diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 03:50:45 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 03:50:45 +0000 |
commit | efeb864cb547a2cbf96dc0053a8bdb4d9190b364 (patch) | |
tree | c0b83368f18be983fcc763200c4c24d633244588 /man/sd_bus_creds_new_from_pid.xml | |
parent | Releasing progress-linux version 255.5-1~progress7.99u1. (diff) | |
download | systemd-efeb864cb547a2cbf96dc0053a8bdb4d9190b364.tar.xz systemd-efeb864cb547a2cbf96dc0053a8bdb4d9190b364.zip |
Merging upstream version 256.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/sd_bus_creds_new_from_pid.xml')
-rw-r--r-- | man/sd_bus_creds_new_from_pid.xml | 174 |
1 files changed, 79 insertions, 95 deletions
diff --git a/man/sd_bus_creds_new_from_pid.xml b/man/sd_bus_creds_new_from_pid.xml index 239f996..1dffd13 100644 --- a/man/sd_bus_creds_new_from_pid.xml +++ b/man/sd_bus_creds_new_from_pid.xml @@ -1,6 +1,6 @@ <?xml version='1.0'?> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> <!-- SPDX-License-Identifier: LGPL-2.1-or-later --> <refentry id="sd_bus_creds_new_from_pid" xmlns:xi="http://www.w3.org/2001/XInclude"> @@ -17,6 +17,7 @@ <refnamediv> <refname>sd_bus_creds_new_from_pid</refname> + <refname>sd_bus_creds_new_from_pidfd</refname> <refname>sd_bus_creds_get_mask</refname> <refname>sd_bus_creds_get_augmented_mask</refname> <refname>sd_bus_creds_ref</refname> @@ -38,6 +39,13 @@ </funcprototype> <funcprototype> + <funcdef>int <function>sd_bus_creds_new_from_pidfd</function></funcdef> + <paramdef>int <parameter>pidfd</parameter></paramdef> + <paramdef>uint64_t <parameter>creds_mask</parameter></paramdef> + <paramdef>sd_bus_creds **<parameter>ret</parameter></paramdef> + </funcprototype> + + <funcprototype> <funcdef>uint64_t <function>sd_bus_creds_get_mask</function></funcdef> <paramdef>sd_bus_creds *<parameter>c</parameter></paramdef> </funcprototype> @@ -98,6 +106,7 @@ <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, <constant>SD_BUS_CREDS_DESCRIPTION</constant>, + <constant>SD_BUS_CREDS_PIDFD</constant>, <constant>SD_BUS_CREDS_AUGMENT</constant>, <constant>_SD_BUS_CREDS_ALL</constant> </para> @@ -116,91 +125,65 @@ and <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para> - <para>The information that will be stored is determined by - <parameter>creds_mask</parameter>. It may contain a subset of ORed - constants <constant>SD_BUS_CREDS_PID</constant>, - <constant>SD_BUS_CREDS_PPID</constant>, - <constant>SD_BUS_CREDS_TID</constant>, - <constant>SD_BUS_CREDS_UID</constant>, - <constant>SD_BUS_CREDS_EUID</constant>, - <constant>SD_BUS_CREDS_SUID</constant>, - <constant>SD_BUS_CREDS_FSUID</constant>, - <constant>SD_BUS_CREDS_GID</constant>, - <constant>SD_BUS_CREDS_EGID</constant>, - <constant>SD_BUS_CREDS_SGID</constant>, - <constant>SD_BUS_CREDS_FSGID</constant>, - <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, - <constant>SD_BUS_CREDS_COMM</constant>, - <constant>SD_BUS_CREDS_TID_COMM</constant>, - <constant>SD_BUS_CREDS_EXE</constant>, - <constant>SD_BUS_CREDS_CMDLINE</constant>, - <constant>SD_BUS_CREDS_CGROUP</constant>, - <constant>SD_BUS_CREDS_UNIT</constant>, - <constant>SD_BUS_CREDS_SLICE</constant>, - <constant>SD_BUS_CREDS_USER_UNIT</constant>, - <constant>SD_BUS_CREDS_USER_SLICE</constant>, - <constant>SD_BUS_CREDS_SESSION</constant>, - <constant>SD_BUS_CREDS_OWNER_UID</constant>, - <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, - <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>, - <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, - <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>, - <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, - <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>, - <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, - <constant>SD_BUS_CREDS_TTY</constant>, - <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, - <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, and - <constant>SD_BUS_CREDS_DESCRIPTION</constant>. Use the special - value <constant>_SD_BUS_CREDS_ALL</constant> to request all - supported fields. The <constant>SD_BUS_CREDS_AUGMENT</constant> - constant may not be ORed into the mask for invocations of - <function>sd_bus_creds_new_from_pid()</function>.</para> + <para><function>sd_bus_creds_new_from_pidfd()</function> is identical to + <function>sd_bus_creds_new_from_pid()</function>, but takes a PID file descriptor rather than a numeric + PID as reference to the process. See <citerefentry + project='man-pages'><refentrytitle>pidfd_open</refentrytitle><manvolnum>2</manvolnum></citerefentry>.</para> + + <para>The information that will be stored is determined by <parameter>creds_mask</parameter>. It may + contain a subset of ORed constants <constant>SD_BUS_CREDS_PID</constant>, + <constant>SD_BUS_CREDS_PPID</constant>, <constant>SD_BUS_CREDS_TID</constant>, + <constant>SD_BUS_CREDS_UID</constant>, <constant>SD_BUS_CREDS_EUID</constant>, + <constant>SD_BUS_CREDS_SUID</constant>, <constant>SD_BUS_CREDS_FSUID</constant>, + <constant>SD_BUS_CREDS_GID</constant>, <constant>SD_BUS_CREDS_EGID</constant>, + <constant>SD_BUS_CREDS_SGID</constant>, <constant>SD_BUS_CREDS_FSGID</constant>, + <constant>SD_BUS_CREDS_SUPPLEMENTARY_GIDS</constant>, <constant>SD_BUS_CREDS_COMM</constant>, + <constant>SD_BUS_CREDS_TID_COMM</constant>, <constant>SD_BUS_CREDS_EXE</constant>, + <constant>SD_BUS_CREDS_CMDLINE</constant>, <constant>SD_BUS_CREDS_CGROUP</constant>, + <constant>SD_BUS_CREDS_UNIT</constant>, <constant>SD_BUS_CREDS_SLICE</constant>, + <constant>SD_BUS_CREDS_USER_UNIT</constant>, <constant>SD_BUS_CREDS_USER_SLICE</constant>, + <constant>SD_BUS_CREDS_SESSION</constant>, <constant>SD_BUS_CREDS_OWNER_UID</constant>, + <constant>SD_BUS_CREDS_EFFECTIVE_CAPS</constant>, <constant>SD_BUS_CREDS_PERMITTED_CAPS</constant>, + <constant>SD_BUS_CREDS_INHERITABLE_CAPS</constant>, <constant>SD_BUS_CREDS_BOUNDING_CAPS</constant>, + <constant>SD_BUS_CREDS_SELINUX_CONTEXT</constant>, <constant>SD_BUS_CREDS_AUDIT_SESSION_ID</constant>, + <constant>SD_BUS_CREDS_AUDIT_LOGIN_UID</constant>, <constant>SD_BUS_CREDS_TTY</constant>, + <constant>SD_BUS_CREDS_UNIQUE_NAME</constant>, <constant>SD_BUS_CREDS_WELL_KNOWN_NAMES</constant>, + <constant>SD_BUS_CREDS_DESCRIPTION</constant>, and <constant>SD_BUS_CREDS_PIDFD</constant>. Use the + special value <constant>_SD_BUS_CREDS_ALL</constant> to request all supported fields. The + <constant>SD_BUS_CREDS_AUGMENT</constant> constant may not be ORed into the mask for invocations of + <function>sd_bus_creds_new_from_pid()</function> or + <function>sd_bus_creds_new_from_pidfd()</function>.</para> <para>Fields can be retrieved from the credentials object using <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry> and other functions which correspond directly to the constants listed above.</para> - <para>A mask of fields which were actually successfully retrieved - can be retrieved with - <function>sd_bus_creds_get_mask()</function>. If the credentials - object was created with - <function>sd_bus_creds_new_from_pid()</function>, this will be a - subset of fields requested in <parameter>creds_mask</parameter>. + <para>A mask of fields which were actually successfully retrieved can be retrieved with + <function>sd_bus_creds_get_mask()</function>. If the credentials object was created with + <function>sd_bus_creds_new_from_pid()</function> or <function>sd_bus_creds_new_from_pidfd()</function>, + this will be a subset of fields requested in <parameter>creds_mask</parameter>. </para> - <para>Similar to <function>sd_bus_creds_get_mask()</function>, the - function <function>sd_bus_creds_get_augmented_mask()</function> - returns a bitmask of field constants. The mask indicates which - credential fields have been retrieved in a non-atomic fashion. For - credential objects created via - <function>sd_bus_creds_new_from_pid()</function>, this mask will be - identical to the mask returned by - <function>sd_bus_creds_get_mask()</function>. However, for - credential objects retrieved via - <function>sd_bus_get_name_creds()</function>, this mask will be set - for the credential fields that could not be determined atomically - at peer connection time, and which were later added by reading - augmenting credential data from - <filename>/proc/</filename>. Similarly, for credential objects - retrieved via <function>sd_bus_get_owner_creds()</function>, the - mask is set for the fields that could not be determined atomically - at bus creation time, but have been augmented. Similarly, for - credential objects retrieved via - <function>sd_bus_message_get_creds()</function>, the mask is set - for the fields that could not be determined atomically at message - sending time, but have been augmented. The mask returned by - <function>sd_bus_creds_get_augmented_mask()</function> is always a - subset of (or identical to) the mask returned by - <function>sd_bus_creds_get_mask()</function> for the same - object. The latter call hence returns all credential fields - available in the credential object, the former then marks the - subset of those that have been augmented. Note that augmented - fields are unsuitable for authorization decisions, as they may be - retrieved at different times, thus being subject to races. Hence, - augmented fields should be used exclusively for informational - purposes. + <para>Similar to <function>sd_bus_creds_get_mask()</function>, the function + <function>sd_bus_creds_get_augmented_mask()</function> returns a bitmask of field constants. The mask + indicates which credential fields have been retrieved in a non-atomic fashion. For credential objects + created via <function>sd_bus_creds_new_from_pid()</function> or + <function>sd_bus_creds_new_from_pidfd()</function>, this mask will be identical to the mask returned by + <function>sd_bus_creds_get_mask()</function>. However, for credential objects retrieved via + <function>sd_bus_get_name_creds()</function>, this mask will be set for the credential fields that could + not be determined atomically at peer connection time, and which were later added by reading augmenting + credential data from <filename>/proc/</filename>. Similarly, for credential objects retrieved via + <function>sd_bus_get_owner_creds()</function>, the mask is set for the fields that could not be + determined atomically at bus creation time, but have been augmented. Similarly, for credential objects + retrieved via <function>sd_bus_message_get_creds()</function>, the mask is set for the fields that could + not be determined atomically at message sending time, but have been augmented. The mask returned by + <function>sd_bus_creds_get_augmented_mask()</function> is always a subset of (or identical to) the mask + returned by <function>sd_bus_creds_get_mask()</function> for the same object. The latter call hence + returns all credential fields available in the credential object, the former then marks the subset of + those that have been augmented. Note that augmented fields are unsuitable for authorization decisions, as + they may be retrieved at different times, thus being subject to races. Hence, augmented fields should be + used exclusively for informational purposes. </para> <para><function>sd_bus_creds_ref()</function> creates a new @@ -234,9 +217,9 @@ <refsect1> <title>Return Value</title> - <para>On success, <function>sd_bus_creds_new_from_pid()</function> - returns 0 or a positive integer. On failure, it returns a negative - errno-style error code.</para> + <para>On success, <function>sd_bus_creds_new_from_pid()</function> and + <function>sd_bus_creds_new_from_pidfd()</function> return 0 or a positive integer. On failure, they return + a negative errno-style error code.</para> <para><function>sd_bus_creds_get_mask()</function> returns the mask of successfully acquired fields.</para> @@ -256,9 +239,9 @@ <refsect1> <title>Reference ownership</title> - <para>Function <function>sd_bus_creds_new_from_pid()</function> - creates a new object and the caller owns the sole reference. When - not needed anymore, this reference should be destroyed with + <para>The functions <function>sd_bus_creds_new_from_pid()</function> and + <function>sd_bus_creds_new_from_pidfd()</function> create a new object and the caller owns the sole + reference. When not needed anymore, this reference should be destroyed with <citerefentry><refentrytitle>sd_bus_creds_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>. </para> @@ -303,23 +286,24 @@ <title>History</title> <para><function>sd_bus_creds_new_from_pid()</function>, <function>sd_bus_creds_get_mask()</function>, - <function>sd_bus_creds_ref()</function>, and - <function>sd_bus_creds_unref()</function> were added in version 209.</para> - <para><function>sd_bus_creds_get_augmented_mask()</function> was added in version 223.</para> + <function>sd_bus_creds_ref()</function>, + <function>sd_bus_creds_unref()</function>, and + <function>sd_bus_creds_get_augmented_mask()</function> were added in version 221.</para> <para><function>sd_bus_creds_unrefp()</function> was added in version 229.</para> + <para><function>sd_bus_creds_new_from_pidfd()</function> was added in version 256.</para> </refsect1> <refsect1> <title>See Also</title> - <para> - <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, - <citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry>, - <citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry>, - <citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, - <citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry>, - <citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry> - </para> + <para><simplelist type="inline"> + <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> + <member><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry></member> + <member><citerefentry><refentrytitle>sd_bus_creds_get_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry></member> + <member><citerefentry><refentrytitle>sd_bus_get_name_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member> + <member><citerefentry><refentrytitle>sd_bus_get_owner_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member> + <member><citerefentry><refentrytitle>sd_bus_message_get_creds</refentrytitle><manvolnum>3</manvolnum></citerefentry></member> + </simplelist></para> </refsect1> </refentry> |