diff options
Diffstat (limited to 'src/machine')
| -rw-r--r-- | src/machine/machined-dbus.c | 11 | ||||
| -rw-r--r-- | src/machine/org.freedesktop.machine1.conf | 4 |
2 files changed, 10 insertions, 5 deletions
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c index 726cc4cbc7..1087a1bc4f 100644 --- a/src/machine/machined-dbus.c +++ b/src/machine/machined-dbus.c @@ -23,6 +23,7 @@ #include <string.h> #include <unistd.h> #include <pwd.h> +#include <sys/capability.h> #include "sd-id128.h" #include "sd-messages.h" @@ -342,12 +343,12 @@ static int method_kill_machine(sd_bus *bus, sd_bus_message *message, void *userd const sd_bus_vtable manager_vtable[] = { SD_BUS_VTABLE_START(0), - SD_BUS_METHOD("GetMachine", "s", "o", method_get_machine, 0), - SD_BUS_METHOD("GetMachineByPID", "u", "o", method_get_machine_by_pid, 0), - SD_BUS_METHOD("ListMachines", NULL, "a(ssso)", method_list_machines, 0), + SD_BUS_METHOD("GetMachine", "s", "o", method_get_machine, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("GetMachineByPID", "u", "o", method_get_machine_by_pid, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("ListMachines", NULL, "a(ssso)", method_list_machines, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("CreateMachine", "sayssusa(sv)", "o", method_create_machine, 0), - SD_BUS_METHOD("KillMachine", "ssi", NULL, method_kill_machine, 0), - SD_BUS_METHOD("TerminateMachine", "s", NULL, method_terminate_machine, 0), + SD_BUS_METHOD("KillMachine", "ssi", NULL, method_kill_machine, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)), + SD_BUS_METHOD("TerminateMachine", "s", NULL, method_terminate_machine, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)), SD_BUS_SIGNAL("MachineNew", "so", 0), SD_BUS_SIGNAL("MachineRemoved", "so", 0), SD_BUS_VTABLE_END diff --git a/src/machine/org.freedesktop.machine1.conf b/src/machine/org.freedesktop.machine1.conf index b2d6df3121..970ccd8d69 100644 --- a/src/machine/org.freedesktop.machine1.conf +++ b/src/machine/org.freedesktop.machine1.conf @@ -44,6 +44,10 @@ send_interface="org.freedesktop.machine1.Manager" send_member="GetMachine"/> + <allow send_destination="org.freedesktop.machine1" + send_interface="org.freedesktop.machine1.Manager" + send_member="GetMachineByPID"/> + <allow receive_sender="org.freedesktop.machine1"/> </policy> |