interfaces/builtin: support time and date settings via 'org.freedesktop.timedate1

[stolowski]

Added new timedate-control interface and updated two existing interfaces: timeserver-control and timezone-control to allow access to respective parts of systemd' org.freedesktop.timedate1 interface (lp #1616052).

The test shamelessly stolen from unity7_test.go.

Tested introspection and a property getter manually with:

$ timedatetest.gdbus introspect --system --dest org.freedesktop.timedate1 --object-path /org/freedesktop/timedate1
$ timedatetest.gdbus call --system --dest org.freedesktop.timedate1 --object-path /org/freedesktop/timedate1 --method org.freedesktop.DBus.Properties.Get "org.freedesktop.timedate1" "Timezone"

with the following simple snap:

name: timedatetest
version: 1.0
summary: A test
description: A test

apps:
gdbus:
command: usr/bin/gdbus
plugs: [timedate-control]

parts:
gdbus:
plugin: nil
stage-packages:
- libglib2.0-bin

[zyga]

Why send and receive? // my knowledge of apparmor is rusty here.

[stolowski]

Fair point. receive is needed for property change signals (and only for them) and it was a little bit too lenient. I've split this block into two and added comments - property change signals need 'receive', Get & GetAll need 'send'.

[zyga]

This is inconsistent with the file name, either call the module time_data_control.go or rename the interface to timedate-control.

[stolowski]

Ok, renamed to timedate-control.

[zyga]

Please document this interface so that we know what it allows to do (in docs/interfaces.md) and decide if it is reserved (restricted to trusted snaps) or not. I'd say it is and it should auto-connect.

I have one question about apparmor, please ask @jdstrand for a review after you know the answer to my question.

[stolowski]

@zyga I've added a short doc and made it auto-connect. I'm not sure however about the making it 'reserved', is it about marking it reservedForOs (which it is already)?

[niemeyer]

Needs conflict solving, and a review from @jdstrand. LGTM other than that.

[jdstrand]

I think this PR should be renamed as "support time and date settings via 'org.freedesktop.timedate1" and you should add the timedate-control interface (please rename from time-date-control to timedate-control) and update the timezone-control and timeserver-control as described (each should work without the others, so add the seccomp and dbus introspection rules to all 3).

[jdstrand]

We already have the timeserver-control interface for NTP. NTP calls should be moved there.

We already have the timezone-control interface for adjusting TZ. TZ calls should be moved there.

SetTime and SetLocalRTC can remain here.

[jdstrand]

Unfortunately we can't mediate on method data and systemd only provides Get methods for properties, so you'll need to have these two rules in timezone-control and timeserver-control. This means that all the time* interfaces will be able to read each others properties, but at least they won't be able to Set them.

[jdstrand]

Adjusting the time on a system is a privileged action and this should not autoconnect.

[jdstrand]

'time-control' is probably a better name than timedate-control. Will want @niemeyer to weigh in on that.

[stolowski]

@jdstrand Thanks for the review, I have followed your suggestions and moved some permissions to the other interfaces. All interfaces have permissions to read the properties as well as to introspect timedate1 object.

[zyga]

Let's drop this test please. We just concluded a large simplification where those tests were axed.

[stolowski]

Ok, removed.

[jdstrand]

+1 on security policy changes. Please adjust docs/interfaces.md and implicit.go

I think that 'time-control' would be a nicer name for this interface. @niemeyer, can you comment on if you prefer 'timedate-control' or 'time-control' (or something else)?

[jdstrand]

Can we rephrase this to be:

Can set system time and date and query systemd-timedated for time information.

It's possible we may allow setting the time or the date in other ways (eg, like we do with timezone-control and timeserver-control).

[jdstrand]

Can you update this to be:

Can manage timeservers via systemd-timedated and directly separate from ``config core``

### timezone-control

Can manage timezone via systemd-timedated and directly separate from ``config core``

* Auto-Connect: no

In other words, update timeserver-control to reference systemd-timedated and add timezone-control.

[stolowski]

@jdstrand apologies for forgetting about this change, I'll address it in a separete PR.

[jdstrand]

Can you put this in alphabetical order?

[jdstrand]

Note that I approved the changes you made, but still request further changes (using github's 'comment' mechanism instead of 'request changes' to avoid blocking on me).

[niemeyer]

+1 on time-control if we intend this interface to remain intermediating the ability to set the time even if we change the backend.

[niemeyer]

LGTM once @jdstrand is happy.

[jdstrand]

"+1 on time-control if we intend this interface to remain intermediating the ability to set the time even if we change the backend."

Yes this is the intent. In this manner it is similar to timezone-control and timeserver-control.

@stolowski - we now have agreement. Please rename to 'time-control' and I can do the final review.

[stolowski]

@jdstrand @niemeyer Ok, renamed to time-control and address other comments re docs (and I hope I didn't miss anything).

[jdstrand]

FYI, the request to add timezone-control to docs/interfaces.md was missed in this merge.