summaryrefslogtreecommitdiff
path: root/src/machine/machine-dbus.c
diff options
context:
space:
mode:
authorLudwig Nussel <ludwig.nussel@suse.de>2022-01-18 14:47:41 +0100
committerLuca Boccassi <luca.boccassi@gmail.com>2022-01-18 22:35:09 +0000
commit8dd3f6a3fdf1e3f45209d113052cca2efd1db5d5 (patch)
tree6b50a7813252bd20343120d735aa5587726bafbf /src/machine/machine-dbus.c
parent8513c34bece0b0cd69cb8669e4751f0cd3d28b7e (diff)
downloadsystemd-8dd3f6a3fdf1e3f45209d113052cca2efd1db5d5.tar.gz
machined: provide more details to polkit auth
Diffstat (limited to 'src/machine/machine-dbus.c')
-rw-r--r--src/machine/machine-dbus.c67
1 files changed, 59 insertions, 8 deletions
diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
index 8f11afd65b..7baca67f1b 100644
--- a/src/machine/machine-dbus.c
+++ b/src/machine/machine-dbus.c
@@ -73,11 +73,17 @@ int bus_machine_method_unregister(sd_bus_message *message, void *userdata, sd_bu
assert(message);
assert(m);
+ const char *details[] = {
+ "machine", m->name,
+ "verb", "unregister",
+ NULL
+ };
+
r = bus_verify_polkit_async(
message,
CAP_KILL,
"org.freedesktop.machine1.manage-machines",
- NULL,
+ details,
false,
UID_INVALID,
&m->manager->polkit_registry,
@@ -101,11 +107,17 @@ int bus_machine_method_terminate(sd_bus_message *message, void *userdata, sd_bus
assert(message);
assert(m);
+ const char *details[] = {
+ "machine", m->name,
+ "verb", "terminate",
+ NULL
+ };
+
r = bus_verify_polkit_async(
message,
CAP_KILL,
"org.freedesktop.machine1.manage-machines",
- NULL,
+ details,
false,
UID_INVALID,
&m->manager->polkit_registry,
@@ -147,11 +159,17 @@ int bus_machine_method_kill(sd_bus_message *message, void *userdata, sd_bus_erro
if (!SIGNAL_VALID(signo))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid signal %i", signo);
+ const char *details[] = {
+ "machine", m->name,
+ "verb", "kill",
+ NULL
+ };
+
r = bus_verify_polkit_async(
message,
CAP_KILL,
"org.freedesktop.machine1.manage-machines",
- NULL,
+ details,
false,
UID_INVALID,
&m->manager->polkit_registry,
@@ -439,11 +457,16 @@ int bus_machine_method_open_pty(sd_bus_message *message, void *userdata, sd_bus_
assert(message);
assert(m);
+ const char *details[] = {
+ "machine", m->name,
+ NULL
+ };
+
r = bus_verify_polkit_async(
message,
CAP_SYS_ADMIN,
m->class == MACHINE_HOST ? "org.freedesktop.machine1.host-open-pty" : "org.freedesktop.machine1.open-pty",
- NULL,
+ details,
false,
UID_INVALID,
&m->manager->polkit_registry,
@@ -526,11 +549,17 @@ int bus_machine_method_open_login(sd_bus_message *message, void *userdata, sd_bu
assert(message);
assert(m);
+ const char *details[] = {
+ "machine", m->name,
+ "verb", "login",
+ NULL
+ };
+
r = bus_verify_polkit_async(
message,
CAP_SYS_ADMIN,
m->class == MACHINE_HOST ? "org.freedesktop.machine1.host-login" : "org.freedesktop.machine1.login",
- NULL,
+ details,
false,
UID_INVALID,
&m->manager->polkit_registry,
@@ -835,11 +864,19 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
else if (!path_is_absolute(dest) || !path_is_normalized(dest))
return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and normalized.");
+ const char *details[] = {
+ "machine", m->name,
+ "verb", "bind",
+ "src", src,
+ "dest", dest,
+ NULL
+ };
+
r = bus_verify_polkit_async(
message,
CAP_SYS_ADMIN,
"org.freedesktop.machine1.manage-machines",
- NULL,
+ details,
false,
UID_INVALID,
&m->manager->polkit_registry,
@@ -899,11 +936,19 @@ int bus_machine_method_copy(sd_bus_message *message, void *userdata, sd_bus_erro
else if (!path_is_absolute(dest))
return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute.");
+ const char *details[] = {
+ "machine", m->name,
+ "verb", "copy",
+ "src", src,
+ "dest", dest,
+ NULL
+ };
+
r = bus_verify_polkit_async(
message,
CAP_SYS_ADMIN,
"org.freedesktop.machine1.manage-machines",
- NULL,
+ details,
false,
UID_INVALID,
&m->manager->polkit_registry,
@@ -1013,11 +1058,17 @@ int bus_machine_method_open_root_directory(sd_bus_message *message, void *userda
assert(message);
assert(m);
+ const char *details[] = {
+ "machine", m->name,
+ "verb", "open_root_directory",
+ NULL
+ };
+
r = bus_verify_polkit_async(
message,
CAP_SYS_ADMIN,
"org.freedesktop.machine1.manage-machines",
- NULL,
+ details,
false,
UID_INVALID,
&m->manager->polkit_registry,