diff mbox series

[1/1] package/dbus: set session-socket-dir to /tmp

Message ID 20241121140134.3476-1-kiryushin@ancud.ru
State New
Headers show
Series [1/1] package/dbus: set session-socket-dir to /tmp | expand

Commit Message

Nikita Kiryushin Nov. 21, 2024, 2:01 p.m. UTC
dbus has a session socket directory configuration setting,
that, if not set, will be autodeducted based on env vars
during configuration time.

Becuse of that, builder's environment variables may be used,
which will lead to an image with a broken session bus while
leaking builder's details to the image.

Add an explicit setting of session-socket-dir to /tmp dir.

Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru>
---
 package/dbus/dbus.mk | 1 +
 1 file changed, 1 insertion(+)

Comments

Thomas Petazzoni Jan. 3, 2025, 10:40 p.m. UTC | #1
Hello Nikita,

+Fiona in Cc.

On Thu, 21 Nov 2024 17:01:34 +0300
Nikita Kiryushin <kiryushin@ancud.ru> wrote:

> dbus has a session socket directory configuration setting,
> that, if not set, will be autodeducted based on env vars
> during configuration time.
> 
> Becuse of that, builder's environment variables may be used,
> which will lead to an image with a broken session bus while
> leaking builder's details to the image.
> 
> Add an explicit setting of session-socket-dir to /tmp dir.
> 
> Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru>

This looks reasonable to me. It also fixes
https://gitlab.com/buildroot.org/buildroot/-/issues/67 where a
few more details are given.

Fiona, could you review this patch, and give your opinion? It would be
much appreciated!

Best regards,

Thomas
Fiona Klute Jan. 5, 2025, 11:29 a.m. UTC | #2
Am 04.01.25 um 00:40 schrieb Thomas Petazzoni:
> Hello Nikita,
>
> +Fiona in Cc.
>
> On Thu, 21 Nov 2024 17:01:34 +0300
> Nikita Kiryushin <kiryushin@ancud.ru> wrote:
>
>> dbus has a session socket directory configuration setting,
>> that, if not set, will be autodeducted based on env vars
>> during configuration time.
>>
>> Becuse of that, builder's environment variables may be used,
>> which will lead to an image with a broken session bus while
>> leaking builder's details to the image.
>>
>> Add an explicit setting of session-socket-dir to /tmp dir.
>>
>> Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru>
>
> This looks reasonable to me. It also fixes
> https://gitlab.com/buildroot.org/buildroot/-/issues/67 where a
> few more details are given.
>
> Fiona, could you review this patch, and give your opinion? It would be
> much appreciated!

Looks reasonable to me, all it does is set the default (see
DEFAULT_SOCKET_DIR in dbus' configure.ac) explicitly so it won't be
overwritten by environment variables of the build system. Allowing
override from environment in the first place seems like an odd choice to
me, but that's an upstream decision, maybe it's convenient during
development.

Best regards,
Fiona
Fiona Klute Jan. 5, 2025, 11:31 a.m. UTC | #3
Am 05.01.25 um 13:29 schrieb Fiona Klute:
> Am 04.01.25 um 00:40 schrieb Thomas Petazzoni:
>> Hello Nikita,
>>
>> +Fiona in Cc.
>>
>> On Thu, 21 Nov 2024 17:01:34 +0300
>> Nikita Kiryushin <kiryushin@ancud.ru> wrote:
>>
>>> dbus has a session socket directory configuration setting,
>>> that, if not set, will be autodeducted based on env vars
>>> during configuration time.
>>>
>>> Becuse of that, builder's environment variables may be used,
>>> which will lead to an image with a broken session bus while
>>> leaking builder's details to the image.
>>>
>>> Add an explicit setting of session-socket-dir to /tmp dir.
>>>
>>> Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru>
>>
>> This looks reasonable to me. It also fixes
>> https://gitlab.com/buildroot.org/buildroot/-/issues/67 where a
>> few more details are given.
>>
>> Fiona, could you review this patch, and give your opinion? It would be
>> much appreciated!
>
> Looks reasonable to me, all it does is set the default (see
> DEFAULT_SOCKET_DIR in dbus' configure.ac) explicitly so it won't be
> overwritten by environment variables of the build system. Allowing
> override from environment in the first place seems like an odd choice to
> me, but that's an upstream decision, maybe it's convenient during
> development.

Sorry about the extra mail, forgot to add:

Reviewed-by: Fiona Klute <fiona.klute@gmx.de>
diff mbox series

Patch

diff --git a/package/dbus/dbus.mk b/package/dbus/dbus.mk
index c60bf473cd..2002e707f0 100644
--- a/package/dbus/dbus.mk
+++ b/package/dbus/dbus.mk
@@ -34,6 +34,7 @@  DBUS_CONF_OPTS = \
 	--disable-doxygen-docs \
 	--with-system-socket=/run/dbus/system_bus_socket \
 	--with-system-pid-file=/run/messagebus.pid \
+	--with-session-socket-dir=/tmp \
 	--runstatedir=/run
 
 ifeq ($(BR2_STATIC_LIBS),y)