From: Lennart Poettering Date: Thu, 5 Jun 2025 08:58:54 +0000 (+0200) Subject: machined: open up OpenMachinePTY() for unpriv clients X-Git-Tag: v258-rc1~384^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=020d6c1dcee94826b16788125e092be1bcefb2c7;p=thirdparty%2Fsystemd.git machined: open up OpenMachinePTY() for unpriv clients The method call already does a PK check, it was just forgotten to allowlist this in the dbus policy. And in the dbus vtable for OpenMachinePTY() call. (It was allowlisted in the per-machine vtable…) Anyway, clean this up. --- diff --git a/man/org.freedesktop.machine1.xml b/man/org.freedesktop.machine1.xml index 936f2ad7f27..e2ec4a11475 100644 --- a/man/org.freedesktop.machine1.xml +++ b/man/org.freedesktop.machine1.xml @@ -94,7 +94,6 @@ node /org/freedesktop/machine1 { out s ssh_private_key_path); GetMachineOSRelease(in s name, out a{ss} fields); - @org.freedesktop.systemd1.Privileged("true") OpenMachinePTY(in s name, out h pty, out s pty_path); diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c index 616bea54f82..954f20e4557 100644 --- a/src/machine/machined-dbus.c +++ b/src/machine/machined-dbus.c @@ -948,7 +948,7 @@ const sd_bus_vtable manager_vtable[] = { SD_BUS_ARGS("s", name), SD_BUS_RESULT("h", pty, "s", pty_path), method_open_machine_pty, - 0), + SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD_WITH_ARGS("OpenMachineLogin", SD_BUS_ARGS("s", name), SD_BUS_RESULT("h", pty, "s", pty_path), diff --git a/src/machine/org.freedesktop.machine1.conf b/src/machine/org.freedesktop.machine1.conf index bafc1affdb2..c3c8149f9ab 100644 --- a/src/machine/org.freedesktop.machine1.conf +++ b/src/machine/org.freedesktop.machine1.conf @@ -72,6 +72,10 @@ send_interface="org.freedesktop.machine1.Manager" send_member="OpenMachineLogin"/> + + @@ -176,6 +180,10 @@ send_interface="org.freedesktop.machine1.Machine" send_member="OpenLogin"/> + +