From c529695e7a30b300fdaa61ace4a8a4ed0e94ad1c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 18 Feb 2015 12:55:25 +0100 Subject: logind: open up most bus calls for unpriviliged processes, using PolicyKit Also, allow clients to alter their own objects without any further priviliges. i.e. this allows clients to kill and lock their own sessions without involving PK. --- src/machine/image-dbus.c | 4 ++++ src/machine/machine-dbus.c | 5 +++++ 2 files changed, 9 insertions(+) (limited to 'src/machine') diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c index 0d4ebde92b..ef1914e2b9 100644 --- a/src/machine/image-dbus.c +++ b/src/machine/image-dbus.c @@ -47,6 +47,7 @@ int bus_image_method_remove( CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-images", false, + UID_INVALID, &m->polkit_registry, error); if (r < 0) @@ -88,6 +89,7 @@ int bus_image_method_rename( CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-images", false, + UID_INVALID, &m->polkit_registry, error); if (r < 0) @@ -129,6 +131,7 @@ int bus_image_method_clone( CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-images", false, + UID_INVALID, &m->polkit_registry, error); if (r < 0) @@ -165,6 +168,7 @@ int bus_image_method_mark_read_only( CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-images", false, + UID_INVALID, &m->polkit_registry, error); if (r < 0) diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c index 405c072b90..116e711a78 100644 --- a/src/machine/machine-dbus.c +++ b/src/machine/machine-dbus.c @@ -133,6 +133,7 @@ int bus_machine_method_terminate(sd_bus *bus, sd_bus_message *message, void *use CAP_KILL, "org.freedesktop.machine1.manage-machines", false, + UID_INVALID, &m->manager->polkit_registry, error); if (r < 0) @@ -178,6 +179,7 @@ int bus_machine_method_kill(sd_bus *bus, sd_bus_message *message, void *userdata CAP_KILL, "org.freedesktop.machine1.manage-machines", false, + UID_INVALID, &m->manager->polkit_registry, error); if (r < 0) @@ -480,6 +482,7 @@ int bus_machine_method_open_login(sd_bus *bus, sd_bus_message *message, void *us CAP_SYS_ADMIN, "org.freedesktop.machine1.login", false, + UID_INVALID, &m->manager->polkit_registry, error); if (r < 0) @@ -583,6 +586,7 @@ int bus_machine_method_bind_mount(sd_bus *bus, sd_bus_message *message, void *us CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-machines", false, + UID_INVALID, &m->manager->polkit_registry, error); if (r < 0) @@ -841,6 +845,7 @@ int bus_machine_method_copy(sd_bus *bus, sd_bus_message *message, void *userdata CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-machines", false, + UID_INVALID, &m->manager->polkit_registry, error); if (r < 0) -- cgit v1.2.3-54-g00ecf