From b4d8ef7c994c54abb7f389c47f7f099ce7ff9293 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 13 Jan 2015 13:53:32 +0100 Subject: [PATCH] machined: refuse certain operation on non-container machines, since they cannot work elsewhere --- src/machine/machine-dbus.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c index e7d4a3b3c..b46f0a8da 100644 --- a/src/machine/machine-dbus.c +++ b/src/machine/machine-dbus.c @@ -175,6 +175,9 @@ int bus_machine_method_get_addresses(sd_bus *bus, sd_bus_message *message, void assert(message); assert(m); + if (m->class != MACHINE_CONTAINER) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Requesting IP address data is only supported on container machines."); + r = readlink_malloc("/proc/self/ns/net", &us); if (r < 0) return sd_bus_error_set_errno(error, r); @@ -319,6 +322,9 @@ int bus_machine_method_get_os_release(sd_bus *bus, sd_bus_message *message, void assert(message); assert(m); + if (m->class != MACHINE_CONTAINER) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Requesting OS release data is only supported on container machines."); + r = namespace_open(m->leader, NULL, &mntns_fd, NULL, &root_fd); if (r < 0) return r; @@ -403,6 +409,9 @@ int bus_machine_method_open_pty(sd_bus *bus, sd_bus_message *message, void *user assert(message); assert(m); + if (m->class != MACHINE_CONTAINER) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Opening pseudo TTYs is only supported on container machines."); + master = openpt_in_namespace(m->leader, O_RDWR|O_NOCTTY|O_CLOEXEC); if (master < 0) return master; @@ -431,6 +440,9 @@ int bus_machine_method_open_login(sd_bus *bus, sd_bus_message *message, void *us const char *p; int r; + if (m->class != MACHINE_CONTAINER) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Opening logins is only supported on container machines."); + r = bus_verify_polkit_async( message, CAP_SYS_ADMIN, -- 2.30.2