kumquat-buildroot/package/dbus-broker/session.conf

66 lines
2.8 KiB
Plaintext
Raw Normal View History

package/dbus-broker: new package dbus-broker is an alternate implementation of a dbus daemon. It can be used as a drop-in replacement for the system bus daemon, as well as the session bus daemon. dbus-broker is (basically, and as far as we're concerned in Buildroot) split in two components: - the actual message bus daemon, that relays messages across clients - a launcher, which is responsible for setting various aspects of the bus, like setting the policy et al. and opening the socket(s) the message bus daemon will have to listen on... The launcher can only be used in a systemd setup (it makes heavy use of systemd facilities), while the message bus is generic. However, the message bus daemon is useless without a launcher. There does not exist a non-systemd launcher, which makes dbus-broker actually a systemd-only package; this can be revisited when/if a non-systemd launcher appears. Note, however, that libdbus is not provided by dbus-broker. People who want to use dbus-broker as the bus daemon, and need libdbus, will have to enable both. If only original dbus is enabled, things stay as they are now. This is for the moment still the default, though we should change that once dbus-broker has proven to work. If only dbus-broker is enabled, it installs the necessary socket activation units and dbus configuration files. The daemon is not launched at boot time; instead it is socket-activated when a client connects to the bus the first time. If both original dbus and dbus-broker are enabled, we have a conflict with the configuration files, the socket activation file. Also, original dbus activates the daemon as a service in multi-user.target.wants, so it is not socket-activated and dbus-broker would never get the opportunity to start. Therefore, original dbus is updated to remove the conflicting files and the activation of dbus-daemon. Since dbus-broker installs some of the same file that original dbus removes, we have to add a dependency to make sure that the ones installed by dbus-broker aren't removed. If both are installed, it is still possible to revert back to using original dbus as system bus: - at build-time: by calling systemctl enable/disable from a post-build script (preferred), or by providing drop-in units or presets in an overlay (less preferred) or custom skeleton (as a last resort), - at runtime (on a RW filesystem): by calling systemctl enable/disable Note about the user: the path to the system bus socket is a so-called "well-known location": it is expected to be there, by spec. Moving it elsewhere is going to break existing programs. So, the user running the system bus daemon must be able to create that socket. As we may have two packages providing a system bus daemon, they have to be both able to create the socket, and thus must both be able to write in the directory containing the socket. And since they can be switched at runtime, they must be running as the same user. We can't just reference the original dbus user, so we duplicate the entry. What is important, is that the user be named 'dbus', as that's what we use in both cases. If both original dbus and dbus-broker are selected, the dbus user is included twice, but the specifications are identical so that's fine. mkusers will create the user only once. Finally, the licensing terms are pretty trivial for dbus-broker itself, but it makes use of third-party code that it inherits as git submodules (that are bundled in the release archive). Thus the licensing is a bit convoluted... The third-party codes claim to be licensed as "Apache-2.0 and LGP-2.1+" in their AUTHORS files, but at the same time claim "**Apache-2.0** OR **LGPL-2.1-or-later**" in their README files. The individual source files (that are used) do not seem to have any licensing header to clarify the situation. So we represent the situation with "Apache-2.0 and/or LGPL-2.1+". Signed-off-by: Norbert Lange <nolange79@gmail.com> [yann.morin.1998@free.fr: - don't select systemd; depend on it instead - only install config files and systemd units without original dbus - install a user to run the message bus as - fix licensing info - entirely reword and extend the commit log - add myself to DEVELOPERS as well ] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> [Arnout: - Use dbus-broker as system bus if both are selected. - Remove conflicting files from dbus installation. - Simplify symbolic link creation. - Add comment to remind update of session.conf and system.conf. ] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-01-09 23:16:47 +01:00
<!-- This configuration file controls the per-user-login-session message bus.
Add a session-local.conf and edit that rather than changing this
file directly. -->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- Our well-known bus type, don't change this -->
<type>session</type>
<!-- If we fork, keep the user's original umask to avoid affecting
the behavior of child processes. -->
<keep_umask/>
<standard_session_servicedirs />
<policy context="default">
<!-- Allow everything to be sent -->
<allow send_destination="*" eavesdrop="true"/>
<!-- Allow everything to be received -->
<allow eavesdrop="true"/>
<!-- Allow anyone to own anything -->
<allow own="*"/>
</policy>
<!-- Config files are placed here that among other things,
further restrict the above policy for specific services. -->
<includedir>session.d</includedir>
<includedir>/etc/dbus-1/session.d</includedir>
<!-- This is included last so local configuration can override what's
in this standard file -->
<include ignore_missing="yes">/etc/dbus-1/session-local.conf</include>
<include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
<!-- For the session bus, override the default relatively-low limits
with essentially infinite limits, since the bus is just running
as the user anyway, using up bus resources is not something we need
to worry about. In some cases, we do set the limits lower than
"all available memory" if exceeding the limit is almost certainly a bug,
having the bus enforce a limit is nicer than a huge memory leak. But the
intent is that these limits should never be hit. -->
<!-- the memory limits are 1G instead of say 4G because they can't exceed 32-bit signed int max -->
<limit name="max_incoming_bytes">1000000000</limit>
<limit name="max_incoming_unix_fds">250000000</limit>
<limit name="max_outgoing_bytes">1000000000</limit>
<limit name="max_outgoing_unix_fds">250000000</limit>
<limit name="max_message_size">1000000000</limit>
<!-- We do not override max_message_unix_fds here since the in-kernel
limit is also relatively low -->
<limit name="service_start_timeout">120000</limit>
<limit name="auth_timeout">240000</limit>
<limit name="pending_fd_timeout">150000</limit>
<limit name="max_completed_connections">100000</limit>
<limit name="max_incomplete_connections">10000</limit>
<limit name="max_connections_per_user">100000</limit>
<limit name="max_pending_service_starts">10000</limit>
<limit name="max_names_per_connection">50000</limit>
<limit name="max_match_rules_per_connection">50000</limit>
<limit name="max_replies_per_connection">50000</limit>
</busconfig>