diff options
| author | Martin Pitt <martin.pitt@ubuntu.com> | 2016-11-22 08:05:18 +0100 |
|---|---|---|
| committer | Martin Pitt <martin.pitt@ubuntu.com> | 2016-11-23 16:32:06 +0100 |
| commit | 2c99aba7260a402e8f81d85aab12ce25d3d8786a (patch) | |
| tree | 16caebc4f668f07ee986db11a418520168ef5f24 | |
| parent | 59eb33e0fec9b1502a9089561dcfda3f16a1816e (diff) | |
| download | systemd-2c99aba7260a402e8f81d85aab12ce25d3d8786a.tar.gz | |
networkd: allow networkd to set the timezone in timedated
systemd-networkd runs as user "systemd-network" and thus is not privileged to
set the timezone acquired from DHCP:
systemd-networkd[4167]: test_eth42: Could not set timezone: Interactive authentication required.
Similarly to commit e8c0de912, add a polkit rule to grant
org.freedesktop.timedate1.set-timezone to the "systemd-network" system user.
Move the polkit rules from src/hostname/ to src/network/ to avoid too many
small distributed policy snippets (there might be more in the future), as it's
easier to specify the privileges for a particular subject in this case.
Add NetworkdClientTest.test_dhcp_timezone() test case to verify this (for
all people except those in Pacific/Honolulu, there the test doesn't prove
anything -- sorry ☺ ).
| -rw-r--r-- | Makefile.am | 18 | ||||
| -rw-r--r-- | src/hostname/systemd-networkd-hostname.pkla | 4 | ||||
| -rw-r--r-- | src/hostname/systemd-networkd-hostname.rules | 5 | ||||
| -rw-r--r-- | src/network/systemd-networkd.pkla | 4 | ||||
| -rw-r--r-- | src/network/systemd-networkd.rules | 8 | ||||
| -rwxr-xr-x | test/networkd-test.py | 32 |
6 files changed, 51 insertions, 20 deletions
diff --git a/Makefile.am b/Makefile.am index 10ce363347..3aeb7b9ae2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4840,16 +4840,8 @@ endif polkitpolicy_in_files += \ src/hostname/org.freedesktop.hostname1.policy.in -polkitrules_files += \ - src/hostname/systemd-networkd-hostname.rules - -polkitpkla_files += \ - src/hostname/systemd-networkd-hostname.pkla - EXTRA_DIST += \ - units/systemd-hostnamed.service.in \ - src/hostname/systemd-networkd-hostname.rules \ - src/hostname/systemd-networkd-hostname.pkla + units/systemd-hostnamed.service.in # ------------------------------------------------------------------------------ dist_systemunit_DATA_busnames += \ @@ -5785,6 +5777,12 @@ SYSTEM_UNIT_ALIASES += \ BUSNAMES_TARGET_WANTS += \ org.freedesktop.network1.busname +polkitrules_files += \ + src/network/systemd-networkd.rules + +polkitpkla_files += \ + src/network/systemd-networkd.pkla + endif gperf_gperf_sources += \ @@ -5793,6 +5791,8 @@ gperf_gperf_sources += \ src/network/netdev/netdev-gperf.gperf EXTRA_DIST += \ + src/network/systemd-networkd.rules \ + src/network/systemd-networkd.pkla \ units/systemd-networkd.service.m4.in \ units/systemd-networkd-wait-online.service.in \ test/networkd-test.py diff --git a/src/hostname/systemd-networkd-hostname.pkla b/src/hostname/systemd-networkd-hostname.pkla deleted file mode 100644 index 345ce617c6..0000000000 --- a/src/hostname/systemd-networkd-hostname.pkla +++ /dev/null @@ -1,4 +0,0 @@ -[Allow systemd-networkd to set transient hostname] -Identity=unix-user:systemd-network -Action=org.freedesktop.hostname1.set-hostname -ResultAny=yes diff --git a/src/hostname/systemd-networkd-hostname.rules b/src/hostname/systemd-networkd-hostname.rules deleted file mode 100644 index b7b780da9e..0000000000 --- a/src/hostname/systemd-networkd-hostname.rules +++ /dev/null @@ -1,5 +0,0 @@ -polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.hostname1.set-hostname" && subject.user == "systemd-network") { - return polkit.Result.YES; - } -}); diff --git a/src/network/systemd-networkd.pkla b/src/network/systemd-networkd.pkla new file mode 100644 index 0000000000..fb257d933b --- /dev/null +++ b/src/network/systemd-networkd.pkla @@ -0,0 +1,4 @@ +[Allow systemd-networkd to set timezone and transient hostname] +Identity=unix-user:systemd-network +Action=org.freedesktop.hostname1.set-hostname;org.freedesktop.timedate1.set-timezone; +ResultAny=yes diff --git a/src/network/systemd-networkd.rules b/src/network/systemd-networkd.rules new file mode 100644 index 0000000000..2e4bc42bfb --- /dev/null +++ b/src/network/systemd-networkd.rules @@ -0,0 +1,8 @@ +// Allow systemd-networkd to set timezone and transient hostname +polkit.addRule(function(action, subject) { + if ((action.id == "org.freedesktop.hostname1.set-hostname" || + action.id == "org.freedesktop.timedate1.set-timezone") && + subject.user == "systemd-network") { + return polkit.Result.YES; + } +}); diff --git a/test/networkd-test.py b/test/networkd-test.py index a00941095b..84ab6c1b02 100755 --- a/test/networkd-test.py +++ b/test/networkd-test.py @@ -469,7 +469,7 @@ class NetworkdClientTest(ClientTestBase, unittest.TestCase): super().setUp() self.dnsmasq = None - def create_iface(self, ipv6=False): + def create_iface(self, ipv6=False, dhcpserver_opts=None): '''Create test interface with DHCP server behind it''' # run "router-side" networkd in own mount namespace to shield it from @@ -507,11 +507,13 @@ DHCPServer=yes PoolOffset=10 PoolSize=50 DNS=192.168.5.1 +%(dhopts)s EOF # run networkd as in systemd-networkd.service exec $(systemctl cat systemd-networkd.service | sed -n '/^ExecStart=/ { s/^.*=//; p}') -''' % {'ifr': self.if_router, 'ifc': self.iface, 'addr6': ipv6 and 'Address=2600::1/64' or ''}) +''' % {'ifr': self.if_router, 'ifc': self.iface, 'addr6': ipv6 and 'Address=2600::1/64' or '', + 'dhopts': dhcpserver_opts or ''}) os.fchmod(fd, 0o755) @@ -642,6 +644,32 @@ DNS=127.0.0.1''') self.assertIn('nameserver 192.168.42.1\n', contents) self.assertIn('nameserver 127.0.0.1\n', contents) + def test_dhcp_timezone(self): + '''networkd sets time zone from DHCP''' + + def get_tz(): + out = subprocess.check_output(['busctl', 'get-property', 'org.freedesktop.timedate1', + '/org/freedesktop/timedate1', 'org.freedesktop.timedate1', 'Timezone']) + assert out.startswith(b's "') + out = out.strip() + assert out.endswith(b'"') + return out[3:-1].decode() + + orig_timezone = get_tz() + self.addCleanup(subprocess.call, ['timedatectl', 'set-timezone', orig_timezone]) + + self.create_iface(dhcpserver_opts='EmitTimezone=yes\nTimezone=Pacific/Honolulu') + self.do_test(coldplug=None, extra_opts='IPv6AcceptRA=false\n[DHCP]\nUseTimezone=true', dhcp_mode='ipv4') + + # should have applied the received timezone + try: + self.assertEqual(get_tz(), 'Pacific/Honolulu') + except AssertionError: + self.show_journal('systemd-networkd.service') + self.show_journal('systemd-hostnamed.service') + raise + + if __name__ == '__main__': unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout, verbosity=2)) |