bc9fd78c7b
Previously we'd open the connection in the originating namespace, which meant most peers of the bus would not be able to make sense of the PID/UID/... identity of us since we didn't exist in the namespace they run in. However they require this identity for privilege decisions, hence disallowing access to anything from the host. Instead, when connecting to a container, create a temporary subprocess, make it join the container's namespace and then connect from there to the kdbus instance. This is similar to how we do it for socket conections already. THis also unifies the namespacing code used by machinectl and the bus APIs. |
||
|---|---|---|
| .. | ||
| machine-dbus.c | ||
| machine.c | ||
| machine.h | ||
| machinectl.c | ||
| machined-dbus.c | ||
| machined.c | ||
| machined.h | ||
| Makefile | ||
| org.freedesktop.machine1.conf | ||
| org.freedesktop.machine1.service | ||
| test-machine-tables.c | ||