| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
of '....' will never be NULL [-Waddress]'
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89284
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
| |
Empty include directories were already not treated as failures.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89280
Signed-off-by: Dimitri John Ledkov <dimitri.j.ledkov@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Functions like become_monitor() sometimes iterate the main context,
which could leave us with unprocessed messages in f->monitored.
We need to drain that queue of unprocessed messages (setting flags
accordingly, which might meet the loop's exit condition or cause
a break) before we are willing to block in the main context again.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89222
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89222
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
| |
|
|
|
|
|
|
|
|
|
| |
watch expression.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88896
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[smcv: rebase onto differently indented version of previous commit]
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Use cross platform function _dbus_get_real_time() for fetching current time.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88896
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[smcv: use %ld to avoid needing casts; reinstate printing the timestamp;
libdbus-1 is sufficient now that fd.o#83115 is fixed; print timestamp for
non-literal dbus-send replies too]
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
| |
sync with --profile mode.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88896
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88896
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This provides backwards-compatible autolaunching behaviour, as long
as dbus-launch inherits the XDG_RUNTIME_DIR (which it presumably did
if it's going to work at all, since it must also have inherited the
DISPLAY). In particular, we go through the motions of starting the
dbus-daemon, so that we can start the "babysitter" process that will
maintain the X11 window to store the bus address.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
[smcv: decorate _dbus_lookup_user_bus with DBUS_PRIVATE_EXPORT so we
can still call it after fixing fd.o#83115; update cmake to match Autotools]
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a side benefit, this means that dbus-launch now understands
/etc/machine-id and not just /var/lib/dbus/machine-id.
Since machine_uuid comes out of libdbus allocated with dbus_malloc,
to avoid having to copy it from malloc-allocated to
dbus_malloc-allocated storage, it makes sense to change it to be
consistently dbus_malloc-allocated (particularly now that Bug #83115
has made use of internal symbols relatively painless). However, I'm
deliberately not changing the allocation model of any other strings
in dbus-launch right now; that's a larger yak-shaving exercise.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If OS builders (distributions) have chosen to use the per-user bus,
this provides two possible modes of operation for compatibility with
existing X session startup hooks.
A legacy-free system can just upload DISPLAY, XAUTHORITY and possibly
DBUS_SESSION_BUS_ADDRESS into dbus-daemon's and systemd's activation
environments, similar to
http://cgit.freedesktop.org/systemd/systemd/tree/xorg/50-systemd-user.sh
installed by systemd (but unlike systemctl,
dbus-update-activation-environment works for traditional
D-Bus-activated services, not just for systemd services).
A system where compatibility is required for environment variables
exported by snippets in /etc/X11/xinit/xinitrc.d (in Red Hat derivatives,
Gentoo, etc.) or /etc/X11/Xsession.d (Debian derivatives) can upload
the entire environment of the X session, minus some selected environment
variables which are specific to a login session (notably XDG_SESSION_ID).
In Debian, I plan to put the former in a new dbus-user-session package
that enables a user-session-centric mode of operation for D-Bus,
and the latter in the existing dbus-x11 package, with the intention that
dbus-x11 eventually becomes a tool for change-averse setups or goes
away entirely.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The socket path used here, $XDG_RUNTIME_DIR/bus, does not match
what was used in user-session-units, but is what Lennart recommended
on fd.o #61303, and is also what kdbus will use for its bus proxy.
Installation of these units switches D-Bus to a different model of
the system: instead of considering each login session (approximately,
each password typed in) to be its own session, the user-session model
is that all concurrent logins by the same user form one large session.
This allows the same bus to be shared by a graphical session, cron jobs,
tty/ssh sessions, screen/tmux sessions and so on.
Because this is a different world-view, it is compile-time optional:
OS builders can choose which world their OS will live in. The default
is still the login-session model used in earlier D-Bus releases,
but might change to the user-session model in future. Explicit
configuration is recommended.
In OSs that support both models (either for sysadmin flexibility or as
a transitional measure), the OS builder should enable the user bus
units, but split them off into a dpkg binary package, RPM subpackage etc.;
the sysadmin can choose whether to enable the user-session model by
choosing whether to install that package.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
|
|
| |
This test requires the unix:runtime=yes sub-transport from Bug #61303.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is safe to do even on systems where there is a per-login-session
bus: the $XDG_RUNTIME_DIR/bus would just not exist there. This means
that OS builders can enable a per-user-session bus by merely providing
configuration to start it, without needing to rebuild the client library.
Based on a patch by Colin Walters, with these changes:
- factor out the actual XDG_RUNTIME_DIR bit into a function
- set error correctly on OOM
- do not try to use an XDG_RUNTIME_DIR/bus that belongs to a
different uid or is not a socket
- escape the path if it contains inconvenient characters
- coding style adjustments
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61301
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61303
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is not used by default, but can be configured by OS builders (or
regression-test environments) if desired.
If used, this listens on $XDG_RUNTIME_DIR/bus, or fails if $XDG_RUNTIME_DIR
is not set. Fallback behaviour is unnecessary, because it is already
possible to use a string of semicolon-separated addresses like
<listen>unix:runtime=yes;unix:tmpdir=/tmp</listen>, resulting in
listening on either $XDG_RUNTIME_DIR/bus or /tmp/something.
We use a non-abstract socket here, because that is desirable for
use with Linux containers: abstract sockets are attached to the
network namespace, whereas non-abstract sockets are part of the
filesystem and can be bind-mounted between domains if necessary.
The major advantage of abstract sockets is that they do not need
cleanup, but the specification of XDG_RUNTIME_DIR guarantees to
provide cleanup anyway.
Based on prior work by Simon McVittie, Colin Walters and Alexander
Larsson.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=61303
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89243
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89243
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
testutils_shared_if_possible_cppflags is now just a copy of AM_CPPFLAGS,
which is the default and does not need to be given explicitly, so
those lines can be removed.
Similarly, testutils_shared_if_possible_libs is just the
libdbus-testutils.la convenience library, so expand it and
remove the unnecessary variable.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
| |
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
| |
keep in sync with autotools.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we don't check for them, and you have core dumps enabled, then
running this test under cmake is really annoying, because it leaves
lots of core dumps none of which are actually a problem.
The equivalent Autotools change (which added the actual code that
this relies on) is commit ae50d46, from fd.o#83772.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
|
| |
Now that we're normally linking libdbus-1 dynamically, we need to
use DBUS_STATIC_BUILD_CPPFLAGS in every Makefile that would normally
link it dynamically, but might link it statically if we are only
building static libraries.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The shared can be used by dbus-daemon and dbus-daemon-launch-helper by exporting
the private symbols needed, reducing the size of dbus by about 500k.
The private symbols are exposed under the version
LIBDBUS_PRIVATE_@VERSION_NUMBER@.
[Altered by Simon McVittie and Ralf Habacker to clear up some
problematic linking.]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the Linux behaviour to match the default situation
on Windows: symbols without DBUS_EXPORT or DBUS_PRIVATE_EXPORT
decoration are internal to libdbus-1, and cannot be used by
other programs, even within the dbus source tree.
This means the compiler/linker can optimize calls to those functions
by avoiding indirection through the PLT, which should improve
performance a little. However, the primary purpose of doing this is
that it means developers building libdbus on Linux are considerably
less likely to break it on Windows by mistake.
I'm deliberately not adding -fvisbility=hidden in CMake because the
complexity of doing so is unnecessary: Autotools is the recommended
way to build dbus for Unix, and the one Unix developers are going
to use in practice, unless they are specifically checking that they
haven't broken the CMake build.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rules are:
* symbols in libdbus-1 with neither decoration are private to libdbus-1
* symbols in libdbus-1 with DBUS_EXPORT are public API
* symbols in libdbus-1 with DBUS_PRIVATE_EXPORT are private to the
dbus source package, but may be used by other programs in the dbus
source tree, including tests
* symbols in libdbus-internal must not have DBUS_EXPORT or
DBUS_PRIVATE_EXPORT, and should be used by as few things as possible
Thanks to Ralf Habacker for his contributions to this rather
large commit.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
|
| |
This gets rid of a potential circular dependency, which is annoying
when bootstrapping. It is nice to have the regression tests use
the shared libdbus, but we're about to make it possible to
do that anyway, even though some of them use internal symbols.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
| |
Re-including config.h after we have already included glib.h breaks
the GLIB_VERSION_MAX_ALLOWED macro, and every .c file should be
including config.h anyway.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
| |
Both these files included dbus-test.h already.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83115
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The AppArmor and SELinux modes both default to "enabled" (i.e.
enable it if and only if it is supported), so there is no need to
add their element to system.conf unless a system integrator wants
to set them to either required or disabled.
However, if we add <apparmor/> on upgrade from 1.9.10 to 1.9.12,
any subsequent attempts to reload bus configuration before the
next reboot will fail, because the dbus-daemon that is already
running does not support that element.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89231
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The bus_apparmor_confinement_unref() function definition must exist even
when building with --disable-apparmor.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
| |
This reverts commit 24f1502e42b58a7c238779c023c6bfe870dc78cc,
which wasn't meant to go upstream (it's backwards compatibility
with older versions of this patchset).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is not intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
[Altered by Simon McVittie: survive non-UTF-8 contexts which
would otherwise be a local denial of service, except that Ubuntu
inherits a non-fatal warnings patch from Debian; new commit message
taken from the Ubuntu changelog; do not emit unreachable code if
AppArmor is disabled.]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The thing returned by SO_PEERSEC (which we're calling LinuxSecurityLabel
within D-Bus) can have a different meaning for each LSM. In AppArmor
it's the AppArmor context, which is made up of an AppArmor label and an
optional confinement mode; the label further subdivides into one
or more profiles. See
https://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/2862
and subsequent commits for recent clarification of this terminology.
In practice, the part that dbus-daemon deals with is the label,
and occasionally also the mode.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an AppArmor confined process wants to become a monitor, a check is
performed to see if eavesdropping should be allowed.
The check is based on the connection's label and the bus type.
This patch reuses the bus_apparmor_allows_eavesdropping() hook.
An example AppArmor rule that would allow a process to become a monitor
on the system bus would be:
dbus eavesdrop bus=system,
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an AppArmor confined process wants to eavesdrop on a bus, a check
is performed to see if the action should be allowed.
The check is based on the connection's label and the bus type.
This patch adds a new hook, which was not previously included in the
SELinux mediation, to mediate eavesdropping from
bus_driver_handle_add_match().
A new function is added to bus/signals.c to see if a match rule is an
eavesdropping rule since the rule flags field is private to signals.c.
An example AppArmor rule that would allow a process to eavesdrop on the
session bus would be:
dbus eavesdrop bus=session,
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an AppArmor confined process wants to send or receive a message, a
check is performed to see if the action should be allowed.
When a message is going through dbus-daemon, there are two checks
performed at once. One for the sending process and one for the receiving
process.
The checks are based on the process's label, the bus type, destination,
path, interface, and member, as well as the peer's label and/or
destination name.
This allows for the traditional connection-based enforcement, as well as
any fine-grained filtering desired by the system administrator.
It is important to note that error and method_return messages are
allowed to cut down on the amount of rules needed. If a process was
allowed to send a message, it can receive error and method_return
messages.
An example AppArmor rule that would be needed to allow a process to call
the UpdateActivationEnvironment method of the session bus itself would be:
dbus send bus=session path=/org/freedesktop/DBus
interface=org.freedesktop.DBus member=UpdateActivationEnvironment
peer=(name=org.freedesktop.DBus),
To receive any message on the system bus from a process confined by
the "confined-client" AppArmor profile:
dbus receive bus=system peer=(label=confined-client),
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Use BusAppArmorConfinement, bug fixes, cleanup, commit msg]
[tyhicks: Pass the message type to the AppArmor hook]
[tyhicks: Don't audit unrequested reply message denials]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
[smcv: when AA denies sending, don't label requested_reply as "matched rules"]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the call to bus_selinux_allows_send() after the call to
bus_connections_check_reply().
This allows LSMs to know if the message is a reply and whether or not it
was requested.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When an AppArmor confined process wants to acquire a well-known name, a
check is performed to see if the action should be allowed.
The check is based on the connection's label, the bus type, and the name
being requested.
An example AppArmor rule that would allow the name
"com.example.ExampleName" to be acquired on the system bus would be:
dbus bind bus=system name=com.example.ExampleName,
To let a process acquire any name on any bus, the rule would be:
dbus bind,
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Use BusAppArmorConfinement, bug fixes, cleanup, commit msg]
[tyhicks: initialize reserved area at the start of the query string]
[tyhicks: Use empty string for NULL bustypes when building queries]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When processes connect the bus, the AppArmor confinement context should
be stored for later use when checks are to be done during message
sending/receiving, acquire a name, and eavesdropping.
Code outside of apparmor.c will need to initialize and unreference the
confinement context, so bus_apparmor_confinement_unref() can no longer
be a static function.
[Move bus_apparmor_confinement_unref back to its old location for
a more reasonable diff -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During dbus-daemon initialization, the AppArmor confinement context
should be stored for later use when checks are to be done on messages
to/from the bus itself.
AppArmor confinement contexts are documented in aa_getcon(2). They
contain a confinement string and a mode string. The confinement string
is typically the name of the AppArmor profile confining a given process.
The mode string gives the current enforcement mode of the process
confinement. For example, it may indicate that the confinement should be
enforced or it may indicate that the confinement should allow all
actions with the caveat that actions which would be denied should be
audited.
It is important to note that libapparmor mallocs a single buffer to
store the con and mode strings and separates them with a NUL terminator.
Because of this, only con should be freed.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
[smcv: use BUS_SET_OOM]
[smcv: dbus_set_error doesn't need extra newlines]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When starting dbus-daemon, autodetect AppArmor kernel support and use
the results from parsing the busconfig to determine if mediation should
be enabled.
In the busconfig, "enabled" means that kernel support is autodetected
and, if available, AppArmor mediation occurs in dbus-daemon. In
"enabled" mode, if kernel support is not detected, mediation is
disabled. "disabled" means that mediation does not occur. "required"
means that kernel support must be detected for dbus-daemon to start.
Additionally, when libaudit support is built into dbus-daemon, the
AppArmor initialization routines set up the audit connection.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75113
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Honor enforcement modes and detect AppArmor dbus rule support]
[tyhicks: fix unreachable return when AppArmor support is built]
[tyhicks: make bus_apparmor_full_init() able to raise a DBusError]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
[smcv: _bus_apparmor_aa_supports_dbus: document necessary kernel API guarantee]
[smcv: bus_apparmor_pre_init: distinguish between OOM and AppArmor not enabled]
[smcv: document why we open() and not just stat()]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
|