# dbus-broker - Linux D-Bus Message Broker

## CHANGES WITH 33:

        * Fix a race-condition when starting systemd-services from the
          launcher. In particular, services with guarding systemd `Condition*`
          configurations might have incorrectly stalled activation attempts.

        * Return `org.freedesktop.DBus.Error.Failed` rather than a permission
          error for unimplemented functionality. The human-readable part of the
          error will contain "Unimplemented functionality" as explanation.

        * Improve resiliency of the launcher against runtime changes in dbus
          service-files. Changes to the files will no longer affect ongoing
          activation attempts.

        * Fix `GetStats()` returning two replies.

        * Fix missing origin-information in the startup log-message.

        Contributions from: David Rheinsberg, draconicfae, Marcus Sundberg,
                            Mike Gilbert, Stefan Agner, Tom Gundersen

        - Dußlingen, 2023-02-03

## CHANGES WITH 32:

        * Fix several bugs in the d-bus marshalling layer c-dvar, including
          out-of-bound reads.

        * Fix ubsan and asan warnings in c-stdaux and related subprojects.

        * Add initial infrastructure for the upcoming AppArmor security layer.
          This does not include full AppArmor support, yet, but merely prepares
          the code-base for it.

        Contributions from: David Rheinsberg, Evgeny Vereshchagin, Frantisek
                            Sumsal, Sebastian Reichel

        - Dußlingen, 2022-08-05

## CHANGES WITH 31:

        * Fix assertion failures in the user accounting, uncovered by the
          changes to accounting in v30.

        * Fix a memory leak in service-file re-loading, in particular in the
          command-line argument handling.

        * Fix a set of UBs related to memcpy(3), memset(3), and others, called
          with NULL on empty memory areas.

        Contributions from: David Rheinsberg, Evgeny Vereshchagin, Mel34,
                            Torge Matthies

        - Dußlingen, 2022-05-16

## CHANGES WITH 30:

        * Pull in subprojects via meson wraps. Subprojects are no longer
          included via git submodules, but instead pulled in at build-time via
          meson. All subprojects are converted to follow semver-style
          versioning, and dbus-broker pulls them in via a versioned dependency.
          All subprojects are still statically linked and considered part of
          dbus-broker. Any critical update to any subproject will cause a new
          release of dbus-broker, as it always did. Distributions are not
          required to monitor the subprojects manually.
          The official release-tarballs of dbus-broker include up-to-date
          subproject sources and can be used for offline builds. Distributions
          are free to use newer subproject sources for their rebuilds, and this
          is explicitly supported.
          Please refer to the meson documentation for details on how to manage
          subprojects. You can still pull in other versions of the dependencies
          by putting the sources into ./subprojects/. This change merely makes
          meson pull in the newest sources via a meson-wrap-file, if, and only
          if, no other sources have been provided.
          This change requires `meson-0.60` or newer.

        * Systemd units with failed `Condition*=` directives are now correctly
          considered failed, even if they report success.

        * Failed service activations now report more detailed information on
          the activation failure back through the activating client. The exact
          error information is now transmitted back from the launcher to the
          broker and then included in the dbus error message to the client.

        * Order the broker unit explicitly after `dbus.socket` to enforce the
          dependency even if the broker is disable temporarily. When the unit
          is enabled, this dependency is implicit due to the used alias to
          `dbus.service`.

        * The broker now runs in `session.slice` if applicable. The broker is
          thus considered more vital to the session and thus is less likely to
          be collected on resource exhaustion.

        * The `GetStats()` call on `org.freedeskop.DBus.Debug` now properly
          returns reply-owner statistics. Before, those were always set to 0.

        * Fix incorrect resource accounting of connecting peers. Before, only
          the data a peer actually transmitted/received was accounted, but the
          management object of the peer itself was not. This is now fixed to
          properly account all resources a peer uses.

        * Fix NULL-derefs in the XML configuration parser. Empty XML tags could
          have caused NULL-derefs before. This is now fixed.

        * Fix a buffer-overflow in shell-quote parsing, used by the `Exec=`
          line in activation service files.

        * Fix the launcher to obtain service-paths from systemd directly rather
          than building them manually. This will correctly resolve unit aliases
          and other quirks of systemd units.

        Contributions from: David Rheinsberg, Hugo Osvaldo Barrera, Luca
                            Boccassi, Zbigniew Jędrzejewski-Szmek, msizanoen1

        - Dußlingen, 2022-05-10

## CHANGES WITH 29:

        * Improve SELinux audit messages. This requires the new libselinux-3.2
          and libaudit-3.0 releases. If audit/selinux support is enabled, those
          are now the minimum required versions.

        * Make linux-4.17 a hard-requirements. Older kernels are no longer
          supported.

        * Fix startup failures when at-console users have consecutive uids.

        Contributions from: Chris PeBenito, David Rheinsberg, Thomas Mühlbacher

        - Dußlingen, 2021-06-02

## CHANGES WITH 28:

        * Further improvements to the service activation tracking. This better
          tracks units in systemd and closes some races where a repeated
          activation would incorrectly fail.

        * Fix a crash where duplicate monitor matches would be incorrectly
          installed in the broker.

        * Clear the ambient capability set to harden against possible exploits.

        * A couple of bug-fixes in the utility libraries, and static
          dependencies of the broker.

        Contributions from: David Rheinsberg

        - Dußlingen, 2021-03-17

## CHANGES WITH 27:

        * Fix several bugs with the new service-activation tracking, including
          a race-condition when restarting activatable services. Note that this
          includes a change to the internal controller API, which is used to
          communicate between the launcher and the broker.

        * Be more verbose about denied configuration access and print the
          file-path for better diagnostics.

        Contributions from: David Rheinsberg

        - Dußlingen, 2021-02-24

## CHANGES WITH 26:

        * Improve the service activation tracking of the compatibility
          launcher. We now track spawned systemd units for their entire
          lifetime, so we can properly detect when activations fail.

        * Work around a kernel off-by-one error in the socket queue accounting
          to fix a race-condition where dbus clients might not be dispatched.

        * Support running without `shmem` configured in the kernel. This will
          make the broker run better on limited embedded devices.

        Contributions from: Chris Paulson-Ellis, David Rheinsberg, Tim Gates

        - Dußlingen, 2021-01-20

## CHANGES WITH 25:

        * Fix an assertion failure when disconnecting monitors with active
          unique-name matches.

        * Fix the selinux error-handling to no longer mark all errors as
          auditable by default.

        * Minor improvements to the test-suite for better debugging.

        Contributions from: Chris PeBenito, David Rheinsberg

        - Tübingen, 2020-12-03

## CHANGES WITH 24:

        * Improve log messages for invalid configuration files, as well as
          early start-up errors.

        * Make audit-events properly typed and prevent non-auditable events
          from being forwarded to the linux audit system.

        Contributions from: Chris PeBenito, David Rheinsberg

        - Tübingen, 2020-09-04

## CHANGES WITH 23:

        * Expose supplementary groups as `UnixGroupIDs` as defined by the dbus
          specification in 0.53.

        * Fix an issue where the launcher incorrectly reported success even
          though it could not parse the bus configuration.

        * Fix an issue where the launcher was unnecessarily verbose about trying
          to start masked units. It will now only log once per unit.

        * Fix an issue where transient systemd unit names were not correctly
          escaped.

        * The broker now uses the peer-pid from `SO_PEERCRED` on the controller
          socket, rather than relying on `getppid()`. This allows creating the
          broker from intermediate processes without having any credentials of
          the intermediate leak into the broker.

        Contributions from: David Rheinsberg

        - Tübingen, 2020-05-11

## CHANGES WITH 22:

        * Implement org.freedesktop.DBus.Debug.Stats in the driver. This
          interface is defined by dbus-daemon and we use it similarly to expose
          internal state of the broker. For now, only the GetStats() call is
          supported, and it dumps the full accounting state to the caller.
          This will hopefully aid resource-debugging in the future.

        * Support no-op activation files. If neither a binary to execute, nor a
          service to activate, is specified, the service is expected to spawn
          via its own means (for instance spawned automatically during bootup,
          or activated via side-channels).

        * The new configuration option `linux-4-17`, if set to true (default is
          false), makes dbus-broker assume it runs on linux-v4.17 or newer. It
          will make use of features introduced up to linux-v4.17. This allows
          to forcibly disable workarounds for old kernels, where a feature
          detection at runtime is not possible.

          This option is meant to allow distributions to circumvent the
          workarounds, in case their setup does not work with them. Unless you
          have reason to set this option, it is safe to keep the default.

          Once the mandatory required kernel version of dbus-broker is bumped
          to v4.17, this option will default to `true` (an override to `false`
          will then no longer be allowed).

        * The `BecomeMonitor()` call now allows `eavesdrop={true|false}`
          attributes. This is required for compatibility with `dbus-monitor`,
          which always forcibly sets this attribute. Note that the attribute
          has no effect (nor meaning) when specified with `BecomeMonitor()`. It
          is completely ignored by dbus-broker.

        * The SELinux configuration parser is fixed regarding some wrongly
          placed assertions.

        * DBus socket handling is fixed to no longer fault on `MSG_CTRUNC`.
          Without this, clients can DoS dbus-broker, if, and only if, they can
          make the active LSM drop file-descriptors in a transmitted message
          due to policy denials. This has no effect if LSMs are not used.

        * Minor bugfixes all over the place, including fixes to build under
          musl libc.

        Contributions from: David Rheinsberg, Luca Boccassi, Tom Gundersen

        - Tübingen, 2020-02-17

## CHANGES WITH 21:

        * A handful of bugfixes for the launcher.

        Contributions from: David Rheinsberg, Tom Gundersen

        - Tübingen, 2019-05-02

## CHANGES WITH 20:

        * Major improvements in the logging infrastructure of the launcher.
          Messages are now directly forwarded to the journal and amended with
          additional fields. The journal-catalog now contains entries with
          background information on runtime log messages. Lastly, many of the
          log-messages were overhauled to be more descriptive.

        * The `c-sundry` submodule was dropped and replaced by `c-stdaux`. This
          is a much smaller project with a clearly stated goal. The old dumping
          gound `c-sundry` is no longer needed (remaining bits were moved into
          the dbus-broker codebase).

        Contributions from: David Herrmann, Tom Gundersen

        - Tübingen, 2019-04-10

## CHANGES WITH 19:

        * Fix a possible integer overflow in resource quota calculations.
          Before this, it was possible to exceed the assigned resource limits
          by crafting messages that trigger this integer overflow. This
          effectively allows machine-local resource exhaustion.

        * Fix the resource limit calculation. Previously, resource limits were
          incorrectly calculated, leading too limits that were higher than
          intended.

        Contributions from: David Herrmann, Tom Gundersen

        - Tübingen, 2019-03-28

## CHANGES WITH 18:

        * The handling of configuration parsing errors of the compatibility
          launcher is now aligned with dbus-daemon. This means, non-existant
          service files and file-system errors are now ignored and do not cause
          the launcher to refuse to start.

        * The compatibility launcher is no longer isolated in its own network
          namespace, since the SELinux APIs require access to the root network
          namespace. If you package the launcher with SELinux disabled, you can
          get back the old behavior by using `PrivateNetwork=true` in your dbus
          service file.

        Contributions from: David Herrmann, Tom Gundersen, Yanko Kaneti

        - Tübingen, 2019-02-20

## CHANGES WITH 17:

        * The `g_shell` subsystem of glib was replaced with a new submodule
          from the c-util suite, called `c-shquote`. It is a small project that
          implements POSIX-Shell compatible quoting. This is required by the
          dbus compatibility launcher to parse activation files.

          Furthermore, the `g_key_file` subsystem of glib was replaced with a
          submodule called `c-ini`, which implements a key-value file-parser.

          Both submodules need to be added if you compile from git. With this
          change, dbus-broker no longer requires glib.

        * The new configuration options introduced in dbus-1.12 are now
          recognized by the compatibility launcher and will no longer trigger
          warnings.

        * The systemd units shipped with dbus-broker now put the broker into
          more isolated environments, hopefully reducing the impact of possible
          security breaches. This requires semi-recent systemd releases to have
          an effect. Older systemd release will ignore these new sandboxing
          features.

        * In case of forced client disconnects, the broker will now be a lot
          more verbose and specific in its log-messages, describing exactly why
          a client was disconnected. This hopefully aids debugging of
          misbehaving clients.

        * Messages with file-descriptors will now be refused if the client did
          not negotiate file-descriptor passing before. This aligns the
          behavior of the broker with the reference implementation. Before, all
          clients were treated as if they support file-desciptor passing. This
          is no longer the case.

        Contributions from: David Herrmann, Jacob Alzén, Tom Gundersen

        - Tübingen, 2019-01-01

## CHANGES WITH 16:

        * Explicitly mention our mailing-list in the README:

              https://groups.google.com/forum/#!forum/bus1-devel

          All dbus-broker releases are announced there, and the list is open
          for any dbus and dbus-broker related discussions.

        * Revert the removal of the --verbose switch of bus launcher. There
          are existing users that pass this switch, and now suddenly fail
          spawning dbus-broker. The switch is now a no-op and silently ignored.

        * The global resource limits were reconsidered and aligned with the
          values used by dbus-daemon(1) and current distributions. Furthermore,
          the limits provided in the bus XML configuration are now interpreted
          by the launcher and converted to the broker-internal accounting
          scheme.

        Contributions from: Daniel Rusek, David Herrmann, Marc-Antoine
                            Perennou, Tom Gundersen

        - Tübingen, 2018-10-09

## CHANGES WITH 15:

        * Fix dbus-broker-launch to retain CAP_AUDIT_WRITE in its ambient
          capability set, so dbus-broker will get it as well.

        * Be less verbose about unknown usernames in the XML config of
          dbus-broker-launch.

        Contributions from: David Herrmann, Tom Gundersen

        - Tübingen, 2018-08-08

## CHANGES WITH 14:

        * The broker now implements the org.freedesktop.DBus.Peer, and
          org.freedesktop.DBus.Properties interfaces.

        * The man-pages have been updated to reflect the current state of
          dbus-broker and dbus-broker-launch.

        * Matches are now indexed by all major fields, greatly improving
          broadcast performance.

        * The launcher now respects the `<user>NAME</user>' configuration and
          correctly drops privileges of the broker and itself after startup.

        * The `send_broadcast', `min_fds', and `max_fds' XML policy attributes
          are now supported (as defined by dbus-daemon(1)).

        * Configuration files are now watched for modifications by the
          launcher. Any modification triggers a configuration reload. This
          follows the behavior of dbus-daemon(1).

        * The broker gained a `--machine-id' command-line switch to specify the
          local machine-id to be served via the org.freedesktop.DBus.Peer
          interface. The launcher uses libsystemd-daemon to provide it.

        * The controller interface of dbus-broker has been renamed from
          org.bus1.DBus.Launcher to org.bus1.DBus.Controller.

        Contributions from: David Herrmann, Khem Raj, Tom Gundersen

        - Tübingen, 2018-07-03

## CHANGES WITH 13:

        * The --verbose command-line switch was dropped from both the broker
          and the launcher. Its behavior is now the default.

        * Fix a startup dead-lock with systemd NSS plugins. This requires
          setting the SYSTEMD_NSS_BYPASS_BUS environment variable, so
          libnss_systemd.so will skip recursive bus-calls.

        * Read /etc/{passwd,groups} early on from the launcher to
          pre-initialize the nss-cache. This allows startup on properly
          configured systems without ever calling into NSS. Furthermore, in
          case this does not resolve all required usernames, the launcher will
          loudly log any call into NSS, to better debug early dead-locks in bus
          startup code.
          Note that this new mechanic overrules /etc/nsswitch.conf for the
          launcher. However, this is only made based on the assumption that
          if an entry is present in /etc/{passwd,groups}, it better be a valid
          entry. If an entry is not present, the launcher will still correctly
          call into NSS.

        Contributions from: David Herrmann, Tom Gundersen

        - Tübingen, 2018-04-23

## CHANGES WITH 12:

        * Building documentation is now optional. Use -Ddocs=true with meson
          to build documentation. It is disabled by default.

        * The compatibility launcher now namespaces transient systemd units
          based on its own name on the scope-bus (i.e., the bus
          dbus-broker-launch uses to ask systemd for activation of units). This
          allows running private dbus-broker instances, while using transient
          systemd-units on the scope-bus for activation. For instance, at-spi2
          can use activated units that clash with the namespace of the session
          or system bus.

        * Several bug-fixes.

        Contributions from: Daniele Nicolodi, David Herrmann, Tom Gundersen

        - Tübingen, 2018-04-17

## CHANGES WITH 11:

        * Building now requires linux-api-headers>=4.13. We expect the
          SO_PEERGROUPS socket-option to be defined in the kernel headers.
          Older kernels are still supported at runtime, but at build-time you
          need to provide recent headers.

        * The build-system now supports a new meson configuration option,
          called 'system-console-users'. It takes an array of user-names which
          should be considered 'at-console' by dbus-broker-launch. These extend
          the existing range based on [SYSTEMUIDMAX+1..-1[ with a list of
          statically provided usernames.

          This allows distributions to provide special system-users that need
          to be considered as 'at-console'. Right now, this should be used for
          users like 'gdm', which are system-users, but need static access to
          the console. Note that these usernames must be reserved by the
          distribution, but don't have to be present at runtime. The launcher
          dynamically picks the usernames that it can resolve, and retries on
          every reload.

        * The policy-type of the dbus-broker API has been simplified. It is now
          reduced to a policy-batch indexed by uids, in combination with a
          policy-batch indexed either by gid or uid-range. Per peer, the broker
          will only ever select one uid-batch, and all matching gid/uid-range
          batches. Note that anything but the per-uid-batch is deprecated, and
          exclusively meant for backwards compatibility.

          This change only affects dbus-broker. The compatibility launcher was
          adapted to use this new API. It still converts the policy as given by
          the XML configuration in a compatible way to the simplified internal
          representation.

        * The launcher now requires an explicit --audit commandline option to
          enable auditing. Before, it was deduced based on the passed scope.
          You now have to pass it explicitly.

        * The launcher now supports a `--config-file PATH` commandline option
          to override the root configuration file, which is still deduced based
          on the passed scope parameter.

        * A path miscomputation in the XML <include> tags was fixed. They should
          work as expected now.

        * The <servicedir> XML tags are now properly supported. Before, they
          were correctly parsed, but never actually sourced for input.

        * The XDG_DATA_DIRS environment variable is now supported by the
          launcher, according to the related xdg spec. Note that this only
          affects the user-scope!

        * The --listen parameter was dropped from the launcher. Only
          socket-activation is supported now. If required, any parent process
          should now create the listener socket themselves, and pass it in like
          socket activation.

        * As usual, a bunch of fixes and small improvements!

        Contributions from: David Herrmann, Tom Gundersen

        - Tübingen, 2018-02-21

## CHANGES WITH 10:

        * Fix RequestName() / ReleaseName() to send signals before their reply,
          to match dbus-daemon behavior.

        * Several bug-fixes, cleanups, and performance improvements.

        Contributions from: David Herrmann, Tom Gundersen

        - Tübingen, 2018-02-07

## CHANGES WITH 9:

        * A configuration reload of the launcher can now be triggered via its
          managing systemd instance. The ExecReload= key is hooked up to
          trigger a ReloadConfig() D-Bus call.

        * The launcher now runs as 'Type=notify' systemd service type. This
          closes a possible dead-lock during startup. Previously, there was a
          chance of systemd itself connecting to D-Bus in a blocking manner,
          before the launcher was ready. This might have resulted in the
          launcher waiting on systemd, and thus dead-lock.
          By running as 'Type=notify' systemd will wait for the launcher to be
          ready before connecting to it.

        * Activated units now inherit their user from the actual D-Bus service,
          if provided. They used to be started as root, but now the 'User=' key
          is properly honored.

        Contributions from: David Herrmann, Marc-Antoine Perennou, Tom
                            Gundersen

        - Tübingen, 2017-11-30

## CHANGES WITH 8:

        * The launcher now uses instantiated systemd template units when
          activating a service that has no associated systemd service file.
          This allows services to stick around after being deactivated. It is
          closer in behavior to the original service activation of dbus-daemon,
          while still keeping them out of the dbus-broker environment.

        * Audit is now only enabled when --audit is passed to dbus-broker. By
          default, the launcher will pass it only for the system bus.

        * The launcher now supports configuration reloading. When triggered, it
          forces the launcher to reload the bus configuration and all service
          files, and adjust the broker state. Note that not all modifiers can
          be adjusted at runtime (e.g., you cannot change the user the broker
          runs as). The set of modifiers that can be adjusted at runtime is the
          same set that dbus-daemon(1) supports.
          The reload operation can be triggered via a direct SIGHUP to the
          launcher, or via the ReloadConfig() call on org.freedesktop.DBus.

        * The AddListener() call on org.bus1.DBus.Broker no longer accepts the
          policy filesystem path. It was a no-op since dbus-broker supports
          parsing policies in the launcher.

        Contributions from: David Herrmann, Tom Gundersen

        - Tübingen, 2017-11-07

## CHANGES WITH 7:

        * More bugfixes for 32bit architectures.

        Contributions from: David Herrmann

        - Berlin, 2017-10-17

## CHANGES WITH 6:

        * Bugfixes for 32bit architectures.

        Contributions from: David Herrmann, Tom Gundersen

        - Tübingen, 2017-10-15

## CHANGES WITH 5:

        * Man-pages for dbus-broker and dbus-broker-launch are now built via
          meson and installed into `$prefix/man' by default.

        * AddListener() on org.bus1.DBus.Broker now supports uid-ranges. This
          is used by the launcher to implement at_console={true,false} policies
          by considering any uid higher than SYSTEMUIDMAX (as defined by
          systemd) to be at the console. For a detailed discussion, see:

              https://github.com/bus1/dbus-broker/issues/56
              https://github.com/systemd/systemd/pull/6762

        * The dbus-broker.service unit is now ordered before basic.target. This
          ensures that D-Bus applications can use the bus during shutdown.
          Until now, shutdown of the message bus was unordered against shutdown
          of D-Bus applications. While applications should handle such
          situations gracefully, ordering dbus-broker.service before
          basic.target eliminates a random source of bus errors during
          shutdown.

        * If running the launcher, you are highly recommended to update
          libexpat to 2.2.3, or newer. It contains fixes to avoid random stalls
          on /dev/random. For details, see:

              https://github.com/libexpat/libexpat/blob/R_2_2_3/expat/Changes
              https://github.com/libexpat/libexpat/pull/92
              https://bugs.freedesktop.org/show_bug.cgi?id=101858

        Contributions from: David Herrmann, Marc-Antoine Perennou, Tom
                            Gundersen

        - Tübingen, 2017-10-10

## CHANGES WITH 4:

        * Add optional libaudit support in combination with SELinux. If
          enabled, SELinux AVC violations will end up in the audit log, rather
          than syslog.

        * Drop auto-detection of dependencies. The build-system now requires
          explicit configuration via meson (see `mesonconf' or `-Dfoo=bar').

          3 user-options are provided:

              - audit=off
                Whether libaudit should be used as dependency to log AVC
                violations in combination with SELinux.

              - selinux=off
                Whether libselinux should be used as dependency to implement
                MAC-security compatible to dbus-daemon(1).

              - launcher=on
                Whether the dbus-broker-launch compatibility binary should be
                built or not.

        * Submodule fallback logic is no longer available. All submodules are
          forcibly linked from now on. Once the submodules have public, stable
          releases, we will make them mandatory dependencies. Until then, they
          will be mandatory builtins.

        * The compatibility launcher now supports extended service search-paths
          according to the D-Bus Specification. Before, it hard-coded
          /usr/share/dbus-1, but now it correctly follows the XDG Base Dir
          Spec.

        * Units will now be activated via explicit calls to StartUnit() rather
          than faking a ActivationRequest directed signal. This allows to catch
          startup failures (or rejections) and allows to reject all pending
          activation requests right away.

        * The broker now logs policy violations to the system log.

        * Lots of bug fixes all around.

        Contributions from: David Herrmann, Laurent Bigonville, Michal Schmidt,
                            Mike Gilbert, Tom Gundersen

        - Tübingen, 2017-09-07

## CHANGES WITH 3:

        * Added manpages.

        Contributions from: Tom Gundersen

        - Oslo, 2017-08-18

## CHANGES WITH 2:

        * Added SELinux support.

        Contributions from: Tom Gundersen

        - Oslo, 2017-08-16

## CHANGES WITH 1:

        * Initial release of dbus-broker.

        * Contains dbus-broker, an independent D-Bus message broker
          implementation, which provides near perfect compatibility to the
          D-Bus reference implementation dbus-daemon(1).
          The broker binary is a pure bus implementation that does not depend
          on any external resources or environments. Rather it is controlled
          via a private control-connection from its parent process. This allows
          the parent to modify the broker at runtime, get notified of specific
          events, and control its lifetime.

        * The dbus-broker-launch application implements the D-Bus system and
          session bus compatible to dbus-daemon(1). It reads the known policy
          and service files, reacts to well-defined signals, and employs
          dbus-broker for the actual message passing.

        Contributions from: David Herrmann, Georg Müller, Marc-Antoine Perennou,
                            Tom Gundersen

        - Tübingen, 2017-08-03