PolkitUnixProcess

PolkitUnixProcess — Unix processs

Functions

Properties

GArray * gids Read / Write / Construct
int pid Read / Write / Construct
int pidfd Read / Write / Construct
gboolean pidfd-is-safe Read
guint64 start-time Read / Write / Construct
int uid Read / Write / Construct

Types and Values

Object Hierarchy

    GObject
    ╰── PolkitUnixProcess

Implemented Interfaces

PolkitUnixProcess implements PolkitSubject.

Description

An object for representing a UNIX process. In order to be reliable and race-free, this requires support for PID File Descriptors in the kernel, dbus-daemon/broker and systemd. With this functionality, we can reliably track processes without risking PID reuse and race conditions, and compare them.

NOTE: If PID FDs are not available, this object will fall back to using PIDs, and this designed is now known broken; a mechanism to exploit a delay in start time in the Linux kernel was identified. Avoid calling polkit_subject_equal() to compare two processes.

To uniquely identify processes, both the process id and the start time of the process (a monotonic increasing value representing the time since the kernel was started) is used.

NOTE: This object stores, and provides access to, the real UID of the process. That value can change over time (with set*uid*(2) and exec*(2)). Checks whether an operation is allowed need to take care to use the UID value as of the time when the operation was made (or, following the open() privilege check model, when the connection making the operation possible was initiated). That is usually done by initializing this with polkit_unix_process_new_for_owner() with trusted data.

Functions

polkit_unix_process_new ()

PolkitSubject *
polkit_unix_process_new (gint pid);

polkit_unix_process_new is deprecated and should not be used in newly-written code.

Creates a new PolkitUnixProcess for pid .

The uid and start time of the process will be looked up in using e.g. the /proc filesystem depending on the platform in use.

Parameters

pid

The process id.

 

Returns

A PolkitSubject. Free with g_object_unref().

[transfer full]


polkit_unix_process_new_full ()

PolkitSubject *
polkit_unix_process_new_full (gint pid,
                              guint64 start_time);

polkit_unix_process_new_full is deprecated and should not be used in newly-written code.

Creates a new PolkitUnixProcess object for pid and start_time .

The uid of the process will be looked up in using e.g. the /proc filesystem depending on the platform in use.

Parameters

pid

The process id.

 

start_time

The start time for pid .

 

Returns

A PolkitSubject. Free with g_object_unref().

[transfer full]


polkit_unix_process_new_for_owner ()

PolkitSubject *
polkit_unix_process_new_for_owner (gint pid,
                                   guint64 start_time,
                                   gint uid);

Creates a new PolkitUnixProcess object for pid , start_time and uid .

Parameters

pid

The process id.

 

start_time

The start time for pid or 0 to look it up in e.g. /proc.

 

uid

The (real, not effective) uid of the owner of pid or -1 to look it up in e.g. /proc.

 

Returns

A PolkitSubject. Free with g_object_unref().

[transfer full]


polkit_unix_process_set_pid ()

void
polkit_unix_process_set_pid (PolkitUnixProcess *process,
                             gint pid);

Sets pid for process .

Parameters

process

A PolkitUnixProcess.

 

pid

A process id.

 

polkit_unix_process_get_pid ()

gint
polkit_unix_process_get_pid (PolkitUnixProcess *process);

Gets the process id for process .

Parameters

process

A PolkitUnixProcess.

 

Returns

The process id for process .


polkit_unix_process_set_start_time ()

void
polkit_unix_process_set_start_time (PolkitUnixProcess *process,
                                    guint64 start_time);

Set the start time of process .

Parameters

process

A PolkitUnixProcess.

 

start_time

The start time for pid .

 

polkit_unix_process_get_start_time ()

guint64
polkit_unix_process_get_start_time (PolkitUnixProcess *process);

Gets the start time of process .

Parameters

process

A PolkitUnixProcess.

 

Returns

The start time of process .


polkit_unix_process_set_uid ()

void
polkit_unix_process_set_uid (PolkitUnixProcess *process,
                             gint uid);

Sets the (real, not effective) user id for process .

Parameters

process

A PolkitUnixProcess.

 

uid

The user id to set for process or -1 to unset it.

 

polkit_unix_process_get_uid ()

gint
polkit_unix_process_get_uid (PolkitUnixProcess *process);

Gets the user id for process . Note that this is the real user-id, not the effective user-id.

NOTE: The UID may change over time, so the returned value may not match the current state of the underlying process; or the UID may have been set by polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), in which case it may not correspond to the actual UID of the referenced process at all (at any point in time).

Parameters

process

A PolkitUnixProcess.

 

Returns

The user id for process or -1 if unknown.


polkit_unix_process_get_owner ()

gint
polkit_unix_process_get_owner (PolkitUnixProcess *process,
                               GError **error);

polkit_unix_process_get_owner is deprecated and should not be used in newly-written code.

(deprecated)

Parameters

process

A PolkitUnixProcess.

 

error

Return location for error.

 

Types and Values

PolkitUnixProcess

typedef struct _PolkitUnixProcess PolkitUnixProcess;

The PolkitUnixProcess struct should not be accessed directly.

Property Details

The “gids” property

  “gids”                     GArray *

The UNIX group ids of the process.

Owner: PolkitUnixProcess

Flags: Read / Write / Construct


The “pid” property

  “pid”                      int

The UNIX process id.

Owner: PolkitUnixProcess

Flags: Read / Write / Construct

Allowed values: >= 0

Default value: 0


The “pidfd” property

  “pidfd”                    int

The UNIX process id file descriptor.

Owner: PolkitUnixProcess

Flags: Read / Write / Construct

Allowed values: >= -1

Default value: -1


The “pidfd-is-safe” property

  “pidfd-is-safe”            gboolean

Whether the UNIX process ID file descriptor is safe.

Owner: PolkitUnixProcess

Flags: Read

Default value: FALSE


The “start-time” property

  “start-time”               guint64

The start time of the process.

Owner: PolkitUnixProcess

Flags: Read / Write / Construct

Default value: 0


The “uid” property

  “uid”                      int

The UNIX user id of the process or -1 if unknown.

Note that this is the real user-id, not the effective user-id.

Owner: PolkitUnixProcess

Flags: Read / Write / Construct

Default value: -1