[systemd-devel] [PATCH] dbus-manager: don't allow enabling if unit is masked
Lennart Poettering
lennart at poettering.net
Mon Oct 6 08:44:54 PDT 2014
On Mon, 06.10.14 13:21, Jan Synacek (jsynacek at redhat.com) wrote:
Hmm with this change in place we'd have different behaviour for the
cases where systemctl executes the operation client-side, and when it
goes via the bus. We really should keep those differences in behaviour
to a minimum.
I figure the verification for this really needs to be moved a few
levels down, somewhere into unit_file_enable() and friends, so that
all code paths behave the same.
> https://bugzilla.redhat.com/show_bug.cgi?id=1149069
> ---
> src/core/dbus-manager.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
> index 533ce43..c2d52b2 100644
> --- a/src/core/dbus-manager.c
> +++ b/src/core/dbus-manager.c
> @@ -1588,18 +1588,23 @@ static int method_enable_unit_files_generic(
> if (r < 0)
> return r;
>
> -#ifdef HAVE_SELINUX
> STRV_FOREACH(i, l) {
> Unit *u;
>
> u = manager_get_unit(m, *i);
> if (u) {
> +#ifdef HAVE_SELINUX
> r = selinux_unit_access_check(u, message, verb, error);
> if (r < 0)
> return r;
> +#endif
> + if (u->load_state == UNIT_MASKED) {
> + sd_bus_error_setf(error, BUS_ERROR_UNIT_MASKED,
> + "Unit %s is masked.", u->id);
> + return -EADDRNOTAVAIL;
> + }
> }
> }
> -#endif
>
> scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
>
> --
> 1.9.3
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list