diff options
-rw-r--r-- | meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch | 670 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd_230.bb | 3 |
2 files changed, 671 insertions, 2 deletions
diff --git a/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch b/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch new file mode 100644 index 0000000000..d08a10fad6 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch | |||
@@ -0,0 +1,670 @@ | |||
1 | From 222953e87f34545a3f9c6d3c18216e222bf6ea94 Mon Sep 17 00:00:00 2001 | ||
2 | From: Dave Reisner <dreisner@archlinux.org> | ||
3 | Date: Fri, 10 Jun 2016 09:50:16 -0400 | ||
4 | Subject: [PATCH] Ensure kdbus isn't used (#3501) | ||
5 | |||
6 | Delete the dbus1 generator and some critical wiring. This prevents | ||
7 | kdbus from being loaded or detected. As such, it will never be used, | ||
8 | even if the user still has a useful kdbus module loaded on their system. | ||
9 | |||
10 | Sort of fixes #3480. Not really, but it's better than the current state. | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
14 | |||
15 | --- | ||
16 | Makefile.am | 20 -- | ||
17 | autogen.sh | 12 +- | ||
18 | configure.ac | 10 - | ||
19 | src/core/busname.c | 7 +- | ||
20 | src/core/kmod-setup.c | 3 - | ||
21 | src/core/manager.c | 23 --- | ||
22 | src/core/mount-setup.c | 2 - | ||
23 | src/core/service.c | 17 +- | ||
24 | src/dbus1-generator/dbus1-generator.c | 331 ---------------------------------- | ||
25 | src/login/pam_systemd.c | 31 ++-- | ||
26 | src/shared/bus-util.c | 34 ---- | ||
27 | src/shared/bus-util.h | 3 - | ||
28 | 12 files changed, 23 insertions(+), 470 deletions(-) | ||
29 | delete mode 100644 src/dbus1-generator/dbus1-generator.c | ||
30 | |||
31 | Index: git/autogen.sh | ||
32 | =================================================================== | ||
33 | --- git.orig/autogen.sh | ||
34 | +++ git/autogen.sh | ||
35 | @@ -55,19 +55,19 @@ fi | ||
36 | cd $oldpwd | ||
37 | |||
38 | if [ "x$1" = "xc" ]; then | ||
39 | - $topdir/configure CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args | ||
40 | + $topdir/configure CFLAGS='-g -O0 -ftrapv' $args | ||
41 | make clean | ||
42 | elif [ "x$1" = "xg" ]; then | ||
43 | - $topdir/configure CFLAGS='-g -Og -ftrapv' --enable-kdbus $args | ||
44 | + $topdir/configure CFLAGS='-g -Og -ftrapv' $args | ||
45 | make clean | ||
46 | elif [ "x$1" = "xa" ]; then | ||
47 | - $topdir/configure CFLAGS='-g -O0 -Wsuggest-attribute=pure -Wsuggest-attribute=const -ftrapv' --enable-kdbus $args | ||
48 | + $topdir/configure CFLAGS='-g -O0 -Wsuggest-attribute=pure -Wsuggest-attribute=const -ftrapv' $args | ||
49 | make clean | ||
50 | elif [ "x$1" = "xl" ]; then | ||
51 | - $topdir/configure CC=clang CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args | ||
52 | + $topdir/configure CC=clang CFLAGS='-g -O0 -ftrapv' $args | ||
53 | make clean | ||
54 | elif [ "x$1" = "xs" ]; then | ||
55 | - scan-build $topdir/configure CFLAGS='-std=gnu99 -g -O0 -ftrapv' --enable-kdbus $args | ||
56 | + scan-build $topdir/configure CFLAGS='-std=gnu99 -g -O0 -ftrapv' $args | ||
57 | scan-build make | ||
58 | else | ||
59 | echo | ||
60 | @@ -75,6 +75,6 @@ else | ||
61 | echo "Initialized build system. For a common configuration please run:" | ||
62 | echo "----------------------------------------------------------------" | ||
63 | echo | ||
64 | - echo "$topdir/configure CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args" | ||
65 | + echo "$topdir/configure CFLAGS='-g -O0 -ftrapv' $args" | ||
66 | echo | ||
67 | fi | ||
68 | Index: git/configure.ac | ||
69 | =================================================================== | ||
70 | --- git.orig/configure.ac | ||
71 | +++ git/configure.ac | ||
72 | @@ -1294,16 +1294,6 @@ AC_ARG_WITH(tpm-pcrindex, | ||
73 | AC_DEFINE_UNQUOTED(SD_TPM_PCR, [$SD_TPM_PCR], [TPM PCR register number to use]) | ||
74 | |||
75 | # ------------------------------------------------------------------------------ | ||
76 | -have_kdbus=no | ||
77 | -AC_ARG_ENABLE(kdbus, AS_HELP_STRING([--disable-kdbus], [do not connect to kdbus by default])) | ||
78 | -if test "x$enable_kdbus" != "xno"; then | ||
79 | - AC_DEFINE(ENABLE_KDBUS, 1, [Define if kdbus is to be connected to by default]) | ||
80 | - have_kdbus=yes | ||
81 | - M4_DEFINES="$M4_DEFINES -DENABLE_KDBUS" | ||
82 | -fi | ||
83 | -AM_CONDITIONAL(ENABLE_KDBUS, [test "$have_kdbus" = "yes"]) | ||
84 | - | ||
85 | -# ------------------------------------------------------------------------------ | ||
86 | AC_ARG_WITH(rc-local-script-path-start, | ||
87 | AS_HELP_STRING([--with-rc-local-script-path-start=PATH], | ||
88 | [Path to /etc/rc.local]), | ||
89 | Index: git/src/core/busname.c | ||
90 | =================================================================== | ||
91 | --- git.orig/src/core/busname.c | ||
92 | +++ git/src/core/busname.c | ||
93 | @@ -998,12 +998,7 @@ static int busname_get_timeout(Unit *u, | ||
94 | } | ||
95 | |||
96 | static bool busname_supported(void) { | ||
97 | - static int supported = -1; | ||
98 | - | ||
99 | - if (supported < 0) | ||
100 | - supported = is_kdbus_available(); | ||
101 | - | ||
102 | - return supported; | ||
103 | + return false; | ||
104 | } | ||
105 | |||
106 | static int busname_control_pid(Unit *u) { | ||
107 | Index: git/src/core/kmod-setup.c | ||
108 | =================================================================== | ||
109 | --- git.orig/src/core/kmod-setup.c | ||
110 | +++ git/src/core/kmod-setup.c | ||
111 | @@ -64,9 +64,6 @@ int kmod_setup(void) { | ||
112 | /* this should never be a module */ | ||
113 | { "unix", "/proc/net/unix", true, true, NULL }, | ||
114 | |||
115 | - /* IPC is needed before we bring up any other services */ | ||
116 | - { "kdbus", "/sys/fs/kdbus", false, false, is_kdbus_wanted }, | ||
117 | - | ||
118 | #ifdef HAVE_LIBIPTC | ||
119 | /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */ | ||
120 | { "ip_tables", "/proc/net/ip_tables_names", false, false, NULL }, | ||
121 | Index: git/src/core/manager.c | ||
122 | =================================================================== | ||
123 | --- git.orig/src/core/manager.c | ||
124 | +++ git/src/core/manager.c | ||
125 | @@ -809,28 +809,6 @@ static int manager_setup_cgroups_agent(M | ||
126 | return 0; | ||
127 | } | ||
128 | |||
129 | -static int manager_setup_kdbus(Manager *m) { | ||
130 | - _cleanup_free_ char *p = NULL; | ||
131 | - | ||
132 | - assert(m); | ||
133 | - | ||
134 | - if (m->test_run || m->kdbus_fd >= 0) | ||
135 | - return 0; | ||
136 | - if (!is_kdbus_available()) | ||
137 | - return -ESOCKTNOSUPPORT; | ||
138 | - | ||
139 | - m->kdbus_fd = bus_kernel_create_bus( | ||
140 | - MANAGER_IS_SYSTEM(m) ? "system" : "user", | ||
141 | - MANAGER_IS_SYSTEM(m), &p); | ||
142 | - | ||
143 | - if (m->kdbus_fd < 0) | ||
144 | - return log_debug_errno(m->kdbus_fd, "Failed to set up kdbus: %m"); | ||
145 | - | ||
146 | - log_debug("Successfully set up kdbus on %s", p); | ||
147 | - | ||
148 | - return 0; | ||
149 | -} | ||
150 | - | ||
151 | static int manager_connect_bus(Manager *m, bool reexecuting) { | ||
152 | bool try_bus_connect; | ||
153 | |||
154 | @@ -1225,7 +1203,6 @@ int manager_startup(Manager *m, FILE *se | ||
155 | |||
156 | /* We might have deserialized the kdbus control fd, but if we | ||
157 | * didn't, then let's create the bus now. */ | ||
158 | - manager_setup_kdbus(m); | ||
159 | manager_connect_bus(m, !!serialization); | ||
160 | bus_track_coldplug(m, &m->subscribed, &m->deserialized_subscribed); | ||
161 | |||
162 | Index: git/src/core/mount-setup.c | ||
163 | =================================================================== | ||
164 | --- git.orig/src/core/mount-setup.c | ||
165 | +++ git/src/core/mount-setup.c | ||
166 | @@ -108,8 +108,6 @@ static const MountPoint mount_table[] = | ||
167 | { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, | ||
168 | is_efi_boot, MNT_NONE }, | ||
169 | #endif | ||
170 | - { "kdbusfs", "/sys/fs/kdbus", "kdbusfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, | ||
171 | - is_kdbus_wanted, MNT_IN_CONTAINER }, | ||
172 | }; | ||
173 | |||
174 | /* These are API file systems that might be mounted by other software, | ||
175 | Index: git/src/core/service.c | ||
176 | =================================================================== | ||
177 | --- git.orig/src/core/service.c | ||
178 | +++ git/src/core/service.c | ||
179 | @@ -574,20 +574,9 @@ static int service_setup_bus_name(Servic | ||
180 | if (!s->bus_name) | ||
181 | return 0; | ||
182 | |||
183 | - if (is_kdbus_available()) { | ||
184 | - const char *n; | ||
185 | - | ||
186 | - n = strjoina(s->bus_name, ".busname"); | ||
187 | - r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, n, NULL, true); | ||
188 | - if (r < 0) | ||
189 | - return log_unit_error_errno(UNIT(s), r, "Failed to add dependency to .busname unit: %m"); | ||
190 | - | ||
191 | - } else { | ||
192 | - /* If kdbus is not available, we know the dbus socket is required, hence pull it in, and require it */ | ||
193 | - r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, NULL, true); | ||
194 | - if (r < 0) | ||
195 | - return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); | ||
196 | - } | ||
197 | + r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, NULL, true); | ||
198 | + if (r < 0) | ||
199 | + return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); | ||
200 | |||
201 | /* Regardless if kdbus is used or not, we always want to be ordered against dbus.socket if both are in the transaction. */ | ||
202 | r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, NULL, true); | ||
203 | Index: git/src/dbus1-generator/dbus1-generator.c | ||
204 | =================================================================== | ||
205 | --- git.orig/src/dbus1-generator/dbus1-generator.c | ||
206 | +++ /dev/null | ||
207 | @@ -1,331 +0,0 @@ | ||
208 | -/*** | ||
209 | - This file is part of systemd. | ||
210 | - | ||
211 | - Copyright 2013 Lennart Poettering | ||
212 | - | ||
213 | - systemd is free software; you can redistribute it and/or modify it | ||
214 | - under the terms of the GNU Lesser General Public License as published by | ||
215 | - the Free Software Foundation; either version 2.1 of the License, or | ||
216 | - (at your option) any later version. | ||
217 | - | ||
218 | - systemd is distributed in the hope that it will be useful, but | ||
219 | - WITHOUT ANY WARRANTY; without even the implied warranty of | ||
220 | - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
221 | - Lesser General Public License for more details. | ||
222 | - | ||
223 | - You should have received a copy of the GNU Lesser General Public License | ||
224 | - along with systemd; If not, see <http://www.gnu.org/licenses/>. | ||
225 | -***/ | ||
226 | - | ||
227 | -#include "alloc-util.h" | ||
228 | -#include "bus-internal.h" | ||
229 | -#include "bus-util.h" | ||
230 | -#include "cgroup-util.h" | ||
231 | -#include "conf-parser.h" | ||
232 | -#include "dirent-util.h" | ||
233 | -#include "fd-util.h" | ||
234 | -#include "fileio.h" | ||
235 | -#include "mkdir.h" | ||
236 | -#include "special.h" | ||
237 | -#include "unit-name.h" | ||
238 | -#include "util.h" | ||
239 | - | ||
240 | -static const char *arg_dest_late = "/tmp", *arg_dest = "/tmp"; | ||
241 | - | ||
242 | -static int create_dbus_files( | ||
243 | - const char *path, | ||
244 | - const char *name, | ||
245 | - const char *service, | ||
246 | - const char *exec, | ||
247 | - const char *user, | ||
248 | - const char *type) { | ||
249 | - | ||
250 | - _cleanup_free_ char *b = NULL, *s = NULL, *lnk = NULL; | ||
251 | - _cleanup_fclose_ FILE *f = NULL; | ||
252 | - int r; | ||
253 | - | ||
254 | - assert(path); | ||
255 | - assert(name); | ||
256 | - assert(service || exec); | ||
257 | - | ||
258 | - if (!service) { | ||
259 | - _cleanup_free_ char *a = NULL; | ||
260 | - | ||
261 | - s = strjoin("dbus-", name, ".service", NULL); | ||
262 | - if (!s) | ||
263 | - return log_oom(); | ||
264 | - | ||
265 | - a = strjoin(arg_dest_late, "/", s, NULL); | ||
266 | - if (!a) | ||
267 | - return log_oom(); | ||
268 | - | ||
269 | - f = fopen(a, "wxe"); | ||
270 | - if (!f) | ||
271 | - return log_error_errno(errno, "Failed to create %s: %m", a); | ||
272 | - | ||
273 | - fprintf(f, | ||
274 | - "# Automatically generated by systemd-dbus1-generator\n\n" | ||
275 | - "[Unit]\n" | ||
276 | - "SourcePath=%s\n" | ||
277 | - "Description=DBUS1: %s\n" | ||
278 | - "Documentation=man:systemd-dbus1-generator(8)\n\n" | ||
279 | - "[Service]\n" | ||
280 | - "ExecStart=%s\n" | ||
281 | - "Type=dbus\n" | ||
282 | - "BusName=%s\n", | ||
283 | - path, | ||
284 | - name, | ||
285 | - exec, | ||
286 | - name); | ||
287 | - | ||
288 | - if (user) | ||
289 | - fprintf(f, "User=%s\n", user); | ||
290 | - | ||
291 | - | ||
292 | - if (type) { | ||
293 | - fprintf(f, "Environment=DBUS_STARTER_BUS_TYPE=%s\n", type); | ||
294 | - | ||
295 | - if (streq(type, "system")) | ||
296 | - fprintf(f, "Environment=DBUS_STARTER_ADDRESS=" DEFAULT_SYSTEM_BUS_ADDRESS "\n"); | ||
297 | - else if (streq(type, "session")) { | ||
298 | - char *run; | ||
299 | - | ||
300 | - run = getenv("XDG_RUNTIME_DIR"); | ||
301 | - if (!run) { | ||
302 | - log_error("XDG_RUNTIME_DIR not set."); | ||
303 | - return -EINVAL; | ||
304 | - } | ||
305 | - | ||
306 | - fprintf(f, "Environment=DBUS_STARTER_ADDRESS="KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT "\n", | ||
307 | - getuid(), run); | ||
308 | - } | ||
309 | - } | ||
310 | - | ||
311 | - r = fflush_and_check(f); | ||
312 | - if (r < 0) | ||
313 | - return log_error_errno(r, "Failed to write %s: %m", a); | ||
314 | - | ||
315 | - f = safe_fclose(f); | ||
316 | - | ||
317 | - service = s; | ||
318 | - } | ||
319 | - | ||
320 | - b = strjoin(arg_dest_late, "/", name, ".busname", NULL); | ||
321 | - if (!b) | ||
322 | - return log_oom(); | ||
323 | - | ||
324 | - f = fopen(b, "wxe"); | ||
325 | - if (!f) | ||
326 | - return log_error_errno(errno, "Failed to create %s: %m", b); | ||
327 | - | ||
328 | - fprintf(f, | ||
329 | - "# Automatically generated by systemd-dbus1-generator\n\n" | ||
330 | - "[Unit]\n" | ||
331 | - "SourcePath=%s\n" | ||
332 | - "Description=DBUS1: %s\n" | ||
333 | - "Documentation=man:systemd-dbus1-generator(8)\n\n" | ||
334 | - "[BusName]\n" | ||
335 | - "Name=%s\n" | ||
336 | - "Service=%s\n" | ||
337 | - "AllowWorld=talk\n", | ||
338 | - path, | ||
339 | - name, | ||
340 | - name, | ||
341 | - service); | ||
342 | - | ||
343 | - r = fflush_and_check(f); | ||
344 | - if (r < 0) | ||
345 | - return log_error_errno(r, "Failed to write %s: %m", b); | ||
346 | - | ||
347 | - lnk = strjoin(arg_dest_late, "/" SPECIAL_BUSNAMES_TARGET ".wants/", name, ".busname", NULL); | ||
348 | - if (!lnk) | ||
349 | - return log_oom(); | ||
350 | - | ||
351 | - mkdir_parents_label(lnk, 0755); | ||
352 | - if (symlink(b, lnk)) | ||
353 | - return log_error_errno(errno, "Failed to create symlink %s: %m", lnk); | ||
354 | - | ||
355 | - return 0; | ||
356 | -} | ||
357 | - | ||
358 | -static int add_dbus(const char *path, const char *fname, const char *type) { | ||
359 | - _cleanup_free_ char *name = NULL, *exec = NULL, *user = NULL, *service = NULL; | ||
360 | - | ||
361 | - const ConfigTableItem table[] = { | ||
362 | - { "D-BUS Service", "Name", config_parse_string, 0, &name }, | ||
363 | - { "D-BUS Service", "Exec", config_parse_string, 0, &exec }, | ||
364 | - { "D-BUS Service", "User", config_parse_string, 0, &user }, | ||
365 | - { "D-BUS Service", "SystemdService", config_parse_string, 0, &service }, | ||
366 | - { }, | ||
367 | - }; | ||
368 | - | ||
369 | - char *p; | ||
370 | - int r; | ||
371 | - | ||
372 | - assert(path); | ||
373 | - assert(fname); | ||
374 | - | ||
375 | - p = strjoina(path, "/", fname); | ||
376 | - r = config_parse(NULL, p, NULL, | ||
377 | - "D-BUS Service\0", | ||
378 | - config_item_table_lookup, table, | ||
379 | - true, false, true, NULL); | ||
380 | - if (r < 0) | ||
381 | - return r; | ||
382 | - | ||
383 | - if (!name) { | ||
384 | - log_warning("Activation file %s lacks name setting, ignoring.", p); | ||
385 | - return 0; | ||
386 | - } | ||
387 | - | ||
388 | - if (!service_name_is_valid(name)) { | ||
389 | - log_warning("Bus service name %s is not valid, ignoring.", name); | ||
390 | - return 0; | ||
391 | - } | ||
392 | - | ||
393 | - if (streq(name, "org.freedesktop.systemd1")) { | ||
394 | - log_debug("Skipping %s, identified as systemd.", p); | ||
395 | - return 0; | ||
396 | - } | ||
397 | - | ||
398 | - if (service) { | ||
399 | - if (!unit_name_is_valid(service, UNIT_NAME_PLAIN|UNIT_NAME_INSTANCE)) { | ||
400 | - log_warning("Unit name %s is not valid, ignoring.", service); | ||
401 | - return 0; | ||
402 | - } | ||
403 | - if (!endswith(service, ".service")) { | ||
404 | - log_warning("Bus names can only activate services, ignoring %s.", p); | ||
405 | - return 0; | ||
406 | - } | ||
407 | - } else { | ||
408 | - if (streq(exec, "/bin/false") || !exec) { | ||
409 | - log_warning("Neither service name nor binary path specified, ignoring %s.", p); | ||
410 | - return 0; | ||
411 | - } | ||
412 | - | ||
413 | - if (exec[0] != '/') { | ||
414 | - log_warning("Exec= in %s does not start with an absolute path, ignoring.", p); | ||
415 | - return 0; | ||
416 | - } | ||
417 | - } | ||
418 | - | ||
419 | - return create_dbus_files(p, name, service, exec, user, type); | ||
420 | -} | ||
421 | - | ||
422 | -static int parse_dbus_fragments(const char *path, const char *type) { | ||
423 | - _cleanup_closedir_ DIR *d = NULL; | ||
424 | - struct dirent *de; | ||
425 | - int r; | ||
426 | - | ||
427 | - assert(path); | ||
428 | - assert(type); | ||
429 | - | ||
430 | - d = opendir(path); | ||
431 | - if (!d) { | ||
432 | - if (errno == -ENOENT) | ||
433 | - return 0; | ||
434 | - | ||
435 | - return log_error_errno(errno, "Failed to enumerate D-Bus activated services: %m"); | ||
436 | - } | ||
437 | - | ||
438 | - r = 0; | ||
439 | - FOREACH_DIRENT(de, d, goto fail) { | ||
440 | - int q; | ||
441 | - | ||
442 | - if (!endswith(de->d_name, ".service")) | ||
443 | - continue; | ||
444 | - | ||
445 | - q = add_dbus(path, de->d_name, type); | ||
446 | - if (q < 0) | ||
447 | - r = q; | ||
448 | - } | ||
449 | - | ||
450 | - return r; | ||
451 | - | ||
452 | -fail: | ||
453 | - return log_error_errno(errno, "Failed to read D-Bus services directory: %m"); | ||
454 | -} | ||
455 | - | ||
456 | -static int link_busnames_target(const char *units) { | ||
457 | - const char *f, *t; | ||
458 | - | ||
459 | - f = strjoina(units, "/" SPECIAL_BUSNAMES_TARGET); | ||
460 | - t = strjoina(arg_dest, "/" SPECIAL_BASIC_TARGET ".wants/" SPECIAL_BUSNAMES_TARGET); | ||
461 | - | ||
462 | - mkdir_parents_label(t, 0755); | ||
463 | - if (symlink(f, t) < 0) | ||
464 | - return log_error_errno(errno, "Failed to create symlink %s: %m", t); | ||
465 | - | ||
466 | - return 0; | ||
467 | -} | ||
468 | - | ||
469 | -static int link_compatibility(const char *units) { | ||
470 | - const char *f, *t; | ||
471 | - | ||
472 | - f = strjoina(units, "/systemd-bus-proxyd.socket"); | ||
473 | - t = strjoina(arg_dest, "/" SPECIAL_DBUS_SOCKET); | ||
474 | - mkdir_parents_label(t, 0755); | ||
475 | - if (symlink(f, t) < 0) | ||
476 | - return log_error_errno(errno, "Failed to create symlink %s: %m", t); | ||
477 | - | ||
478 | - f = strjoina(units, "/systemd-bus-proxyd.socket"); | ||
479 | - t = strjoina(arg_dest, "/" SPECIAL_SOCKETS_TARGET ".wants/systemd-bus-proxyd.socket"); | ||
480 | - mkdir_parents_label(t, 0755); | ||
481 | - if (symlink(f, t) < 0) | ||
482 | - return log_error_errno(errno, "Failed to create symlink %s: %m", t); | ||
483 | - | ||
484 | - t = strjoina(arg_dest, "/" SPECIAL_DBUS_SERVICE); | ||
485 | - if (symlink("/dev/null", t) < 0) | ||
486 | - return log_error_errno(errno, "Failed to mask %s: %m", t); | ||
487 | - | ||
488 | - return 0; | ||
489 | -} | ||
490 | - | ||
491 | -int main(int argc, char *argv[]) { | ||
492 | - const char *path, *type, *units; | ||
493 | - int r, q; | ||
494 | - | ||
495 | - if (argc > 1 && argc != 4) { | ||
496 | - log_error("This program takes three or no arguments."); | ||
497 | - return EXIT_FAILURE; | ||
498 | - } | ||
499 | - | ||
500 | - if (argc > 1) { | ||
501 | - arg_dest = argv[1]; | ||
502 | - arg_dest_late = argv[3]; | ||
503 | - } | ||
504 | - | ||
505 | - log_set_target(LOG_TARGET_SAFE); | ||
506 | - log_parse_environment(); | ||
507 | - log_open(); | ||
508 | - | ||
509 | - umask(0022); | ||
510 | - | ||
511 | - if (!is_kdbus_available()) | ||
512 | - return 0; | ||
513 | - | ||
514 | - r = cg_pid_get_owner_uid(0, NULL); | ||
515 | - if (r >= 0) { | ||
516 | - path = "/usr/share/dbus-1/services"; | ||
517 | - type = "session"; | ||
518 | - units = USER_DATA_UNIT_PATH; | ||
519 | - } else if (r == -ENXIO) { | ||
520 | - path = "/usr/share/dbus-1/system-services"; | ||
521 | - type = "system"; | ||
522 | - units = SYSTEM_DATA_UNIT_PATH; | ||
523 | - } else | ||
524 | - return log_error_errno(r, "Failed to determine whether we are running as user or system instance: %m"); | ||
525 | - | ||
526 | - r = parse_dbus_fragments(path, type); | ||
527 | - | ||
528 | - /* FIXME: One day this should just be pulled in statically from basic.target */ | ||
529 | - q = link_busnames_target(units); | ||
530 | - if (q < 0) | ||
531 | - r = q; | ||
532 | - | ||
533 | - q = link_compatibility(units); | ||
534 | - if (q < 0) | ||
535 | - r = q; | ||
536 | - | ||
537 | - return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; | ||
538 | -} | ||
539 | Index: git/src/login/pam_systemd.c | ||
540 | =================================================================== | ||
541 | --- git.orig/src/login/pam_systemd.c | ||
542 | +++ git/src/login/pam_systemd.c | ||
543 | @@ -182,25 +182,20 @@ static int export_legacy_dbus_address( | ||
544 | _cleanup_free_ char *s = NULL; | ||
545 | int r = PAM_BUF_ERR; | ||
546 | |||
547 | - if (is_kdbus_available()) { | ||
548 | - if (asprintf(&s, KERNEL_USER_BUS_ADDRESS_FMT ";" UNIX_USER_BUS_ADDRESS_FMT, uid, runtime) < 0) | ||
549 | - goto error; | ||
550 | - } else { | ||
551 | - /* FIXME: We *really* should move the access() check into the | ||
552 | - * daemons that spawn dbus-daemon, instead of forcing | ||
553 | - * DBUS_SESSION_BUS_ADDRESS= here. */ | ||
554 | + /* FIXME: We *really* should move the access() check into the | ||
555 | + * daemons that spawn dbus-daemon, instead of forcing | ||
556 | + * DBUS_SESSION_BUS_ADDRESS= here. */ | ||
557 | |||
558 | - s = strjoin(runtime, "/bus", NULL); | ||
559 | - if (!s) | ||
560 | - goto error; | ||
561 | + s = strjoin(runtime, "/bus", NULL); | ||
562 | + if (!s) | ||
563 | + goto error; | ||
564 | |||
565 | - if (access(s, F_OK) < 0) | ||
566 | - return PAM_SUCCESS; | ||
567 | + if (access(s, F_OK) < 0) | ||
568 | + return PAM_SUCCESS; | ||
569 | |||
570 | - s = mfree(s); | ||
571 | - if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0) | ||
572 | - goto error; | ||
573 | - } | ||
574 | + s = mfree(s); | ||
575 | + if (asprintf(&s, UNIX_USER_BUS_ADDRESS_FMT, runtime) < 0) | ||
576 | + goto error; | ||
577 | |||
578 | r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0); | ||
579 | if (r != PAM_SUCCESS) | ||
580 | Index: git/src/shared/bus-util.c | ||
581 | =================================================================== | ||
582 | --- git.orig/src/shared/bus-util.c | ||
583 | +++ git/src/shared/bus-util.c | ||
584 | @@ -1492,40 +1492,6 @@ int bus_path_decode_unique(const char *p | ||
585 | return 1; | ||
586 | } | ||
587 | |||
588 | -bool is_kdbus_wanted(void) { | ||
589 | - _cleanup_free_ char *value = NULL; | ||
590 | -#ifdef ENABLE_KDBUS | ||
591 | - const bool configured = true; | ||
592 | -#else | ||
593 | - const bool configured = false; | ||
594 | -#endif | ||
595 | - | ||
596 | - int r; | ||
597 | - | ||
598 | - if (get_proc_cmdline_key("kdbus", NULL) > 0) | ||
599 | - return true; | ||
600 | - | ||
601 | - r = get_proc_cmdline_key("kdbus=", &value); | ||
602 | - if (r <= 0) | ||
603 | - return configured; | ||
604 | - | ||
605 | - return parse_boolean(value) == 1; | ||
606 | -} | ||
607 | - | ||
608 | -bool is_kdbus_available(void) { | ||
609 | - _cleanup_close_ int fd = -1; | ||
610 | - struct kdbus_cmd cmd = { .size = sizeof(cmd), .flags = KDBUS_FLAG_NEGOTIATE }; | ||
611 | - | ||
612 | - if (!is_kdbus_wanted()) | ||
613 | - return false; | ||
614 | - | ||
615 | - fd = open("/sys/fs/kdbus/control", O_RDWR | O_CLOEXEC | O_NONBLOCK | O_NOCTTY); | ||
616 | - if (fd < 0) | ||
617 | - return false; | ||
618 | - | ||
619 | - return ioctl(fd, KDBUS_CMD_BUS_MAKE, &cmd) >= 0; | ||
620 | -} | ||
621 | - | ||
622 | int bus_property_get_rlimit( | ||
623 | sd_bus *bus, | ||
624 | const char *path, | ||
625 | Index: git/src/shared/bus-util.h | ||
626 | =================================================================== | ||
627 | --- git.orig/src/shared/bus-util.h | ||
628 | +++ git/src/shared/bus-util.h | ||
629 | @@ -157,7 +157,4 @@ int bus_log_create_error(int r); | ||
630 | int bus_path_encode_unique(sd_bus *b, const char *prefix, const char *sender_id, const char *external_id, char **ret_path); | ||
631 | int bus_path_decode_unique(const char *path, const char *prefix, char **ret_sender, char **ret_external); | ||
632 | |||
633 | -bool is_kdbus_wanted(void); | ||
634 | -bool is_kdbus_available(void); | ||
635 | - | ||
636 | int bus_property_get_rlimit(sd_bus *bus, const char *path, const char *interface, const char *property, sd_bus_message *reply, void *userdata, sd_bus_error *error); | ||
637 | Index: git/Makefile.am | ||
638 | =================================================================== | ||
639 | --- git.orig/Makefile.am | ||
640 | +++ git/Makefile.am | ||
641 | @@ -2895,29 +2895,9 @@ systemd_gpt_auto_generator_CFLAGS = \ | ||
642 | endif | ||
643 | |||
644 | # ------------------------------------------------------------------------------ | ||
645 | -systemgenerator_PROGRAMS += \ | ||
646 | - systemd-dbus1-generator | ||
647 | - | ||
648 | -systemd_dbus1_generator_SOURCES = \ | ||
649 | - src/dbus1-generator/dbus1-generator.c | ||
650 | - | ||
651 | -systemd_dbus1_generator_LDADD = \ | ||
652 | - libshared.la | ||
653 | - | ||
654 | -dbus1-generator-install-hook: | ||
655 | - $(AM_V_at)$(MKDIR_P) $(DESTDIR)$(usergeneratordir) | ||
656 | - $(AM_V_RM)rm -f $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator | ||
657 | - $(AM_V_LN)lnr $(DESTDIR)$(systemgeneratordir)/systemd-dbus1-generator $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator | ||
658 | - | ||
659 | -dbus1-generator-uninstall-hook: | ||
660 | - rm -f $(DESTDIR)$(usergeneratordir)/systemd-dbus1-generator | ||
661 | - | ||
662 | dist_xinitrc_SCRIPTS = \ | ||
663 | xorg/50-systemd-user.sh | ||
664 | |||
665 | -INSTALL_EXEC_HOOKS += dbus1-generator-install-hook | ||
666 | -UNINSTALL_EXEC_HOOKS += dbus1-generator-uninstall-hook | ||
667 | - | ||
668 | # ------------------------------------------------------------------------------ | ||
669 | systemd_sysv_generator_SOURCES = \ | ||
670 | src/sysv-generator/sysv-generator.c | ||
diff --git a/meta/recipes-core/systemd/systemd_230.bb b/meta/recipes-core/systemd/systemd_230.bb index 40f1428340..f4ff860f00 100644 --- a/meta/recipes-core/systemd/systemd_230.bb +++ b/meta/recipes-core/systemd/systemd_230.bb | |||
@@ -37,6 +37,7 @@ SRC_URI += " \ | |||
37 | file://udev-re-enable-mount-propagation-for-udevd.patch \ | 37 | file://udev-re-enable-mount-propagation-for-udevd.patch \ |
38 | file://CVE-2016-7795.patch \ | 38 | file://CVE-2016-7795.patch \ |
39 | file://validate-user.patch \ | 39 | file://validate-user.patch \ |
40 | file://Ensure-kdbus-isn-t-used-3501.patch \ | ||
40 | " | 41 | " |
41 | SRC_URI_append_libc-uclibc = "\ | 42 | SRC_URI_append_libc-uclibc = "\ |
42 | file://0002-units-Prefer-getty-to-agetty-in-console-setup-system.patch \ | 43 | file://0002-units-Prefer-getty-to-agetty-in-console-setup-system.patch \ |
@@ -61,7 +62,6 @@ PACKAGECONFIG ??= "xz \ | |||
61 | timedated \ | 62 | timedated \ |
62 | timesyncd \ | 63 | timesyncd \ |
63 | localed \ | 64 | localed \ |
64 | kdbus \ | ||
65 | ima \ | 65 | ima \ |
66 | smack \ | 66 | smack \ |
67 | logind \ | 67 | logind \ |
@@ -96,7 +96,6 @@ PACKAGECONFIG[timedated] = "--enable-timedated,--disable-timedated" | |||
96 | PACKAGECONFIG[timesyncd] = "--enable-timesyncd,--disable-timesyncd" | 96 | PACKAGECONFIG[timesyncd] = "--enable-timesyncd,--disable-timesyncd" |
97 | PACKAGECONFIG[localed] = "--enable-localed,--disable-localed" | 97 | PACKAGECONFIG[localed] = "--enable-localed,--disable-localed" |
98 | PACKAGECONFIG[efi] = "--enable-efi,--disable-efi" | 98 | PACKAGECONFIG[efi] = "--enable-efi,--disable-efi" |
99 | PACKAGECONFIG[kdbus] = "--enable-kdbus,--disable-kdbus" | ||
100 | PACKAGECONFIG[ima] = "--enable-ima,--disable-ima" | 99 | PACKAGECONFIG[ima] = "--enable-ima,--disable-ima" |
101 | PACKAGECONFIG[smack] = "--enable-smack,--disable-smack" | 100 | PACKAGECONFIG[smack] = "--enable-smack,--disable-smack" |
102 | # libseccomp is found in meta-security | 101 | # libseccomp is found in meta-security |