summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-01-13 13:53:32 +0100
committerLennart Poettering <lennart@poettering.net>2015-01-13 13:55:15 +0100
commitb4d8ef7c994c54abb7f389c47f7f099ce7ff9293 (patch)
tree9d6bfe1b69496bfc6606e412dd306ed2ad62851f /src
parent6da023a048c7456c2ca849d9437a88817a1189d6 (diff)
machined: refuse certain operation on non-container machines, since they cannot work elsewhere
Diffstat (limited to 'src')
-rw-r--r--src/machine/machine-dbus.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
index e7d4a3b3ce..b46f0a8dac 100644
--- a/src/machine/machine-dbus.c
+++ b/src/machine/machine-dbus.c
@@ -175,6 +175,9 @@ int bus_machine_method_get_addresses(sd_bus *bus, sd_bus_message *message, void
assert(message);
assert(m);
+ if (m->class != MACHINE_CONTAINER)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Requesting IP address data is only supported on container machines.");
+
r = readlink_malloc("/proc/self/ns/net", &us);
if (r < 0)
return sd_bus_error_set_errno(error, r);
@@ -319,6 +322,9 @@ int bus_machine_method_get_os_release(sd_bus *bus, sd_bus_message *message, void
assert(message);
assert(m);
+ if (m->class != MACHINE_CONTAINER)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Requesting OS release data is only supported on container machines.");
+
r = namespace_open(m->leader, NULL, &mntns_fd, NULL, &root_fd);
if (r < 0)
return r;
@@ -403,6 +409,9 @@ int bus_machine_method_open_pty(sd_bus *bus, sd_bus_message *message, void *user
assert(message);
assert(m);
+ if (m->class != MACHINE_CONTAINER)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Opening pseudo TTYs is only supported on container machines.");
+
master = openpt_in_namespace(m->leader, O_RDWR|O_NOCTTY|O_CLOEXEC);
if (master < 0)
return master;
@@ -431,6 +440,9 @@ int bus_machine_method_open_login(sd_bus *bus, sd_bus_message *message, void *us
const char *p;
int r;
+ if (m->class != MACHINE_CONTAINER)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Opening logins is only supported on container machines.");
+
r = bus_verify_polkit_async(
message,
CAP_SYS_ADMIN,