core: only allow systemd-oomd to use SubscribeManagedOOMCGroups

[thirdparty/systemd.git] / src / core / core-varlink.c

diff --git a/src/core/core-varlink.c b/src/core/core-varlink.c
index 031514ead06ff8513861784bc81ace89e6e3ff69..843271593d232cd4c38bd4495c1f1111e0dccc60 100644 (file)
--- a/src/core/core-varlink.c
+++ b/src/core/core-varlink.c
@@ -203,10 +203,25 @@ static int vl_method_subscribe_managed_oom_cgroups(
 
         _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
         Manager *m = ASSERT_PTR(userdata);
+        pid_t pid;
+        Unit *u;
         int r;
 
         assert(link);
 
+        r = varlink_get_peer_pid(link, &pid);
+        if (r < 0)
+                return r;
+
+        u = manager_get_unit_by_pid(m, pid);
+        if (!u)
+                return varlink_error(link, VARLINK_ERROR_PERMISSION_DENIED, NULL);
+
+        /* This is meant to be a deterrent and not actual security. The alternative is to check for the systemd-oom
+         * user that this unit runs as, but NSS lookups are blocking and not allowed from PID 1. */
+        if (!streq(u->id, "systemd-oomd.service"))
+                return varlink_error(link, VARLINK_ERROR_PERMISSION_DENIED, NULL);
+
         if (json_variant_elements(parameters) > 0)
                 return varlink_error_invalid_parameter(link, parameters);