From 4a511fa0119c68a8808f5977b1edf303a0c480f9 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 13 Jan 2017 14:23:33 -0500 Subject: [PATCH] app: Check for root privileges where required early Rather than sending a dbus message that gets denied, which is ugly. Closes: #565 Closes: #570 Approved by: jlebon --- src/app/main.c | 8 ++++++++ src/app/rpmostree-builtin-deploy.c | 2 +- src/app/rpmostree-builtin-rollback.c | 2 +- src/app/rpmostree-builtin-upgrade.c | 2 +- src/app/rpmostree-builtins.h | 3 ++- src/app/rpmostree-compose-builtin-tree.c | 9 +-------- src/app/rpmostree-pkg-builtins.c | 4 ++-- tests/vmcheck/test-layering-basic.sh | 6 ++++++ 8 files changed, 22 insertions(+), 14 deletions(-) diff --git a/src/app/main.c b/src/app/main.c index cf77fc46..d32cd835 100644 --- a/src/app/main.c +++ b/src/app/main.c @@ -125,6 +125,14 @@ rpmostree_option_context_parse (GOptionContext *context, use_daemon = ((flags & RPM_OSTREE_BUILTIN_FLAG_LOCAL_CMD) == 0); + if ((flags & RPM_OSTREE_BUILTIN_FLAG_REQUIRES_ROOT) > 0 + && getuid () != 0) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, + "This command requires root privileges"); + goto out; + } + if (main_entries != NULL) g_option_context_add_main_entries (context, main_entries, NULL); diff --git a/src/app/rpmostree-builtin-deploy.c b/src/app/rpmostree-builtin-deploy.c index 62a0f2a5..ea86ded3 100644 --- a/src/app/rpmostree-builtin-deploy.c +++ b/src/app/rpmostree-builtin-deploy.c @@ -81,7 +81,7 @@ rpmostree_builtin_deploy (int argc, if (!rpmostree_option_context_parse (context, option_entries, &argc, &argv, - RPM_OSTREE_BUILTIN_FLAG_NONE, + RPM_OSTREE_BUILTIN_FLAG_REQUIRES_ROOT, cancellable, &sysroot_proxy, error)) diff --git a/src/app/rpmostree-builtin-rollback.c b/src/app/rpmostree-builtin-rollback.c index 6bbb5afa..1048e7b7 100644 --- a/src/app/rpmostree-builtin-rollback.c +++ b/src/app/rpmostree-builtin-rollback.c @@ -63,7 +63,7 @@ rpmostree_builtin_rollback (int argc, if (!rpmostree_option_context_parse (context, option_entries, &argc, &argv, - RPM_OSTREE_BUILTIN_FLAG_NONE, + RPM_OSTREE_BUILTIN_FLAG_REQUIRES_ROOT, cancellable, &sysroot_proxy, error)) diff --git a/src/app/rpmostree-builtin-upgrade.c b/src/app/rpmostree-builtin-upgrade.c index 3944c34c..3d95f95f 100644 --- a/src/app/rpmostree-builtin-upgrade.c +++ b/src/app/rpmostree-builtin-upgrade.c @@ -79,7 +79,7 @@ rpmostree_builtin_upgrade (int argc, if (!rpmostree_option_context_parse (context, option_entries, &argc, &argv, - RPM_OSTREE_BUILTIN_FLAG_NONE, + RPM_OSTREE_BUILTIN_FLAG_REQUIRES_ROOT, cancellable, &sysroot_proxy, error)) diff --git a/src/app/rpmostree-builtins.h b/src/app/rpmostree-builtins.h index 7560a0c4..49cd3fcc 100644 --- a/src/app/rpmostree-builtins.h +++ b/src/app/rpmostree-builtins.h @@ -31,7 +31,8 @@ G_BEGIN_DECLS typedef enum { RPM_OSTREE_BUILTIN_FLAG_NONE = 0, - RPM_OSTREE_BUILTIN_FLAG_LOCAL_CMD = 1 << 0 + RPM_OSTREE_BUILTIN_FLAG_LOCAL_CMD = 1 << 0, + RPM_OSTREE_BUILTIN_FLAG_REQUIRES_ROOT = 1 << 1, } RpmOstreeBuiltinFlags; typedef struct { diff --git a/src/app/rpmostree-compose-builtin-tree.c b/src/app/rpmostree-compose-builtin-tree.c index deb44c63..5b2cbc47 100644 --- a/src/app/rpmostree-compose-builtin-tree.c +++ b/src/app/rpmostree-compose-builtin-tree.c @@ -626,7 +626,7 @@ rpmostree_compose_builtin_tree (int argc, if (!rpmostree_option_context_parse (context, option_entries, &argc, &argv, - RPM_OSTREE_BUILTIN_FLAG_LOCAL_CMD, + RPM_OSTREE_BUILTIN_FLAG_LOCAL_CMD | RPM_OSTREE_BUILTIN_FLAG_REQUIRES_ROOT, cancellable, NULL, error)) @@ -644,13 +644,6 @@ rpmostree_compose_builtin_tree (int argc, goto out; } - if (getuid () != 0) - { - g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "compose tree must presently be run as uid 0 (root)"); - goto out; - } - /* Test whether or not bwrap is going to work - we will fail inside e.g. a Docker * container without --privileged or userns exposed. */ diff --git a/src/app/rpmostree-pkg-builtins.c b/src/app/rpmostree-pkg-builtins.c index 126b1a28..5dd996f0 100644 --- a/src/app/rpmostree-pkg-builtins.c +++ b/src/app/rpmostree-pkg-builtins.c @@ -144,7 +144,7 @@ rpmostree_builtin_pkg_add (int argc, if (!rpmostree_option_context_parse (context, option_entries, &argc, &argv, - RPM_OSTREE_BUILTIN_FLAG_NONE, + RPM_OSTREE_BUILTIN_FLAG_REQUIRES_ROOT, cancellable, &sysroot_proxy, error)) @@ -178,7 +178,7 @@ rpmostree_builtin_pkg_remove (int argc, if (!rpmostree_option_context_parse (context, option_entries, &argc, &argv, - RPM_OSTREE_BUILTIN_FLAG_NONE, + RPM_OSTREE_BUILTIN_FLAG_REQUIRES_ROOT, cancellable, &sysroot_proxy, error)) diff --git a/tests/vmcheck/test-layering-basic.sh b/tests/vmcheck/test-layering-basic.sh index ae592840..adee115c 100755 --- a/tests/vmcheck/test-layering-basic.sh +++ b/tests/vmcheck/test-layering-basic.sh @@ -34,6 +34,12 @@ vm_send_test_repo # make sure the package is not already layered vm_assert_layered_pkg foo absent +# Be sure an unprivileged user exists +vm_cmd getent passwd bin +if vm_cmd "runuser -u bin rpm-ostree pkg-add foo-1.0"; then + assert_not_reached "Was able to install a package as non-root!" +fi + vm_cmd rpm-ostree pkg-add foo-1.0 echo "ok pkg-add foo"