summaryrefslogtreecommitdiff
path: root/src/core/dbus-unit.c
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2012-09-06 16:23:11 -0400
committerLennart Poettering <lennart@poettering.net>2012-09-18 01:21:17 +0200
commite2417e4143bb892e4599b01de7b031763421bb64 (patch)
tree28ce7be138180c76054bac7bfa0b30d1a653c7b5 /src/core/dbus-unit.c
parente9ace802cf907d3652e1ef082b39a0cbed4e19a7 (diff)
selinux: add bus service access control
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch adds the ability to look at the calling process that is trying to do dbus calls into systemd, then it checks with the SELinux policy to see if the calling process is allowed to do the activity. The basic idea is we want to allow NetworkManager_t to be able to start and stop ntpd.service, but not necessarly mysqld.service. Similarly we want to allow a root admin webadm_t that can only manage the apache environment. systemctl enable httpd.service, systemctl disable iptables.service bad. To make this code cleaner, we really need to refactor the dbus-manager.c code. This has just become a huge if-then-else blob, which makes doing the correct check difficult. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBJBi8ACgkQrlYvE4MpobOzTwCdEUikbvRWUCwOb83KlVF0Nuy5 lRAAnjZZNuc19Z+aNxm3k3nwD4p/JYco =yops -----END PGP SIGNATURE-----
Diffstat (limited to 'src/core/dbus-unit.c')
-rw-r--r--src/core/dbus-unit.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index fdfa5ee200..d86f60e498 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -26,6 +26,7 @@
#include "dbus-unit.h"
#include "bus-errors.h"
#include "dbus-common.h"
+#include "selinux-access.h"
const char bus_unit_interface[] _introspect_("Unit") = BUS_UNIT_INTERFACE;
@@ -411,9 +412,19 @@ static DBusHandlerResult bus_unit_message_dispatch(Unit *u, DBusConnection *conn
JobType job_type = _JOB_TYPE_INVALID;
char *path = NULL;
bool reload_if_possible = false;
+ int r;
dbus_error_init(&error);
+ r = selinux_unit_access_check(
+ connection,
+ message,
+ m,
+ (u->fragment_path ? u->fragment_path: u->source_path),
+ &error);
+ if (r)
+ return bus_send_error_reply(connection, message, &error, r);
+
if (dbus_message_is_method_call(message, "org.freedesktop.systemd1.Unit", "Start"))
job_type = JOB_START;
else if (dbus_message_is_method_call(message, "org.freedesktop.systemd1.Unit", "Stop"))
@@ -434,7 +445,6 @@ static DBusHandlerResult bus_unit_message_dispatch(Unit *u, DBusConnection *conn
const char *swho;
int32_t signo;
KillWho who;
- int r;
if (!dbus_message_get_args(
message,
@@ -479,7 +489,6 @@ static DBusHandlerResult bus_unit_message_dispatch(Unit *u, DBusConnection *conn
const char *smode;
JobMode mode;
Job *j;
- int r;
if ((job_type == JOB_START && u->refuse_manual_start) ||
(job_type == JOB_STOP && u->refuse_manual_stop) ||