diff options
author | Simon McVittie <smcv@collabora.com> | 2022-10-02 11:43:30 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2022-10-02 15:06:09 +0100 |
commit | f527a07c1285f89ba649f22a740856822c4b17aa (patch) | |
tree | e011d95ae9f4b2a2710ea23111aa58f83c60e1fa | |
parent | 6e48c3175c52ac213e57383b499c7078931975f9 (diff) | |
download | dbus-f527a07c1285f89ba649f22a740856822c4b17aa.tar.gz |
NEWS: Describe the behaviour change resulting from fixing dbus#416
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 1aa0d897c25b22ed9f23ce5bb164b4076687bf9c)
-rw-r--r-- | NEWS | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -1,6 +1,28 @@ dbus 1.12.24 (UNRELEASED) ========================= +Behaviour changes: + +• On Linux, dbus-daemon and other uses of DBusServer now create a + path-based Unix socket, unix:path=..., when asked to listen on a + unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to + unix:dir=... on all platforms. + Previous versions would have created an abstract socket, unix:abstract=..., + in this situation. + This change primarily affects the well-known session bus when run via + dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring + dbus with --enable-user-session and running it on a systemd system, + already used path-based Unix sockets and is unaffected by this change. + This behaviour change prevents a sandbox escape via the session bus socket + in sandboxing frameworks that can share the network namespace with the host + system, such as Flatpak. + This change might cause a regression in situations where the abstract socket + is intentionally shared between the host system and a chroot or container, + such as some use-cases of schroot(1). That regression can be resolved by + using a bind-mount to share either the D-Bus socket, or the whole /tmp + directory, with the chroot or container. + (dbus#416, Simon McVittie) + Fixes: • Don't crash if dbus-daemon is asked to watch more than 128 directories |