-<?xml version='1.0'?> <!--*-nxml-*-->
+<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
-This file is part of systemd.
+ This file is part of systemd.
-Copyright 2014 Zbigniew Jędrzejewski-Szmek
+ Copyright 2014 Zbigniew Jędrzejewski-Szmek
-systemd is free software; you can redistribute it and/or modify it
-under the terms of the GNU Lesser General Public License as published by
-the Free Software Foundation; either version 2.1 of the License, or
-(at your option) any later version.
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
-systemd is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-Lesser General Public License for more details.
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
-You should have received a copy of the GNU Lesser General Public License
-along with systemd; If not, see <http://www.gnu.org/licenses/>.
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="sd_bus_creds_get_pid">
<refnamediv>
<refname>sd_bus_creds_get_pid</refname>
- <refname>sd_bus_creds_get_pid_starttime</refname>
+ <refname>sd_bus_creds_get_ppid</refname>
<refname>sd_bus_creds_get_tid</refname>
<refname>sd_bus_creds_get_uid</refname>
+ <refname>sd_bus_creds_get_euid</refname>
+ <refname>sd_bus_creds_get_suid</refname>
+ <refname>sd_bus_creds_get_fsuid</refname>
<refname>sd_bus_creds_get_gid</refname>
+ <refname>sd_bus_creds_get_egid</refname>
+ <refname>sd_bus_creds_get_sgid</refname>
+ <refname>sd_bus_creds_get_fsgid</refname>
+ <refname>sd_bus_creds_get_supplementary_gids</refname>
<refname>sd_bus_creds_get_comm</refname>
<refname>sd_bus_creds_get_tid_comm</refname>
<refname>sd_bus_creds_get_exe</refname>
<refname>sd_bus_creds_get_cmdline</refname>
<refname>sd_bus_creds_get_cgroup</refname>
<refname>sd_bus_creds_get_unit</refname>
- <refname>sd_bus_creds_get_user_unit</refname>
<refname>sd_bus_creds_get_slice</refname>
+ <refname>sd_bus_creds_get_user_unit</refname>
+ <refname>sd_bus_creds_get_user_slice</refname>
<refname>sd_bus_creds_get_session</refname>
<refname>sd_bus_creds_get_owner_uid</refname>
<refname>sd_bus_creds_has_effective_cap</refname>
<refname>sd_bus_creds_get_selinux_context</refname>
<refname>sd_bus_creds_get_audit_session_id</refname>
<refname>sd_bus_creds_get_audit_login_uid</refname>
+ <refname>sd_bus_creds_get_tty</refname>
<refname>sd_bus_creds_get_unique_name</refname>
<refname>sd_bus_creds_get_well_known_names</refname>
+ <refname>sd_bus_creds_get_description</refname>
<refpurpose>Retrieve fields from a credentials object</refpurpose>
</refnamediv>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_pid</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>pid_t *<parameter>pid</parameter></paramdef>
</funcprototype>
<funcprototype>
- <funcdef>int <function>sd_bus_creds_get_pid_starttime</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
- <paramdef>uint64_t *<parameter>usec</parameter></paramdef>
+ <funcdef>int <function>sd_bus_creds_get_ppid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>pid_t *<parameter>ppid</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_tid</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>pid_t *<parameter>tid</parameter></paramdef>
</funcprototype>
<funcprototype>
- <funcdef>int <function>sd_bus_creds_get_pid</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <funcdef>int <function>sd_bus_creds_get_uid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>uid_t *<parameter>uid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_euid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>uid_t *<parameter>uid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_suid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>uid_t *<parameter>uid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_fsuid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>uid_t *<parameter>uid</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_gid</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>gid_t *<parameter>gid</parameter></paramdef>
</funcprototype>
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_egid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>gid_t *<parameter>gid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_sgid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>gid_t *<parameter>gid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_fsgid</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>gid_t *<parameter>gid</parameter></paramdef>
+ </funcprototype>
+
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_supplementary_gids</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>const gid_t **<parameter>gids</parameter></paramdef>
+ </funcprototype>
+
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_comm</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>comm</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_tid_comm</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>comm</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_exe</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>exe</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_cmdline</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>char ***<parameter>cmdline</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_cgroup</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>cgroup</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_unit</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>unit</parameter></paramdef>
</funcprototype>
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_slice</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>const char **<parameter>slice</parameter></paramdef>
+ </funcprototype>
+
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_user_unit</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>unit</parameter></paramdef>
</funcprototype>
<funcprototype>
- <funcdef>int <function>sd_bus_creds_get_slice</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <funcdef>int <function>sd_bus_creds_get_user_slice</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>slice</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_session</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>slice</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_owner_uid</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>uid_t *<parameter>uid</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_has_effective_cap</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>int <parameter>capability</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_has_permitted_cap</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>int <parameter>capability</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_has_inheritable_cap</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>int <parameter>capability</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_has_bounding_cap</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>int <parameter>capability</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_selinux_context</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>context</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_audit_session_id</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>uint32_t *<parameter>sessionid</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_audit_login_uid</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>uid_t *<parameter>loginuid</parameter></paramdef>
</funcprototype>
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_tty</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>const char **<parameter>tty</parameter></paramdef>
+ </funcprototype>
+
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_unique_name</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>const char **<parameter>name</parameter></paramdef>
</funcprototype>
<funcprototype>
<funcdef>int <function>sd_bus_creds_get_well_known_names</function></funcdef>
- <paramdef>sd_bus_creds* <parameter>c</parameter></paramdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
<paramdef>char ***<parameter>name</parameter></paramdef>
</funcprototype>
+ <funcprototype>
+ <funcdef>int <function>sd_bus_creds_get_description</function></funcdef>
+ <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef>
+ <paramdef>const char **<parameter>name</parameter></paramdef>
+ </funcprototype>
+
</funcsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
- <para>Those functions return information from an
- <parameter>sd_bus_creds</parameter> object. It may be created with
+ <para>These functions return credential information from an
+ <parameter>sd_bus_creds</parameter> object. Credential objects may
+ be created with
<citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- in which case it will describe the specified process, or it may be
- created by
- <citerefentry><refentrytitle>sd_bus_get_peer_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- in which case it will describe the process at the other endpoint
- of a connection.
- </para>
-
- <para><function>sd_bus_creds_get_pid</function> will retrieve the
- PID (process identifier).</para>
-
- <para><function>sd_bus_creds_get_pid_starttime</function> will
- retrieve the time since the start of the epoch in microseconds
- since the process was started.</para>
-
- <para><function>sd_bus_creds_get_tid</function> will retrieve the
+ in which case they describe the credentials of the process
+ identified by the specified PID, with
+ <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+ in which case they describe the credentials of a bus peer
+ identified by the specified bus name, with
+ <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+ in which case they describe the credentials of the creator of a
+ bus, or with
+ <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+ in which case they describe the credentials of the sender of the
+ message.</para>
+
+ <para>Not all credential fields are part of every
+ <literal>sd_bus_creds</literal> object. Use
+ <citerefentry><refentrytitle>sd_bus_creds_get_mask</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ to determine the mask of fields available.</para>
+
+ <para><function>sd_bus_creds_get_pid()</function> will retrieve
+ the PID (process identifier). Similarly,
+ <function>sd_bus_creds_get_ppid()</function> will retrieve the
+ parent PID. Note that PID 1 has no parent process, in which case
+ -ENXIO is returned.</para>
+
+ <para><function>sd_bus_creds_get_tid()</function> will retrieve the
TID (thread identifier).</para>
- <para><function>sd_bus_creds_get_uid</function> will retrieve the
- UID (user identifier).</para>
-
- <para><function>sd_bus_creds_get_gid</function> will retrieve the
- GID (group identifier).</para>
-
- <para><function>sd_bus_creds_get_comm</function> will retrieve the
- comm field (name of the executable, as stored in
+ <para><function>sd_bus_creds_get_uid()</function> will retrieve
+ the numeric UID (user identifier). Similarly,
+ <function>sd_bus_creds_get_euid()</function> returns the effective
+ UID, <function>sd_bus_creds_get_suid()</function> the saved UID
+ and <function>sd_bus_creds_get_fsuid()</function> the file system
+ UID.</para>
+
+ <para><function>sd_bus_creds_get_gid()</function> will retrieve the
+ numeric GID (group identifier). Similarly,
+ <function>sd_bus_creds_get_egid()</function> returns the effective
+ GID, <function>sd_bus_creds_get_sgid()</function> the saved GID
+ and <function>sd_bus_creds_get_fsgid()</function> the file system
+ GID.</para>
+
+ <para><function>sd_bus_creds_get_supplementary_gids()</function>
+ will retrieve the supplementary GIDs list.</para>
+
+ <para><function>sd_bus_creds_get_comm()</function> will retrieve the
+ comm field (truncated name of the executable, as stored in
<filename>/proc/<replaceable>pid</replaceable>/comm</filename>).
</para>
- <para><function>sd_bus_creds_get_tid_comm</function> will retrieve
+ <para><function>sd_bus_creds_get_tid_comm()</function> will retrieve
the comm field of the thread (as stored in
<filename>/proc/<replaceable>pid</replaceable>/task/<replaceable>tid</replaceable>/comm</filename>).
</para>
- <para><function>sd_bus_creds_get_exe</function> will retrieve the
- path to the program (as stored in the
+ <para><function>sd_bus_creds_get_exe()</function> will retrieve
+ the path to the program executable (as stored in the
<filename>/proc/<replaceable>pid</replaceable>/exe</filename>
- link, but with <literal> (deleted)</literal> suffix removed).
- </para>
-
- <para><function>sd_bus_creds_get_cmdline</function> will retrieve
- an array of command-line arguments (as stored in
- <filename>/proc/<replaceable>pid</replaceable>/cmdline</filename>).
- </para>
-
- <para><function>sd_bus_creds_get_cgroup</function> will retrieve
- the cgroup path. See <ulink
+ link, but with the <literal> (deleted)</literal> suffix removed). Note
+ that kernel threads do not have an executable path, in which case
+ -ENXIO is returned.</para>
+
+ <para><function>sd_bus_creds_get_cmdline()</function> will
+ retrieve an array of command line arguments (as stored in
+ <filename>/proc/<replaceable>pid</replaceable>/cmdline</filename>). Note
+ that kernel threads do not have a command line, in which case
+ -ENXIO is returned.</para>
+
+ <para><function>sd_bus_creds_get_cgroup()</function> will retrieve
+ the control group path. See <ulink
url="https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt">cgroups.txt</ulink>.
</para>
- <para><function>sd_bus_creds_get_unit</function> will retrieve the
- systemd unit name (in the system instance of systemd) that the
- process is part of. See
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ <para><function>sd_bus_creds_get_unit()</function> will retrieve
+ the systemd unit name (in the system instance of systemd) that the
+ process is a part of. See
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For
+ processes that are not part of a unit, returns -ENXIO.
</para>
- <para><function>sd_bus_creds_get_user_unit</function> will
+ <para><function>sd_bus_creds_get_user_unit()</function> will
retrieve the systemd unit name (in the user instance of systemd)
- that the process is part of. See
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ that the process is a part of. See
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>. For
+ processes that are not part of a user unit, returns -ENXIO.
</para>
- <para><function>sd_bus_creds_get_slice</function> will retrieve
+ <para><function>sd_bus_creds_get_slice()</function> will retrieve
the systemd slice (a unit in the system instance of systemd) that
- the process is part of. See
- <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ the process is a part of. See
+ <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>. Similarly,
+ <function>sd_bus_creds_get_user_slice()</function> retrieves the
+ systemd slice of the process, in the user instance of systemd.
</para>
- <para><function>sd_bus_creds_get_session</function> will retrieve
- the logind session that the process is part of. See
- <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ <para><function>sd_bus_creds_get_session()</function> will
+ retrieve the identifier of the login session that the process is
+ a part of. See
+ <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. For
+ processes that are not part of a session, returns -ENXIO.
</para>
- <para><function>sd_bus_creds_get_owner_uid</function> will retrieve
- the UID (user identifier) of the user who owns the slice
- that the process is part of. See
- <citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- <!-- and
- <citerefentry><refentrytitle>systemd-user-sessions.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> -->.
+ <para><function>sd_bus_creds_get_owner_uid()</function> will
+ retrieve the numeric UID (user identifier) of the user who owns
+ the login session that the process is a part of. See
+ <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ For processes that are not part of a session, returns -ENXIO.
</para>
- <para><function>sd_bus_creds_has_effective_cap</function> will
- check whether all of the capabilities specified by
- <parameter>capability</parameter> were set in the effective
- capabilities mask. A positive return value means that they were
- set, zero means that they were not set, and a negative return
- value signifies an error. See
- <citerefentry><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
- and <varname>Capabilities=</varname> and
- <varname>CapabilityBoundingSet=</varname> settings in
+ <para><function>sd_bus_creds_has_effective_cap()</function> will check whether the capability specified by
+ <parameter>capability</parameter> was set in the effective capabilities mask. A positive return value means that it
+ was set, zero means that it was not set, and a negative return value indicates an error. See <citerefentry
+ project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry> and the
+ <varname>AmbientCapabilities=</varname> and <varname>CapabilityBoundingSet=</varname> settings in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
- <para><function>sd_bus_creds_has_permitted_cap</function> is
- similar to <function>sd_bus_creds_has_effective_cap</function>,
+ <para><function>sd_bus_creds_has_permitted_cap()</function> is
+ similar to <function>sd_bus_creds_has_effective_cap()</function>,
but will check the permitted capabilities mask.</para>
- <para><function>sd_bus_creds_has_inheritable_cap</function> is
- similar to <function>sd_bus_creds_has_effective_cap</function>,
+ <para><function>sd_bus_creds_has_inheritable_cap()</function> is
+ similar to <function>sd_bus_creds_has_effective_cap()</function>,
but will check the inheritable capabilities mask.</para>
- <para><function>sd_bus_creds_has_bounding_cap</function> is
- similar to <function>sd_bus_creds_has_effective_cap</function>,
+ <para><function>sd_bus_creds_has_bounding_cap()</function> is
+ similar to <function>sd_bus_creds_has_effective_cap()</function>,
but will check the bounding capabilities mask.</para>
- <para><function>sd_bus_creds_get_selinux_context</function> will
- retrieve the SELinux context of the process.</para>
+ <para><function>sd_bus_creds_get_selinux_context()</function> will
+ retrieve the SELinux security context (label) of the process.</para>
- <para><function>sd_bus_creds_get_audit_session_id</function> will
- retrieve the audit session identifier of the process.</para>
+ <para><function>sd_bus_creds_get_audit_session_id()</function>
+ will retrieve the audit session identifier of the process. Returns
+ -ENXIO for processes that are not part of an audit session.</para>
- <para><function>sd_bus_creds_get_audit_login_uid</function> will
+ <para><function>sd_bus_creds_get_audit_login_uid()</function> will
retrieve the audit user login identifier (the identifier of the
- user who is "responsible" for the session).</para>
+ user who is "responsible" for the session). Returns -ENXIO for
+ processes that are not part of an audit session.</para>
+
+ <para><function>sd_bus_creds_get_tty()</function> will retrieve
+ the controlling TTY, without the prefixing "/dev/". Returns -ENXIO
+ for processes that have no controlling TTY.</para>
- <para><function>sd_bus_creds_get_unique_name</function> will
+ <para><function>sd_bus_creds_get_unique_name()</function> will
retrieve the D-Bus unique name. See <ulink
url="http://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-names-bus">The
D-Bus specification</ulink>.</para>
- <para><function>sd_bus_creds_get_well_known_names</function> will
+ <para><function>sd_bus_creds_get_well_known_names()</function> will
retrieve the set of D-Bus well-known names. See <ulink
url="http://dbus.freedesktop.org/doc/dbus-specification.html#message-protocol-names-bus">The
D-Bus specification</ulink>.</para>
+ <para><function>sd_bus_creds_get_description()</function> will
+ retrieve a descriptive name of the bus connection of the
+ peer. This name is useful to discern multiple bus connections by
+ the same peer, and may be altered by the peer with the
+ <citerefentry><refentrytitle>sd_bus_set_description</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ call.</para>
+
<para>All functions that take a <parameter>const
char**</parameter> parameter will store the answer there as an
address of a NUL-terminated string. It will be valid as long as
modified by the caller.</para>
<para>All functions that take a <parameter>char***</parameter>
- parameter will store the answer there as an address of a an array
- of strings. Each invidividual string is NUL-terminated, and the
+ parameter will store the answer there as an address of an array
+ of strings. Each individual string is NUL-terminated, and the
array is NULL-terminated as a whole. It will be valid as long as
<parameter>c</parameter> remains valid, and should not be freed or
modified by the caller.</para>
<variablelist>
<varlistentry>
- <term><varname>-ENODATA</varname></term>
+ <term><constant>-ENODATA</constant></term>
- <listitem><para>Given field is not available in
- <parameter>c</parameter>.</para>
- </listitem>
+ <listitem><para>The given field is not available in the
+ credentials object <parameter>c</parameter>.</para>
+ </listitem>
</varlistentry>
<varlistentry>
- <term><varname>-ENOENT</varname></term>
-
- <listitem><para>Given field is not specified for the sender.
- This will be returned by <function>sd_bus_get_unit</function>,
- <function>sd_bus_get_user_unit</function>,
- <function>sd_bus_get_slice</function>,
- <function>sd_bus_get_session</function>, and
- <function>sd_bus_get_owner_uid</function> if the sender is not
- part of a systemd system unit, systemd user unit, systemd
- slice, logind session, or a systemd user session.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>-ENXIO</varname></term>
-
- <listitem><para>An error occured in parsing cgroup paths.
- <filename>libsystemd-bus</filename> might be out of sync with
- the running systemd version.</para></listitem>
+ <term><constant>-ENXIO</constant></term>
+
+ <listitem><para>The given field is not specified for the described
+ process or peer. This will be returned by
+ <function>sd_bus_get_unit()</function>,
+ <function>sd_bus_get_slice()</function>,
+ <function>sd_bus_get_user_unit()</function>,
+ <function>sd_bus_get_user_slice()</function>,
+ <function>sd_bus_get_session()</function>, and
+ <function>sd_bus_get_owner_uid()</function> if the process is
+ not part of a systemd system unit, systemd user unit, systemd
+ slice, or logind session. It will also be returned by
+ <function>sd_bus_creds_get_exe()</function> and
+ <function>sd_bus_creds_get_cmdline()</function> for kernel
+ threads (since these are not started from an executable binary,
+ nor have a command line), and by
+ <function>sd_bus_creds_get_audit_session_id()</function> and
+ <function>sd_bus_creds_get_audit_login_uid()</function> when
+ the process is not part of an audit session, and
+ <function>sd_bus_creds_get_tty()</function> if the process has
+ no controlling TTY.
+ </para>
+ </listitem>
</varlistentry>
<varlistentry>
- <term><varname>-EINVAL</varname></term>
+ <term><constant>-EINVAL</constant></term>
<listitem><para>Specified pointer parameter is <constant>NULL</constant>.
</para></listitem>
</varlistentry>
<varlistentry>
- <term><varname>-ENOMEM</varname></term>
+ <term><constant>-ENOMEM</constant></term>
<listitem><para>Memory allocation failed.</para></listitem>
</varlistentry>
<refsect1>
<title>Notes</title>
- <para><function>sd_bus_open_user()</function> and other functions
- described here are available as a shared library, which can be
- compiled and linked to with the
- <constant>libsystemd-bus</constant> <citerefentry><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ <para><function>sd_bus_creds_get_pid()</function> and the other
+ functions described here are available as a shared library, which
+ can be compiled and linked to with the
+ <constant>libelogind</constant> <citerefentry
+ project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>
file.</para>
</refsect1>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>credentials</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>fork</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.journald-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>fork</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>credentials</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>free</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
</refsect1>