[Buildroot] [PATCH 1/4 v4] package/dbus-broker: new package
Yann E. MORIN
yann.morin.1998 at free.fr
Mon Jul 6 17:34:16 UTC 2020
Norbert, All,
On 2020-07-06 01:21 +0200, Norbert Lange spake thusly:
> Am So., 5. Juli 2020 um 12:23 Uhr schrieb Yann E. MORIN
> <yann.morin.1998 at free.fr>:
[--SNIP--]
> > However, users may opt-in to use dbus-broker in a few ways:
> > - at build-time: provide drop-in units in an overlay;
> Adding a preset would be the most direct method.
Probably whay I meant, indeed. Whatever they are called. ;-)
[--SNIP--]
> > dbus-broker code does not have a provision, like the original dbus has,
> > to specify the user to run as, and does not interpret the <user>
> > directive in the system.conf file. Since running the bus daemon as root
> > is not so safe, we create a systemd unit drop-in to complement the unit
> > provided by the package and defione the user to run as.
>
> I thought we both agreed last time that dbus-broker does read the config and
> switch to the uid (you did convince me of that ! ;) ) ? see [1]
So I too was pretty much surprised by this, because that was indeed what
I remembered. But the run time test did not work. Maybe it was too late
in the night again, so I'll double check once more to be extra sure.
> Note that the facilities are a bit different, the reference dbus had a
> dbus-daemon-launch-helper that setuids as root.
>
> with dbus-broker, systemd does handle the socket (still as root),
> the launcher connects to it and then drops privileges.
> 1) I am not sure if dbus-broker-launch is completely ok being started
> as non-root
As-is., the runtime tests in patch 4 do work flawlessly. That's exactly
why I added runtime tests: to validate the use of dbus-broker instead of
the original dbus.
> 2) this also affects dbus-daemon-launch-helper/reference dbus, as you use the
> dbus.service.d directory for the .conf file (instead of
> dbus-broker.service.d)
No, because the drop-in is not installed when the original dbus is
enabled, i.e. when BR2_PACKAGE_DBUS=y
> 3) for dbus broker the dbus user has no external references.
Not sure I understand that...
> 4) the only external reference to dbus user is with dbus-daemon-launch-helper,
> and this is only used for “D-BUS System Activation”. I believe
> that's completely
> unused with systemd services.
>
> dropping to the dbus user is AFAIK just a matter of isolation.
Isolation of a system-level daemon is always good, IMHO.
> I dont claim to understand the specifics well enough, but such a
> dropin is not used
> elsewhere, including Fedora which considers making dbus-broker the default.
> ie. that would be a grave mistake of upstream to leave the setting out.
Yeah, as I said above, I'm not sure what's going on. I may have just
looked at the wrong line in my logs...
I'll double check.
> > As for that drop-in: systemd knows only about the 'dbus' service, which
> > is what dbus-broker impersonates, so the drop-in must be one for the
> > dbus service, not the dbus-broker service, which does not exist.
>
> dbus-broker.service has an alias to dbus.service, if enabled it will take the
> place of that service aswell (and bc of the conflict with dbus, there
> is just one
> dbus.service enabled at any point)
>
> also you use dbus.service.d as place for the dropin, this will affect the
> reference dbus too?
Nope: drop-in not installed when original dbus is enabled in the
configuration.
[--SNIP--]
> > +# We msut be using the same user as the origian dbus, so we can share
> > +# the home directory and create a socket there.
> > +define DBUS_BROKER_USERS
> > + dbus -1 dbus -1 * /var/run/dbus - dbus DBus messagebus user
> > +endef
> Out of scope of this patch, but pls have a look at [2] and [3].
I've duplicated the definition of the user for the original dbus, so at
least we're on-par with the issues that one has. Woops. ;-)
[2] has been opened in a tab in my browser for a while, yes.
I need to take a closer look at [3], though...
[--SNIP--]
> > diff --git a/package/dbus-broker/system.conf b/package/dbus-broker/system.conf
> > new file mode 100644
> > index 0000000000..a1e8df7367
> > --- /dev/null
> > +++ b/package/dbus-broker/system.conf
> > @@ -0,0 +1,120 @@
> > +<!-- This configuration file controls the systemwide message bus.
> > + Add a system-local.conf and edit that rather than changing this
> > + file directly. -->
> > +
> > +<!-- Note that there are any number of ways you can hose yourself
> > + security-wise by screwing up this file; in particular, you
> > + probably don't want to listen on any more addresses, add any more
> > + auth mechanisms, run as a different user, etc. -->
> > +
> > +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
> > + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> > +<busconfig>
> > +
> > + <!-- Our well-known bus type, do not change this -->
> > + <type>system</type>
> > +
> Add this here instead of using the dbus-user.conf file:
> + <!-- Run as special user -->
> + <user>dbus</user>
Yeah, I had tried it. Maybe I just forgot to reisntall it before running
the tests? Meh... I'd need a good night's sleep one of those days...
> [2] - https://patchwork.ozlabs.org/project/buildroot/list/?series=186339
> [3] - https://patchwork.ozlabs.org/project/buildroot/patch/20200605224858.12870-2-nolange79@gmail.com/
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list