IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
On the system and user busses we create it's the receiver that chooses
which metadata is attched, not the sender, hence set the requirement
mask to ANY, to allow any current of future credential bit to be
attached.
Also:
- adds support for euid, suid, fsuid, egid, sgid, fsgid fields.
- makes augmentation of creds with data from /proc explicitly
controllable to give apps better control over this, given that this is
racy.
- enables augmentation for kdbus connections (previously we only did it
for dbus1). This is useful since with recent kdbus versions it is
possible for clients to control the metadata they want to send.
- changes sd_bus_query_sender_privilege() to take the euid of the client
into consideration, if known
- when we don't have permissions to read augmentation data from /proc,
don't fail, just don't add the data in
kdbus has seen a larger update than expected lately, most notably with
kdbusfs, a file system to expose the kdbus control files:
* Each time a file system of this type is mounted, a new kdbus
domain is created.
* The layout inside each mount point is the same as before, except
that domains are not hierarchically nested anymore.
* Domains are therefore also unnamed now.
* Unmounting a kdbusfs will automatically also detroy the
associated domain.
* Hence, the action of creating a kdbus domain is now as
privileged as mounting a filesystem.
* This way, we can get around creating dev nodes for everything,
which is last but not least something that is not limited by
20-bit minor numbers.
The kdbus specific bits in nspawn have all been dropped now, as nspawn
can rely on the container OS to set up its own kdbus domain, simply by
mounting a new instance.
A new set of mounts has been added to mount things *after* the kernel
modules have been loaded. For now, only kdbus is in this set, which is
invoked with mount_setup_late().
kdbus learned parsing the attach flags for the KDBUS_CMD_BUS_CREATOR_INFO
ioctl. Bits not set in this mask will not be exported. Set that field to
_KDBUS_ATTACH_ALL for now.
Signed-off-by: Daniel Mack <daniel@zonque.org>
kdbus learned to accept both a numerical destination ID as well as a
well-known-name. In that case, kdbus makes sure that the numerical ID is in
fact the owner of the provided name and fails otherwise.
This allows for race-free assertion of a bus name owner while sending a
message, which is a requirement for bus-proxyd.
Add two new fields to sd_bus_message, and set the numerical ID to
verify_destination_id if bus_message_setup_kmsg() is called for a
message with a well-known name.
Also, set the destination's name in the kdbus item to .destination_ptr
if it is non-NULL.
Normal users should not touch these fields, and they're not publicy
accessible.
The metadata logic in kdbus has seen a rework, and the only mandatory
change we have to follow for now is that attach_flags in kdbus_cmd_hello
is now split into two parts, attach_flags_send and attach_flags_recv.
In kdbus a "server id" is mostly a misnomer, as there isn't any "server"
involved anymore. Let's rename this to "owner" id hence, since it is an
ID that is picked by the owner of a bus or direct connection. This
matches nicely the sd_bus_get_owner_creds() call we already have.
