* dbus: enable support for system services (these are programs that

the bus daemon can start on demand). ConsoleKit and PolicyKit need this. This requires a setuid wrapper for dbus-daemon-launch-helper, as well as a "messagebus" group. svn path=/nixos/trunk/; revision=16736
2009-08-16 21:46:26 +00:00 · 2009-08-16 21:46:26 +00:00 · 7dbf523ddc
commit 7dbf523ddc
parent 26439de75b
2 changed files with 45 additions and 4 deletions
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@ -57,6 +57,7 @@ in
    wheel = 1;
    kmem = 2;
    tty = 3;
+    messagebus = 4; # D-Bus
    haldaemon = 5;
    disk = 6;
    vsftpd = 7;
--- a/modules/services/system/dbus.nix
+++ b/modules/services/system/dbus.nix
@ -7,16 +7,27 @@ let

  cfg = config.services.dbus;

-  inherit (pkgs) dbus;
+  # !!! dbus_temp uses /etc/dbus-1; will be merged into pkgs.dbus later.
+  dbus = pkgs.dbus_temp;

  homeDir = "/var/run/dbus";

-  configFile = pkgs.stdenv.mkDerivation {
+  configDir = pkgs.stdenv.mkDerivation {
    name = "dbus-conf";
    buildCommand = ''
      ensureDir $out
-      ln -s ${dbus}/etc/dbus-1/system.conf $out/system.conf
+      
+      cp ${dbus}/etc/dbus-1/system.conf $out/system.conf

+      # Tell the daemon where the setuid wrapper around
+      # dbus-daemon-launch-helper lives.      
+      sed -i $out/system.conf \
+          -e 's|<servicehelper>.*/libexec/dbus-daemon-launch-helper|<servicehelper>${config.security.wrapperDir}/dbus-daemon-launch-helper|'
+
+      # Add the system-services directories to the daemon's search path.
+      sed -i $out/system.conf \
+          -e 's|<standard_system_servicedirs/>|${systemServiceDirs}|'
+          
      # Note: system.conf includes ./system.d (i.e. it has a relative,
      # not absolute path).
      ensureDir $out/system.d
@ -26,6 +37,10 @@ let
    ''; # */
  };

+  systemServiceDirs = concatMapStrings
+    (d: "<servicedir>${d}/share/dbus-1/system-services</servicedir> ")
+    cfg.packages;
+
 in

 {
@ -67,11 +82,26 @@ in

    environment.systemPackages = [dbus.daemon dbus.tools];

+    environment.etc = singleton
+      # We need /etc/dbus-1/system.conf for now, because
+      # dbus-daemon-launch-helper is called with an empty environment
+      # and no arguments.  So we have no way to tell it the location
+      # of our config file.
+      { source = configDir;
+        target = "dbus-1";
+      };
+
    users.extraUsers = singleton
      { name = "messagebus";
        uid = config.ids.uids.messagebus;
        description = "D-Bus system message bus daemon user";
        home = homeDir;
+        group = "messagebus";
+      };
+
+    users.extraGroups = singleton
+      { name = "messagebus";
+        gid = config.ids.gids.messagebus;
      };

    jobs = singleton
@ -92,7 +122,7 @@ in
            # !!! hack - dbus should be running once this job is
            # considered "running"; should be fixable once we have
            # Upstart 0.6.
-            ${dbus}/bin/dbus-daemon --config-file=${configFile}/system.conf
+            ${dbus}/bin/dbus-daemon --config-file=${configDir}/system.conf
          '';

        postStop =
@ -104,6 +134,16 @@ in
          '';
      };

+    security.setuidOwners = singleton
+      { program = "dbus-daemon-launch-helper";
+        source = "${dbus}/libexec/dbus-daemon-launch-helper";
+        owner = "root";
+        group = "messagebus";
+        setuid = true;
+        setgid = false;
+        permissions = "u+rx,g+rx,o-rx";
+      };
+
  };
 
 }