diff options
| author | Ludwig Nussel <ludwig.nussel@suse.de> | 2022-01-18 14:47:41 +0100 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-01-18 22:35:09 +0000 |
| commit | 8dd3f6a3fdf1e3f45209d113052cca2efd1db5d5 (patch) | |
| tree | 6b50a7813252bd20343120d735aa5587726bafbf /src/machine/machine-dbus.c | |
| parent | 8513c34bece0b0cd69cb8669e4751f0cd3d28b7e (diff) | |
| download | systemd-8dd3f6a3fdf1e3f45209d113052cca2efd1db5d5.tar.gz | |
machined: provide more details to polkit auth
Diffstat (limited to 'src/machine/machine-dbus.c')
| -rw-r--r-- | src/machine/machine-dbus.c | 67 |
1 files changed, 59 insertions, 8 deletions
diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c index 8f11afd65b..7baca67f1b 100644 --- a/src/machine/machine-dbus.c +++ b/src/machine/machine-dbus.c @@ -73,11 +73,17 @@ int bus_machine_method_unregister(sd_bus_message *message, void *userdata, sd_bu assert(message); assert(m); + const char *details[] = { + "machine", m->name, + "verb", "unregister", + NULL + }; + r = bus_verify_polkit_async( message, CAP_KILL, "org.freedesktop.machine1.manage-machines", - NULL, + details, false, UID_INVALID, &m->manager->polkit_registry, @@ -101,11 +107,17 @@ int bus_machine_method_terminate(sd_bus_message *message, void *userdata, sd_bus assert(message); assert(m); + const char *details[] = { + "machine", m->name, + "verb", "terminate", + NULL + }; + r = bus_verify_polkit_async( message, CAP_KILL, "org.freedesktop.machine1.manage-machines", - NULL, + details, false, UID_INVALID, &m->manager->polkit_registry, @@ -147,11 +159,17 @@ int bus_machine_method_kill(sd_bus_message *message, void *userdata, sd_bus_erro if (!SIGNAL_VALID(signo)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid signal %i", signo); + const char *details[] = { + "machine", m->name, + "verb", "kill", + NULL + }; + r = bus_verify_polkit_async( message, CAP_KILL, "org.freedesktop.machine1.manage-machines", - NULL, + details, false, UID_INVALID, &m->manager->polkit_registry, @@ -439,11 +457,16 @@ int bus_machine_method_open_pty(sd_bus_message *message, void *userdata, sd_bus_ assert(message); assert(m); + const char *details[] = { + "machine", m->name, + NULL + }; + r = bus_verify_polkit_async( message, CAP_SYS_ADMIN, m->class == MACHINE_HOST ? "org.freedesktop.machine1.host-open-pty" : "org.freedesktop.machine1.open-pty", - NULL, + details, false, UID_INVALID, &m->manager->polkit_registry, @@ -526,11 +549,17 @@ int bus_machine_method_open_login(sd_bus_message *message, void *userdata, sd_bu assert(message); assert(m); + const char *details[] = { + "machine", m->name, + "verb", "login", + NULL + }; + r = bus_verify_polkit_async( message, CAP_SYS_ADMIN, m->class == MACHINE_HOST ? "org.freedesktop.machine1.host-login" : "org.freedesktop.machine1.login", - NULL, + details, false, UID_INVALID, &m->manager->polkit_registry, @@ -835,11 +864,19 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu else if (!path_is_absolute(dest) || !path_is_normalized(dest)) return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and normalized."); + const char *details[] = { + "machine", m->name, + "verb", "bind", + "src", src, + "dest", dest, + NULL + }; + r = bus_verify_polkit_async( message, CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-machines", - NULL, + details, false, UID_INVALID, &m->manager->polkit_registry, @@ -899,11 +936,19 @@ int bus_machine_method_copy(sd_bus_message *message, void *userdata, sd_bus_erro else if (!path_is_absolute(dest)) return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute."); + const char *details[] = { + "machine", m->name, + "verb", "copy", + "src", src, + "dest", dest, + NULL + }; + r = bus_verify_polkit_async( message, CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-machines", - NULL, + details, false, UID_INVALID, &m->manager->polkit_registry, @@ -1013,11 +1058,17 @@ int bus_machine_method_open_root_directory(sd_bus_message *message, void *userda assert(message); assert(m); + const char *details[] = { + "machine", m->name, + "verb", "open_root_directory", + NULL + }; + r = bus_verify_polkit_async( message, CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-machines", - NULL, + details, false, UID_INVALID, &m->manager->polkit_registry, |