On Sun, Mar 09, 2014 at 08:00:22PM -0300, Gerardo Exequiel Pozzi wrote:
> Hello
>
> To do tests I made a new Arch Linux (x86_64) base installation running
> in qemu/kvm with systemd-210-3 and polkit-0.112-1 to discard any weird
> thing on my system.
>
> I can reboot/poweroff/suspend/hibernate the system with a normal user
> logged from a local VT or remote SSH does not care. I can not disable
> this even with a set of polkit rules.
> I am sure that this works fine before (maybe systemd-204 age?)
Yes! I did notice that, normally it should return 'challenge' ?!
I was working on a fix for hostnamed and then noticed logind. Currently
I'm not sure if it is the correct fix! some methodes are accessible...
> The weird thing here, is that If I ask to login1 about "Can*" methods it
> returns 'no'. Also system can be rebooted or poweroff if other users are
> logged on the system (i.e root on tty1).
I confirm this, I'm attaching a patch that will just disable this, but
I'm not sure about the inhibitor logic here did not have time to test
it.
--
Djalal Harouni
http://opendz.org
From: Djalal Harouni <tix...@opendz.org>
Subject: [PATCH] logind: remove the SD_BUS_VTABLE_UNPRIVILEGED flag from
sensitive methods
This patch removes the SD_BUS_VTABLE_UNPRIVILEGED flag. The flag was
preventing check_access() from doing the capability check.
---
src/login/logind-dbus.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index c9c58f3..31a09df 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1887,14 +1887,14 @@ const sd_bus_vtable manager_vtable[] = {
SD_BUS_METHOD("TerminateSession", "s", NULL, method_terminate_session,
SD_BUS_VTABLE_CAPABILITY(CAP_KILL)),
SD_BUS_METHOD("TerminateUser", "u", NULL, method_terminate_user,
SD_BUS_VTABLE_CAPABILITY(CAP_KILL)),
SD_BUS_METHOD("TerminateSeat", "s", NULL, method_terminate_seat,
SD_BUS_VTABLE_CAPABILITY(CAP_KILL)),
- SD_BUS_METHOD("SetUserLinger", "ubb", NULL, method_set_user_linger,
SD_BUS_VTABLE_UNPRIVILEGED),
- SD_BUS_METHOD("AttachDevice", "ssb", NULL, method_attach_device,
SD_BUS_VTABLE_UNPRIVILEGED),
- SD_BUS_METHOD("FlushDevices", "b", NULL, method_flush_devices,
SD_BUS_VTABLE_UNPRIVILEGED),
- SD_BUS_METHOD("PowerOff", "b", NULL, method_poweroff,
SD_BUS_VTABLE_UNPRIVILEGED),
- SD_BUS_METHOD("Reboot", "b", NULL, method_reboot,
SD_BUS_VTABLE_UNPRIVILEGED),
- SD_BUS_METHOD("Suspend", "b", NULL, method_suspend,
SD_BUS_VTABLE_UNPRIVILEGED),
- SD_BUS_METHOD("Hibernate", "b", NULL, method_hibernate,
SD_BUS_VTABLE_UNPRIVILEGED),
- SD_BUS_METHOD("HybridSleep", "b", NULL, method_hybrid_sleep,
SD_BUS_VTABLE_UNPRIVILEGED),
+ SD_BUS_METHOD("SetUserLinger", "ubb", NULL, method_set_user_linger, 0),
+ SD_BUS_METHOD("AttachDevice", "ssb", NULL, method_attach_device, 0),
+ SD_BUS_METHOD("FlushDevices", "b", NULL, method_flush_devices, 0),
+ SD_BUS_METHOD("PowerOff", "b", NULL, method_poweroff, 0),
+ SD_BUS_METHOD("Reboot", "b", NULL, method_reboot, 0),
+ SD_BUS_METHOD("Suspend", "b", NULL, method_suspend, 0),
+ SD_BUS_METHOD("Hibernate", "b", NULL, method_hibernate, 0),
+ SD_BUS_METHOD("HybridSleep", "b", NULL, method_hybrid_sleep, 0),
SD_BUS_METHOD("CanPowerOff", NULL, "s", method_can_poweroff,
SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("CanReboot", NULL, "s", method_can_reboot,
SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("CanSuspend", NULL, "s", method_can_suspend,
SD_BUS_VTABLE_UNPRIVILEGED),
--
1.8.5.3
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
