Ticket #1074 (closed defect: fixed)

Opened 10 years ago

Last modified 10 years ago

D-Bus-activated services run outside the chroot

Reported by: geofft Owned by: geofft
Priority: high Milestone: Oneiric Support
Component: login chroot Keywords:
Cc: Fixed in version:
Upstream bug:

Description (last modified by geofft) (diff)

D-Bus has a facility for running services when you send a message to a well-known name but no service is bound to that well-known name (these services are listed in /usr/share/dbus-1/system-services). The system D-Bus daemon runs outside the chroot, so naturally services it activates will also run outside the chroot.

This interacts poorly in a couple of cases with privileged-inside-the-chroot programs making requests to daemons outside the chroot over D-Bus. One notable case is aptdaemon, used by Ubuntu Software Center -- if you install something via that GUI (as opposed to any other GUI, or the command line), then it will get installed in the environment of aptdaemon, namely outside the chroot.

We're probably seeing this in production, given that we've run into a couple of machines with Skype mysteriously installed outside the chroot, and Skype from the partners repository is well-advertised in Ubuntu Software Center.

Addressing #462 would fix this solidly, but would also be fairly high-impact. A much smaller-impact fix is to hook the servicehelper (/usr/lib/dbus-1.0/dbus-daemon-launch-helper, as mentioned in /etc/dbus-1/system.conf), which elevates privileges from the messagebus user to root when running a service. Since we want D-Bus activation to work at boot time, we should have a wrapper that detects if a login chroot exists, and runs the original servicehelper inside the chroot if so, and otherwise just runs the original servicehelper.

Change History

comment:1 Changed 10 years ago by jdreed

  • Status changed from new to closed
  • Resolution set to fixed

comment:2 Changed 10 years ago by geofft

  • Reporter changed from jdreed to geofft
  • Component changed from -- to login chroot
  • Description modified (diff)
  • Summary changed from Fix for [redacted] to D-Bus-activated services run outside the chroot

This was silently deployed to -proposed last Thursday night and production just now.

Note: See TracTickets for help on using tickets.