chiark / gitweb /
machined: actually open up methods to unprivileged clients on dbus1
authorLennart Poettering <lennart@poettering.net>
Tue, 24 Feb 2015 16:26:40 +0000 (17:26 +0100)
committerLennart Poettering <lennart@poettering.net>
Tue, 24 Feb 2015 16:27:53 +0000 (17:27 +0100)
Many of machined's operations are now opened up to unprivileged clients
via PolicyKit. Open up the dbus policy so that we can actually make
these calls.

kdbus doesn't reuqire this, hence this wasn't noticed before.

src/machine/org.freedesktop.machine1.conf

index 37f84bd..0e99933 100644 (file)
                        send_member="OpenMachineLogin"/>
 
                 <allow send_destination="org.freedesktop.machine1"
                        send_member="OpenMachineLogin"/>
 
                 <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="TerminateMachine"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="KillMachine"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="BindMountMachine"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="CopyFromMachine"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="CopyToMachine"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="RemoveImage"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="RenameImage"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="CloneImage"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Manager"
+                       send_member="MarkImageReadOnly"/>
+
+                <allow send_destination="org.freedesktop.machine1"
                        send_interface="org.freedesktop.machine1.Machine"
                        send_member="GetAddresses"/>
 
                        send_interface="org.freedesktop.machine1.Machine"
                        send_member="GetAddresses"/>
 
                        send_interface="org.freedesktop.machine1.Machine"
                        send_member="OpenLogin"/>
 
                        send_interface="org.freedesktop.machine1.Machine"
                        send_member="OpenLogin"/>
 
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Machine"
+                       send_member="Terminate"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Machine"
+                       send_member="Kill"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Machine"
+                       send_member="BindMount"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Machine"
+                       send_member="CopyFrom"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Machine"
+                       send_member="CopyTo"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Image"
+                       send_member="Remove"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Image"
+                       send_member="Rename"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Image"
+                       send_member="Clone"/>
+
+                <allow send_destination="org.freedesktop.machine1"
+                       send_interface="org.freedesktop.machine1.Image"
+                       send_member="MarkReadOnly"/>
+
                 <allow receive_sender="org.freedesktop.machine1"/>
         </policy>
 
                 <allow receive_sender="org.freedesktop.machine1"/>
         </policy>