Disable the Containers interface

We've had a request for a 1.14.x stable-branch, but the Containers interface is only partially implemented, not yet described in the D-Bus Specification, and not ready to be part of our API guarantees. Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-12-10 14:31:45 +00:00 · 2021-12-10 14:31:45 +00:00 · 9d60676ae0
parent 67f1a01f7b
commit 9d60676ae0
14 changed files with 8 additions and 52 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -138,7 +138,6 @@ endif()
 option(DBUS_DISABLE_ASSERT "Disable assertion checking" OFF)

 option(DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF)
-option(DBUS_ENABLE_CONTAINERS "enable restricted servers for app-containers" OFF)
 option(ENABLE_TRADITIONAL_ACTIVATION "Enable traditional activation (without using systemd)" ON)

 if(DBUS_LINUX)
--- a/README.cmake
+++ b/README.cmake
@ -149,9 +149,6 @@ ENABLE_QT_HELP:STRING=AUTO
 // enable bus daemon usage statistics
 DBUS_ENABLE_STATS:BOOL=OFF

-// enable restricted servers for app containers
-DBUS_ENABLE_CONTAINERS:BOOL=OFF
-
 // build with systemd at_console support
 ENABLE_SYSTEMD:STRING=AUTO

--- a/bus/containers.c
+++ b/bus/containers.c
@ -27,6 +27,8 @@

 #ifdef DBUS_ENABLE_CONTAINERS

+#error This feature is not ready for production use
+
 #ifndef DBUS_UNIX
 # error DBUS_ENABLE_CONTAINERS requires DBUS_UNIX
 #endif
--- a/bus/driver.c
+++ b/bus/driver.c
@ -1975,7 +1975,9 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
  dbus_pid_t pid = DBUS_PID_UNSET;
  const char *windows_sid = NULL;
  const char *linux_security_label = NULL;
+#ifdef DBUS_ENABLE_CONTAINERS
  const char *path;
+#endif

  if (credentials == NULL && conn != NULL)
    credentials = _dbus_connection_get_credentials (conn);
@ -2030,6 +2032,7 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
        return FALSE;
    }

+#ifdef DBUS_ENABLE_CONTAINERS
  /* This has to come from the connection, not the credentials */
  if (conn != NULL &&
      bus_containers_connection_is_contained (conn, &path, NULL, NULL))
@ -2039,6 +2042,7 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
                                      path))
        return FALSE;
    }
+#endif

  return TRUE;
 }
--- a/bus/session.conf.in
+++ b/bus/session.conf.in
@ -76,11 +76,5 @@
  <limit name="max_names_per_connection">50000</limit>
  <limit name="max_match_rules_per_connection">50000</limit>
  <limit name="max_replies_per_connection">50000</limit>
-  <limit name="max_containers">10000</limit>
-  <limit name="max_containers_per_user">10000</limit>
-  <limit name="max_container_metadata_bytes">1000000000</limit>
-  <!-- This is relatively low so that app-containers (which we do not fully
-       trust) do not cause DoS. -->
-  <limit name="max_connections_per_container">16</limit>

 </busconfig>
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@ -126,10 +126,6 @@
  <!-- <limit name="max_names_per_connection">512</limit> -->
  <!-- <limit name="max_match_rules_per_connection">512</limit> -->
  <!-- <limit name="max_replies_per_connection">128</limit> -->
-  <!-- <limit name="max_containers">512</limit> -->
-  <!-- <limit name="max_containers_per_user">16</limit> -->
-  <!-- <limit name="max_container_metadata_bytes">4096</limit> -->
-  <!-- <limit name="max_connections_per_container">8</limit> -->

  <!-- Config files are placed here that among other things, punch 
       holes in the above policy for specific services. -->
--- a/cmake/config.h.cmake
+++ b/cmake/config.h.cmake
@ -38,7 +38,6 @@
 #cmakedefine DBUS_RUNSTATEDIR "@DBUS_RUNSTATEDIR@"

 #cmakedefine DBUS_ENABLE_STATS
-#cmakedefine DBUS_ENABLE_CONTAINERS
 #cmakedefine ENABLE_TRADITIONAL_ACTIVATION

 #define TEST_LISTEN       "@TEST_LISTEN@"
--- a/configure.ac
+++ b/configure.ac
@ -1710,16 +1710,6 @@ AC_ARG_ENABLE([user-session],
 AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
  [test "x$enable_user_session" = xyes])

-AC_ARG_ENABLE([containers],
-  [AS_HELP_STRING([--enable-containers],
-    [enable restricted servers for app containers])],
-  [], [enable_containers=no])
-AS_IF([test "x$enable_containers" = xyes && test "x$dbus_unix" != xyes],
-  [AC_MSG_ERROR([Restricted servers for app containers require Unix])])
-AS_IF([test "x$enable_containers" = xyes],
-  [AC_DEFINE([DBUS_ENABLE_CONTAINERS], [1],
-    [Define to enable restricted servers for app containers])])
-
 AC_CONFIG_FILES([
 Doxyfile
 dbus/Version
@ -1801,7 +1791,6 @@ echo "
        Building assertions:      ${enable_asserts}
        Building checks:          ${enable_checks}
        Building bus stats API:   ${enable_stats}
-        Building container API:   ${enable_containers}
        Building SELinux support: ${have_selinux}
        Building AppArmor support: ${have_apparmor}
        Building inotify support: ${have_inotify}
--- a/dbus/dbus-shared.h
+++ b/dbus/dbus-shared.h
@ -86,8 +86,6 @@ typedef enum
 */
 /** The interface exported by the object with #DBUS_SERVICE_DBUS and #DBUS_PATH_DBUS */
 #define DBUS_INTERFACE_DBUS           "org.freedesktop.DBus"
-/** The restricted container interface exported by the dbus-daemon */
-#define DBUS_INTERFACE_CONTAINERS1    "org.freedesktop.DBus.Containers1"
 /** The monitoring interface exported by the dbus-daemon */
 #define DBUS_INTERFACE_MONITORING     "org.freedesktop.DBus.Monitoring"

--- a/doc/dbus-daemon.1.xml.in
+++ b/doc/dbus-daemon.1.xml.in
@ -840,14 +840,6 @@ Available limit names are:</para>
                                     (number of calls-in-progress)
      "reply_timeout"              : milliseconds (thousandths)
                                     until a method call times out
-      "max_containers"             : max number of restricted servers for use
-                                     in app-containers, in total
-      "max_containers_per_user"    : max number of app-containers per Unix uid
-      "max_container_metadata_bytes": max number of bytes of metadata to store
-                                      for each app-container
-      "max_connections_per_container": max number of (authenticated or
-                                       unauthenticated) connections to each
-                                       app-container
 </literallayout> <!-- .fi -->


--- a/test/containers.c
+++ b/test/containers.c
@ -46,6 +46,8 @@

 #include "test-utils-glib.h"

+#define DBUS_INTERFACE_CONTAINERS1    "org.freedesktop.DBus.Containers1"
+
 typedef struct {
    TestMainContext *ctx;
    gboolean skip;
--- a/test/data/valid-config-files/limit-containers.conf.in
+++ b/test/data/valid-config-files/limit-containers.conf.in
@ -13,9 +13,4 @@
    <!-- Allow anyone to own anything -->
    <allow own="*"/>
  </policy>
-
-  <limit name="max_containers">5</limit>
-  <limit name="max_containers_per_user">3</limit>
-  <limit name="max_container_metadata_bytes">4096</limit>
-  <limit name="max_connections_per_container">3</limit>
 </busconfig>
--- a/test/data/valid-config-files/tmp-session.conf.in
+++ b/test/data/valid-config-files/tmp-session.conf.in
@ -57,11 +57,4 @@
  <limit name="max_names_per_connection">50000</limit>
  <limit name="max_match_rules_per_connection">50000</limit>
  <limit name="max_replies_per_connection">50000</limit>
-  <limit name="max_containers">10000</limit>
-  <limit name="max_containers_per_user">10000</limit>
-  <limit name="max_container_metadata_bytes">1000000000</limit>
-  <!-- This is relatively low so that app-containers (which we do not fully
-       trust) do not cause DoS. -->
-  <limit name="max_connections_per_container">16</limit>
-
 </busconfig>
--- a/test/dbus-daemon.c
+++ b/test/dbus-daemon.c
@ -636,10 +636,6 @@ test_creds (Fixture *f,
          g_assert_not_reached ();
 #endif
        }
-      else if (g_str_has_prefix (name, DBUS_INTERFACE_CONTAINERS1 "."))
-        {
-          g_assert_not_reached ();
-        }

      dbus_message_iter_next (&arr_iter);
    }