IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Make sure we actually verify our match-rules are executed properly. Right
now all we test is the bloom-matches, which are non-reliable as they leave
through false-positives.
DBus spec clearly defines arg0path= to be a two-way matching. That is,
either the matcher or the matchee can be a prefix of the other to match.
This is not possible to implement with bloom-filters. Instead, we'd have
to add a separate filter for each prefix. This is non-trivial, though.
Hence, just skip the match for now and match locally.
Lets look at an example where we add arg0="/foo/bar/waldo" to a
bloom-filter. The following strings are added:
"arg0:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar"
"arg0-slash-prefix:/foo"
Two problems arise:
1) If we match on "arg0path=/foo/bar/waldo", the dbus-spec explicitly
states that equal strings are also considered prefixes. However, in the
bloom-match, we can only provide a single match-filter. Therefore, we have
to add "arg0-slash-prefix:/foo/bar/waldo" there, but this never occured in
the bloom-mask of the message.
Hence, this patch makes sure bloom_add_prefixes() adds the full path as
prefix, too.
2) If we match on "arg0path=/foo/", the dbus-spec states that arg0path
does prefix-matching with the trailing slash _included_, unlike
path_namespace= matches, which does *not* include them. This is
inconsistent, but we have to support the specs. Therefore, we must add
prefixes with _and_ without trailing separators.
Hence, this patch makes sure bloom_add_prefixes() adds all prefixes with
the trailing slash included.
The final set of strings added therefore is:
"arg0:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar/waldo"
"arg0-slash-prefix:/foo/bar/"
"arg0-slash-prefix:/foo/bar"
"arg0-slash-prefix:/foo/"
"arg0-slash-prefix:/foo"
"arg0-slash-prefix:/"
previously hostname_is_valid was used to validate domain names, which
would silently drop perfectly valid dns names that were longer than a
single dns label.
Otherwise, if the socket is constantly busy we will never return to the
event loop, but we really need to to dispatch other (possibly more
high-priority) events too. Hence, return after dispatching one message
to the event handler, and rely on the event loop calling us back
right-away.
Fixes#125
PROGRAM and IMPORT{program} uses the exit code of the spawn process to decide if a rule matches or not,
a failing process is hence normal operation and not something we should warn about.
We still warn about other types of failing processes.
This appears to be the right time to do it for SOCK_STREAM
unix sockets.
Also: condition bus_get_owner_creds_dbus1 was reversed. Split
it out to a separate variable for clarity and fix.
https://bugzilla.redhat.com/show_bug.cgi?id=1224211
SELinux information cannot be retrieved this way, since we are
using stream unix sockets and SCM_SECURITY does not work for
them.
SCM_CREDENTIALS use dropped to be consistent. We also should
get this information at connection time.
https://bugzilla.redhat.com/show_bug.cgi?id=1224211
"SCM_SECURITY was only added for datagram sockets."
Make the build sys error out on missing function prototypes, missing
variable declarations, implicit function declarations or forgotten return
statements.
None of these conditions are acceptable, and by making them hard errors, the
build bots can detect them earlier.
- Explicitly flush stdout before sleep between iterations
- Only clear user keystrokes when output is to TTY
- Add a newline between output batches when output is not to TTY
Also, when the child is potentially long-running make sure to set a
death signal.
Also, ignore the result of the reset operations explicitly by casting
them to (void).
