NEWS: Describe the behaviour change resulting from fixing dbus#416

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 1aa0d897c25b22ed9f23ce5bb164b4076687bf9c)

1 files changed, 22 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index e323a848..50ee17fb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,28 @@
 dbus 1.12.24 (UNRELEASED)
 =========================
 
+Behaviour changes:
+
+• On Linux, dbus-daemon and other uses of DBusServer now create a
+  path-based Unix socket, unix:path=..., when asked to listen on a
+  unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
+  unix:dir=... on all platforms.
+  Previous versions would have created an abstract socket, unix:abstract=...,
+  in this situation.
+  This change primarily affects the well-known session bus when run via
+  dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
+  dbus with --enable-user-session and running it on a systemd system,
+  already used path-based Unix sockets and is unaffected by this change.
+  This behaviour change prevents a sandbox escape via the session bus socket
+  in sandboxing frameworks that can share the network namespace with the host
+  system, such as Flatpak.
+  This change might cause a regression in situations where the abstract socket
+  is intentionally shared between the host system and a chroot or container,
+  such as some use-cases of schroot(1). That regression can be resolved by
+  using a bind-mount to share either the D-Bus socket, or the whole /tmp
+  directory, with the chroot or container.
+  (dbus#416, Simon McVittie)
+
 Fixes:
 
 • Don't crash if dbus-daemon is asked to watch more than 128 directories