Message ID | 20241121140134.3476-1-kiryushin@ancud.ru |
---|---|
State | New |
Headers | show |
Series | [1/1] package/dbus: set session-socket-dir to /tmp | expand |
Hello Nikita, +Fiona in Cc. On Thu, 21 Nov 2024 17:01:34 +0300 Nikita Kiryushin <kiryushin@ancud.ru> wrote: > dbus has a session socket directory configuration setting, > that, if not set, will be autodeducted based on env vars > during configuration time. > > Becuse of that, builder's environment variables may be used, > which will lead to an image with a broken session bus while > leaking builder's details to the image. > > Add an explicit setting of session-socket-dir to /tmp dir. > > Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru> This looks reasonable to me. It also fixes https://gitlab.com/buildroot.org/buildroot/-/issues/67 where a few more details are given. Fiona, could you review this patch, and give your opinion? It would be much appreciated! Best regards, Thomas
Am 04.01.25 um 00:40 schrieb Thomas Petazzoni: > Hello Nikita, > > +Fiona in Cc. > > On Thu, 21 Nov 2024 17:01:34 +0300 > Nikita Kiryushin <kiryushin@ancud.ru> wrote: > >> dbus has a session socket directory configuration setting, >> that, if not set, will be autodeducted based on env vars >> during configuration time. >> >> Becuse of that, builder's environment variables may be used, >> which will lead to an image with a broken session bus while >> leaking builder's details to the image. >> >> Add an explicit setting of session-socket-dir to /tmp dir. >> >> Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru> > > This looks reasonable to me. It also fixes > https://gitlab.com/buildroot.org/buildroot/-/issues/67 where a > few more details are given. > > Fiona, could you review this patch, and give your opinion? It would be > much appreciated! Looks reasonable to me, all it does is set the default (see DEFAULT_SOCKET_DIR in dbus' configure.ac) explicitly so it won't be overwritten by environment variables of the build system. Allowing override from environment in the first place seems like an odd choice to me, but that's an upstream decision, maybe it's convenient during development. Best regards, Fiona
Am 05.01.25 um 13:29 schrieb Fiona Klute: > Am 04.01.25 um 00:40 schrieb Thomas Petazzoni: >> Hello Nikita, >> >> +Fiona in Cc. >> >> On Thu, 21 Nov 2024 17:01:34 +0300 >> Nikita Kiryushin <kiryushin@ancud.ru> wrote: >> >>> dbus has a session socket directory configuration setting, >>> that, if not set, will be autodeducted based on env vars >>> during configuration time. >>> >>> Becuse of that, builder's environment variables may be used, >>> which will lead to an image with a broken session bus while >>> leaking builder's details to the image. >>> >>> Add an explicit setting of session-socket-dir to /tmp dir. >>> >>> Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru> >> >> This looks reasonable to me. It also fixes >> https://gitlab.com/buildroot.org/buildroot/-/issues/67 where a >> few more details are given. >> >> Fiona, could you review this patch, and give your opinion? It would be >> much appreciated! > > Looks reasonable to me, all it does is set the default (see > DEFAULT_SOCKET_DIR in dbus' configure.ac) explicitly so it won't be > overwritten by environment variables of the build system. Allowing > override from environment in the first place seems like an odd choice to > me, but that's an upstream decision, maybe it's convenient during > development. Sorry about the extra mail, forgot to add: Reviewed-by: Fiona Klute <fiona.klute@gmx.de>
diff --git a/package/dbus/dbus.mk b/package/dbus/dbus.mk index c60bf473cd..2002e707f0 100644 --- a/package/dbus/dbus.mk +++ b/package/dbus/dbus.mk @@ -34,6 +34,7 @@ DBUS_CONF_OPTS = \ --disable-doxygen-docs \ --with-system-socket=/run/dbus/system_bus_socket \ --with-system-pid-file=/run/messagebus.pid \ + --with-session-socket-dir=/tmp \ --runstatedir=/run ifeq ($(BR2_STATIC_LIBS),y)
dbus has a session socket directory configuration setting, that, if not set, will be autodeducted based on env vars during configuration time. Becuse of that, builder's environment variables may be used, which will lead to an image with a broken session bus while leaking builder's details to the image. Add an explicit setting of session-socket-dir to /tmp dir. Signed-off-by: Nikita Kiryushin <kiryushin@ancud.ru> --- package/dbus/dbus.mk | 1 + 1 file changed, 1 insertion(+)