picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src/core/bus-errors.h
Daniel J Walsh e2417e4143 selinux: add bus service access control 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This patch adds the ability to look at the calling process that is trying to
do dbus calls into systemd, then it checks with the SELinux policy to see if
the calling process is allowed to do the activity.

The basic idea is we want to allow NetworkManager_t to be able to start and
stop ntpd.service, but not necessarly mysqld.service.

Similarly we want to allow a root admin webadm_t that can only manage the
apache environment.  systemctl enable httpd.service, systemctl disable
iptables.service bad.

To make this code cleaner, we really need to refactor the dbus-manager.c code.
 This has just become a huge if-then-else blob, which makes doing the correct
check difficult.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBJBi8ACgkQrlYvE4MpobOzTwCdEUikbvRWUCwOb83KlVF0Nuy5
lRAAnjZZNuc19Z+aNxm3k3nwD4p/JYco
=yops
-----END PGP SIGNATURE-----
2012-09-18 01:21:17 +02:00

57 lines
2.5 KiB
C
Raw Blame History

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
#pragma once
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <string.h>
#include <dbus/dbus.h>
#define BUS_ERROR_NO_SUCH_UNIT "org.freedesktop.systemd1.NoSuchUnit"
#define BUS_ERROR_NO_SUCH_JOB "org.freedesktop.systemd1.NoSuchJob"
#define BUS_ERROR_NOT_SUBSCRIBED "org.freedesktop.systemd1.NotSubscribed"
#define BUS_ERROR_INVALID_PATH "org.freedesktop.systemd1.InvalidPath"
#define BUS_ERROR_INVALID_NAME "org.freedesktop.systemd1.InvalidName"
#define BUS_ERROR_UNIT_TYPE_MISMATCH "org.freedesktop.systemd1.UnitTypeMismatch"
#define BUS_ERROR_UNIT_EXISTS "org.freedesktop.systemd1.UnitExists"
#define BUS_ERROR_NOT_SUPPORTED "org.freedesktop.systemd1.NotSupported"
#define BUS_ERROR_INVALID_JOB_MODE "org.freedesktop.systemd1.InvalidJobMode"
#define BUS_ERROR_ONLY_BY_DEPENDENCY "org.freedesktop.systemd1.OnlyByDependency"
#define BUS_ERROR_NO_ISOLATION "org.freedesktop.systemd1.NoIsolation"
#define BUS_ERROR_LOAD_FAILED "org.freedesktop.systemd1.LoadFailed"
#define BUS_ERROR_MASKED "org.freedesktop.systemd1.Masked"
#define BUS_ERROR_JOB_TYPE_NOT_APPLICABLE "org.freedesktop.systemd1.JobTypeNotApplicable"
#define BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE "org.freedesktop.systemd1.TransactionIsDestructive"
#define BUS_ERROR_TRANSACTION_JOBS_CONFLICTING "org.freedesktop.systemd1.TransactionJobsConflicting"
#define BUS_ERROR_TRANSACTION_ORDER_IS_CYCLIC "org.freedesktop.systemd1.TransactionOrderIsCyclic"
#define BUS_ERROR_SHUTTING_DOWN "org.freedesktop.systemd1.ShuttingDown"
#define BUS_ERROR_NO_SUCH_PROCESS "org.freedesktop.systemd1.NoSuchProcess"
#define BUS_ERROR_ACCESS_DENIED "org.freedesktop.systemd1.AccessDenied"
static inline const char *bus_error(const DBusError *e, int r) {
if (e && e->message)
return e->message;
if (r >= 0)
return strerror(r);
return strerror(-r);
}
Reference in a new issue View git blame Copy permalink