X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fmachine%2Fmachine-dbus.c;h=b46f0a8dac8afc811fc7b6c1b5e0e0dd5ac9c75c;hb=0a6f50c0afdfc434b492493bd9efab20cbee8623;hp=600d42f195f6004f527f7ef692df84c8107c3a55;hpb=5f8cc96a0301c1177b11dd2e89370ef0b2ef577b;p=elogind.git diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c index 600d42f19..b46f0a8da 100644 --- a/src/machine/machine-dbus.c +++ b/src/machine/machine-dbus.c @@ -21,7 +21,6 @@ #include #include -#include #include #include "bus-util.h" @@ -35,6 +34,7 @@ #include "path-util.h" #include "bus-internal.h" #include "machine.h" +#include "machine-dbus.h" static int property_get_id( sd_bus *bus, @@ -175,6 +175,9 @@ int bus_machine_method_get_addresses(sd_bus *bus, sd_bus_message *message, void assert(message); assert(m); + if (m->class != MACHINE_CONTAINER) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Requesting IP address data is only supported on container machines."); + r = readlink_malloc("/proc/self/ns/net", &us); if (r < 0) return sd_bus_error_set_errno(error, r); @@ -319,6 +322,9 @@ int bus_machine_method_get_os_release(sd_bus *bus, sd_bus_message *message, void assert(message); assert(m); + if (m->class != MACHINE_CONTAINER) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Requesting OS release data is only supported on container machines."); + r = namespace_open(m->leader, NULL, &mntns_fd, NULL, &root_fd); if (r < 0) return r; @@ -403,6 +409,9 @@ int bus_machine_method_open_pty(sd_bus *bus, sd_bus_message *message, void *user assert(message); assert(m); + if (m->class != MACHINE_CONTAINER) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Opening pseudo TTYs is only supported on container machines."); + master = openpt_in_namespace(m->leader, O_RDWR|O_NOCTTY|O_CLOEXEC); if (master < 0) return master; @@ -431,6 +440,21 @@ int bus_machine_method_open_login(sd_bus *bus, sd_bus_message *message, void *us const char *p; int r; + if (m->class != MACHINE_CONTAINER) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Opening logins is only supported on container machines."); + + r = bus_verify_polkit_async( + message, + CAP_SYS_ADMIN, + "org.freedesktop.machine1.login", + false, + &m->manager->polkit_registry, + error); + if (r < 0) + return r; + if (r == 0) + return 1; /* Will call us back */ + master = openpt_in_namespace(m->leader, O_RDWR|O_NOCTTY|O_CLOEXEC); if (master < 0) return master; @@ -451,9 +475,9 @@ int bus_machine_method_open_login(sd_bus *bus, sd_bus_message *message, void *us return r; #ifdef ENABLE_KDBUS - asprintf(&container_bus->address, "x-container-kernel:pid=" PID_FMT ";x-container-unix:pid=" PID_FMT, m->leader, m->leader); + asprintf(&container_bus->address, "x-machine-kernel:pid=" PID_FMT ";x-machine-unix:pid=" PID_FMT, m->leader, m->leader); #else - asprintf(&container_bus->address, "x-container-kernel:pid=" PID_FMT, m->leader); + asprintf(&container_bus->address, "x-machine-kernel:pid=" PID_FMT, m->leader); #endif if (!container_bus->address) return -ENOMEM; @@ -512,6 +536,7 @@ const sd_bus_vtable machine_vtable[] = { SD_BUS_METHOD("GetAddresses", NULL, "a(iay)", bus_machine_method_get_addresses, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("GetOSRelease", NULL, "a{ss}", bus_machine_method_get_os_release, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("OpenPTY", NULL, "hs", bus_machine_method_open_pty, 0), + SD_BUS_METHOD("OpenLogin", NULL, "hs", bus_machine_method_open_login, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_VTABLE_END };