core: only allow systemd-oomd to use SubscribeManagedOOMCGroups

Attempt to address https://github.com/systemd/systemd/issues/20330#issuecomment-1210028422. Summary of the comment: Unprivileged users can potentially cause a denial of service during systemd-oomd unit subscriptions by spamming requests to SubscribeManagedOOMCGroups. As systemd-oomd.service is the only unit that should be accessing this method, add a check on the caller's unit name to deter them from successfully using this method.
author: Anita Zhang <the.anitazha@gmail.com> 2022-10-05 01:40:40 -0700
committer: Anita Zhang <the.anitazha@gmail.com> 2022-10-14 09:57:59 -0700
commit: 284212893b537ae51ca6286bc26b8f1cb0ec69fd (patch)
tree: 5c740bce2e21fb32d4a074ee0e601f621dcb45e1 /src/shared
parent: 008798e90c8e05e02a2226c4d1804fd6d1353b1b (diff)
download: systemd-284212893b537ae51ca6286bc26b8f1cb0ec69fd.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/shared/varlink.h b/src/shared/varlink.h
index 66a1ff630e..9518cd9098 100644
--- a/src/shared/varlink.h
+++ b/src/shared/varlink.h
@@ -173,3 +173,4 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(VarlinkServer *, varlink_server_unref);
 #define VARLINK_ERROR_METHOD_NOT_IMPLEMENTED "org.varlink.service.MethodNotImplemented"
 #define VARLINK_ERROR_INVALID_PARAMETER "org.varlink.service.InvalidParameter"
 #define VARLINK_ERROR_SUBSCRIPTION_TAKEN "org.varlink.service.SubscriptionTaken"
+#define VARLINK_ERROR_PERMISSION_DENIED "org.varlink.service.PermissionDenied"
author	Anita Zhang <the.anitazha@gmail.com>	2022-10-05 01:40:40 -0700
committer	Anita Zhang <the.anitazha@gmail.com>	2022-10-14 09:57:59 -0700
commit	284212893b537ae51ca6286bc26b8f1cb0ec69fd (patch)
tree	5c740bce2e21fb32d4a074ee0e601f621dcb45e1 /src/shared
parent	008798e90c8e05e02a2226c4d1804fd6d1353b1b (diff)
download	systemd-284212893b537ae51ca6286bc26b8f1cb0ec69fd.tar.gz