diff options
author | Anita Zhang <the.anitazha@gmail.com> | 2022-10-05 01:40:40 -0700 |
---|---|---|
committer | Anita Zhang <the.anitazha@gmail.com> | 2022-10-14 09:57:59 -0700 |
commit | 284212893b537ae51ca6286bc26b8f1cb0ec69fd (patch) | |
tree | 5c740bce2e21fb32d4a074ee0e601f621dcb45e1 /src/shared | |
parent | 008798e90c8e05e02a2226c4d1804fd6d1353b1b (diff) | |
download | systemd-284212893b537ae51ca6286bc26b8f1cb0ec69fd.tar.gz |
core: only allow systemd-oomd to use SubscribeManagedOOMCGroups
Attempt to address
https://github.com/systemd/systemd/issues/20330#issuecomment-1210028422.
Summary of the comment: Unprivileged users can potentially cause a denial of
service during systemd-oomd unit subscriptions by spamming requests to
SubscribeManagedOOMCGroups. As systemd-oomd.service is the only unit that
should be accessing this method, add a check on the caller's unit name to deter
them from successfully using this method.
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/varlink.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/shared/varlink.h b/src/shared/varlink.h index 66a1ff630e..9518cd9098 100644 --- a/src/shared/varlink.h +++ b/src/shared/varlink.h @@ -173,3 +173,4 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(VarlinkServer *, varlink_server_unref); #define VARLINK_ERROR_METHOD_NOT_IMPLEMENTED "org.varlink.service.MethodNotImplemented" #define VARLINK_ERROR_INVALID_PARAMETER "org.varlink.service.InvalidParameter" #define VARLINK_ERROR_SUBSCRIPTION_TAKEN "org.varlink.service.SubscriptionTaken" +#define VARLINK_ERROR_PERMISSION_DENIED "org.varlink.service.PermissionDenied" |