mirror of
https://github.com/morgan9e/systemd
synced 2026-04-14 00:14:32 +09:00
machined: open up machine registration for unpriv clients also via D-Bus
This is already opened up via Varlink. Let's also open it up via D-Bus with the same polikit operation.
This commit is contained in:
Lennart Poettering
@@ -46,7 +46,6 @@ node /org/freedesktop/machine1 {
|
||||
out o machine);
|
||||
ListMachines(out a(ssso) machines);
|
||||
ListImages(out a(ssbttto) images);
|
||||
@org.freedesktop.systemd1.Privileged("true")
|
||||
CreateMachine(in s name,
|
||||
in ay id,
|
||||
in s service,
|
||||
@@ -55,7 +54,6 @@ node /org/freedesktop/machine1 {
|
||||
in s root_directory,
|
||||
in a(sv) scope_properties,
|
||||
out o path);
|
||||
@org.freedesktop.systemd1.Privileged("true")
|
||||
CreateMachineWithNetwork(in s name,
|
||||
in ay id,
|
||||
in s service,
|
||||
@@ -65,7 +63,6 @@ node /org/freedesktop/machine1 {
|
||||
in ai ifindices,
|
||||
in a(sv) scope_properties,
|
||||
out o path);
|
||||
@org.freedesktop.systemd1.Privileged("true")
|
||||
RegisterMachine(in s name,
|
||||
in ay id,
|
||||
in s service,
|
||||
@@ -73,7 +70,6 @@ node /org/freedesktop/machine1 {
|
||||
in u leader,
|
||||
in s root_directory,
|
||||
out o path);
|
||||
@org.freedesktop.systemd1.Privileged("true")
|
||||
RegisterMachineWithNetwork(in s name,
|
||||
in ay id,
|
||||
in s service,
|
||||
|
||||
@@ -300,6 +300,23 @@ static int method_create_or_register_machine(
|
||||
if (hashmap_get(manager->machines, name))
|
||||
return sd_bus_error_setf(error, BUS_ERROR_MACHINE_EXISTS, "Machine '%s' already exists", name);
|
||||
|
||||
const char *details[] = {
|
||||
"name", name,
|
||||
"class", machine_class_to_string(c),
|
||||
NULL
|
||||
};
|
||||
|
||||
r = bus_verify_polkit_async(
|
||||
message,
|
||||
"org.freedesktop.machine1.create-machine",
|
||||
details,
|
||||
&manager->polkit_registry,
|
||||
error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 0; /* Will call us back */
|
||||
|
||||
r = manager_add_machine(manager, name, &m);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@@ -353,6 +370,8 @@ static int method_create_machine_internal(sd_bus_message *message, bool read_net
|
||||
r = method_create_or_register_machine(manager, message, read_network, &m, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Will call us back */
|
||||
|
||||
r = sd_bus_message_enter_container(message, 'a', "(sv)");
|
||||
if (r < 0)
|
||||
@@ -389,6 +408,8 @@ static int method_register_machine_internal(sd_bus_message *message, bool read_n
|
||||
r = method_create_or_register_machine(manager, message, read_network, &m, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Will call us back */
|
||||
|
||||
r = cg_pidref_get_unit(&m->leader, &m->unit);
|
||||
if (r < 0) {
|
||||
@@ -901,19 +922,23 @@ const sd_bus_vtable manager_vtable[] = {
|
||||
SD_BUS_METHOD_WITH_ARGS("CreateMachine",
|
||||
SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "a(sv)", scope_properties),
|
||||
SD_BUS_RESULT("o", path),
|
||||
method_create_machine, 0),
|
||||
method_create_machine,
|
||||
SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD_WITH_ARGS("CreateMachineWithNetwork",
|
||||
SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "ai", ifindices, "a(sv)", scope_properties),
|
||||
SD_BUS_RESULT("o", path),
|
||||
method_create_machine_with_network, 0),
|
||||
method_create_machine_with_network,
|
||||
SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD_WITH_ARGS("RegisterMachine",
|
||||
SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory),
|
||||
SD_BUS_RESULT("o", path),
|
||||
method_register_machine, 0),
|
||||
method_register_machine,
|
||||
SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD_WITH_ARGS("RegisterMachineWithNetwork",
|
||||
SD_BUS_ARGS("s", name, "ay", id, "s", service, "s", class, "u", leader, "s", root_directory, "ai", ifindices),
|
||||
SD_BUS_RESULT("o", path),
|
||||
method_register_machine_with_network, 0),
|
||||
method_register_machine_with_network,
|
||||
SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD_WITH_ARGS("UnregisterMachine",
|
||||
SD_BUS_ARGS("s", name),
|
||||
SD_BUS_NO_RESULT,
|
||||
|
||||
@@ -36,6 +36,8 @@
|
||||
send_interface="org.freedesktop.DBus.Properties"
|
||||
send_member="GetAll"/>
|
||||
|
||||
<!-- org.freedesktop.machine1.Manager Method Calls -->
|
||||
|
||||
<allow send_destination="org.freedesktop.machine1"
|
||||
send_interface="org.freedesktop.machine1.Manager"
|
||||
send_member="ListMachines"/>
|
||||
@@ -180,6 +182,24 @@
|
||||
send_interface="org.freedesktop.machine1.Manager"
|
||||
send_member="MapToMachineGroup"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.machine1"
|
||||
send_interface="org.freedesktop.machine1.Manager"
|
||||
send_member="CreateMachine"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.machine1"
|
||||
send_interface="org.freedesktop.machine1.Manager"
|
||||
send_member="CreateMachineWithNetwork"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.machine1"
|
||||
send_interface="org.freedesktop.machine1.Manager"
|
||||
send_member="RegisterMachine"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.machine1"
|
||||
send_interface="org.freedesktop.machine1.Manager"
|
||||
send_member="RegisterMachineWithNetwork"/>
|
||||
|
||||
<!-- org.freedesktop.machine1.Machine Method Calls -->
|
||||
|
||||
<allow send_destination="org.freedesktop.machine1"
|
||||
send_interface="org.freedesktop.machine1.Machine"
|
||||
send_member="GetAddresses"/>
|
||||
|
||||
Reference in New Issue
Block a user