From fccb5a0fe11a2293ba5bfc09e0f3fe296d724eb2 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 8 Feb 2012 16:11:35 +0000 Subject: [PATCH 3/3] Explicitly don't search XDG_DATA_DIRS for system services, and document it In practice, it never works, because the activation helper doesn't respect environment variables for security reasons. If you want to vary the search path, alter system.conf instead, to replace or augment with your preferred search path. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=21620 Signed-off-by: Simon McVittie --- bus/config-parser.c | 4 +- dbus/dbus-sysdeps-unix.c | 51 ++++++++++--------------------------------- doc/dbus-specification.xml | 27 ++++++++++++++++++++++- 3 files changed, 40 insertions(+), 42 deletions(-) diff --git a/bus/config-parser.c b/bus/config-parser.c index c636707..a895362 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -3393,8 +3393,8 @@ test_default_session_servicedirs (void) static const char *test_system_service_dir_matches[] = { #ifdef DBUS_UNIX - "/testusr/testlocal/testshare/dbus-1/system-services", - "/testusr/testshare/dbus-1/system-services", + "/usr/local/share/dbus-1/system-services", + "/usr/share/dbus-1/system-services", #endif DBUS_DATADIR"/dbus-1/system-services", #ifdef DBUS_UNIX diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index 22868e2..67034a0 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -3691,54 +3691,27 @@ _dbus_get_standard_session_servicedirs (DBusList **dirs) dbus_bool_t _dbus_get_standard_system_servicedirs (DBusList **dirs) { - const char *xdg_data_dirs; - DBusString servicedir_path; - - if (!_dbus_string_init (&servicedir_path)) - return FALSE; - - xdg_data_dirs = _dbus_getenv ("XDG_DATA_DIRS"); - - if (xdg_data_dirs != NULL) - { - if (!_dbus_string_append (&servicedir_path, xdg_data_dirs)) - goto oom; - - if (!_dbus_string_append (&servicedir_path, ":")) - goto oom; - } - else - { - if (!_dbus_string_append (&servicedir_path, "/usr/local/share:/usr/share:")) - goto oom; - } - /* - * Add configured datadir to defaults. This may be the same as one - * of the XDG directories. However, the config parser should take - * care of the duplicates. + * DBUS_DATADIR may be the same as one of the standard directories. However, + * the config parser should take care of the duplicates. * * Also, append /lib as counterpart of /usr/share on the root * directory (the root directory does not know /share), in order to * facilitate early boot system bus activation where /usr might not * be available. */ - if (!_dbus_string_append (&servicedir_path, - DBUS_DATADIR":" - "/lib:")) - goto oom; - - if (!_dbus_split_paths_and_append (&servicedir_path, - DBUS_UNIX_STANDARD_SYSTEM_SERVICEDIR, - dirs)) - goto oom; + static const char standard_search_path[] = + "/usr/local/share:" + "/usr/share:" + DBUS_DATADIR ":" + "/lib"; + DBusString servicedir_path; - _dbus_string_free (&servicedir_path); - return TRUE; + _dbus_string_init_const (&servicedir_path, standard_search_path); - oom: - _dbus_string_free (&servicedir_path); - return FALSE; + return _dbus_split_paths_and_append (&servicedir_path, + DBUS_UNIX_STANDARD_SYSTEM_SERVICEDIR, + dirs); } /** diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index c051a33..134a0e3 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -4545,7 +4545,32 @@ - [FIXME specify location of system bus .service files] + On Unix systems, the system bus should default to searching + for .service files in + /usr/local/share/dbus-1/system-services, + /usr/share/dbus-1/system-services and + /lib/dbus-1/system-services, with that order + of precedence. It may also search other implementation-specific + locations, but should not vary these locations based on environment + variables. + + + The system bus is security-sensitive and is typically executed + by an init system with a clean environment. Its launch helper + process is particularly security-sensitive, and specifically + clears its own environment. + + + + + Software packages should install their system .service + files to their configured + ${datadir}/dbus-1/system-services, + where ${datadir} is as defined by the GNU + coding standards. System administrators can arrange + for these service files to be read by editing the system bus' + configuration file or by symlinking them into the default + locations. -- 1.7.9