| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
In case of OOM when constructing an array, we should abandon the
container to free the resources.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's not currently possible to abandon creation of a container without
either hitting asserts or leaking memory. This new function allows
that.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* dbus/dbus-message-util.c: when constructing an array of structures,
it's not possible to unwind in case of an error part-way through.
This test will therefore assert.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* test/test-service.c (handle_delay_echo, path_message_func): Add a
variant of the Echo method which sleeps for a short time.
* test/name-test/test-pending-call-timeout.c: Run tests with default,
specified and infinite timeout to make sure we get the reply.
* test/name-test/run-test.sh: Run the new test
* test/name-test/Makefile.am: Build the new test
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* bus/session.conf.in: Remove the reply_timeout stanza, previously
intended to increase the reply timeout, this now reduces it.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* bus/config-parser.c (bus_config_parser_new): change the default reply
timeout to "never"
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* bus/expirelist.c (do_expiration_with_current_time): Don't check for
expiry if expire_after is negative, will just disable the expiry timer
after the call.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* bus/expirelist.c (do_expiration_with_current_time): If the item added
time fields are both zero, always expire.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* dbus/dbus-pending-call.c (_dbus_pending_call_new_unlocked): Now that
the timeout math won't overflow, don't clamp to six hours.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* dbus/dbus-connection.c (_dbus_connection_block_pending_call): Rework
the timeout math so instead of calculating an end time, which may
overflow, we instead calculate the elapsed time which is always
smaller than the boundaries.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* dbus/dbus-connection.c (dbus_connection_send_with_reply): Fix
documentation now that INT_MAX will not be clamped.
(dbus_connection_send_with_reply_and_block): Update documentation too.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* dbus/dbus-pending-call.c (_dbus_pending_call_new_unlocked): When passed
INT_MAX, do not clamp the value and do not allocate a timeout for the call
(_dbus_pending_call_get_timeout_unlocked): Document that this may return
NULL.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* dbus/dbus-connection.c (_dbus_connection_block_pending_call): Allow the
pending call to have no timeout, in which case we simply block until we
complete, have data or get disconnected.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-connection.c (_dbus_connection_attach_pending_call_unlocked):
Don't assume that the pending call has a timeout.
(connection_timeout_and_complete_all_pending_call_unlocked): check that
the timeout was actually added before removing it; this safeguards us
if the pending call doesn't have a timeout.
Signed-off-by: Scott James Remnant <scott@ubuntu.com>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* configure.in: only run AC_CACHE_CHECK if enable_abstract_sockets=auto
* configure.in: warn that, when cross-compiling, we're unable to detect
abstract sockets availability automatically
Signed-off-by: Thiago Macieira <thiago@kde.org>
|
| | |
| |
| |
| | |
Signed-off-by: Thiago Macieira <thiago@kde.org>
|
| |\|
| |
| |
| |
| | |
Conflicts:
dbus/dbus-sysdeps-util-unix.c
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Stephen Smalley wrote:
> On Tue, 2009-04-21 at 16:32 -0400, Joshua Brindle wrote:
>
>> Stephen Smalley wrote:
>>
>>> On Thu, 2009-04-16 at 20:47 -0400, Eamon Walsh wrote:
>>>
>>>> Stephen Smalley wrote:
>>>>
>> <snip>
>>
>>
>>> No, I don't want to change the behavior upon context_to_sid calls in
>>> general, as we otherwise lose all context validity checking in
>>> permissive mode.
>>>
>>> I think I'd rather change compute_sid behavior to preclude the situation
>>> from arising in the first place, possibly altering the behavior in
>>> permissive mode upon an invalid context to fall back on the ssid
>>> (process) or the tsid (object). But I'm not entirely convinced any
>>> change is required here.
>>>
>>>
>> I just want to follow up to make sure we are all on the same page here. Was the
>> suggestion to change avc_has_perm in libselinux or context_to_sid in the kernel
>> or leave the code as is and fix the callers of avc_has_perm to correctly handle
>> error codes?
>>
>> I prefer the last approach because of Eamon's explanation, EINVAL is already
>> passed in errno to specify the context was invalid (and if object managers
>> aren't handling that correctly now there is a good chance they aren't handling
>> the ENOMEM case either).
>>
>
> I'd be inclined to change compute_sid (not context_to_sid) in the kernel
> to prevent invalid contexts from being formed even in permissive mode
> (scenario is a type transition where role is not authorized for the new
> type). That was originally to allow the system to boot in permissive
> mode. But an alternative would be to just stay in the caller's context
> (ssid) in that situation.
>
> Changing the callers of avc_has_perm() to handle EINVAL and/or ENOMEM
> may make sense, but that logic should not depend on enforcing vs.
> permissive mode.
>
>
FWIW, the following patch to D-Bus should help:
bfo21072 - Log SELinux denials better by checking errno for the cause
Note that this does not fully address the bug report since
EINVAL can still be returned in permissive mode. However the log
messages will now reflect the proper cause of the denial.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| | |
Signed-off-by: Federico Mena Quintero <federico@novell.com>
|
| | |
| |
| |
| | |
Signed-off-by: Federico Mena Quintero <federico@novell.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some projects want to reuse the DBus message format, without
actually going through a DBusConnection. This set of changes
makes a few functions from DBusMessage public, and adds a new
function to determine the number of bytes needed to demarshal
a message.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
This patch makes various things that should be static static,
corrects some "return FALSE" where it should be NULL, etc.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Working on SELinux policy for X, and came across this issue in dbus-launch:
Windows created for use as property/selection placeholders should be of
class InputOnly, since no drawing is ever done to them.
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Thiago Macieira <thiago@kde.org>
|
| | |
| |
| |
| |
| |
| |
| | |
We were incorrectly converting the serial to a signed integer
and comparing it to -1.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We can't safely type-pun from e.g. char * to DBusBasicValue *, because
the latter has higher alignment requirements. Instead, create an
explicit pointer for each case.
Also, we mark each one volatile to sidestep strict aliasing issues, for
the future when we turn on strict aliasing support.
Original patch and review from Jay Estabrook <jay.estabrook@hp.com>.
|
| | |
| |
| |
| | |
Patch suggested by Tomas Hoger <thoger@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous commit had errors in both the test case and
the validation logic. The test case was missing a trailing
comma before the previous one, so we weren't testing the
signature we thought we were.
The validation logic was wrong because if the type was not valid,
we'd drop through the entire if clause, and thus skip returning
an error code, and accept the signature.
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
bus/bus.c
bus/config-parser-common.c
bus/config-parser-common.h
bus/config-parser.c
bus/connection.c
bus/dbus-daemon.1.in
dbus/dbus-marshal-validate-util.c
dbus/dbus-marshal-validate.c
dbus/dbus-sysdeps-util-unix.c
test/name-test/tmp-session-like-system.conf
|
| | |
| |
| |
| |
| |
| |
| | |
* AC_ARG_ENABLE(libaudit: use AS_HELP_STRING for aligned help messages
Signed-off-by: Thiago Macieira <thiago@kde.org>
(cherry picked from commit 660073925b03cad2f6e95ba9f25a81c2d9727185)
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
* configure.in: Tweak libxml/expat detection and handling.
|
| | |
| |
| |
| | |
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| |
| |
| |
| | |
* dbus/dbus-marshal-validate.c: If an array is fixed size,
skip validation
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| |
| |
| |
| | |
* bus/bus.c: Initialize AVC earlier:
http://lists.freedesktop.org/archives/dbus/2008-October/010493.html
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| |
| |
| | |
* tools/dbus-print-message.c: Print serial too.
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| | |
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| | |
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| | |
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The AC_CANONICAL_TARGET macro and the $target_os variables are used for the
target of compilers and other code-generation tools, and should not be used
during cross-compile of generic software. Replace them with
AC_CANONICAL_HOST and $host_os instead, as they should have been from the
start.
For a breakdown of what host, build and target machines are, please see
http://blog.flameeyes.eu/s/canonical-target .
|
| | |
| |
| |
| | |
Signed-off-by: Colin Walters <walters@verbum.org>
|
| | |
| |
| |
| |
| |
| |
| | |
Important compiler warnings were being lost in the noise from warnings
we know about but aren't problems, and moreover made using -Werror
difficult. Now we expect *all* developers and testers to be using
-Werror.
|
| | | |
|
| | | |
|
