diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2011-03-15 14:16:18 +0000 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2011-05-25 18:16:31 +0100 |
commit | b28ddba9bdd17d2818a07eaa6e6476699efe52a8 (patch) | |
tree | de04d0bae164bedc4edd373a2f3550da2745fa53 /bus/bus.c | |
parent | be07ce63621701f1ebebec23436c9e2b61d1d4ec (diff) | |
download | dbus-b28ddba9bdd17d2818a07eaa6e6476699efe52a8.tar.gz |
bus_context_check_security_policy: syslog if we hit the outgoing quota
In practice, nothing copes with missing broadcast signals, so the least
we can do is make the failure mode visible.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35358
Reviewed-by: Colin Walters <walters@verbum.org>
Diffstat (limited to 'bus/bus.c')
-rw-r--r-- | bus/bus.c | 23 |
1 files changed, 13 insertions, 10 deletions
@@ -1319,6 +1319,7 @@ nonnull (const char *maybe_null, */ static void complain_about_message (BusContext *context, + const char *error_name, const char *complaint, int matched_rules, DBusMessage *message, @@ -1352,7 +1353,7 @@ complain_about_message (BusContext *context, else proposed_recipient_loginfo = "bus"; - dbus_set_error (&stack_error, DBUS_ERROR_ACCESS_DENIED, + dbus_set_error (&stack_error, error_name, "%s, %d matched rules; type=\"%s\", sender=\"%s\" (%s) " "interface=\"%s\" member=\"%s\" error name=\"%s\" " "requested_reply=\"%d\" destination=\"%s\" (%s)", @@ -1457,7 +1458,7 @@ bus_context_check_security_policy (BusContext *context, { /* don't syslog this, just set the error: avc_has_perm should * have already written to either the audit log or syslog */ - complain_about_message (context, + complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, "An SELinux policy prevents this sender from sending this " "message to this recipient", 0, message, sender, proposed_recipient, FALSE, FALSE, error); @@ -1577,7 +1578,8 @@ bus_context_check_security_policy (BusContext *context, const char *msg = "Rejected send message, %d matched rules; " "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))"; - complain_about_message (context, "Rejected send message", toggles, + complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, + "Rejected send message", toggles, message, sender, proposed_recipient, requested_reply, (addressed_recipient == proposed_recipient), error); _dbus_verbose ("security policy disallowing message due to sender policy\n"); @@ -1588,7 +1590,8 @@ bus_context_check_security_policy (BusContext *context, { /* We want to drop this message, and are only not doing so for backwards * compatibility. */ - complain_about_message (context, "Would reject message", toggles, + complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, + "Would reject message", toggles, message, sender, proposed_recipient, requested_reply, TRUE, NULL); } @@ -1601,7 +1604,8 @@ bus_context_check_security_policy (BusContext *context, addressed_recipient, proposed_recipient, message, &toggles)) { - complain_about_message (context, "Rejected receive message", toggles, + complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, + "Rejected receive message", toggles, message, sender, proposed_recipient, requested_reply, (addressed_recipient == proposed_recipient), NULL); _dbus_verbose ("security policy disallowing message due to recipient policy\n"); @@ -1613,11 +1617,10 @@ bus_context_check_security_policy (BusContext *context, ((dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) || (dbus_connection_get_outgoing_unix_fds (proposed_recipient) > context->limits.max_outgoing_unix_fds))) { - dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED, - "The destination service \"%s\" has a full message queue", - dest ? dest : (proposed_recipient ? - bus_connection_get_name (proposed_recipient) : - DBUS_SERVICE_DBUS)); + complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED, + "Rejected: destination has a full message queue", + 0, message, sender, proposed_recipient, requested_reply, TRUE, + error); _dbus_verbose ("security policy disallowing message due to full message queue\n"); return FALSE; } |