The gdbus-codegen tool generates documentation from the XML introspection
description of a D-Bus interface. Currently, only DocBook is supported at
the moment, but not every modern documentation generator can handle that
format. The reStructuredText format is a bit more well-supported,
especially in documentation generators for non-C languages.
Unlike DocBook, we get to make our own structure and conventions for how
we structure the documentation when using reStructuredText.
When parsing a comment we're adding <para> elements ourselves, but the
DocBook generator already wraps any block of text that does not start
with a <para> element with one.
xucred does not provide the peer pid id, but this can be fetched
from the socket LOCAL_PEERPID option. Note that we only support
it when creating the credentials from a local socket, if
the credential comes from a message over a socket the peer
pid id will not be set and -1 will be returned when trying
to get the pid for the credential.
If a seccomp policy is set up incorrectly so that it returns `EPERM` for
`close_range()` rather than `ENOSYS` due to it not being recognised, no
error would previously be reported from GLib, but some file descriptors
wouldn’t be closed, and that would cause a hung zombie process. The
zombie process would be waiting for one half of a socket to be closed.
Fix that by correctly propagating errors from `close_range()` back to the
parent process so they can be reported correctly.
Distributions which aren’t yet carrying the Docker fix to correctly
return `ENOSYS` from unrecognised syscalls may want to temporarily carry
an additional patch to fall back to `safe_fdwalk()` if `close_range()`
fails with `EPERM`. This change will not be accepted upstream as `EPERM`
is not the right error for `close_range()` to be returning.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Fixes: #2580
This function creates a new hash table, but inherits the functions used
for the hash, comparison, and key/value memory management functions from
another hash table.
The primary use case is to implement a behaviour where you maintain a
hash table by regenerating it, letting the values not migrated be freed.
See the following pseudo code:
```
GHashTable *ht;
init(GList *resources) {
ht = g_hash_table_new (g_str_hash, g_str_equal, g_free, g_free);
for (r in resources)
g_hash_table_insert (ht, strdup (resource_get_key (r)), create_value (r));
}
update(GList *resources) {
GHashTable *new_ht = g_hash_table_new_similar (ht);
for (r in resources) {
if (g_hash_table_steal_extended (ht, resource_get_key (r), &key, &value))
g_hash_table_insert (new_ht, key, value);
else
g_hash_table_insert (new_ht, strdup (resource_get_key (r)), create_value (r));
}
g_hash_table_unref (ht);
ht = new_ht;
}
```
D-Bus reference implementation doesn't require more than the claimed
process SID as part of the AUTH initial data for EXTERNAL.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
The code is based from #1351 patch and existing similar code in
gdbusprivate.c. The next commit will replace that existing code with
those helpers.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
