/**
* struct kdbus_creds - process credentials
* @uid: User ID
+ * @euid: Effective UID
+ * @suid: Saved UID
+ * @fsuid: Filesystem UID
* @gid: Group ID
+ * @egid: Effective GID
+ * @sgid: Saved GID
+ * @fsgid: Filesystem GID
+ *
+ * Attached to:
+ * KDBUS_ITEM_CREDS
+ */
+struct kdbus_creds {
+ __u32 uid;
+ __u32 euid;
+ __u32 suid;
+ __u32 fsuid;
+ __u32 gid;
+ __u32 egid;
+ __u32 sgid;
+ __u32 fsgid;
+};
+
+/**
+ * struct kdbus_pids - process identifiers
* @pid: Process ID
* @tid: Thread ID
* @starttime: Starttime of the process
*
- * The starttime of the process PID. This is useful to detect PID overruns
- * from the client side. i.e. if you use the PID to look something up in
- * /proc/$PID/ you can afterwards check the starttime field of it, to ensure
- * you didn't run into a PID overrun.
+ * The PID, TID and starttime of a process. The start tmie is useful to detect
+ * PID overruns from the client side. i.e. if you use the PID to look something
+ * up in /proc/$PID/ you can afterwards check the starttime field of it, to
+ * ensure you didn't run into a PID overrun.
*
* Attached to:
- * KDBUS_ITEM_CREDS
+ * KDBUS_ITEM_PIDS
*/
-struct kdbus_creds {
- __u64 uid;
- __u64 gid;
+struct kdbus_pids {
__u64 pid;
__u64 tid;
__u64 starttime;
* KDBUS_ITEM_AUDIT
*/
struct kdbus_audit {
- __u64 sessionid;
- __u64 loginuid;
+ __u32 sessionid;
+ __u32 loginuid;
};
/**
/**
* struct kdbus_memfd - a kdbus memfd
- * @size: The memfd's size
+ * @start: The offset into the memfd where the segment starts
+ * @size: The size of the memfd segment
* @fd: The file descriptor number
* @__pad: Padding to ensure proper alignment and size
*
* KDBUS_ITEM_PAYLOAD_MEMFD
*/
struct kdbus_memfd {
+ __u64 start;
__u64 size;
int fd;
__u32 __pad;
* @KDBUS_ITEM_NAME: Well-know name with flags
* @_KDBUS_ITEM_ATTACH_BASE: Start of metadata attach items
* @KDBUS_ITEM_TIMESTAMP: Timestamp
- * @KDBUS_ITEM_CREDS: Process credential
+ * @KDBUS_ITEM_CREDS: Process credentials
+ * @KDBUS_ITEM_PIDS: Process identifiers
* @KDBUS_ITEM_AUXGROUPS: Auxiliary process groups
* @KDBUS_ITEM_OWNED_NAME: A name owned by the associated
* connection
* @KDBUS_ITEM_TID_COMM: Thread ID "comm" identifier
+ * (Don't trust this, see below.)
* @KDBUS_ITEM_PID_COMM: Process ID "comm" identifier
+ * (Don't trust this, see below.)
* @KDBUS_ITEM_EXE: The path of the executable
+ * (Don't trust this, see below.)
* @KDBUS_ITEM_CMDLINE: The process command line
+ * (Don't trust this, see below.)
* @KDBUS_ITEM_CGROUP: The croup membership
* @KDBUS_ITEM_CAPS: The process capabilities
* @KDBUS_ITEM_SECLABEL: The security label
* @KDBUS_ITEM_ID_REMOVE: Notification in kdbus_notify_id_change
* @KDBUS_ITEM_REPLY_TIMEOUT: Timeout has been reached
* @KDBUS_ITEM_REPLY_DEAD: Destination died
+ *
+ * N.B: The process and thread COMM fields, as well as the CMDLINE and
+ * EXE fields may be altered by unprivileged processes und should
+ * hence *not* used for security decisions. Peers should make use of
+ * these items only for informational purposes, such as generating log
+ * records.
*/
enum kdbus_item_type {
_KDBUS_ITEM_NULL,
_KDBUS_ITEM_ATTACH_BASE = 0x1000,
KDBUS_ITEM_TIMESTAMP = _KDBUS_ITEM_ATTACH_BASE,
KDBUS_ITEM_CREDS,
+ KDBUS_ITEM_PIDS,
KDBUS_ITEM_AUXGROUPS,
KDBUS_ITEM_OWNED_NAME,
KDBUS_ITEM_TID_COMM,
__u64 id;
struct kdbus_vec vec;
struct kdbus_creds creds;
+ struct kdbus_pids pids;
struct kdbus_audit audit;
struct kdbus_caps caps;
struct kdbus_timestamp timestamp;
* @offset: Returned offset in the pool where the message is
* stored. The user must use KDBUS_CMD_FREE to free
* the allocated memory.
+ * @dropped_msgs: In case the KDBUS_CMD_MSG_RECV ioctl returns
+ * -EOVERFLOW, this field will contain the number of
+ * broadcast messages that have been lost since the
+ * last call.
+ * @msg_size: Filled by the kernel with the actual message size. This
+ * is the full size of the slice placed at @offset. It
+ * includes the memory used for the kdbus_msg object, but
+ * also for all appended VECs. By using @msg_size and
+ * @offset, you can map a single message, instead of
+ * mapping the whole pool.
*
* This struct is used with the KDBUS_CMD_MSG_RECV ioctl.
*/
__u64 flags;
__u64 kernel_flags;
__s64 priority;
- __u64 offset;
+ union {
+ __u64 offset;
+ __u64 dropped_msgs;
+ };
+ __u64 msg_size;
} __attribute__((aligned(8)));
/**
* a service
* @KDBUS_HELLO_MONITOR: Special-purpose connection to monitor
* bus traffic
+ * @KDBUS_HELLO_UNPRIVILEGED: Don't treat this connection as privileged once
+ * the bus connection was established.
*/
enum kdbus_hello_flags {
KDBUS_HELLO_ACCEPT_FD = 1ULL << 0,
KDBUS_HELLO_ACTIVATOR = 1ULL << 1,
KDBUS_HELLO_POLICY_HOLDER = 1ULL << 2,
KDBUS_HELLO_MONITOR = 1ULL << 3,
+ KDBUS_HELLO_UNPRIVILEGED = 1ULL << 4,
};
/**
* enum kdbus_attach_flags - flags for metadata attachments
* @KDBUS_ATTACH_TIMESTAMP: Timestamp
* @KDBUS_ATTACH_CREDS: Credentials
+ * @KDBUS_ATTACH_PIDS: PIDs
* @KDBUS_ATTACH_AUXGROUPS: Auxiliary groups
* @KDBUS_ATTACH_NAMES: Well-known names
* @KDBUS_ATTACH_TID_COMM: The "comm" process identifier of the TID
enum kdbus_attach_flags {
KDBUS_ATTACH_TIMESTAMP = 1ULL << 0,
KDBUS_ATTACH_CREDS = 1ULL << 1,
- KDBUS_ATTACH_AUXGROUPS = 1ULL << 2,
- KDBUS_ATTACH_NAMES = 1ULL << 3,
- KDBUS_ATTACH_TID_COMM = 1ULL << 4,
- KDBUS_ATTACH_PID_COMM = 1ULL << 5,
- KDBUS_ATTACH_EXE = 1ULL << 6,
- KDBUS_ATTACH_CMDLINE = 1ULL << 7,
- KDBUS_ATTACH_CGROUP = 1ULL << 8,
- KDBUS_ATTACH_CAPS = 1ULL << 9,
- KDBUS_ATTACH_SECLABEL = 1ULL << 10,
- KDBUS_ATTACH_AUDIT = 1ULL << 11,
- KDBUS_ATTACH_CONN_DESCRIPTION = 1ULL << 12,
- _KDBUS_ATTACH_ALL = (1ULL << 13) - 1,
+ KDBUS_ATTACH_PIDS = 1ULL << 2,
+ KDBUS_ATTACH_AUXGROUPS = 1ULL << 3,
+ KDBUS_ATTACH_NAMES = 1ULL << 4,
+ KDBUS_ATTACH_TID_COMM = 1ULL << 5,
+ KDBUS_ATTACH_PID_COMM = 1ULL << 6,
+ KDBUS_ATTACH_EXE = 1ULL << 7,
+ KDBUS_ATTACH_CMDLINE = 1ULL << 8,
+ KDBUS_ATTACH_CGROUP = 1ULL << 9,
+ KDBUS_ATTACH_CAPS = 1ULL << 10,
+ KDBUS_ATTACH_SECLABEL = 1ULL << 11,
+ KDBUS_ATTACH_AUDIT = 1ULL << 12,
+ KDBUS_ATTACH_CONN_DESCRIPTION = 1ULL << 13,
+ _KDBUS_ATTACH_ALL = (1ULL << 14) - 1,
_KDBUS_ATTACH_ANY = ~0ULL
};
/**
* enum kdbus_make_flags - Flags for KDBUS_CMD_{BUS,EP,NS}_MAKE
- * @KDBUS_MAKE_ACCESS_GROUP: Make the device node group-accessible
- * @KDBUS_MAKE_ACCESS_WORLD: Make the device node world-accessible
+ * @KDBUS_MAKE_ACCESS_GROUP: Make the bus or endpoint node group-accessible
+ * @KDBUS_MAKE_ACCESS_WORLD: Make the bus or endpoint node world-accessible
*/
enum kdbus_make_flags {
KDBUS_MAKE_ACCESS_GROUP = 1ULL << 0,
/**
* struct kdbus_cmd_name_list - request a list of name entries
* @flags: Flags for the query (KDBUS_NAME_LIST_*),
- * userspace → kernel
+ * userspace → kernel
* @kernel_flags: Supported flags for queries, kernel → userspace
* @offset: The returned offset in the caller's pool buffer.
* The user must use KDBUS_CMD_FREE to free the
/**
* Ioctl API
- * KDBUS_CMD_BUS_MAKE: After opening the "control" device node, this
- * command creates a new bus with the specified
+ * KDBUS_CMD_BUS_MAKE: After opening the "control" node, this command
+ * creates a new bus with the specified
* name. The bus is immediately shut down and
- * cleaned up when the opened "control" device node
- * is closed.
+ * cleaned up when the opened file descriptor is
+ * closed.
* KDBUS_CMD_ENDPOINT_MAKE: Creates a new named special endpoint to talk to
* the bus. Such endpoints usually carry a more
* restrictive policy and grant restricted access
* to specific applications.
- * KDBUS_CMD_HELLO: By opening the bus device node a connection is
+ * KDBUS_CMD_HELLO: By opening the bus node, a connection is
* created. After a HELLO the opened connection
* becomes an active peer on the bus.
* KDBUS_CMD_BYEBYE: Disconnect a connection. If there are no
~ianmdlvl / elogind.git / blobdiff