[8463] in athena10
Re: [Debathena] #1074: D-Bus-activated services run outside the
daemon@ATHENA.MIT.EDU (Debathena Trac)
Mon Sep 19 20:37:16 2011
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@MIT.EDU>
Cc: debathena@mit.edu
To: geofft@mit.edu, jdreed@mit.edu
Date: Tue, 20 Sep 2011 00:37:07 -0000
Reply-To:
Message-ID: <052.11a1a962493d59608d7a0bb4f7cb9030@mit.edu>
In-Reply-To: <043.8ad7b5fa3d319900cb2a1a2d369e31b9@mit.edu>
Content-Transfer-Encoding: 8bit
#1074: D-Bus-activated services run outside the chroot--------------------------+-------------------------------------------------
Reporter: geofft | Owner: geofft
Type: defect | Status: closed
Priority: high | Milestone: Oneiric Support
Component: login chroot | Resolution: fixed
Keywords: | See_also:
--------------------------+-------------------------------------------------Changes (by geofft):
* reporter: jdreed => geofft
* component: -- => login chroot
Old description:
> We need a fix for [redacted] to prevent users from [redacted] on the
> cluster machines.
New description:
D-Bus has a facility for running services when you send a message to a
well-known name but no service is bound to that well-known name (these
services are listed in /usr/share/dbus-1/system-services). The system
D-Bus daemon runs outside the chroot, so naturally services it activates
will also run outside the chroot.
This interacts poorly in a couple of cases with privileged-inside-the-
chroot programs making requests to daemons outside the chroot over D-Bus.
One notable case is aptdaemon, used by Ubuntu Software Center -- if you
install something via that GUI (as opposed to any other GUI, or the
command line), then it will get installed in the environment of aptdaemon,
namely outside the chroot.
We're probably seeing this in production, given that we've run into a
couple of machines with Skype mysteriously installed outside the chroot,
and Skype from the partners repository is well-advertised in Ubuntu
Software Center.
Addressing #462 would fix this solidly, but would also be fairly high-
impact. A much smaller-impact fix is to hook the servicehelper
(/usr/lib/dbus-1.0/dbus-daemon-launch-helper, as mentioned in
/etc/dbus-1/system.conf), which elevates privileges from the messagebus
user to root when running a service. Since we want D-Bus activation to
work at boot time, we should have a wrapper that detects if a login chroot
exists, and runs the original servicehelper inside the chroot if so, and
otherwise just runs the original servicehelper.
--
Comment:
This was silently deployed to -proposed last Thursday night and production
just now.
-- Ticket URL: <http://debathena.mit.edu/trac/ticket/1074#comment:2>Debathena <http://debathena.mit.edu/>MIT Debathena Project
