X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Flibsystemd%2Fsd-bus%2Fkdbus.h;h=7137fc9989294db37c9a3a3005641271acf4fd11;hb=fed1e721fd0c81e60c77120539f34e16c2585634;hp=e3a80c352d9f12687d8e997f2ce5cbc8f40e0d92;hpb=63cc4c3138fd0ce9cc97884373a2dd8959a13ee9;p=elogind.git diff --git a/src/libsystemd/sd-bus/kdbus.h b/src/libsystemd/sd-bus/kdbus.h index e3a80c352..7137fc998 100644 --- a/src/libsystemd/sd-bus/kdbus.h +++ b/src/libsystemd/sd-bus/kdbus.h @@ -58,22 +58,43 @@ struct kdbus_notify_name_change { /** * struct kdbus_creds - process credentials * @uid: User ID + * @euid: Effective UID + * @suid: Saved UID + * @fsuid: Filesystem UID * @gid: Group ID + * @egid: Effective GID + * @sgid: Saved GID + * @fsgid: Filesystem GID + * + * Attached to: + * KDBUS_ITEM_CREDS + */ +struct kdbus_creds { + __u32 uid; + __u32 euid; + __u32 suid; + __u32 fsuid; + __u32 gid; + __u32 egid; + __u32 sgid; + __u32 fsgid; +}; + +/** + * struct kdbus_pids - process identifiers * @pid: Process ID * @tid: Thread ID * @starttime: Starttime of the process * - * The starttime of the process PID. This is useful to detect PID overruns - * from the client side. i.e. if you use the PID to look something up in - * /proc/$PID/ you can afterwards check the starttime field of it, to ensure - * you didn't run into a PID overrun. + * The PID, TID and starttime of a process. The start tmie is useful to detect + * PID overruns from the client side. i.e. if you use the PID to look something + * up in /proc/$PID/ you can afterwards check the starttime field of it, to + * ensure you didn't run into a PID overrun. * * Attached to: - * KDBUS_ITEM_CREDS + * KDBUS_ITEM_PIDS */ -struct kdbus_creds { - __u64 uid; - __u64 gid; +struct kdbus_pids { __u64 pid; __u64 tid; __u64 starttime; @@ -103,8 +124,8 @@ struct kdbus_caps { * KDBUS_ITEM_AUDIT */ struct kdbus_audit { - __u64 sessionid; - __u64 loginuid; + __u32 sessionid; + __u32 loginuid; }; /** @@ -229,14 +250,19 @@ struct kdbus_policy_access { * @KDBUS_ITEM_NAME: Well-know name with flags * @_KDBUS_ITEM_ATTACH_BASE: Start of metadata attach items * @KDBUS_ITEM_TIMESTAMP: Timestamp - * @KDBUS_ITEM_CREDS: Process credential + * @KDBUS_ITEM_CREDS: Process credentials + * @KDBUS_ITEM_PIDS: Process identifiers * @KDBUS_ITEM_AUXGROUPS: Auxiliary process groups * @KDBUS_ITEM_OWNED_NAME: A name owned by the associated * connection * @KDBUS_ITEM_TID_COMM: Thread ID "comm" identifier + * (Don't trust this, see below.) * @KDBUS_ITEM_PID_COMM: Process ID "comm" identifier + * (Don't trust this, see below.) * @KDBUS_ITEM_EXE: The path of the executable + * (Don't trust this, see below.) * @KDBUS_ITEM_CMDLINE: The process command line + * (Don't trust this, see below.) * @KDBUS_ITEM_CGROUP: The croup membership * @KDBUS_ITEM_CAPS: The process capabilities * @KDBUS_ITEM_SECLABEL: The security label @@ -253,6 +279,12 @@ struct kdbus_policy_access { * @KDBUS_ITEM_ID_REMOVE: Notification in kdbus_notify_id_change * @KDBUS_ITEM_REPLY_TIMEOUT: Timeout has been reached * @KDBUS_ITEM_REPLY_DEAD: Destination died + * + * N.B: The process and thread COMM fields, as well as the CMDLINE and + * EXE fields may be altered by unprivileged processes und should + * hence *not* used for security decisions. Peers should make use of + * these items only for informational purposes, such as generating log + * records. */ enum kdbus_item_type { _KDBUS_ITEM_NULL, @@ -275,6 +307,7 @@ enum kdbus_item_type { _KDBUS_ITEM_ATTACH_BASE = 0x1000, KDBUS_ITEM_TIMESTAMP = _KDBUS_ITEM_ATTACH_BASE, KDBUS_ITEM_CREDS, + KDBUS_ITEM_PIDS, KDBUS_ITEM_AUXGROUPS, KDBUS_ITEM_OWNED_NAME, KDBUS_ITEM_TID_COMM, @@ -336,6 +369,7 @@ struct kdbus_item { __u64 id; struct kdbus_vec vec; struct kdbus_creds creds; + struct kdbus_pids pids; struct kdbus_audit audit; struct kdbus_caps caps; struct kdbus_timestamp timestamp; @@ -455,6 +489,16 @@ enum kdbus_recv_flags { * @offset: Returned offset in the pool where the message is * stored. The user must use KDBUS_CMD_FREE to free * the allocated memory. + * @dropped_msgs: In case the KDBUS_CMD_MSG_RECV ioctl returns + * -EOVERFLOW, this field will contain the number of + * broadcast messages that have been lost since the + * last call. + * @msg_size: Filled by the kernel with the actual message size. This + * is the full size of the slice placed at @offset. It + * includes the memory used for the kdbus_msg object, but + * also for all appended VECs. By using @msg_size and + * @offset, you can map a single message, instead of + * mapping the whole pool. * * This struct is used with the KDBUS_CMD_MSG_RECV ioctl. */ @@ -462,7 +506,11 @@ struct kdbus_cmd_recv { __u64 flags; __u64 kernel_flags; __s64 priority; - __u64 offset; + union { + __u64 offset; + __u64 dropped_msgs; + }; + __u64 msg_size; } __attribute__((aligned(8))); /** @@ -547,6 +595,7 @@ enum kdbus_hello_flags { * enum kdbus_attach_flags - flags for metadata attachments * @KDBUS_ATTACH_TIMESTAMP: Timestamp * @KDBUS_ATTACH_CREDS: Credentials + * @KDBUS_ATTACH_PIDS: PIDs * @KDBUS_ATTACH_AUXGROUPS: Auxiliary groups * @KDBUS_ATTACH_NAMES: Well-known names * @KDBUS_ATTACH_TID_COMM: The "comm" process identifier of the TID @@ -565,18 +614,19 @@ enum kdbus_hello_flags { enum kdbus_attach_flags { KDBUS_ATTACH_TIMESTAMP = 1ULL << 0, KDBUS_ATTACH_CREDS = 1ULL << 1, - KDBUS_ATTACH_AUXGROUPS = 1ULL << 2, - KDBUS_ATTACH_NAMES = 1ULL << 3, - KDBUS_ATTACH_TID_COMM = 1ULL << 4, - KDBUS_ATTACH_PID_COMM = 1ULL << 5, - KDBUS_ATTACH_EXE = 1ULL << 6, - KDBUS_ATTACH_CMDLINE = 1ULL << 7, - KDBUS_ATTACH_CGROUP = 1ULL << 8, - KDBUS_ATTACH_CAPS = 1ULL << 9, - KDBUS_ATTACH_SECLABEL = 1ULL << 10, - KDBUS_ATTACH_AUDIT = 1ULL << 11, - KDBUS_ATTACH_CONN_DESCRIPTION = 1ULL << 12, - _KDBUS_ATTACH_ALL = (1ULL << 13) - 1, + KDBUS_ATTACH_PIDS = 1ULL << 2, + KDBUS_ATTACH_AUXGROUPS = 1ULL << 3, + KDBUS_ATTACH_NAMES = 1ULL << 4, + KDBUS_ATTACH_TID_COMM = 1ULL << 5, + KDBUS_ATTACH_PID_COMM = 1ULL << 6, + KDBUS_ATTACH_EXE = 1ULL << 7, + KDBUS_ATTACH_CMDLINE = 1ULL << 8, + KDBUS_ATTACH_CGROUP = 1ULL << 9, + KDBUS_ATTACH_CAPS = 1ULL << 10, + KDBUS_ATTACH_SECLABEL = 1ULL << 11, + KDBUS_ATTACH_AUDIT = 1ULL << 12, + KDBUS_ATTACH_CONN_DESCRIPTION = 1ULL << 13, + _KDBUS_ATTACH_ALL = (1ULL << 14) - 1, _KDBUS_ATTACH_ANY = ~0ULL }; @@ -619,8 +669,8 @@ struct kdbus_cmd_hello { /** * enum kdbus_make_flags - Flags for KDBUS_CMD_{BUS,EP,NS}_MAKE - * @KDBUS_MAKE_ACCESS_GROUP: Make the device node group-accessible - * @KDBUS_MAKE_ACCESS_WORLD: Make the device node world-accessible + * @KDBUS_MAKE_ACCESS_GROUP: Make the bus or endpoint node group-accessible + * @KDBUS_MAKE_ACCESS_WORLD: Make the bus or endpoint node world-accessible */ enum kdbus_make_flags { KDBUS_MAKE_ACCESS_GROUP = 1ULL << 0, @@ -713,7 +763,7 @@ enum kdbus_name_list_flags { /** * struct kdbus_cmd_name_list - request a list of name entries * @flags: Flags for the query (KDBUS_NAME_LIST_*), - * userspace → kernel + * userspace → kernel * @kernel_flags: Supported flags for queries, kernel → userspace * @offset: The returned offset in the caller's pool buffer. * The user must use KDBUS_CMD_FREE to free the @@ -834,16 +884,16 @@ struct kdbus_cmd_match { /** * Ioctl API - * KDBUS_CMD_BUS_MAKE: After opening the "control" device node, this - * command creates a new bus with the specified + * KDBUS_CMD_BUS_MAKE: After opening the "control" node, this command + * creates a new bus with the specified * name. The bus is immediately shut down and - * cleaned up when the opened "control" device node - * is closed. + * cleaned up when the opened file descriptor is + * closed. * KDBUS_CMD_ENDPOINT_MAKE: Creates a new named special endpoint to talk to * the bus. Such endpoints usually carry a more * restrictive policy and grant restricted access * to specific applications. - * KDBUS_CMD_HELLO: By opening the bus device node a connection is + * KDBUS_CMD_HELLO: By opening the bus node, a connection is * created. After a HELLO the opened connection * becomes an active peer on the bus. * KDBUS_CMD_BYEBYE: Disconnect a connection. If there are no