From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 10 Jun 2014 13:46:32 +0000 (+0200)
Subject: bus-proxy: read the right policy when running in user mode
X-Git-Tag: v214~37
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=2e2b36084a98f9071fd178c6540ce57b2f577f8d

bus-proxy: read the right policy when running in user mode
---

diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index 2df4bf720..2234e7af3 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -83,6 +83,8 @@ static int file_load(Policy *p, const char *path) {
         if (r < 0) {
                 if (r == -ENOENT)
                         return 0;
+                if (r == -EISDIR)
+                        return r;
 
                 log_error("Failed to load %s: %s", path, strerror(-r));
                 return r;
@@ -513,24 +515,31 @@ static int file_load(Policy *p, const char *path) {
         }
 }
 
-int policy_load(Policy *p) {
-        _cleanup_strv_free_ char **l = NULL;
+int policy_load(Policy *p, char **files) {
         char **i;
         int r;
 
         assert(p);
 
-        file_load(p, "/etc/dbus-1/system.conf");
-        file_load(p, "/etc/dbus-1/system-local.conf");
+        STRV_FOREACH(i, files) {
 
-        r = conf_files_list(&l, ".conf", NULL, "/etc/dbus-1/system.d/", NULL);
-        if (r < 0) {
-                log_error("Failed to get configuration file list: %s", strerror(-r));
-                return r;
-        }
+                r = file_load(p, *i);
+                if (r == -EISDIR) {
+                        _cleanup_strv_free_ char **l = NULL;
+                        char **j;
+
+                        r = conf_files_list(&l, ".conf", NULL, *i, NULL);
+                        if (r < 0) {
+                                log_error("Failed to get configuration file list: %s", strerror(-r));
+                                return r;
+                        }
+
+                        STRV_FOREACH(j, l)
+                                file_load(p, *j);
+                }
 
-        STRV_FOREACH(i, l)
-                file_load(p, *i);
+                /* We ignore all errors but EISDIR, and just proceed. */
+        }
 
         return 0;
 }
diff --git a/src/bus-proxyd/bus-policy.h b/src/bus-proxyd/bus-policy.h
index cff2613e5..bad4256a3 100644
--- a/src/bus-proxyd/bus-policy.h
+++ b/src/bus-proxyd/bus-policy.h
@@ -72,7 +72,7 @@ typedef struct Policy {
         Hashmap *group_items;
 } Policy;
 
-int policy_load(Policy *p);
+int policy_load(Policy *p, char **files);
 void policy_free(Policy *p);
 
 void policy_dump(Policy *p);
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 9937159fc..07995ec83 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -47,19 +47,21 @@
 #include "capability.h"
 #include "bus-policy.h"
 
-static const char *arg_address = DEFAULT_SYSTEM_BUS_PATH;
+static const char *arg_address = KERNEL_SYSTEM_BUS_PATH;
 static char *arg_command_line_buffer = NULL;
 static bool arg_drop_privileges = false;
+static char **arg_configuration = NULL;
 
 static int help(void) {
 
         printf("%s [OPTIONS...]\n\n"
                "Connect STDIO or a socket to a given bus address.\n\n"
-               "  -h --help              Show this help\n"
-               "     --version           Show package version\n"
-               "     --drop-privileges   Drop privileges\n"
-               "     --address=ADDRESS   Connect to the bus specified by ADDRESS\n"
-               "                         (default: " DEFAULT_SYSTEM_BUS_PATH ")\n",
+               "  -h --help               Show this help\n"
+               "     --version            Show package version\n"
+               "     --drop-privileges    Drop privileges\n"
+               "     --configuration=PATH Configuration file or directory\n"
+               "     --address=ADDRESS    Connect to the bus specified by ADDRESS\n"
+               "                         (default: " KERNEL_SYSTEM_BUS_PATH ")\n",
                program_invocation_short_name);
 
         return 0;
@@ -71,6 +73,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_VERSION = 0x100,
                 ARG_ADDRESS,
                 ARG_DROP_PRIVILEGES,
+                ARG_CONFIGURATION,
         };
 
         static const struct option options[] = {
@@ -78,10 +81,11 @@ static int parse_argv(int argc, char *argv[]) {
                 { "version",         no_argument,       NULL, ARG_VERSION         },
                 { "address",         required_argument, NULL, ARG_ADDRESS         },
                 { "drop-privileges", no_argument,       NULL, ARG_DROP_PRIVILEGES },
+                { "configuration",   required_argument, NULL, ARG_CONFIGURATION   },
                 { NULL,              0,                 NULL, 0                   },
         };
 
-        int c;
+        int c, r;
 
         assert(argc >= 0);
         assert(argv);
@@ -107,6 +111,12 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_drop_privileges = true;
                         break;
 
+                case ARG_CONFIGURATION:
+                        r = strv_extend(&arg_configuration, optarg);
+                        if (r < 0)
+                                return log_oom();
+                        break;
+
                 case '?':
                         return -EINVAL;
 
@@ -1054,7 +1064,7 @@ int main(int argc, char *argv[]) {
         if (r <= 0)
                 goto finish;
 
-        r = policy_load(&policy);
+        r = policy_load(&policy, arg_configuration);
         if (r < 0) {
                 log_error("Failed to load policy: %s", strerror(-r));
                 goto finish;
@@ -1425,6 +1435,7 @@ finish:
         sd_bus_flush(b);
 
         policy_free(&policy);
+        strv_free(arg_configuration);
 
         return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
 }
diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in
index 0499269f3..eef703f2f 100644
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.in
@@ -12,7 +12,7 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
 # The first argument will be replaced by the service by information on
 # the process requesting the proxy, we need a placeholder to keep the
 # space available for this.
-ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges --address=kernel:path=/dev/kdbus/0-system/bus --configuration=/etc/dbus-1/system.conf --configuration=/etc/dbus-1/system-local.conf --configuration=/etc/dbus-1/system.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 NotifyAccess=main
 CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
 PrivateTmp=yes
diff --git a/units/user/systemd-bus-proxyd@.service.in b/units/user/systemd-bus-proxyd@.service.in
index 5a9f31cd8..68f59f531 100644
--- a/units/user/systemd-bus-proxyd@.service.in
+++ b/units/user/systemd-bus-proxyd@.service.in
@@ -12,5 +12,5 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
 # The first argument will be replaced by the service by information on
 # the process requesting the proxy, we need a placeholder to keep the
 # space available for this.
-ExecStart=@rootlibexecdir@/systemd-bus-proxyd --address=kernel:path=/dev/kdbus/%U-user/bus xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+ExecStart=@rootlibexecdir@/sessiond-bus-proxyd --address=kernel:path=/dev/kdbus/%U-user/bus --configuration=/etc/dbus-1/session.conf --configuration=/etc/dbus-1/session-local.conf --configuration=/etc/dbus-1/session.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 NotifyAccess=main