[colord] [PATCH 2/2] Ensure colord-sane can create devices and profiles.

christopher.halse.rogers at canonical.com christopher.halse.rogers at canonical.com
Tue Mar 27 23:09:05 PDT 2012

From: Christopher James Halse Rogers <christopher.halse.rogers at canonical.com>

When colord-sane is running as @daemon_user@ it cannot gain the authorisation
necessary for it to add or remove the devices and profiles it should.

Extend the existing uid 0 check to also authorise clients running as @daemon_user at .

I'm less sure about this one.  colord will either be running as root (in which case
this check is already covered above) or will be running as a specified system-user,
in which case nothing non-colord-related should be running as that user, so it should
at least be safe.

This could also be accomplished by shipping a pkla file.  This doesn't seem to be a
common solution used by anything I've got installed, though.

 src/cd-common.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/src/cd-common.c b/src/cd-common.c
index 19f0e41..5bff7f2 100644
--- a/src/cd-common.c
+++ b/src/cd-common.c
@@ -134,6 +134,14 @@ cd_main_sender_authenticated (GDBusMethodInvocation *invocation,
 		goto out;
+	/* a client running as the daemon user may also do all actions */
+	if (uid = getuid ()) {
+		g_debug ("CdCommon: not checking %s for %s as running as daemon user",
+			 action_id, sender);
+		ret = TRUE;
+		goto out;
+	}
 #ifdef USE_POLKIT
 	/* get authority */
 	authority = polkit_authority_get_sync (NULL, &error);

More information about the colord mailing list