driver: Add a stub implementation of the Containers1 interface

For now, this is considered to be a privileged operation, because the
resource-limiting isn't wired up yet. It only contains the bare minimum
of API.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354

10 files changed, 129 insertions, 0 deletions

diff --git a/README.cmake b/README.cmake
index 69012fbe..6d5621fd 100644
--- a/README.cmake
+++ b/README.cmake
@@ -117,6 +117,9 @@ DBUS_ENABLE_DOXYGEN_DOCS:BOOL=OFF
 // enable bus daemon usage statistics
 DBUS_ENABLE_STATS:BOOL=OFF
 
+// enable restricted servers for app containers
+DBUS_ENABLE_CONTAINERS:BOOL=OFF
+
 // support verbose debug mode
 DBUS_ENABLE_VERBOSE_MODE:BOOL=ON
 
diff --git a/bus/Makefile.am b/bus/Makefile.am
index 9ae30716..33751412 100644
--- a/bus/Makefile.am
+++ b/bus/Makefile.am
@@ -97,6 +97,8 @@ BUS_SOURCES=					\
 	config-parser-common.h			\
 	connection.c				\
 	connection.h				\
+	containers.c				\
+	containers.h				\
 	desktop-file.c				\
 	desktop-file.h				\
 	$(DIR_WATCH_SOURCE)			\
diff --git a/bus/containers.c b/bus/containers.c
new file mode 100644
index 00000000..e8935490
--- /dev/null
+++ b/bus/containers.c
@@ -0,0 +1,55 @@
+/* containers.c - restricted bus servers for containers
+ *
+ * Copyright © 2017 Collabora Ltd.
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#include <config.h>
+#include "containers.h"
+
+#ifdef DBUS_ENABLE_CONTAINERS
+
+#ifndef DBUS_UNIX
+# error DBUS_ENABLE_CONTAINERS requires DBUS_UNIX
+#endif
+
+dbus_bool_t
+bus_containers_handle_add_server (DBusConnection *connection,
+                                  BusTransaction *transaction,
+                                  DBusMessage    *message,
+                                  DBusError      *error)
+{
+  dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, "Not yet implemented");
+  return FALSE;
+}
+
+dbus_bool_t
+bus_containers_supported_arguments_getter (BusContext *context,
+                                           DBusMessageIter *var_iter)
+{
+  DBusMessageIter arr_iter;
+
+  /* There are none so far */
+  return dbus_message_iter_open_container (var_iter, DBUS_TYPE_ARRAY,
+                                           DBUS_TYPE_STRING_AS_STRING,
+                                           &arr_iter) &&
+         dbus_message_iter_close_container (var_iter, &arr_iter);
+}
+
+#endif /* DBUS_ENABLE_CONTAINERS */
diff --git a/bus/containers.h b/bus/containers.h
new file mode 100644
index 00000000..3564bbd2
--- /dev/null
+++ b/bus/containers.h
@@ -0,0 +1,35 @@
+/* containers.h - restricted bus servers for containers
+ *
+ * Copyright © 2017 Collabora Ltd.
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+
+#ifndef BUS_CONTAINERS_H
+#define BUS_CONTAINERS_H
+
+#include "bus.h"
+
+dbus_bool_t bus_containers_handle_add_server          (DBusConnection  *connection,
+                                                       BusTransaction  *transaction,
+                                                       DBusMessage     *message,
+                                                       DBusError       *error);
+dbus_bool_t bus_containers_supported_arguments_getter (BusContext      *context,
+                                                       DBusMessageIter *var_iter);
+
+#endif /* multiple-inclusion guard */
diff --git a/bus/driver.c b/bus/driver.c
index cd0a714d..9529b07c 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -26,6 +26,7 @@
 #include "activation.h"
 #include "apparmor.h"
 #include "connection.h"
+#include "containers.h"
 #include "driver.h"
 #include "dispatch.h"
 #include "services.h"
@@ -2517,6 +2518,18 @@ static const MessageHandler introspectable_message_handlers[] = {
   { NULL, NULL, NULL, NULL }
 };
 
+#ifdef DBUS_ENABLE_CONTAINERS
+static const MessageHandler containers_message_handlers[] = {
+  { "AddServer", "ssa{sv}a{sv}", "oays", bus_containers_handle_add_server,
+    METHOD_FLAG_PRIVILEGED },
+  { NULL, NULL, NULL, NULL }
+};
+static const PropertyHandler containers_property_handlers[] = {
+  { "SupportedArguments", "as", bus_containers_supported_arguments_getter },
+  { NULL, NULL, NULL }
+};
+#endif
+
 static const MessageHandler monitoring_message_handlers[] = {
   { "BecomeMonitor", "asu", "", bus_driver_handle_become_monitor,
     METHOD_FLAG_PRIVILEGED },
@@ -2621,6 +2634,10 @@ static InterfaceHandler interface_handlers[] = {
   { BUS_INTERFACE_STATS, stats_message_handlers, NULL,
     INTERFACE_FLAG_NONE },
 #endif
+#ifdef DBUS_ENABLE_CONTAINERS
+  { DBUS_INTERFACE_CONTAINERS1, containers_message_handlers, NULL,
+    INTERFACE_FLAG_NONE, containers_property_handlers },
+#endif
   { DBUS_INTERFACE_PEER, peer_message_handlers, NULL,
     /* Not in the Interfaces property because it's a pseudo-interface
      * on all object paths of all connections, rather than a feature of the
diff --git a/cmake/CMakeLists.txt b/cmake/CMakeLists.txt
index 3ac71a5a..cebf8169 100644
--- a/cmake/CMakeLists.txt
+++ b/cmake/CMakeLists.txt
@@ -128,6 +128,7 @@ endif(NOT WIN32)
 option (DBUS_DISABLE_ASSERT "Disable assertion checking" OFF)
 
 option (DBUS_ENABLE_STATS "enable bus daemon usage statistics" OFF)
+option (DBUS_ENABLE_CONTAINERS "enable restricted servers for app-containers" OFF)
 
 if(WIN32)
     set(FD_SETSIZE "8192" CACHE STRING "The maximum number of connections that can be handled at once")
diff --git a/cmake/bus/CMakeLists.txt b/cmake/bus/CMakeLists.txt
index 4c5bdcf2..9e806c4f 100644
--- a/cmake/bus/CMakeLists.txt
+++ b/cmake/bus/CMakeLists.txt
@@ -52,6 +52,8 @@ set (BUS_SOURCES
 #    ${BUS_DIR}/config-parser-trivial.c
 	${BUS_DIR}/connection.c
 	${BUS_DIR}/connection.h				
+	${BUS_DIR}/containers.c
+	${BUS_DIR}/containers.h
 	${BUS_DIR}/desktop-file.c				
 	${BUS_DIR}/desktop-file.h				
 	${BUS_DIR}/dir-watch.h				
diff --git a/cmake/config.h.cmake b/cmake/config.h.cmake
index 202c0ab0..efba76d1 100644
--- a/cmake/config.h.cmake
+++ b/cmake/config.h.cmake
@@ -28,6 +28,7 @@
 #cmakedefine DBUS_RUNSTATEDIR "@DBUS_RUNSTATEDIR@"
 
 #cmakedefine DBUS_ENABLE_STATS
+#cmakedefine DBUS_ENABLE_CONTAINERS
 
 #define TEST_LISTEN       "@TEST_LISTEN@"
 
diff --git a/configure.ac b/configure.ac
index ce1f2c56..2ab704b3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1762,6 +1762,16 @@ AC_ARG_ENABLE([user-session],
 AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
   [test "x$enable_user_session" = xyes])
 
+AC_ARG_ENABLE([containers],
+  [AS_HELP_STRING([--enable-containers],
+    [enable restricted servers for app containers])],
+  [], [enable_containers=no])
+AS_IF([test "x$enable_containers" = xyes && test "x$dbus_unix" != xyes],
+  [AC_MSG_ERROR([Restricted servers for app containers require Unix])])
+AS_IF([test "x$enable_containers" = xyes],
+  [AC_DEFINE([DBUS_ENABLE_CONTAINERS], [1],
+    [Define to enable restricted servers for app containers])])
+
 AC_CONFIG_FILES([
 Doxyfile
 dbus/Version
@@ -1842,6 +1852,7 @@ echo "
         Building assertions:      ${enable_asserts}
         Building checks:          ${enable_checks}
         Building bus stats API:   ${enable_stats}
+        Building container API:   ${enable_containers}
         Building SELinux support: ${have_selinux}
         Building AppArmor support: ${have_apparmor}
         Building inotify support: ${have_inotify}
diff --git a/dbus/dbus-shared.h b/dbus/dbus-shared.h
index 7ab91035..f20c72ad 100644
--- a/dbus/dbus-shared.h
+++ b/dbus/dbus-shared.h
@@ -86,6 +86,8 @@ typedef enum
  */
 /** The interface exported by the object with #DBUS_SERVICE_DBUS and #DBUS_PATH_DBUS */
 #define DBUS_INTERFACE_DBUS           "org.freedesktop.DBus"
+/** The restricted container interface exported by the dbus-daemon */
+#define DBUS_INTERFACE_CONTAINERS1    "org.freedesktop.DBus.Containers1"
 /** The monitoring interface exported by the dbus-daemon */
 #define DBUS_INTERFACE_MONITORING     "org.freedesktop.DBus.Monitoring"