machined: refuse certain operation on non-container machines, since they cannot work...

[elogind.git] / src / machine / machine-dbus.c

diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
index 600d42f195f6004f527f7ef692df84c8107c3a55..b46f0a8dac8afc811fc7b6c1b5e0e0dd5ac9c75c 100644 (file)
--- a/src/machine/machine-dbus.c
+++ b/src/machine/machine-dbus.c
@@ -21,7 +21,6 @@
 
 #include <errno.h>
 #include <string.h>
-#include <sys/capability.h>
 #include <arpa/inet.h>
 
 #include "bus-util.h"
@@ -35,6 +34,7 @@
 #include "path-util.h"
 #include "bus-internal.h"
 #include "machine.h"
+#include "machine-dbus.h"
 
 static int property_get_id(
                 sd_bus *bus,
@@ -175,6 +175,9 @@ int bus_machine_method_get_addresses(sd_bus *bus, sd_bus_message *message, void
         assert(message);
         assert(m);
 
+        if (m->class != MACHINE_CONTAINER)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Requesting IP address data is only supported on container machines.");
+
         r = readlink_malloc("/proc/self/ns/net", &us);
         if (r < 0)
                 return sd_bus_error_set_errno(error, r);
@@ -319,6 +322,9 @@ int bus_machine_method_get_os_release(sd_bus *bus, sd_bus_message *message, void
         assert(message);
         assert(m);
 
+        if (m->class != MACHINE_CONTAINER)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Requesting OS release data is only supported on container machines.");
+
         r = namespace_open(m->leader, NULL, &mntns_fd, NULL, &root_fd);
         if (r < 0)
                 return r;
@@ -403,6 +409,9 @@ int bus_machine_method_open_pty(sd_bus *bus, sd_bus_message *message, void *user
         assert(message);
         assert(m);
 
+        if (m->class != MACHINE_CONTAINER)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Opening pseudo TTYs is only supported on container machines.");
+
         master = openpt_in_namespace(m->leader, O_RDWR|O_NOCTTY|O_CLOEXEC);
         if (master < 0)
                 return master;
@@ -431,6 +440,21 @@ int bus_machine_method_open_login(sd_bus *bus, sd_bus_message *message, void *us
         const char *p;
         int r;
 
+        if (m->class != MACHINE_CONTAINER)
+                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Opening logins is only supported on container machines.");
+
+        r = bus_verify_polkit_async(
+                        message,
+                        CAP_SYS_ADMIN,
+                        "org.freedesktop.machine1.login",
+                        false,
+                        &m->manager->polkit_registry,
+                        error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* Will call us back */
+
         master = openpt_in_namespace(m->leader, O_RDWR|O_NOCTTY|O_CLOEXEC);
         if (master < 0)
                 return master;
@@ -451,9 +475,9 @@ int bus_machine_method_open_login(sd_bus *bus, sd_bus_message *message, void *us
                 return r;
 
 #ifdef ENABLE_KDBUS
-        asprintf(&container_bus->address, "x-container-kernel:pid=" PID_FMT ";x-container-unix:pid=" PID_FMT, m->leader, m->leader);
+        asprintf(&container_bus->address, "x-machine-kernel:pid=" PID_FMT ";x-machine-unix:pid=" PID_FMT, m->leader, m->leader);
 #else
-        asprintf(&container_bus->address, "x-container-kernel:pid=" PID_FMT, m->leader);
+        asprintf(&container_bus->address, "x-machine-kernel:pid=" PID_FMT, m->leader);
 #endif
         if (!container_bus->address)
                 return -ENOMEM;
@@ -512,6 +536,7 @@ const sd_bus_vtable machine_vtable[] = {
         SD_BUS_METHOD("GetAddresses", NULL, "a(iay)", bus_machine_method_get_addresses, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("GetOSRelease", NULL, "a{ss}", bus_machine_method_get_os_release, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("OpenPTY", NULL, "hs", bus_machine_method_open_pty, 0),
+        SD_BUS_METHOD("OpenLogin", NULL, "hs", bus_machine_method_open_login, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_VTABLE_END
 };