- Feb 07, 2018
-
-
David Herrmann authored
Prepare for v10: * Bump version number * Fill in NEWS with changelog * Adjust copyrights / authorship Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-
Tom Gundersen authored
We support either internal (the dbus XML policy) or SELinux, log which policy caused the failure, and log the respective security labels. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Signed-off-by: Tom Gundersen <teg@jklm.no>
-
- Feb 06, 2018
-
-
Tom Gundersen authored
The broker does not support eavesdropping and ignores the passed in 'eavesdrop' boolean. That causes the wrong behavior in case of <deny eavesdrop=true>, which should only deny eavesdropping, but now denies everything. Properly drop eavesdropping support from the launcher and filter out the rules correctly. Additionally, warn in case a rule attempts to allow eavesdropping (as the standard session bus policy does). This is not expected to cause any problems, but the logs should reflect the potential change of behavior. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Do not emit warnings on explicit policy entries that are noops, as they just confirm our hard-coded defaults. For instance, allowing expected replies or disallowing unexpected replies. Only emit warnings on rules that would have had an effect if enforced, i.e., where there is an actual problem to be addressed. This eliminates all (harmless) warnings caused by the reference policy: dbus-broker-launch[740]: Reply/Error policy in /usr/share/dbus-1/system.conf +56: Explicit policies on replies and errors are deprecated and ignored dbus-broker-launch[740]: Reply/Error policy in /usr/share/dbus-1/system.conf +57: Explicit policies on replies and errors are deprecated and ignored dbus-broker-launch[740]: Reply/Error policy in /usr/share/dbus-1/system.conf +61: Explicit policies on replies and errors are deprecated and ignored dbus-broker-launch[740]: Reply/Error policy in /usr/share/dbus-1/system.conf +62: Explicit policies on replies and errors are deprecated and ignored Signed-off-by: Tom Gundersen <teg@jklm.no>
-
- Jan 29, 2018
-
-
Tom Gundersen authored
Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Use the information to cap the iterations through the array. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Move the checks on the keys that are very likely to match last. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
If no monitors are installed (the expected case), skip driver_monitor() which is moderately expensive and otherwise would be performed on every message, even if it ends up being a noop. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Always log on error, and any other logging only in verbose mode. This also drops some logging that was only useful for debugging. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
- Jan 24, 2018
-
-
Tom Gundersen authored
There is no explicit 'goodbye' message, but the handling is similar to any event caused by an incomming message. Collect the metrics to catch any latency spikes. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
We may want to use the metrics infratsructure with different clocks. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Best pracitces for installing a match, is to always match on a sender, and also install a match on the NameOwnerChanged for the name in case the sender is a well-known name. That way the subscriber can verify that any received signal are from the given name (as signals only contain the unique name of the sender, the association with the well-known name must be done by each client). Internally, we are treating a match as a subscription to all signals from a given name, and iterate through all matches on a given name for each signal sent from that name, to find the ones that match. This limits the amount of false negatives to the extent possible, as we do not know anything about the internal structure of sending clients. However, when the sending client is the driver itself, we do have more information, and in particular, the NameOwnerChanged subscriptions are used extensively (assuming clients follow best-practices), to the extent that sending out a NameOwnerChanged signal was practically as expensive as if we had not used a subscription model at all (to a linear factor). Exploit our knowledge of the semantics of NameOwnerChanged signals, by associating a match on such a signal with the name that will emmit the signal. This all but eliminates false negatives when sending out NameOwnerChanged signals. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Every peer and every name now has an explicit MatchRegistry for storing NameOwnerChanges matches that may be triggered by the peer/name. Moving matches from the driver's sender-match registry to the correct name-owner-changed-match registry is an opt-in optimization, and is not yet used. This change is therefore a noop. The broadcast function in peer.c always broadcasts to subscribers to a set of well-known names (either given explicitly, or if NULL the driver names is assumed). Additionally, it broadcasts to a given MatchRegistry, this used to always be the sender-match registry associated with a unique name, but we now make it clear that there is no such assumption, and when relevant we pass in the name-owner-changed matches here instead. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
There are two kinds of matches: wildcard, and sender matches. Sender matches come in three versions: on a name, on a peer, or on the driver. Name them all @sender_matches for clarity. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Make replies/owned_replies analogous to matches/owned_matches. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
This does not test the match grammar, just that matches are installed correctly and that signals are delivered. We explicitly add some more specialised tests for the signals emmitted by the driver itself, as this is something we most likely want to special case one day in the broker. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
This monitors the lifetime of clients, monitors and names, verifying that the order of messages and the signals emmitted is correct. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Note that this exposes a bug in dbus-daemon, so some of the asserts have to be skipped when ran against the reference implementation. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
This only tests the error cases, we need to figure out a unified way of instantiating the broker and the daemon with activatiable names in order to test real activation too. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
If we terminate the broker (or daemon) before they have had a chance to block SIGTERM they will exit with code KILLED and status SIGTERM. This should not be considered a failure, so explicitly check for that in the SIGCHLD handler. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
- Jan 23, 2018
-
-
David Herrmann authored
We declare explicit meson dependencies to make it easier to link to our own sources. Otherwise, we have to declare source, object, and other parameters explicitly. Keep the dependency always in sync with its private library declaration, otherwise we end up with actual differences between both. Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-
- Jan 22, 2018
-
-
Tom Gundersen authored
Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
Keep all the credentials in one place, User, PID and Seclabel. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
Tom Gundersen authored
We got the ordering wrong, fix it. However, note that the signals triggered by Hello are sent out after the reply to the method call. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
- Dec 15, 2017
-
-
David Herrmann authored
We cannot reassign RB-Trees anymore. We must use c_rbtree_move(), otherwise the tree will keep stale entries. Fix the BecomeMonitor() code to use c_rbtree_move(). Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-
David Herrmann authored
Get updates from upstream c-rbtree. This includes some cleanups, as well as the new c_rbtree_move(). Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-
David Herrmann authored
Make sure we always wait for the broker to be torn down, before returning from a test. This guarantees we catch late errors. Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-
David Herrmann authored
Make the wait on the daemon-startup generic, so we do it on both dbus-daemon and dbus-broker. Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-
David Herrmann authored
Right now, this function only takes a reference if it created a new match rule, or if it returned one. This is quite inconsistent with its function name, and hard to follow. Furthermore, there is no reason to do so. There are two options: * Always take a reference, just as the name suggests. * Only take a reference when returning a pointer. The second option would make the function a no-op, whenever a new match is created. Hence, we opt for the first version. Any other behavior is odd and hard to understand by any reader. If that behavior is really needed, we should provide something else. Note that the only user of match_onwer_ref_rule() without an output argument is BecomeMonitor(). However, this function is completely fine with incrementing the ref-count for each entry it adds. There is no reliance on the previous behavior. Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-
David Herrmann authored
n_matches is write-only and serves no real use. Drop it. Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-
David Herrmann authored
We now provide some minimal configuration options. Update README to reflect that. Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-
- Dec 13, 2017
-
-
Tom Gundersen authored
dbus-broker is now in the critical path during boot, it orders before basic.target, and as such should not block unneccessarily. The reason for delaying at all is to make sure all blocking calls from the launcher have finished before anything else blocks on the broker. Move the config parsing (which does the blocking calls as part of nss) early and immediately notify PID1 of being started as soon as that is done. On my machine this roughly halves the time dbus-broker blocks boot from ~60ms to ~30ms. Signed-off-by: Tom Gundersen <teg@jklm.no>
-
- Nov 30, 2017
-
-
David Herrmann authored
Bump project version to v9 to prepare for the next release. Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-
David Herrmann authored
Fill in the correct release date to prepare for a v9 release. Signed-off-by: David Herrmann <dh.herrmann@gmail.com>
-