Disable the Containers interface

We've had a request for a 1.14.x stable-branch, but the Containers interface is only partially implemented, not yet described in the D-Bus Specification, and not ready to be part of our API guarantees. Signed-off-by: Simon McVittie <smcv@collabora.com>
author: Simon McVittie <smcv@collabora.com> 2021-12-10 14:31:45 +0000
committer: Simon McVittie <smcv@collabora.com> 2021-12-10 16:48:51 +0000
commit: 9d60676ae08b5ff1153ca5cb2e42bb4d5ec563cf (patch)
tree: 0c7ee3621e5e7b08ddb508595a6b3b8eadbf12e4
parent: 67f1a01f7bbb813d1664bd9a01dc8af3c2b469ca (diff)
14 files changed, 8 insertions, 52 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index c9b3784b..994f7197 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -138,7 +138,6 @@ endif()
 option(DBUS_DISABLE_ASSERT "Disable assertion checking" OFF)
 
 option(DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF)
-option(DBUS_ENABLE_CONTAINERS "enable restricted servers for app-containers" OFF)
 option(ENABLE_TRADITIONAL_ACTIVATION "Enable traditional activation (without using systemd)" ON)
 
 if(DBUS_LINUX)
diff --git a/README.cmake b/README.cmake
index a9e4feb7..a1cfc96a 100644
--- a/README.cmake
+++ b/README.cmake
@@ -149,9 +149,6 @@ ENABLE_QT_HELP:STRING=AUTO
 // enable bus daemon usage statistics
 DBUS_ENABLE_STATS:BOOL=OFF
 
-// enable restricted servers for app containers
-DBUS_ENABLE_CONTAINERS:BOOL=OFF
-
 // build with systemd at_console support
 ENABLE_SYSTEMD:STRING=AUTO
 
diff --git a/bus/containers.c b/bus/containers.c
index 213ce3c9..8abeca1f 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -27,6 +27,8 @@
 
 #ifdef DBUS_ENABLE_CONTAINERS
 
+#error This feature is not ready for production use
+
 #ifndef DBUS_UNIX
 # error DBUS_ENABLE_CONTAINERS requires DBUS_UNIX
 #endif
diff --git a/bus/driver.c b/bus/driver.c
index 6f5451a1..ef1b957f 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -1975,7 +1975,9 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
   dbus_pid_t pid = DBUS_PID_UNSET;
   const char *windows_sid = NULL;
   const char *linux_security_label = NULL;
+#ifdef DBUS_ENABLE_CONTAINERS
   const char *path;
+#endif
 
   if (credentials == NULL && conn != NULL)
     credentials = _dbus_connection_get_credentials (conn);
@@ -2030,6 +2032,7 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
         return FALSE;
     }
 
+#ifdef DBUS_ENABLE_CONTAINERS
   /* This has to come from the connection, not the credentials */
   if (conn != NULL &&
       bus_containers_connection_is_contained (conn, &path, NULL, NULL))
@@ -2039,6 +2042,7 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
                                       path))
         return FALSE;
     }
+#endif
 
   return TRUE;
 }
diff --git a/bus/session.conf.in b/bus/session.conf.in
index ace073c9..affa7f1d 100644
--- a/bus/session.conf.in
+++ b/bus/session.conf.in
@@ -76,11 +76,5 @@
   <limit name="max_names_per_connection">50000</limit>
   <limit name="max_match_rules_per_connection">50000</limit>
   <limit name="max_replies_per_connection">50000</limit>
-  <limit name="max_containers">10000</limit>
-  <limit name="max_containers_per_user">10000</limit>
-  <limit name="max_container_metadata_bytes">1000000000</limit>
-  <!-- This is relatively low so that app-containers (which we do not fully
-       trust) do not cause DoS. -->
-  <limit name="max_connections_per_container">16</limit>
 
 </busconfig>
diff --git a/bus/system.conf.in b/bus/system.conf.in
index 7c79a1ae..d2f3244b 100644
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@@ -126,10 +126,6 @@
   <!-- <limit name="max_names_per_connection">512</limit> -->
   <!-- <limit name="max_match_rules_per_connection">512</limit> -->
   <!-- <limit name="max_replies_per_connection">128</limit> -->
-  <!-- <limit name="max_containers">512</limit> -->
-  <!-- <limit name="max_containers_per_user">16</limit> -->
-  <!-- <limit name="max_container_metadata_bytes">4096</limit> -->
-  <!-- <limit name="max_connections_per_container">8</limit> -->
 
   <!-- Config files are placed here that among other things, punch 
        holes in the above policy for specific services. -->
diff --git a/cmake/config.h.cmake b/cmake/config.h.cmake
index a3258789..34592372 100644
--- a/cmake/config.h.cmake
+++ b/cmake/config.h.cmake
@@ -38,7 +38,6 @@
 #cmakedefine DBUS_RUNSTATEDIR "@DBUS_RUNSTATEDIR@"
 
 #cmakedefine DBUS_ENABLE_STATS
-#cmakedefine DBUS_ENABLE_CONTAINERS
 #cmakedefine ENABLE_TRADITIONAL_ACTIVATION
 
 #define TEST_LISTEN       "@TEST_LISTEN@"
diff --git a/configure.ac b/configure.ac
index a806ed8e..1b252bbd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1710,16 +1710,6 @@ AC_ARG_ENABLE([user-session],
 AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
   [test "x$enable_user_session" = xyes])
 
-AC_ARG_ENABLE([containers],
-  [AS_HELP_STRING([--enable-containers],
-    [enable restricted servers for app containers])],
-  [], [enable_containers=no])
-AS_IF([test "x$enable_containers" = xyes && test "x$dbus_unix" != xyes],
-  [AC_MSG_ERROR([Restricted servers for app containers require Unix])])
-AS_IF([test "x$enable_containers" = xyes],
-  [AC_DEFINE([DBUS_ENABLE_CONTAINERS], [1],
-    [Define to enable restricted servers for app containers])])
-
 AC_CONFIG_FILES([
 Doxyfile
 dbus/Version
@@ -1801,7 +1791,6 @@ echo "
         Building assertions:      ${enable_asserts}
         Building checks:          ${enable_checks}
         Building bus stats API:   ${enable_stats}
-        Building container API:   ${enable_containers}
         Building SELinux support: ${have_selinux}
         Building AppArmor support: ${have_apparmor}
         Building inotify support: ${have_inotify}
diff --git a/dbus/dbus-shared.h b/dbus/dbus-shared.h
index 14879ea7..d6a3c989 100644
--- a/dbus/dbus-shared.h
+++ b/dbus/dbus-shared.h
@@ -86,8 +86,6 @@ typedef enum
  */
 /** The interface exported by the object with #DBUS_SERVICE_DBUS and #DBUS_PATH_DBUS */
 #define DBUS_INTERFACE_DBUS           "org.freedesktop.DBus"
-/** The restricted container interface exported by the dbus-daemon */
-#define DBUS_INTERFACE_CONTAINERS1    "org.freedesktop.DBus.Containers1"
 /** The monitoring interface exported by the dbus-daemon */
 #define DBUS_INTERFACE_MONITORING     "org.freedesktop.DBus.Monitoring"
 
diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in
index 80fe9453..cb811577 100644
--- a/doc/dbus-daemon.1.xml.in
+++ b/doc/dbus-daemon.1.xml.in
@@ -840,14 +840,6 @@ Available limit names are:</para>
                                      (number of calls-in-progress)
       "reply_timeout"              : milliseconds (thousandths)
                                      until a method call times out
-      "max_containers"             : max number of restricted servers for use
-                                     in app-containers, in total
-      "max_containers_per_user"    : max number of app-containers per Unix uid
-      "max_container_metadata_bytes": max number of bytes of metadata to store
-                                      for each app-container
-      "max_connections_per_container": max number of (authenticated or
-                                       unauthenticated) connections to each
-                                       app-container
 </literallayout> <!-- .fi -->
 
 
diff --git a/test/containers.c b/test/containers.c
index dcc81c5c..553b6088 100644
--- a/test/containers.c
+++ b/test/containers.c
@@ -46,6 +46,8 @@
 
 #include "test-utils-glib.h"
 
+#define DBUS_INTERFACE_CONTAINERS1    "org.freedesktop.DBus.Containers1"
+
 typedef struct {
     TestMainContext *ctx;
     gboolean skip;
diff --git a/test/data/valid-config-files/limit-containers.conf.in b/test/data/valid-config-files/limit-containers.conf.in
index 3cc3bb05..44dd3979 100644
--- a/test/data/valid-config-files/limit-containers.conf.in
+++ b/test/data/valid-config-files/limit-containers.conf.in
@@ -13,9 +13,4 @@
     <!-- Allow anyone to own anything -->
     <allow own="*"/>
   </policy>
-
-  <limit name="max_containers">5</limit>
-  <limit name="max_containers_per_user">3</limit>
-  <limit name="max_container_metadata_bytes">4096</limit>
-  <limit name="max_connections_per_container">3</limit>
 </busconfig>
diff --git a/test/data/valid-config-files/tmp-session.conf.in b/test/data/valid-config-files/tmp-session.conf.in
index 502619dd..d1effae1 100644
--- a/test/data/valid-config-files/tmp-session.conf.in
+++ b/test/data/valid-config-files/tmp-session.conf.in
@@ -57,11 +57,4 @@
   <limit name="max_names_per_connection">50000</limit>
   <limit name="max_match_rules_per_connection">50000</limit>
   <limit name="max_replies_per_connection">50000</limit>
-  <limit name="max_containers">10000</limit>
-  <limit name="max_containers_per_user">10000</limit>
-  <limit name="max_container_metadata_bytes">1000000000</limit>
-  <!-- This is relatively low so that app-containers (which we do not fully
-       trust) do not cause DoS. -->
-  <limit name="max_connections_per_container">16</limit>
-
 </busconfig>
diff --git a/test/dbus-daemon.c b/test/dbus-daemon.c
index e57fcfa9..881e0d06 100644
--- a/test/dbus-daemon.c
+++ b/test/dbus-daemon.c
@@ -636,10 +636,6 @@ test_creds (Fixture *f,
           g_assert_not_reached ();
 #endif
         }
-      else if (g_str_has_prefix (name, DBUS_INTERFACE_CONTAINERS1 "."))
-        {
-          g_assert_not_reached ();
-        }
 
       dbus_message_iter_next (&arr_iter);
     }
author	Simon McVittie <smcv@collabora.com>	2021-12-10 14:31:45 +0000
committer	Simon McVittie <smcv@collabora.com>	2021-12-10 16:48:51 +0000
commit	9d60676ae08b5ff1153ca5cb2e42bb4d5ec563cf (patch)
tree	0c7ee3621e5e7b08ddb508595a6b3b8eadbf12e4
parent	67f1a01f7bbb813d1664bd9a01dc8af3c2b469ca (diff)