/**
* struct kdbus_creds - process credentials
* @uid: User ID
+ * @euid: Effective UID
+ * @suid: Saved UID
+ * @fsuid: Filesystem UID
* @gid: Group ID
- * @pid: Process ID
- * @tid: Thread ID
- * @starttime: Starttime of the process
- *
- * The starttime of the process PID. This is useful to detect PID overruns
- * from the client side. i.e. if you use the PID to look something up in
- * /proc/$PID/ you can afterwards check the starttime field of it, to ensure
- * you didn't run into a PID overrun.
+ * @egid: Effective GID
+ * @sgid: Saved GID
+ * @fsgid: Filesystem GID
*
* Attached to:
* KDBUS_ITEM_CREDS
*/
struct kdbus_creds {
__u64 uid;
+ __u64 euid;
+ __u64 suid;
+ __u64 fsuid;
__u64 gid;
+ __u64 egid;
+ __u64 sgid;
+ __u64 fsgid;
+};
+
+/**
+ * struct kdbus_pids - process identifiers
+ * @pid: Process ID
+ * @tid: Thread ID
+ * @starttime: Starttime of the process
+ *
+ * The PID, TID and starttime of a process. The start tmie is useful to detect
+ * PID overruns from the client side. i.e. if you use the PID to look something
+ * up in /proc/$PID/ you can afterwards check the starttime field of it, to
+ * ensure you didn't run into a PID overrun.
+ *
+ * Attached to:
+ * KDBUS_ITEM_PIDS
+ */
+struct kdbus_pids {
__u64 pid;
__u64 tid;
__u64 starttime;
* @KDBUS_ITEM_NAME: Well-know name with flags
* @_KDBUS_ITEM_ATTACH_BASE: Start of metadata attach items
* @KDBUS_ITEM_TIMESTAMP: Timestamp
- * @KDBUS_ITEM_CREDS: Process credential
+ * @KDBUS_ITEM_CREDS: Process credentials
+ * @KDBUS_ITEM_PIDS: Process identifiers
* @KDBUS_ITEM_AUXGROUPS: Auxiliary process groups
* @KDBUS_ITEM_OWNED_NAME: A name owned by the associated
* connection
* @KDBUS_ITEM_TID_COMM: Thread ID "comm" identifier
+ * (Don't trust this, see below.)
* @KDBUS_ITEM_PID_COMM: Process ID "comm" identifier
+ * (Don't trust this, see below.)
* @KDBUS_ITEM_EXE: The path of the executable
+ * (Don't trust this, see below.)
* @KDBUS_ITEM_CMDLINE: The process command line
+ * (Don't trust this, see below.)
* @KDBUS_ITEM_CGROUP: The croup membership
* @KDBUS_ITEM_CAPS: The process capabilities
* @KDBUS_ITEM_SECLABEL: The security label
* @KDBUS_ITEM_ID_REMOVE: Notification in kdbus_notify_id_change
* @KDBUS_ITEM_REPLY_TIMEOUT: Timeout has been reached
* @KDBUS_ITEM_REPLY_DEAD: Destination died
+ *
+ * N.B: The process and thread COMM fields, as well as the CMDLINE and
+ * EXE fields may be altered by unprivileged processes und should
+ * hence *not* used for security decisions. Peers should make use of
+ * these items only for informational purposes, such as generating log
+ * records.
*/
enum kdbus_item_type {
_KDBUS_ITEM_NULL,
_KDBUS_ITEM_ATTACH_BASE = 0x1000,
KDBUS_ITEM_TIMESTAMP = _KDBUS_ITEM_ATTACH_BASE,
KDBUS_ITEM_CREDS,
+ KDBUS_ITEM_PIDS,
KDBUS_ITEM_AUXGROUPS,
KDBUS_ITEM_OWNED_NAME,
KDBUS_ITEM_TID_COMM,
__u64 id;
struct kdbus_vec vec;
struct kdbus_creds creds;
+ struct kdbus_pids pids;
struct kdbus_audit audit;
struct kdbus_caps caps;
struct kdbus_timestamp timestamp;
* @offset: Returned offset in the pool where the message is
* stored. The user must use KDBUS_CMD_FREE to free
* the allocated memory.
+ * @dropped_msgs: In case the KDBUS_CMD_MSG_RECV ioctl returns
+ * -EOVERFLOW, this field will contain the number of
+ * broadcast messages that have been lost since the
+ * last call.
+ * @msg_size: Filled by the kernel with the actual message size. This
+ * mirrors the 'size' member of the message stored at
+ * @offset, but allows callers to access it without mapping
+ * their pool. By using @msg_size and @offset, you can map
+ * only the message itself, not the whole pool.
*
* This struct is used with the KDBUS_CMD_MSG_RECV ioctl.
*/
__u64 flags;
__u64 kernel_flags;
__s64 priority;
- __u64 offset;
+ union {
+ __u64 offset;
+ __u64 dropped_msgs;
+ };
+ __u64 msg_size;
} __attribute__((aligned(8)));
/**
* enum kdbus_attach_flags - flags for metadata attachments
* @KDBUS_ATTACH_TIMESTAMP: Timestamp
* @KDBUS_ATTACH_CREDS: Credentials
+ * @KDBUS_ATTACH_PIDS: PIDs
* @KDBUS_ATTACH_AUXGROUPS: Auxiliary groups
* @KDBUS_ATTACH_NAMES: Well-known names
* @KDBUS_ATTACH_TID_COMM: The "comm" process identifier of the TID
enum kdbus_attach_flags {
KDBUS_ATTACH_TIMESTAMP = 1ULL << 0,
KDBUS_ATTACH_CREDS = 1ULL << 1,
- KDBUS_ATTACH_AUXGROUPS = 1ULL << 2,
- KDBUS_ATTACH_NAMES = 1ULL << 3,
- KDBUS_ATTACH_TID_COMM = 1ULL << 4,
- KDBUS_ATTACH_PID_COMM = 1ULL << 5,
- KDBUS_ATTACH_EXE = 1ULL << 6,
- KDBUS_ATTACH_CMDLINE = 1ULL << 7,
- KDBUS_ATTACH_CGROUP = 1ULL << 8,
- KDBUS_ATTACH_CAPS = 1ULL << 9,
- KDBUS_ATTACH_SECLABEL = 1ULL << 10,
- KDBUS_ATTACH_AUDIT = 1ULL << 11,
- KDBUS_ATTACH_CONN_DESCRIPTION = 1ULL << 12,
- _KDBUS_ATTACH_ALL = (1ULL << 13) - 1,
+ KDBUS_ATTACH_PIDS = 1ULL << 2,
+ KDBUS_ATTACH_AUXGROUPS = 1ULL << 3,
+ KDBUS_ATTACH_NAMES = 1ULL << 4,
+ KDBUS_ATTACH_TID_COMM = 1ULL << 5,
+ KDBUS_ATTACH_PID_COMM = 1ULL << 6,
+ KDBUS_ATTACH_EXE = 1ULL << 7,
+ KDBUS_ATTACH_CMDLINE = 1ULL << 8,
+ KDBUS_ATTACH_CGROUP = 1ULL << 9,
+ KDBUS_ATTACH_CAPS = 1ULL << 10,
+ KDBUS_ATTACH_SECLABEL = 1ULL << 11,
+ KDBUS_ATTACH_AUDIT = 1ULL << 12,
+ KDBUS_ATTACH_CONN_DESCRIPTION = 1ULL << 13,
+ _KDBUS_ATTACH_ALL = (1ULL << 14) - 1,
_KDBUS_ATTACH_ANY = ~0ULL
};
/**
* enum kdbus_make_flags - Flags for KDBUS_CMD_{BUS,EP,NS}_MAKE
- * @KDBUS_MAKE_ACCESS_GROUP: Make the device node group-accessible
- * @KDBUS_MAKE_ACCESS_WORLD: Make the device node world-accessible
+ * @KDBUS_MAKE_ACCESS_GROUP: Make the bus or endpoint node group-accessible
+ * @KDBUS_MAKE_ACCESS_WORLD: Make the bus or endpoint node world-accessible
*/
enum kdbus_make_flags {
KDBUS_MAKE_ACCESS_GROUP = 1ULL << 0,
* @kernel_flags: Supported flags for the used command, kernel → userspace
* @items: Items describing details
*
- * This structure is used with the KDBUS_CMD_BUS_MAKE, KDBUS_CMD_ENDPOINT_MAKE
- * and KDBUS_CMD_DOMAIN_MAKE ioctls.
+ * This structure is used with the KDBUS_CMD_BUS_MAKE and
+ * KDBUS_CMD_ENDPOINT_MAKE ioctls.
*/
struct kdbus_cmd_make {
__u64 size;
/**
* struct kdbus_cmd_name_list - request a list of name entries
* @flags: Flags for the query (KDBUS_NAME_LIST_*),
- * userspace → kernel
+ * userspace → kernel
* @kernel_flags: Supported flags for queries, kernel → userspace
* @offset: The returned offset in the caller's pool buffer.
* The user must use KDBUS_CMD_FREE to free the
/**
* Ioctl API
- * KDBUS_CMD_BUS_MAKE: After opening the "control" device node, this
- * command creates a new bus with the specified
+ * KDBUS_CMD_BUS_MAKE: After opening the "control" node, this command
+ * creates a new bus with the specified
* name. The bus is immediately shut down and
- * cleaned up when the opened "control" device node
- * is closed.
- * KDBUS_CMD_DOMAIN_MAKE: Similar to KDBUS_CMD_BUS_MAKE, but it creates a
- * new kdbus domain.
+ * cleaned up when the opened file descriptor is
+ * closed.
* KDBUS_CMD_ENDPOINT_MAKE: Creates a new named special endpoint to talk to
* the bus. Such endpoints usually carry a more
* restrictive policy and grant restricted access
* to specific applications.
- * KDBUS_CMD_HELLO: By opening the bus device node a connection is
+ * KDBUS_CMD_HELLO: By opening the bus node, a connection is
* created. After a HELLO the opened connection
* becomes an active peer on the bus.
* KDBUS_CMD_BYEBYE: Disconnect a connection. If there are no
*/
#define KDBUS_CMD_BUS_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x00, \
struct kdbus_cmd_make)
-#define KDBUS_CMD_DOMAIN_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x10, \
- struct kdbus_cmd_make)
-#define KDBUS_CMD_ENDPOINT_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x20, \
+#define KDBUS_CMD_ENDPOINT_MAKE _IOW(KDBUS_IOCTL_MAGIC, 0x10, \
struct kdbus_cmd_make)
-#define KDBUS_CMD_HELLO _IOWR(KDBUS_IOCTL_MAGIC, 0x30, \
+#define KDBUS_CMD_HELLO _IOWR(KDBUS_IOCTL_MAGIC, 0x20, \
struct kdbus_cmd_hello)
-#define KDBUS_CMD_BYEBYE _IO(KDBUS_IOCTL_MAGIC, 0x31) \
+#define KDBUS_CMD_BYEBYE _IO(KDBUS_IOCTL_MAGIC, 0x21) \
-#define KDBUS_CMD_MSG_SEND _IOWR(KDBUS_IOCTL_MAGIC, 0x40, \
+#define KDBUS_CMD_MSG_SEND _IOWR(KDBUS_IOCTL_MAGIC, 0x30, \
struct kdbus_msg)
-#define KDBUS_CMD_MSG_RECV _IOWR(KDBUS_IOCTL_MAGIC, 0x41, \
+#define KDBUS_CMD_MSG_RECV _IOWR(KDBUS_IOCTL_MAGIC, 0x31, \
struct kdbus_cmd_recv)
-#define KDBUS_CMD_MSG_CANCEL _IOW(KDBUS_IOCTL_MAGIC, 0x42, \
+#define KDBUS_CMD_MSG_CANCEL _IOW(KDBUS_IOCTL_MAGIC, 0x32, \
struct kdbus_cmd_cancel)
-#define KDBUS_CMD_FREE _IOW(KDBUS_IOCTL_MAGIC, 0x43, \
+#define KDBUS_CMD_FREE _IOW(KDBUS_IOCTL_MAGIC, 0x33, \
struct kdbus_cmd_free)
-#define KDBUS_CMD_NAME_ACQUIRE _IOWR(KDBUS_IOCTL_MAGIC, 0x50, \
+#define KDBUS_CMD_NAME_ACQUIRE _IOWR(KDBUS_IOCTL_MAGIC, 0x40, \
struct kdbus_cmd_name)
-#define KDBUS_CMD_NAME_RELEASE _IOW(KDBUS_IOCTL_MAGIC, 0x51, \
+#define KDBUS_CMD_NAME_RELEASE _IOW(KDBUS_IOCTL_MAGIC, 0x41, \
struct kdbus_cmd_name)
-#define KDBUS_CMD_NAME_LIST _IOWR(KDBUS_IOCTL_MAGIC, 0x52, \
+#define KDBUS_CMD_NAME_LIST _IOWR(KDBUS_IOCTL_MAGIC, 0x42, \
struct kdbus_cmd_name_list)
-#define KDBUS_CMD_CONN_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x60, \
+#define KDBUS_CMD_CONN_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x50, \
struct kdbus_cmd_info)
-#define KDBUS_CMD_CONN_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x61, \
+#define KDBUS_CMD_CONN_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x51, \
struct kdbus_cmd_update)
-#define KDBUS_CMD_BUS_CREATOR_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x62, \
+#define KDBUS_CMD_BUS_CREATOR_INFO _IOWR(KDBUS_IOCTL_MAGIC, 0x52, \
struct kdbus_cmd_info)
-#define KDBUS_CMD_ENDPOINT_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x71, \
+#define KDBUS_CMD_ENDPOINT_UPDATE _IOW(KDBUS_IOCTL_MAGIC, 0x61, \
struct kdbus_cmd_update)
-#define KDBUS_CMD_MATCH_ADD _IOW(KDBUS_IOCTL_MAGIC, 0x80, \
+#define KDBUS_CMD_MATCH_ADD _IOW(KDBUS_IOCTL_MAGIC, 0x70, \
struct kdbus_cmd_match)
-#define KDBUS_CMD_MATCH_REMOVE _IOW(KDBUS_IOCTL_MAGIC, 0x81, \
+#define KDBUS_CMD_MATCH_REMOVE _IOW(KDBUS_IOCTL_MAGIC, 0x71, \
struct kdbus_cmd_match)
#endif /* _KDBUS_UAPI_H_ */
~ianmdlvl / elogind.git / blobdiff