When writing docs for SD_BUS_VTABLE_CAPABILITY, I noticed that we have one use
of SD_BUS_VTABLE_CAPABILITY(CAP_SYS_ADMIN) in the tree. This is the default, so
it's not very useful to specify it. But if we're touching that, I think it's
better to use mac + polkit for this like for everything else.
We don't have a very good category for this, but I don't think it makes sense
to add a new one. I just reused the same as other similar calls.
CancelJob(in u id);
ClearJobs();
ResetFailed();
- @org.freedesktop.systemd1.Privileged("true")
SetShowStatus(in s mode);
ListUnits(out a(ssssssouso) units);
ListUnitsFiltered(in as states,
assert(m);
assert(message);
+ r = mac_selinux_access_check(message, "reload", error);
+ if (r < 0)
+ return r;
+
+ r = bus_verify_set_environment_async(m, message, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
r = sd_bus_message_read(message, "s", &t);
if (r < 0)
return r;
SD_BUS_PARAM(mode),
NULL,,
method_set_show_status,
- SD_BUS_VTABLE_CAPABILITY(CAP_SYS_ADMIN)),
+ SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD_WITH_NAMES("ListUnits",
NULL,,
"a(ssssssouso)",
projects / thirdparty / systemd.git / commitdiff
