From: Simon McVittie <smcv@collabora.com>
Date: Fri, 9 Jun 2017 12:43:25 +0000 (+0100)
Subject: bus/driver: Add a flag for methods that can't be invoked by containers
X-Git-Tag: dbus-1.13.0~57^2~16
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=85c428d937e330c15132ef1899af72d33f60f369;p=thirdparty%2Fdbus.git

bus/driver: Add a flag for methods that can't be invoked by containers

We can relax AddServer() from PRIVILEGED to NOT_CONTAINERS when we've
put resource limits in place, although for now it must remain
PRIVILEGED because it uses up resources.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
---

diff --git a/bus/driver.c b/bus/driver.c
index 104a0b6f2..e943ea0e7 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -2397,9 +2397,15 @@ typedef enum
 
   /* If set, callers must be privileged. On Unix, the uid of the connection
    * must either be the uid of this process, or 0 (root). On Windows,
-   * the SID of the connection must be the SID of this process. */
+   * the SID of the connection must be the SID of this process.
+   *
+   * This flag effectively implies METHOD_FLAG_NO_CONTAINERS, because
+   * containers are never privileged. */
   METHOD_FLAG_PRIVILEGED = (1 << 1),
 
+  /* If set, callers must not be associated with a container instance. */
+  METHOD_FLAG_NO_CONTAINERS = (1 << 2),
+
   METHOD_FLAG_NONE = 0
 } MethodFlags;
 
@@ -2965,12 +2971,25 @@ bus_driver_handle_message (DBusConnection *connection,
 
           _dbus_verbose ("Found driver handler for %s\n", name);
 
-          if ((mh->flags & METHOD_FLAG_PRIVILEGED) &&
-              !bus_driver_check_caller_is_privileged (connection, transaction,
-                                                      message, error))
+          if (mh->flags & METHOD_FLAG_PRIVILEGED)
             {
-              _DBUS_ASSERT_ERROR_IS_SET (error);
-              return FALSE;
+              if (!bus_driver_check_caller_is_privileged (connection,
+                                                          transaction, message,
+                                                          error))
+                {
+                  _DBUS_ASSERT_ERROR_IS_SET (error);
+                  return FALSE;
+                }
+            }
+          else if (mh->flags & METHOD_FLAG_NO_CONTAINERS)
+            {
+              if (!bus_driver_check_caller_is_not_container (connection,
+                                                             transaction,
+                                                             message, error))
+                {
+                  _DBUS_ASSERT_ERROR_IS_SET (error);
+                  return FALSE;
+                }
             }
 
           if (!(is_canonical_path || (mh->flags & METHOD_FLAG_ANY_PATH)))