Skip to content

feat: expose unreferenced Unix FDs from replies#432

Open
savely-krasovsky wants to merge 1 commit into
godbus:masterfrom
savely-krasovsky:tpm2-abrmd
Open

feat: expose unreferenced Unix FDs from replies#432
savely-krasovsky wants to merge 1 commit into
godbus:masterfrom
savely-krasovsky:tpm2-abrmd

Conversation

@savely-krasovsky

@savely-krasovsky savely-krasovsky commented Apr 26, 2026

Copy link
Copy Markdown

I ran into this with tpm2-abrmd. Since tpm2-abrmd 2.4.1, CreateConnection returns only the connection id in the D-Bus reply body and sends the communication FD via the reply's Unix FD list: tpm2-software/tpm2-abrmd@7d5a73d

godbus already receives those FDs in the Unix transport, but callers cannot access them unless the reply body references them through h. This change exposes FDs received with method replies via UnixFDs field. Existing h decoding behavior is unchanged.

$ busctl --system introspect com.intel.tss2.Tabrmd /com/intel/tss2/Tabrmd/Tcti com.intel.tss2.TctiTabrmd 

NAME              TYPE   SIGNATURE RESULT/VALUE FLAGS
.Cancel           method t         u            -    
.CreateConnection method -         t            -    
.SetLocality      method ty        u            -    

@savely-krasovsky

Copy link
Copy Markdown
Author

@guelfey could you please take a look in your spare time?

@guelfey

guelfey commented May 1, 2026

Copy link
Copy Markdown
Member

So to be honest, I think this is more of an issue in tmp2-abrmd. If I look at the D-Bus specification, it doesn't explicitly disallow this, but it doesn't assign any "semantic meaning" to simply attaching Unix FDs to a message without putting any value of type UNIX_FD into the message body. I find it weird that glib even allows this (I guess it simply operates on a bit of a "lower level"), but even there it's mentioned in the documentation:

 * When designing D-Bus APIs that are intended to be interoperable,
 * please note that non-GDBus implementations of D-Bus can usually only
 * access file descriptors if they are referenced by a value of type
 * `G_VARIANT_TYPE_HANDLE` in the body of the message.

@savely-krasovsky

Copy link
Copy Markdown
Author

I overall agree with you: returning the old behavior for tpm2-abrmd would be a better option, but I don't think changing the API surface back and forth is a good idea either. I believe in other languages you can access Unix FDs without any real problem; otherwise there would have been reports, though I don't have much experience with other languages D-Bus libs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants