mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-11 05:17:44 +03:00
bus-proxy: read the right policy when running in user mode
This commit is contained in:
parent
638ca89c53
commit
2e2b36084a
@ -83,6 +83,8 @@ static int file_load(Policy *p, const char *path) {
|
||||
if (r < 0) {
|
||||
if (r == -ENOENT)
|
||||
return 0;
|
||||
if (r == -EISDIR)
|
||||
return r;
|
||||
|
||||
log_error("Failed to load %s: %s", path, strerror(-r));
|
||||
return r;
|
||||
@ -513,25 +515,32 @@ static int file_load(Policy *p, const char *path) {
|
||||
}
|
||||
}
|
||||
|
||||
int policy_load(Policy *p) {
|
||||
_cleanup_strv_free_ char **l = NULL;
|
||||
int policy_load(Policy *p, char **files) {
|
||||
char **i;
|
||||
int r;
|
||||
|
||||
assert(p);
|
||||
|
||||
file_load(p, "/etc/dbus-1/system.conf");
|
||||
file_load(p, "/etc/dbus-1/system-local.conf");
|
||||
STRV_FOREACH(i, files) {
|
||||
|
||||
r = conf_files_list(&l, ".conf", NULL, "/etc/dbus-1/system.d/", NULL);
|
||||
if (r < 0) {
|
||||
log_error("Failed to get configuration file list: %s", strerror(-r));
|
||||
return r;
|
||||
r = file_load(p, *i);
|
||||
if (r == -EISDIR) {
|
||||
_cleanup_strv_free_ char **l = NULL;
|
||||
char **j;
|
||||
|
||||
r = conf_files_list(&l, ".conf", NULL, *i, NULL);
|
||||
if (r < 0) {
|
||||
log_error("Failed to get configuration file list: %s", strerror(-r));
|
||||
return r;
|
||||
}
|
||||
|
||||
STRV_FOREACH(j, l)
|
||||
file_load(p, *j);
|
||||
}
|
||||
|
||||
/* We ignore all errors but EISDIR, and just proceed. */
|
||||
}
|
||||
|
||||
STRV_FOREACH(i, l)
|
||||
file_load(p, *i);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -72,7 +72,7 @@ typedef struct Policy {
|
||||
Hashmap *group_items;
|
||||
} Policy;
|
||||
|
||||
int policy_load(Policy *p);
|
||||
int policy_load(Policy *p, char **files);
|
||||
void policy_free(Policy *p);
|
||||
|
||||
void policy_dump(Policy *p);
|
||||
|
@ -47,19 +47,21 @@
|
||||
#include "capability.h"
|
||||
#include "bus-policy.h"
|
||||
|
||||
static const char *arg_address = DEFAULT_SYSTEM_BUS_PATH;
|
||||
static const char *arg_address = KERNEL_SYSTEM_BUS_PATH;
|
||||
static char *arg_command_line_buffer = NULL;
|
||||
static bool arg_drop_privileges = false;
|
||||
static char **arg_configuration = NULL;
|
||||
|
||||
static int help(void) {
|
||||
|
||||
printf("%s [OPTIONS...]\n\n"
|
||||
"Connect STDIO or a socket to a given bus address.\n\n"
|
||||
" -h --help Show this help\n"
|
||||
" --version Show package version\n"
|
||||
" --drop-privileges Drop privileges\n"
|
||||
" --address=ADDRESS Connect to the bus specified by ADDRESS\n"
|
||||
" (default: " DEFAULT_SYSTEM_BUS_PATH ")\n",
|
||||
" -h --help Show this help\n"
|
||||
" --version Show package version\n"
|
||||
" --drop-privileges Drop privileges\n"
|
||||
" --configuration=PATH Configuration file or directory\n"
|
||||
" --address=ADDRESS Connect to the bus specified by ADDRESS\n"
|
||||
" (default: " KERNEL_SYSTEM_BUS_PATH ")\n",
|
||||
program_invocation_short_name);
|
||||
|
||||
return 0;
|
||||
@ -71,6 +73,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
ARG_VERSION = 0x100,
|
||||
ARG_ADDRESS,
|
||||
ARG_DROP_PRIVILEGES,
|
||||
ARG_CONFIGURATION,
|
||||
};
|
||||
|
||||
static const struct option options[] = {
|
||||
@ -78,10 +81,11 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
{ "version", no_argument, NULL, ARG_VERSION },
|
||||
{ "address", required_argument, NULL, ARG_ADDRESS },
|
||||
{ "drop-privileges", no_argument, NULL, ARG_DROP_PRIVILEGES },
|
||||
{ "configuration", required_argument, NULL, ARG_CONFIGURATION },
|
||||
{ NULL, 0, NULL, 0 },
|
||||
};
|
||||
|
||||
int c;
|
||||
int c, r;
|
||||
|
||||
assert(argc >= 0);
|
||||
assert(argv);
|
||||
@ -107,6 +111,12 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
arg_drop_privileges = true;
|
||||
break;
|
||||
|
||||
case ARG_CONFIGURATION:
|
||||
r = strv_extend(&arg_configuration, optarg);
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
break;
|
||||
|
||||
case '?':
|
||||
return -EINVAL;
|
||||
|
||||
@ -1054,7 +1064,7 @@ int main(int argc, char *argv[]) {
|
||||
if (r <= 0)
|
||||
goto finish;
|
||||
|
||||
r = policy_load(&policy);
|
||||
r = policy_load(&policy, arg_configuration);
|
||||
if (r < 0) {
|
||||
log_error("Failed to load policy: %s", strerror(-r));
|
||||
goto finish;
|
||||
@ -1425,6 +1435,7 @@ finish:
|
||||
sd_bus_flush(b);
|
||||
|
||||
policy_free(&policy);
|
||||
strv_free(arg_configuration);
|
||||
|
||||
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
|
||||
}
|
||||
|
@ -12,7 +12,7 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
|
||||
# The first argument will be replaced by the service by information on
|
||||
# the process requesting the proxy, we need a placeholder to keep the
|
||||
# space available for this.
|
||||
ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges --address=kernel:path=/dev/kdbus/0-system/bus --configuration=/etc/dbus-1/system.conf --configuration=/etc/dbus-1/system-local.conf --configuration=/etc/dbus-1/system.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
NotifyAccess=main
|
||||
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
|
||||
PrivateTmp=yes
|
||||
|
@ -12,5 +12,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
|
||||
# The first argument will be replaced by the service by information on
|
||||
# the process requesting the proxy, we need a placeholder to keep the
|
||||
# space available for this.
|
||||
ExecStart=@rootlibexecdir@/systemd-bus-proxyd --address=kernel:path=/dev/kdbus/%U-user/bus xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
ExecStart=@rootlibexecdir@/sessiond-bus-proxyd --address=kernel:path=/dev/kdbus/%U-user/bus --configuration=/etc/dbus-1/session.conf --configuration=/etc/dbus-1/session-local.conf --configuration=/etc/dbus-1/session.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
||||
NotifyAccess=main
|
||||
|
Loading…
Reference in New Issue
Block a user