From: Mike Yuan Date: Tue, 2 Jul 2024 17:28:30 +0000 (+0200) Subject: core/dbus-manager: check for runtime scope first for system-wide operations X-Git-Tag: v257-rc1~986^2~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=541aadff9778e0817da16f1b34d2437b1bb22fde;p=thirdparty%2Fsystemd.git core/dbus-manager: check for runtime scope first for system-wide operations It's pointless to do selinux or /run/ space checks for user managers. --- diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c index 5304edbc74e..ddc721f5d19 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c @@ -1688,14 +1688,14 @@ static int method_reboot(sd_bus_message *message, void *userdata, sd_bus_error * assert(message); - r = mac_selinux_access_check(message, "reboot", error); - if (r < 0) - return r; - if (!MANAGER_IS_SYSTEM(m)) return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Reboot is only supported by system manager."); + r = mac_selinux_access_check(message, "reboot", error); + if (r < 0) + return r; + m->objective = MANAGER_REBOOT; return sd_bus_reply_method_return(message, NULL); @@ -1746,14 +1746,14 @@ static int method_poweroff(sd_bus_message *message, void *userdata, sd_bus_error assert(message); - r = mac_selinux_access_check(message, "halt", error); - if (r < 0) - return r; - if (!MANAGER_IS_SYSTEM(m)) return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Powering off is only supported by system manager."); + r = mac_selinux_access_check(message, "halt", error); + if (r < 0) + return r; + m->objective = MANAGER_POWEROFF; return sd_bus_reply_method_return(message, NULL); @@ -1765,14 +1765,14 @@ static int method_halt(sd_bus_message *message, void *userdata, sd_bus_error *er assert(message); - r = mac_selinux_access_check(message, "halt", error); - if (r < 0) - return r; - if (!MANAGER_IS_SYSTEM(m)) return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "Halt is only supported by system manager."); + r = mac_selinux_access_check(message, "halt", error); + if (r < 0) + return r; + m->objective = MANAGER_HALT; return sd_bus_reply_method_return(message, NULL); @@ -1784,14 +1784,14 @@ static int method_kexec(sd_bus_message *message, void *userdata, sd_bus_error *e assert(message); - r = mac_selinux_access_check(message, "reboot", error); - if (r < 0) - return r; - if (!MANAGER_IS_SYSTEM(m)) return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, "KExec is only supported by system manager."); + r = mac_selinux_access_check(message, "reboot", error); + if (r < 0) + return r; + m->objective = MANAGER_KEXEC; return sd_bus_reply_method_return(message, NULL); @@ -1805,6 +1805,10 @@ static int method_switch_root(sd_bus_message *message, void *userdata, sd_bus_er assert(message); + if (!MANAGER_IS_SYSTEM(m)) + return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, + "Root switching is only supported by system manager."); + r = verify_run_space_permissive("root switching may fail", error); if (r < 0) return r; @@ -1813,10 +1817,6 @@ static int method_switch_root(sd_bus_message *message, void *userdata, sd_bus_er if (r < 0) return r; - if (!MANAGER_IS_SYSTEM(m)) - return sd_bus_error_set(error, SD_BUS_ERROR_NOT_SUPPORTED, - "Root switching is only supported by system manager."); - r = sd_bus_message_read(message, "ss", &root, &init); if (r < 0) return r;