1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-07 01:27:11 +03:00
Commit Graph

7 Commits

Author SHA1 Message Date
Lennart Poettering
ebcf1f97de bus: rework message handlers to always take an error argument
Message handler callbacks can be simplified drastically if the
dispatcher automatically replies to method calls if errors are returned.

Thus: add an sd_bus_error argument to all message handlers. When we
dispatch a message handler and it returns negative or a set sd_bus_error
we send this as message error back to the client. This means errors
returned by handlers by default are given back to clients instead of
rippling all the way up to the event loop, which is desirable to make
things robust.

As a side-effect we can now easily turn the SELinux checks into normal
function calls, since the method call dispatcher will generate the right
error replies automatically now.

Also, make sure we always pass the error structure to all property and
method handlers as last argument to follow the usual style of passing
variables for return values as last argument.
2013-11-21 21:12:36 +01:00
Lennart Poettering
df2d202e6e bus: let's simplify things by getting rid of unnecessary bus parameters 2013-11-21 02:07:35 +01:00
Lennart Poettering
718db96199 core: convert PID 1 to libsystemd-bus
This patch converts PID 1 to libsystemd-bus and thus drops the
dependency on libdbus. The only remaining code using libdbus is a test
case that validates our bus marshalling against libdbus' marshalling,
and this dependency can be turned off.

This patch also adds a couple of things to libsystem-bus, that are
necessary to make the port work:

- Synthesizing of "Disconnected" messages when bus connections are
  severed.

- Support for attaching multiple vtables for the same interface on the
  same path.

This patch also fixes the SetDefaultTarget() and GetDefaultTarget() bus
calls which used an inappropriate signature.

As a side effect we will now generate PropertiesChanged messages which
carry property contents, rather than just invalidation information.
2013-11-20 20:52:36 +01:00
Kay Sievers
03e2264261 selinux-access: move GPL to LGPL licence
On Wed, Aug 14, 2013 at 10:31 PM, Daniel J Walsh <dwalsh@redhat.com> wrote:
> On 08/14/2013 04:17 PM, Kay Sievers wrote:
> >
> > this patch added GPL code to systemd, which otherwise is all LGPL. We need
> > to make sure we can always split out any code to a separate shared library
> > ...
> >
> > Mind if I switch your src/core/selinux-access.[ch] files to LGPL?

> I have no problem with it. Should be LGPL anyways.
2013-08-14 22:34:41 +02:00
Lennart Poettering
ffc227c956 selinux: remove anything PID1-specific from selinux-access.[ch] so that we can reuse it in logind 2012-10-02 17:56:54 -04:00
Lennart Poettering
cad45ba11e selinux: rework selinux access check logic
a) Instead of parsing the bus messages inside of selinux-access.c
simply pass everything pre-parsed in the functions

b) implement the access checking with a macro that resolves to nothing
on non-selinux builds

c) split out the selinux checks into their own sources
selinux-util.[ch]

d) this unifies the job creation code behind the D-Bus calls
Manager.StartUnit() and Unit.Start().
2012-10-02 17:07:00 -04:00
Daniel J Walsh
e2417e4143 selinux: add bus service access control
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This patch adds the ability to look at the calling process that is trying to
do dbus calls into systemd, then it checks with the SELinux policy to see if
the calling process is allowed to do the activity.

The basic idea is we want to allow NetworkManager_t to be able to start and
stop ntpd.service, but not necessarly mysqld.service.

Similarly we want to allow a root admin webadm_t that can only manage the
apache environment.  systemctl enable httpd.service, systemctl disable
iptables.service bad.

To make this code cleaner, we really need to refactor the dbus-manager.c code.
 This has just become a huge if-then-else blob, which makes doing the correct
check difficult.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBJBi8ACgkQrlYvE4MpobOzTwCdEUikbvRWUCwOb83KlVF0Nuy5
lRAAnjZZNuc19Z+aNxm3k3nwD4p/JYco
=yops
-----END PGP SIGNATURE-----
2012-09-18 01:21:17 +02:00