From d4effe8f47478f67a83e8db3d32f7b5b979248ec Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 27 Jul 2017 13:13:43 -0700 Subject: [PATCH] dbus: don't register if not active Follow-up tweak to #894. Make the client smarter so we only register when we know we can. We could be more sophisticated here and e.g. introduce the concept of "read-only" clients in the daemon to only allow access to non-mutating methods, though let's delay that discussion at least until the daemon learns to auto-exit. Closes: #898 Closes: #900 Approved by: cgwalters --- src/app/rpmostree-dbus-helpers.c | 29 ++++++++++++++++++++++++----- tests/vmcheck/test-basic.sh | 6 +++++- 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/src/app/rpmostree-dbus-helpers.c b/src/app/rpmostree-dbus-helpers.c index 3d20699b..4eed48e7 100644 --- a/src/app/rpmostree-dbus-helpers.c +++ b/src/app/rpmostree-dbus-helpers.c @@ -25,6 +25,7 @@ #include #include "glib-unix.h" #include +#include void rpmostree_cleanup_peer (GPid *peer_pid) @@ -161,11 +162,29 @@ rpmostree_load_sysroot (gchar *sysroot, if (sysroot_proxy == NULL) return FALSE; - /* this tells the daemon not to auto-exit as long as we are alive */ - if (!rpmostree_sysroot_call_register_client_sync (sysroot_proxy, - g_variant_builder_end (options_builder), - cancellable, error)) - return FALSE; + /* Try to register if we can; it doesn't matter much now since the daemon doesn't + * auto-exit, though that might change in the future. But only register if we're active or + * root; the daemon won't allow it otherwise. */ + uid_t uid = getuid (); + gboolean should_register; + if (uid == 0) + should_register = TRUE; + else + { + g_autofree char *state = NULL; + if (sd_uid_get_state (uid, &state) >= 0) + should_register = (g_strcmp0 (state, "active") == 0); + else + should_register = FALSE; + } + + if (should_register) + { + if (!rpmostree_sysroot_call_register_client_sync (sysroot_proxy, + g_variant_builder_end (options_builder), + cancellable, error)) + return FALSE; + } *out_sysroot_proxy = g_steal_pointer (&sysroot_proxy); *out_peer_pid = peer_pid; peer_pid = 0; diff --git a/tests/vmcheck/test-basic.sh b/tests/vmcheck/test-basic.sh index c9e8a4aa..d4a71b22 100755 --- a/tests/vmcheck/test-basic.sh +++ b/tests/vmcheck/test-basic.sh @@ -50,8 +50,12 @@ if vm_cmd_as testuser rpm-ostree pkg-add foo &> err.txt; then assert_not_reached "Was able to install a package as non-root!" fi assert_file_has_content err.txt 'PkgChange not allowed for user' -echo "ok layering requires root" +echo "ok layering requires root or auth" # Assert that we can do status as non-root vm_cmd_as testuser rpm-ostree status echo "ok status doesn't require root" + +# Also check that we can do status as non-root non-active +vm_cmd runuser -u bin rpm-ostree status +echo "ok status doesn't require active PAM session"