (14:17 -0500)]
Add syslog of security denials and configuration file reloads
We need to start logging denials so that they become more easily trackable
and debuggable.
Colin Walters [Tue, 9 Dec 2008 15:47:25 +0000 (10:47 -0500)]
Bump version for unstable cycle
Colin Walters [Tue, 9 Dec 2008 15:46:41 +0000 (10:46 -0500)]
Release 1.2.8
Colin Walters [Tue, 9 Dec 2008 15:15:49 +0000 (10:15 -0500)]
Another manpage update explicitly mentioning bare send_interface
We need to fix all of the bare send_interface rules; see:
https://bugs.freedesktop.org/show_bug.cgi?id=18961
Colin Walters [Tue, 9 Dec 2008 14:18:49 +0000 (09:18 -0500)]
Add at_console docs to manpage, as well as brief <policy> foreward
We need some sort of general advice here.
Colin Walters [Tue, 9 Dec 2008 14:15:06 +0000 (09:15 -0500)]
Bug 18229: Allow signals
Our previous fix went too far towards lockdown; many things rely
on signals to work, and there's no really good reason to restrict
which signals can be emitted on the bus because we can't tie
them to a particular sender.
Colin Walters [Tue, 9 Dec 2008 15:15:49 +0000 (10:15 -0500)]
Another manpage update explicitly mentioning bare send_interface
We need to fix all of the bare send_interface rules; see:
https://bugs.freedesktop.org/show_bug.cgi?id=18961
Colin Walters [Tue, 9 Dec 2008 14:18:49 +0000 (09:18 -0500)]
Add at_console docs to manpage, as well as brief <policy> foreward
We need some sort of general advice here.
Colin Walters [Tue, 9 Dec 2008 14:17:14 +0000 (09:17 -0500)]
Merge branch 'manpage'
Colin Walters [Tue, 9 Dec 2008 14:15:06 +0000 (09:15 -0500)]
Bug 18229: Allow signals
Our previous fix went too far towards lockdown; many things rely
on signals to work, and there's no really good reason to restrict
which signals can be emitted on the bus because we can't tie
them to a particular sender.