The dbus communication interface in Linux systems manages most system-level information or control. Desktops need to know how to manage things like USB drive insertion or WiFi settings. This led to dbus (short for desktop bus) but quickly became core to all system management. For example, it controls the following items:
- WiFi connections (including password prompts)
- Battery level and charging status
- USB storage or speakers
- Bluetooth (including pairing, speakers, and telephones)
- Available package upgrades
- System sleep, shutdown, or reboot
So why would you want embedded systems to know about dbus? Most of the things listed above are still needed in an embedded device, but there isn’t a desktop to display them on. You want to be able to manage those things yourself so that the computer inside is invisible.
Let’s talk about what dbus is and how it does its job
Dbus is an Inter-Process Communication protocol (IPC). It allows multiple processes to exchange information in a standardized way. This is typically used to separate the back end system control from the user-facing interface. For example, a product-specific process could manage WiFi connections in a different way than the typical network icon.
IPCs have been around on operating systems for quite some time. On Windows, COM and DDE are probably the best known. On macOS, Distributed Notifications or AppleEvents are good examples. You can run dbus on any modern Unix, Windows, or macOS platform; but it’s only the standard system management IPC on Linux.
The Dbus protocol defines both how to exchange data, and also the metadata about what data is available. This ensures that processes aren’t trying to communicate with incompatible service definitions. This also allows introspection of the services and tracing of message traffic for development.
Because the protocol is the standard, the exact version of the processes doesn’t matter. As long as they follow the standard interface, everything works. This makes it easy to do security upgrades and to substitute product-specific interfaces. Dbus packages are available for any modern language. The reference dbus implementation is in C and many languages just wrap that. Native implementations are also possible.
You need a security model for systems management
The security model ensures that the wrong users (or roles in the embedded case) aren’t doing something inappropriate. Because dbus is limited to a single machine, it can rely on the operating system to tell it who it is talking to and what groups they are in. With that information, the security policy can be easily defined for any service.
There are usually two dbus instances running on a Linux system: system and session. The session dbus is created when you login and is isolated to processes run within that login. This lets you do things like copy-and-paste, for example. You don’t usually need any additional security in the session bus.
The system bus manages things like shutdown and networks. It can define what operations are permitted depending on the remote connection’s user or group. For an embedded system, there may be no point in having a session bus and everything may be controlled through the system bus.
Do you need dbus?
There are command line programs for most system management functions. However, these traditional interfaces now talk dbus to get the job done. For example, the shutdown command actually uses dbus to tell systems to set a new run level. Talking directly to dbus saves a step and may expose a richer interface than the command line.
Once you are interacting with dbus, then all your system management can be done in a product-specific way. The well tested Linux back end processes are doing the work, but are controlled through your product-specific policies or user interface.