bus/driver: Add a flag for methods that can't be invoked by containers

We can relax AddServer() from PRIVILEGED to NOT_CONTAINERS when we've put resource limits in place, although for now it must remain PRIVILEGED because it uses up resources. Signed-off-by: Simon McVittie <smcv@collabora.com> Reviewed-by: Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354
author: Simon McVittie <smcv@collabora.com> 2017-06-09 13:43:25 +0100
committer: Simon McVittie <smcv@collabora.com> 2017-12-11 16:04:48 +0000
commit: 4be978b2bde3e8bf0118f5743867236ade6e4f41 (patch)
tree: fc872c5ecde2be364e2fb7cad0a43852c89c81be
parent: 3ab00ce0b39bd75beb062a16c4cc00c8070408c5 (diff)
1 files changed, 25 insertions, 6 deletions
diff --git a/bus/driver.c b/bus/driver.c
index 104a0b6f..e943ea0e 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -2397,9 +2397,15 @@ typedef enum
 
   /* If set, callers must be privileged. On Unix, the uid of the connection
    * must either be the uid of this process, or 0 (root). On Windows,
-   * the SID of the connection must be the SID of this process. */
+   * the SID of the connection must be the SID of this process.
+   *
+   * This flag effectively implies METHOD_FLAG_NO_CONTAINERS, because
+   * containers are never privileged. */
   METHOD_FLAG_PRIVILEGED = (1 << 1),
 
+  /* If set, callers must not be associated with a container instance. */
+  METHOD_FLAG_NO_CONTAINERS = (1 << 2),
+
   METHOD_FLAG_NONE = 0
 } MethodFlags;
 
@@ -2965,12 +2971,25 @@ bus_driver_handle_message (DBusConnection *connection,
 
           _dbus_verbose ("Found driver handler for %s\n", name);
 
-          if ((mh->flags & METHOD_FLAG_PRIVILEGED) &&
-              !bus_driver_check_caller_is_privileged (connection, transaction,
-                                                      message, error))
+          if (mh->flags & METHOD_FLAG_PRIVILEGED)
             {
-              _DBUS_ASSERT_ERROR_IS_SET (error);
-              return FALSE;
+              if (!bus_driver_check_caller_is_privileged (connection,
+                                                          transaction, message,
+                                                          error))
+                {
+                  _DBUS_ASSERT_ERROR_IS_SET (error);
+                  return FALSE;
+                }
+            }
+          else if (mh->flags & METHOD_FLAG_NO_CONTAINERS)
+            {
+              if (!bus_driver_check_caller_is_not_container (connection,
+                                                             transaction,
+                                                             message, error))
+                {
+                  _DBUS_ASSERT_ERROR_IS_SET (error);
+                  return FALSE;
+                }
             }
 
           if (!(is_canonical_path || (mh->flags & METHOD_FLAG_ANY_PATH)))
author	Simon McVittie <smcv@collabora.com>	2017-06-09 13:43:25 +0100
committer	Simon McVittie <smcv@collabora.com>	2017-12-11 16:04:48 +0000
commit	4be978b2bde3e8bf0118f5743867236ade6e4f41 (patch)
tree	fc872c5ecde2be364e2fb7cad0a43852c89c81be
parent	3ab00ce0b39bd75beb062a16c4cc00c8070408c5 (diff)