Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 875620

Summary: sys-apps/dbus-1.15.2: socket in /tmp instead of /run/dbus
Product: Gentoo Linux Reporter: Holger Hoffstätte <holger>
Component: Current packagesAssignee: Freedesktop bugs <freedesktop-bugs>
Status: RESOLVED WORKSFORME    
Severity: normal CC: sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.debian.org/78791
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 875518    

Description Holger Hoffstätte 2022-10-06 14:19:39 UTC
After updating to dbus-1.15.2 I found that its socket is placed in /tmp, unlike before with 1.15.0 where it lives in /run/dbus. This can lead to dbus (and system) outages when e.g. a tmpcleaner sees a 0-sized file in /tmp and deletes it.


Reproducible: Always

Steps to Reproduce:
1. update to dbus-1.15.2
2. find socket in /tmp
3. delete socket: dbus dead


Expected Results:  
The socket should live in /run/dbus as before.


Probably a change in runstatedir configuration.
Comment 1 Holger Hoffstätte 2022-10-06 14:21:34 UTC
This might also affect the recently added 1.14.4 but I haven't checked.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-10-06 14:22:52 UTC
Yeah, it's:

• On Linux, dbus-daemon and other uses of DBusServer now create a
  path-based Unix socket, unix:path=..., when asked to listen on a
  unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
  unix:dir=... on all platforms.
  Previous versions would have created an abstract socket, unix:abstract=...,
  in this situation.
  This change primarily affects the well-known session bus when run via
  dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
  dbus with --enable-user-session and running it on a systemd system,
  already used path-based Unix sockets and is unaffected by this change.
  This behaviour change prevents a sandbox escape via the session bus socket
  in sandboxing frameworks that can share the network namespace with the host
  system, such as Flatpak.
  This change might cause a regression in situations where the abstract socket
  is intentionally shared between the host system and a chroot or container,
  such as some use-cases of schroot(1). That regression can be resolved by
  using a bind-mount to share either the D-Bus socket, or the whole /tmp
  directory, with the chroot or container.
  (dbus#416, Simon McVittie)

I guess.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-10-06 14:29:42 UTC
See also this tmpreaper bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=78791.
Comment 5 Mike Gilbert gentoo-dev 2022-10-06 16:17:42 UTC
The system bus continues to live at /run/dbus/system_bus_socket.

Session buses never created sockets in /run/dbus. Per the notes in comment 2, they used to be "abstract", meaning they had no presence in the filesystem at all. Now they live in /tmp instead.

This is an intentional change by dbus upstream. You will need to fix whatever cleanup scripts you use to not remove the sockets from /tmp.