diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-02-18 12:55:25 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-02-18 12:55:25 +0100 |
| commit | c529695e7a30b300fdaa61ace4a8a4ed0e94ad1c (patch) | |
| tree | b8613d0df12627f161c4be274378329bea2e72fc /src/machine | |
| parent | 2723b3b51d409340558e46e37e90525d4f880fe1 (diff) | |
logind: open up most bus calls for unpriviliged processes, using PolicyKit
Also, allow clients to alter their own objects without any further
priviliges. i.e. this allows clients to kill and lock their own sessions
without involving PK.
Diffstat (limited to 'src/machine')
| -rw-r--r-- | src/machine/image-dbus.c | 4 | ||||
| -rw-r--r-- | src/machine/machine-dbus.c | 5 |
2 files changed, 9 insertions, 0 deletions
diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c index 0d4ebde92..ef1914e2b 100644 --- a/src/machine/image-dbus.c +++ b/src/machine/image-dbus.c @@ -47,6 +47,7 @@ int bus_image_method_remove( CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-images", false, + UID_INVALID, &m->polkit_registry, error); if (r < 0) @@ -88,6 +89,7 @@ int bus_image_method_rename( CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-images", false, + UID_INVALID, &m->polkit_registry, error); if (r < 0) @@ -129,6 +131,7 @@ int bus_image_method_clone( CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-images", false, + UID_INVALID, &m->polkit_registry, error); if (r < 0) @@ -165,6 +168,7 @@ int bus_image_method_mark_read_only( CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-images", false, + UID_INVALID, &m->polkit_registry, error); if (r < 0) diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c index 405c072b9..116e711a7 100644 --- a/src/machine/machine-dbus.c +++ b/src/machine/machine-dbus.c @@ -133,6 +133,7 @@ int bus_machine_method_terminate(sd_bus *bus, sd_bus_message *message, void *use CAP_KILL, "org.freedesktop.machine1.manage-machines", false, + UID_INVALID, &m->manager->polkit_registry, error); if (r < 0) @@ -178,6 +179,7 @@ int bus_machine_method_kill(sd_bus *bus, sd_bus_message *message, void *userdata CAP_KILL, "org.freedesktop.machine1.manage-machines", false, + UID_INVALID, &m->manager->polkit_registry, error); if (r < 0) @@ -480,6 +482,7 @@ int bus_machine_method_open_login(sd_bus *bus, sd_bus_message *message, void *us CAP_SYS_ADMIN, "org.freedesktop.machine1.login", false, + UID_INVALID, &m->manager->polkit_registry, error); if (r < 0) @@ -583,6 +586,7 @@ int bus_machine_method_bind_mount(sd_bus *bus, sd_bus_message *message, void *us CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-machines", false, + UID_INVALID, &m->manager->polkit_registry, error); if (r < 0) @@ -841,6 +845,7 @@ int bus_machine_method_copy(sd_bus *bus, sd_bus_message *message, void *userdata CAP_SYS_ADMIN, "org.freedesktop.machine1.manage-machines", false, + UID_INVALID, &m->manager->polkit_registry, error); if (r < 0) |