diff options
author | Stef Walter <stef@thewalter.net> | 2014-08-06 11:45:36 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-08-18 18:08:28 +0200 |
commit | 283868e1dcd8ea7475850d9c6e7d4722c473dd50 (patch) | |
tree | 6334ed9b79e0c3c6242acfc050c00da4284ed7d1 /src/core/dbus-unit.c | |
parent | f38857914ab5c9cc55aac05795e1886963a5fd04 (diff) |
core: Verify systemd1 DBus method callers via polkit
DBus methods that retrieve information can be called by anyone.
DBus methods that modify state of units are verified via polkit
action: org.freedesktop.systemd1.manage-units
DBus methods that modify state of unit files are verified via polkit
action: org.freedesktop.systemd1.manage-unit-files
DBus methods that reload the entire daemon state are verified via polkit
action: org.freedesktop.systemd1.reload-daemon
DBus methods that modify job state are callable from the clients
that started the job.
root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property
access etc. There are several DBus methods that can only be
called by root.
Open up the dbus1 policy for the above methods.
(Heavily modified by Lennart, making use of the new
bus_verify_polkit_async() version that doesn't force us to always
pass the original callback around. Also, interactive auhentication must
be opt-in, not unconditional, hence I turned this off.)
Diffstat (limited to 'src/core/dbus-unit.c')
-rw-r--r-- | src/core/dbus-unit.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c index 2132f59faa..8fe83aefec 100644 --- a/src/core/dbus-unit.c +++ b/src/core/dbus-unit.c @@ -421,6 +421,12 @@ int bus_unit_method_kill(sd_bus *bus, sd_bus_message *message, void *userdata, s assert(message); assert(u); + r = bus_verify_manage_unit_async_for_kill(u->manager, message, error); + if (r < 0) + return r; + if (r == 0) + return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ + r = sd_bus_message_read(message, "si", &swho, &signo); if (r < 0) return r; @@ -455,6 +461,12 @@ int bus_unit_method_reset_failed(sd_bus *bus, sd_bus_message *message, void *use assert(message); assert(u); + r = bus_verify_manage_unit_async(u->manager, message, error); + if (r < 0) + return r; + if (r == 0) + return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ + r = selinux_unit_access_check(u, message, "reload", error); if (r < 0) return r; @@ -472,6 +484,12 @@ int bus_unit_method_set_properties(sd_bus *bus, sd_bus_message *message, void *u assert(message); assert(u); + r = bus_verify_manage_unit_async(u->manager, message, error); + if (r < 0) + return r; + if (r == 0) + return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ + r = sd_bus_message_read(message, "b", &runtime); if (r < 0) return r; |