machined: beef up PolicyKit actions

Introduce separate actions for creating login or shell sessions for the local host or a local container. By default allow local unprivileged clients to create new login sessions (which is safe, since getty will ask for username and authentication). Also, imply login privs from shell privs, as well as shell and login privs from manage privs.
author: Lennart Poettering <lennart@poettering.net> 2015-08-24 21:27:37 +0200
committer: Lennart Poettering <lennart@poettering.net> 2015-08-24 22:46:45 +0200
commit: 4289c3a725062e2750da0baaf67fc53ba90e4739 (patch)
tree: 8117b60373f01ac8883eb6b74c0f94ec3f9db177 /src/machine/machine-dbus.c
parent: b04c25f9ef6359ed0ae403bdbfe4df840aba0f58 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
index b89bb2cba1..af2b8eff06 100644
--- a/src/machine/machine-dbus.c
+++ b/src/machine/machine-dbus.c
@@ -486,7 +486,7 @@ int bus_machine_method_open_pty(sd_bus_message *message, void *userdata, sd_bus_
         r = bus_verify_polkit_async(
                         message,
                         CAP_SYS_ADMIN,
-                        "org.freedesktop.machine1.open-pty",
+                        m->class == MACHINE_HOST ? "org.freedesktop.machine1.host-open-pty" : "org.freedesktop.machine1.open-pty",
                         false,
                         UID_INVALID,
                         &m->manager->polkit_registry,
@@ -575,7 +575,7 @@ int bus_machine_method_open_login(sd_bus_message *message, void *userdata, sd_bu
         r = bus_verify_polkit_async(
                         message,
                         CAP_SYS_ADMIN,
-                        "org.freedesktop.machine1.login",
+                        m->class == MACHINE_HOST ? "org.freedesktop.machine1.host-login" : "org.freedesktop.machine1.login",
                         false,
                         UID_INVALID,
                         &m->manager->polkit_registry,
@@ -676,7 +676,7 @@ int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bu
         r = bus_verify_polkit_async(
                         message,
                         CAP_SYS_ADMIN,
-                        "org.freedesktop.machine1.shell",
+                        m->class == MACHINE_HOST ? "org.freedesktop.machine1.host-shell" : "org.freedesktop.machine1.shell",
                         false,
                         UID_INVALID,
                         &m->manager->polkit_registry,
author	Lennart Poettering <lennart@poettering.net>	2015-08-24 21:27:37 +0200
committer	Lennart Poettering <lennart@poettering.net>	2015-08-24 22:46:45 +0200
commit	4289c3a725062e2750da0baaf67fc53ba90e4739 (patch)
tree	8117b60373f01ac8883eb6b74c0f94ec3f9db177 /src/machine/machine-dbus.c
parent	b04c25f9ef6359ed0ae403bdbfe4df840aba0f58 (diff)