Polkit.UnixProcess

g GObject.GInterface GObject.GInterface Polkit.Subject Polkit.Subject GObject.GInterface->Polkit.Subject GObject.Object GObject.Object Polkit.UnixProcess Polkit.UnixProcess GObject.Object->Polkit.UnixProcess Polkit.Subject->Polkit.UnixProcess

Subclasses:

None

Methods

Inherited:

GObject.Object (37), Polkit.Subject (7)

Structs:

GObject.ObjectClass (5)

class

new (pid)

class

new_for_owner (pid, start_time, uid)

class

new_full (pid, start_time)

class

new_pidfd (pidfd, uid, gids)

get_gids ()

get_owner ()

get_pid ()

get_pidfd ()

get_pidfd_is_safe ()

get_start_time ()

get_uid ()

set_gids (gids)

set_pid (pid)

set_pidfd (pidfd)

set_start_time (start_time)

set_uid (uid)

Virtual Methods

Inherited:

GObject.Object (7), Polkit.Subject (6)

Properties

Name

Type

Flags

Short Description

gids

GLib.Array

r/w/c

The UNIX group IDs

pid

int

r/w/c

The UNIX process ID

pidfd

int

r/w/c

The UNIX process ID file descriptor

pidfd-is-safe

bool

r

Whether the UNIX process ID file descriptor is safe

start-time

int

r/w/c

The start time of the process, since the machine booted

uid

int

r/w/c

The UNIX user ID

Signals

Inherited:

GObject.Object (1)

Fields

Inherited:

GObject.Object (1)

Class Details

class Polkit.UnixProcess(**kwargs)
Bases:

GObject.Object, Polkit.Subject

Abstract:

No

Structure:

Polkit.UnixProcessClass

An object for representing a UNIX process. In order to be reliable and race-free, this requires support for PID File Descriptors in the kernel, dbus-daemon/broker and systemd. With this functionality, we can reliably track processes without risking PID reuse and race conditions, and compare them.

NOTE: If PID FDs are not available, this object will fall back to using PIDs, and this designed is now known broken; a mechanism to exploit a delay in start time in the Linux kernel was identified. Avoid calling Polkit.Subject.equal() to compare two processes.

To uniquely identify processes, both the process id and the start time of the process (a monotonic increasing value representing the time since the kernel was started) is used.

NOTE: This object stores, and provides access to, the real UID of the process. That value can change over time (with set*uid*(2) and exec*(2)). Checks whether an operation is allowed need to take care to use the UID value as of the time when the operation was made (or, following the open() privilege check model, when the connection making the operation possible was initiated). That is usually done by initializing this with Polkit.UnixProcess.new_for_owner() with trusted data.

classmethod new(pid)
Parameters:

pid (int) – The process id.

Returns:

A Polkit.Subject. Free with GObject.Object.unref().

Return type:

Polkit.Subject

Creates a new Polkit.UnixProcess for pid.

The uid and start time of the process will be looked up in using e.g. the /proc filesystem depending on the platform in use.

classmethod new_for_owner(pid, start_time, uid)
Parameters:

  • pid (int) – The process id.

  • start_time (int) – The start time for pid or 0 to look it up in e.g. /proc.

  • uid (int) – The (real, not effective) uid of the owner of pid or -1 to look it up in e.g. /proc.

Returns:

A Polkit.Subject. Free with GObject.Object.unref().

Return type:

Polkit.Subject

Creates a new Polkit.UnixProcess object for pid, start_time and uid.

classmethod new_full(pid, start_time)
Parameters:

  • pid (int) – The process id.

  • start_time (int) – The start time for pid.

Returns:

A Polkit.Subject. Free with GObject.Object.unref().

Return type:

Polkit.Subject

Creates a new Polkit.UnixProcess object for pid and start_time.

The uid of the process will be looked up in using e.g. the /proc filesystem depending on the platform in use.

classmethod new_pidfd(pidfd, uid, gids)
Parameters:

  • pidfd (int) – The process id file descriptor.

  • uid (int) – The (real, not effective) uid of the owner of pid or -1 to look it up in e.g. /proc.

  • gids ([int] or None) – The (real, not effective) gids of the owner of pid or None.

Returns:

A Polkit.Subject. Free with GObject.Object.unref().

Return type:

Polkit.Subject

Creates a new Polkit.UnixProcess object for pidfd and uid.

get_gids()
Returns:

a GLib.Array of #gid_t containing the group ids for self or None if unknown, as a new reference to the array, caller must deref it when done.

Return type:

[[object]] or None

Gets the group ids for self. Note that this is the real group-ids, not the effective group-ids.

get_owner()
Raises:

GLib.Error

Return type:

int

(deprecated)

get_pid()
Returns:

The process id for self.

Return type:

int

Gets the process id for self.

get_pidfd()
Returns:

The process id file descriptor for self.

Return type:

int

Gets the process id file descriptor for self.

get_pidfd_is_safe()
Returns:

True or False.

Return type:

bool

Checks if the process id file descriptor for self is safe or if it was opened locally and thus vulnerable to reuse.

get_start_time()
Returns:

The start time of self.

Return type:

int

Gets the start time of self.

get_uid()
Returns:

The user id for self or -1 if unknown.

Return type:

int

Gets the user id for self. Note that this is the real user-id, not the effective user-id.

NOTE: The UID may change over time, so the returned value may not match the current state of the underlying process; or the UID may have been set by Polkit.UnixProcess.new_for_owner() or Polkit.UnixProcess.set_uid(), in which case it may not correspond to the actual UID of the referenced process at all (at any point in time).

set_gids(gids)
Parameters:

gids ([[object]]) – A GLib.List of #gid_t containing the group ids to set for self or None to unset them. A reference to gids is taken.

Sets the (real, not effective) group ids for self.

set_pid(pid)
Parameters:

pid (int) – A process id.

Sets pid for self.

set_pidfd(pidfd)
Parameters:

pidfd (int) – A process id file descriptor.

Sets pidfd for self.

set_start_time(start_time)
Parameters:

start_time (int) – The start time for pid.

Set the start time of self.

set_uid(uid)
Parameters:

uid (int) – The user id to set for self or -1 to unset it.

Sets the (real, not effective) user id for self.

Property Details

Polkit.UnixProcess.props.gids
Name:

gids

Type:

GLib.Array

Default Value:

None

Flags:

READABLE, WRITABLE, CONSTRUCT

The UNIX group ids of the process.

Polkit.UnixProcess.props.pid
Name:

pid

Type:

int

Default Value:

0

Flags:

READABLE, WRITABLE, CONSTRUCT

The UNIX process id.

Polkit.UnixProcess.props.pidfd
Name:

pidfd

Type:

int

Default Value:

-1

Flags:

READABLE, WRITABLE, CONSTRUCT

The UNIX process id file descriptor.

Polkit.UnixProcess.props.pidfd_is_safe
Name:

pidfd-is-safe

Type:

bool

Default Value:

False

Flags:

READABLE

Whether the UNIX process ID file descriptor is safe

Polkit.UnixProcess.props.start_time
Name:

start-time

Type:

int

Default Value:

0

Flags:

READABLE, WRITABLE, CONSTRUCT

The start time of the process.

Polkit.UnixProcess.props.uid
Name:

uid

Type:

int

Default Value:

-1

Flags:

READABLE, WRITABLE, CONSTRUCT

The UNIX user id of the process or -1 if unknown.

Note that this is the real user-id, not the effective user-id.