Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove send_destination_prefix #118

Merged
merged 3 commits into from
May 22, 2023
Merged

Remove send_destination_prefix #118

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
454370c
fix: remove send_destination_prefix attribute
subpop May 5, 2023
c5a3454
fix: use old systemd pkgconfig variable names
subpop May 8, 2023
3fdcc3b
fix(echo): Specify a user in D-Bus service file
subpop May 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions data/dbus/yggd.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,6 @@
<allow own="com.redhat.Yggdrasil1.Dispatcher1"/>
<allow own_prefix="com.redhat.Yggdrasil1.Worker1"/>

<!-- Only root can send messages to the Worker1 interface. -->
<allow send_destination_prefix="com.redhat.Yggdrasil1.Worker1" send_interface="com.redhat.Yggdrasil1.Worker1"/>
<allow send_destination_prefix="com.redhat.Yggdrasil1.Worker1" send_interface="org.freedesktop.DBus.Properties"/>

<!-- Only root can send messages to Dispatcher1 destination. -->
<allow send_destination="com.redhat.Yggdrasil1.Dispatcher1"/>

Expand Down
4 changes: 2 additions & 2 deletions data/systemd/meson.build
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
systemd_system_unit_dir = systemd.get_variable(pkgconfig: 'systemd_system_unit_dir')
systemd_user_unit_dir = systemd.get_variable(pkgconfig: 'systemd_user_unit_dir')
systemd_system_unit_dir = systemd.get_variable(pkgconfig: 'systemdsystemunitdir')
systemd_user_unit_dir = systemd.get_variable(pkgconfig: 'systemduserunitdir')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you do this change? Is it necessary? It is easier to read systemd_system_unit_dir then systemdsystemunitdir.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The purpose of this PR is to enable backwards compatibility to EL8. To that end, I found that the version of systemd shipping in EL8 does not include the underscore-separated variable names. This change is necessary to support systemd versions older than 239.

fix: use old systemd pkgconfig variable names

Use the old systemd pkgconfig variable names for systemunitdir and
userunitdir. This supports systemd back to at least 239.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK


yggdrasil_service = configure_file(
configuration: config_data,
Expand Down
4 changes: 2 additions & 2 deletions meson.build
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ project('yggdrasil',

go = find_program('go')

dbus = dependency('dbus-1', version: '>=1.14')
systemd = dependency('systemd')
dbus = dependency('dbus-1', version: '>=1.12')
systemd = dependency('systemd', version: '>=239')
bash_completion = dependency('bash-completion')

if get_option('vendor')
Expand Down
13 changes: 13 additions & 0 deletions worker/echo/com.redhat.Yggdrasil1.Worker1.echo.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"https://dbus.freedesktop.org/doc/busconfig.dtd">
<busconfig>
<policy user="root">
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is root user really necessary?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This bus policy only applies to the service when running on the system bus. The current implementation assumes that both yggd and workers run as root, so the policy is applied to the root user.

<!-- Only root can send messages to the Worker1.echo destination. -->
<allow send_destination="com.redhat.Yggdrasil1.Worker1.echo" send_interface="com.redhat.Yggdrasil1.Worker1"/>
<allow send_destination="com.redhat.Yggdrasil1.Worker1.echo" send_interface="org.freedesktop.DBus.Properties"/>
<allow send_destination="com.redhat.Yggdrasil1.Worker1.echo" send_interface="org.freedesktop.DBus.Introspectable"/>
</policy>
</busconfig>
1 change: 1 addition & 0 deletions worker/echo/com.redhat.Yggdrasil1.Worker1.echo.service.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
[D-BUS Service]
Name=com.redhat.Yggdrasil1.Worker1.echo
User=root
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it necessary to run this worker as a root? Or is it necessary to run all workers as a root? Could it be changed in the future? It would be more secure to run service as non-root user.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version of D-Bus shipping in EL8 requires a User= directive. To support the current behavior of starting this service automatically on the system bus, I set the user to root.

Exec=@libexecdir@/yggdrasil/echo
4 changes: 4 additions & 0 deletions worker/echo/meson.build
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,7 @@ configure_file(
install: true,
install_dir: dbus.get_variable(pkgconfig: 'system_bus_services_dir')
)

install_data('com.redhat.Yggdrasil1.Worker1.echo.conf',
install_dir: join_paths(dbus.get_variable(pkgconfig: 'datadir'), 'dbus-1', 'system.d')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trying to install this in a RHEL9.2 (also in RHEL8.7)
I couldn't see this files installed:

 cat meson-logs/install-log.txt | grep "Worker1"
/usr/share/dbus-1/interfaces/com.redhat.Yggdrasil1.Worker1.xml

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you configure the project to install the examples? meson setup -Dexamples=True. By default, it does not install the example echo worker.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not, let me check it with that option.

)