systemd/0807-core-refuse-dbus-activation-if-dbus-is-not-running.patch

From 40f8600cfd866e4956fb09ca29bc5dc74e605450 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 9 May 2023 00:07:45 +0800
Subject: [PATCH] core: refuse dbus activation if dbus is not running

dbus-broker issues StartUnit directly for activation requests,
so let's add a check on bus state in bus_unit_queue_job to refuse
that if dbus is not running.

Replaces #27570
Closes #26799

(cherry picked from commit 53964fd26b4a01191609ffc064aa8ccccd28e377)

Resolves: RHEL-40878
---
 src/core/dbus-unit.c | 7 +++++++
 src/core/dbus.c      | 5 ++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 19a71b6cb3..685d45fc23 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -21,6 +21,7 @@
 #include "path-util.h"
 #include "process-util.h"
 #include "selinux-access.h"
+#include "service.h"
 #include "signal-util.h"
 #include "special.h"
 #include "string-table.h"
@@ -1845,6 +1846,12 @@ int bus_unit_queue_job(
             (type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start))
                 return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id);
 
+        /* dbus-broker issues StartUnit for activation requests, so let's apply the same check
+         * used in signal_activation_request(). */
+        if (type == JOB_START && u->type == UNIT_SERVICE &&
+            SERVICE(u)->type == SERVICE_DBUS && !manager_dbus_is_running(u->manager))
+                return sd_bus_error_set(error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running.");
+
         r = sd_bus_message_new_method_return(message, &reply);
         if (r < 0)
                 return r;
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 3cbe9c5cfd..b4564f79a2 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -160,9 +160,8 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd
                 return 0;
         }
 
-        if (manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SERVICE) ||
-            manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SOCKET)) {
-                r = sd_bus_error_set(&error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is shutting down.");
+        if (!manager_dbus_is_running(m)) {
+                r = sd_bus_error_set(&error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running.");
                 goto failed;
         }
systemd-252-37 Resolves: RHEL-13159,RHEL-20322,RHEL-27512,RHEL-30372,RHEL-31070,RHEL-31219,RHEL-33890,RHEL-35703,RHEL-38864,RHEL-40878,RHEL-6589 2024-06-13 14:16:12 +00:00			`From 40f8600cfd866e4956fb09ca29bc5dc74e605450 Mon Sep 17 00:00:00 2001`
			`From: Mike Yuan <me@yhndnzj.com>`
			`Date: Tue, 9 May 2023 00:07:45 +0800`
			`Subject: [PATCH] core: refuse dbus activation if dbus is not running`

			`dbus-broker issues StartUnit directly for activation requests,`
			`so let's add a check on bus state in bus_unit_queue_job to refuse`
			`that if dbus is not running.`

			`Replaces #27570`
			`Closes #26799`

			`(cherry picked from commit 53964fd26b4a01191609ffc064aa8ccccd28e377)`

			`Resolves: RHEL-40878`
			`---`
			`src/core/dbus-unit.c \| 7 +++++++`
			`src/core/dbus.c \| 5 ++---`
			`2 files changed, 9 insertions(+), 3 deletions(-)`

			`diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c`
			`index 19a71b6cb3..685d45fc23 100644`
			`--- a/src/core/dbus-unit.c`
			`+++ b/src/core/dbus-unit.c`
			`@@ -21,6 +21,7 @@`
			`#include "path-util.h"`
			`#include "process-util.h"`
			`#include "selinux-access.h"`
			`+#include "service.h"`
			`#include "signal-util.h"`
			`#include "special.h"`
			`#include "string-table.h"`
			`@@ -1845,6 +1846,12 @@ int bus_unit_queue_job(`
			`(type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start))`
			`return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id);`

			`+ /* dbus-broker issues StartUnit for activation requests, so let's apply the same check`
			`+ * used in signal_activation_request(). */`
			`+ if (type == JOB_START && u->type == UNIT_SERVICE &&`
			`+ SERVICE(u)->type == SERVICE_DBUS && !manager_dbus_is_running(u->manager))`
			`+ return sd_bus_error_set(error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running.");`
			`+`
			`r = sd_bus_message_new_method_return(message, &reply);`
			`if (r < 0)`
			`return r;`
			`diff --git a/src/core/dbus.c b/src/core/dbus.c`
			`index 3cbe9c5cfd..b4564f79a2 100644`
			`--- a/src/core/dbus.c`
			`+++ b/src/core/dbus.c`
			`@@ -160,9 +160,8 @@ static int signal_activation_request(sd_bus_message message, void userdata, sd`
			`return 0;`
			`}`

			`- if (manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SERVICE) \|\|`
			`- manager_unit_inactive_or_pending(m, SPECIAL_DBUS_SOCKET)) {`
			`- r = sd_bus_error_set(&error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is shutting down.");`
			`+ if (!manager_dbus_is_running(m)) {`
			`+ r = sd_bus_error_set(&error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running.");`
			`goto failed;`
			`}`