X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Fdbus-snapshot.c;h=0be46c288efe80b3602d66fcf53d369dcbe220c2;hp=2a5ef448ced3955c569160b241f58bb7cd82f9f7;hb=f5b51ea7fcb0b6380c3ceb4d4f3f22f647c6fd32;hpb=4f4f70361a64957c45a2d8f40bfb04c77b454697

diff --git a/src/core/dbus-snapshot.c b/src/core/dbus-snapshot.c
index 2a5ef448c..0be46c288 100644
--- a/src/core/dbus-snapshot.c
+++ b/src/core/dbus-snapshot.c
@@ -21,8 +21,8 @@
 
 #include "selinux-access.h"
 #include "unit.h"
+#include "dbus.h"
 #include "snapshot.h"
-#include "dbus-unit.h"
 #include "dbus-snapshot.h"
 
 int bus_snapshot_method_remove(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) {
@@ -33,10 +33,16 @@ int bus_snapshot_method_remove(sd_bus *bus, sd_bus_message *message, void *userd
         assert(message);
         assert(s);
 
-        r = selinux_unit_access_check(UNIT(s), message, "stop", error);
+        r = mac_selinux_unit_access_check(UNIT(s), message, "stop", error);
         if (r < 0)
                 return r;
 
+        r = bus_verify_manage_units_async(UNIT(s)->manager, message, error);
+        if (r < 0)
+                return r;
+        if (r == 0)
+                return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
         snapshot_remove(s);
 
         return sd_bus_reply_method_return(message, NULL);
@@ -44,7 +50,7 @@ int bus_snapshot_method_remove(sd_bus *bus, sd_bus_message *message, void *userd
 
 const sd_bus_vtable bus_snapshot_vtable[] = {
         SD_BUS_VTABLE_START(0),
-        SD_BUS_METHOD("Remove", NULL, NULL, bus_snapshot_method_remove, 0),
         SD_BUS_PROPERTY("Cleanup", "b", bus_property_get_bool, offsetof(Snapshot, cleanup), SD_BUS_VTABLE_PROPERTY_CONST),
+        SD_BUS_METHOD("Remove", NULL, NULL, bus_snapshot_method_remove, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_VTABLE_END
 };