summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * Fix cross-compiling with autotools.Diego E. 'Flameeyes' Pettenò2009-01-061-4/+4
| | | | | | | | | | | | | | | | | | | | | | The AC_CANONICAL_TARGET macro and the $target_os variables are used for the target of compilers and other code-generation tools, and should not be used during cross-compile of generic software. Replace them with AC_CANONICAL_HOST and $host_os instead, as they should have been from the start. For a breakdown of what host, build and target machines are, please see http://blog.flameeyes.eu/s/canonical-target .
| * Avoid possible use of uninitialized variablePeter Breitenlohner2009-01-061-1/+1
| | | | | | | | Signed-off-by: Colin Walters <walters@verbum.org>
| * Enable -Werror by default with --enable-maintainer-mode, and change warningsColin Walters2009-01-061-6/+42
| | | | | | | | | | | | | | Important compiler warnings were being lost in the noise from warnings we know about but aren't problems, and moreover made using -Werror difficult. Now we expect *all* developers and testers to be using -Werror.
| * Various compiler warning fixesColin Walters2009-01-066-6/+8
| |
| * Bump for unstable cycleColin Walters2008-12-191-1/+1
| |
| * Release 1.2.10dbus-1.2.10Colin Walters2008-12-191-1/+1
| |
| * Add requested_reply to send denials, and connection loginfo to "would deny"Colin Walters2008-12-181-31/+38
| | | | | | | | | | | | The requested_reply field is necessary in send denials too because it's used in the policy language. The connection loginfo lack in "would deny" was just an oversight.
| * Add uid, pid, and command to security logsColin Walters2008-12-185-21/+228
| | | | | | | | | | | | | | | | Extend the current security logs with even more relevant information than just the message content. This requires some utility code to look up and cache (as a string) the data such as the uid/pid/command when a connection is authenticated.
| * Merge commit '3d6abf64d0abb2718e082e120f14f8f923a4af59' into dbus-1.2Colin Walters2008-12-162-47/+46
| |\
| | * Clean up and clarify default system policyColin Walters2008-12-122-47/+46
| | | | | | | | | | | | | | | The former was too reliant on old bugs and was generally unclear. This one makes explicit exactly what is allowed and not.
| * | Add optional logging on allow rulesColin Walters2008-12-164-16/+34
| | | | | | | | | | | | | | | This lets us have a backwards compatibility allow rule but still easily see when that rule is being used.
| * | Add message type to security syslog entriesColin Walters2008-12-121-2/+6
| | | | | | | | | | | | It's part of the security check, we should have it in the log.
| * | Add syslog of security denials and configuration file reloadsColin Walters2008-12-1213-23/+170
| |/ | | | | | | | | We need to start logging denials so that they become more easily trackable and debuggable.
| * Bump version for unstable cycleColin Walters2008-12-091-1/+1
| |
| * Release 1.2.8dbus-1.2.8Colin Walters2008-12-091-1/+1
| |
| * Another manpage update explicitly mentioning bare send_interfaceColin Walters2008-12-091-2/+6
| | | | | | | | | | We need to fix all of the bare send_interface rules; see: https://bugs.freedesktop.org/show_bug.cgi?id=18961
| * Add at_console docs to manpage, as well as brief <policy> forewardColin Walters2008-12-091-2/+17
| | | | | | | | We need some sort of general advice here.
| * Bug 18229: Allow signalsColin Walters2008-12-095-1/+60
| | | | | | | | | | | | | | Our previous fix went too far towards lockdown; many things rely on signals to work, and there's no really good reason to restrict which signals can be emitted on the bus because we can't tie them to a particular sender.
| * Release 1.2.6dbus-1.2.6Colin Walters2008-12-051-1/+1
| |
| * Bug 18229 - Change system.conf to correctly deny non-reply sends by defaultTomas Hoger2008-12-051-2/+12
| | | | | | | | | | | | | | | | | | | | | | The previous rule <allow send_requested_reply="true"/> was actually applied to all messages, even if they weren't a reply. This meant that in fact the default DBus policy was effectively allow, rather than deny as claimed. This fix ensures that the above rule only applies to actual reply messages. Signed-off-by: Colin Walters <walters@verbum.org>
| * Infrastructure for testing a "system like" bus in test suiteColin Walters2008-12-054-2/+125
| | | | | | | | | | | | The tmp-session-like-system.conf bus configuration has a security policy intended to mirror that of the system bus. This allows testing policy rules.
| * Bump configure again for gitColin Walters2008-10-061-1/+1
| |
| * Release 1.2.4dbus-1.2.4Colin Walters2008-10-061-1/+1
| |
| * 2008-08-24 Peter McCurdy <pmccurdy@skeptopotamus>Peter McCurdy2008-10-011-1/+1
| | | | | | | | | | | | | | | | * dbus/dbus-marshal-recursive.c: A stray comma between two string literals caused incorrect output and a compiler warning. Signed-off-by: Colin Walters <walters@verbum.org>
| * Bug 17280: Add a prototype for _dbus_credentials_add_adt_audit_data()Peter McCurdy2008-10-011-0/+3
| | | | | | | | | | | | | | * dbus/dbus-credentials.h: Add a prototype for _dbus_credentials_add_adt_audit_data() Signed-off-by: Colin Walters <walters@verbum.org>
| * Bug 17803: Panic from dbus_signature_validateColin Walters2008-10-012-0/+2
| | | | | | | | | | | | * dbus/dbus-marshal-validate.c: Ensure we validate a basic type before calling is_basic on it. * dbus-marshal-validate-util.c: Test.
| * Bug 17061: Handle error return from sysconf correctlyJoe Marcus Clarke2008-10-012-2/+10
| | | | | | | | | | | | | | | | | | * dbus/dbus-sysdeps-unix.c: * dbus/dbus-sysdeps-util-unix.c: Cast return from sysconf temporarily so we actually see -1. Signed-off-by: Colin Walters <walters@verbum.org>
| * Bug 13387: Fix compilation failure with AI_ADDRCONFIGJens Granseuer2008-10-011-2/+2
| | | | | | | | Signed-off-by: Colin Walters <walters@verbum.org>
| * Bug 17352: synchronize the file before renamingArtem Bityutskiy2008-10-011-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Dbus is doing atomic file updates by copying them, changing the copy, and re-naming them. However, it does not synchronize the file before re-naming, which results in corruption in case of unclean reboots. The reason for this is that file-systems have write-back cache and they postpone writing data to the media. This patch adds the missed fsync() for the Unix part. I do not have windows so cannot provide a windows port fix. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Signed-off-by: Colin Walters <walters@verbum.org>
* | libselinux behavior in permissive mode wrt invalid domainsEamon Walsh2009-04-221-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Stephen Smalley wrote: > On Tue, 2009-04-21 at 16:32 -0400, Joshua Brindle wrote: > >> Stephen Smalley wrote: >> >>> On Thu, 2009-04-16 at 20:47 -0400, Eamon Walsh wrote: >>> >>>> Stephen Smalley wrote: >>>> >> <snip> >> >> >>> No, I don't want to change the behavior upon context_to_sid calls in >>> general, as we otherwise lose all context validity checking in >>> permissive mode. >>> >>> I think I'd rather change compute_sid behavior to preclude the situation >>> from arising in the first place, possibly altering the behavior in >>> permissive mode upon an invalid context to fall back on the ssid >>> (process) or the tsid (object). But I'm not entirely convinced any >>> change is required here. >>> >>> >> I just want to follow up to make sure we are all on the same page here. Was the >> suggestion to change avc_has_perm in libselinux or context_to_sid in the kernel >> or leave the code as is and fix the callers of avc_has_perm to correctly handle >> error codes? >> >> I prefer the last approach because of Eamon's explanation, EINVAL is already >> passed in errno to specify the context was invalid (and if object managers >> aren't handling that correctly now there is a good chance they aren't handling >> the ENOMEM case either). >> > > I'd be inclined to change compute_sid (not context_to_sid) in the kernel > to prevent invalid contexts from being formed even in permissive mode > (scenario is a type transition where role is not authorized for the new > type). That was originally to allow the system to boot in permissive > mode. But an alternative would be to just stay in the caller's context > (ssid) in that situation. > > Changing the callers of avc_has_perm() to handle EINVAL and/or ENOMEM > may make sense, but that logic should not depend on enforcing vs. > permissive mode. > > FWIW, the following patch to D-Bus should help: bfo21072 - Log SELinux denials better by checking errno for the cause Note that this does not fully address the bug report since EINVAL can still be returned in permissive mode. However the log messages will now reflect the proper cause of the denial. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Signed-off-by: Colin Walters <walters@verbum.org>
* | bfo20738 - Return a useful error message from dbus_signature_validate()Federico Mena Quintero2009-04-211-3/+9
| | | | | | | | Signed-off-by: Federico Mena Quintero <federico@novell.com>
* | bfo20738 - Translate DBusValidity into error messageFederico Mena Quintero2009-04-212-0/+73
| | | | | | | | Signed-off-by: Federico Mena Quintero <federico@novell.com>
* | Bug 19567 - Make marshaling code usable without DBusConnectionWilliam Lachance2009-04-217-21/+90
| | | | | | | | | | | | | | | | | | | | Some projects want to reuse the DBus message format, without actually going through a DBusConnection. This set of changes makes a few functions from DBusMessage public, and adds a new function to determine the number of bytes needed to demarshal a message. Signed-off-by: Colin Walters <walters@verbum.org>
* | Followup Bug 19502 - Don't attempt to init va_list, not portableColin Walters2009-04-211-1/+1
| |
* | Bug 19502 - Sparse warning cleanupsKjartan Maraas2009-04-2111-13/+14
| | | | | | | | | | | | | | This patch makes various things that should be static static, corrects some "return FALSE" where it should be NULL, etc. Signed-off-by: Colin Walters <walters@verbum.org>
* | Merge branch 'dbus-1.2'Thiago Macieira2009-04-211-2/+2
|\ \
| * | configure.in: fix help string alignmentMarc Mutz2009-04-211-1/+1
| |/ | | | | | | | | | | | | * AC_ARG_ENABLE(libaudit: use AS_HELP_STRING for aligned help messages Signed-off-by: Thiago Macieira <thiago@kde.org> (cherry picked from commit 660073925b03cad2f6e95ba9f25a81c2d9727185)
| * Correctly dist 1.2.3 tarball with docs enableddbus-1.2.3Colin Walters2008-08-061-1/+1
| |
| * Bump configure.ac to 1.2.2Colin Walters2008-08-061-2/+2
| |
* | configure.in: fix help string alignmentMarc Mutz2009-04-201-1/+1
| | | | | | | | | | | | * AC_ARG_ENABLE(libaudit: use AS_HELP_STRING for aligned help messages Signed-off-by: Thiago Macieira <thiago@kde.org>
* | Bug 17803 - Fix both test case and validation logicColin Walters2009-04-172-7/+8
| | | | | | | | | | | | | | | | | | | | | | The previous commit had errors in both the test case and the validation logic. The test case was missing a trailing comma before the previous one, so we weren't testing the signature we thought we were. The validation logic was wrong because if the type was not valid, we'd drop through the entire if clause, and thus skip returning an error code, and accept the signature.
* | dbus-launch: use InputOnly X windowEamon Walsh2009-03-201-3/+3
| | | | | | | | | | | | | | | | | | | | Working on SELinux policy for X, and came across this issue in dbus-launch: Windows created for use as property/selection placeholders should be of class InputOnly, since no drawing is ever done to them. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Signed-off-by: Thiago Macieira <thiago@kde.org>
* | Bug 20494 - Fix signed confusion for dbus_message_get_reply_serial returnJohan Gyllenspetz2009-03-171-2/+2
| | | | | | | | | | | | | | We were incorrectly converting the serial to a signed integer and comparing it to -1. Signed-off-by: Colin Walters <walters@verbum.org>
* | Bug 20137 - Fix alignment usage when demarshaling basicsColin Walters2009-03-171-12/+28
| | | | | | | | | | | | | | | | | | | | | | We can't safely type-pun from e.g. char * to DBusBasicValue *, because the latter has higher alignment requirements. Instead, create an explicit pointer for each case. Also, we mark each one volatile to sidestep strict aliasing issues, for the future when we turn on strict aliasing support. Original patch and review from Jay Estabrook <jay.estabrook@hp.com>.
* | Always append closing quote in log commandColin Walters2009-03-121-6/+5
| | | | | | | | Patch suggested by Tomas Hoger <thoger@redhat.com>
* | Fix typo in docs.Xan Lopez2009-02-021-1/+1
| |
* | Bug 19307: Add missing syslog includeColin Walters2009-01-061-0/+1
| |
* | Fix cross-compiling with autotools.Diego E. 'Flameeyes' Pettenò2009-01-061-4/+4
| | | | | | | | | | | | | | | | | | | | | | The AC_CANONICAL_TARGET macro and the $target_os variables are used for the target of compilers and other code-generation tools, and should not be used during cross-compile of generic software. Replace them with AC_CANONICAL_HOST and $host_os instead, as they should have been from the start. For a breakdown of what host, build and target machines are, please see http://blog.flameeyes.eu/s/canonical-target .
* | Avoid possible use of uninitialized variablePeter Breitenlohner2009-01-061-1/+1
| | | | | | | | Signed-off-by: Colin Walters <walters@verbum.org>
* | Enable -Werror by default with --enable-maintainer-mode, and change warningsColin Walters2008-12-191-6/+42
| | | | | | | | | | | | | | Important compiler warnings were being lost in the noise from warnings we know about but aren't problems, and moreover made using -Werror difficult. Now we expect *all* developers and testers to be using -Werror.