[systemd-devel] [PATCH] dbus-manager: don't allow enabling if unit is masked

Jan Synacek jsynacek at redhat.com
Mon Oct 6 23:23:32 PDT 2014 

Lennart Poettering <lennart at poettering.net> writes:
> On Mon, 06.10.14 13:21, Jan Synacek (jsynacek at redhat.com) wrote:
>
> Hmm with this change in place we'd have different behaviour for the
> cases where systemctl executes the operation client-side, and when it
> goes via the bus. We really should keep those differences in behaviour
> to a minimum.
>
> I figure the verification for this really needs to be moved a few
> levels down, somewhere into unit_file_enable() and friends, so that
> all code paths behave the same.

But that wouldn't fix a scenario where one uses just dbus to call the
method, would it? Maybe I'm missing something, but that's how I
understood the code so far. However, I agree that the fix is incomplete
and I'll try to fix that.

While I'm at it, what about disable? Should it behave in the same way,
i.e. return error when the unit is masked? My guess is that yes, but I'm
not sure.

>> https://bugzilla.redhat.com/show_bug.cgi?id=1149069
>> ---
>>  src/core/dbus-manager.c | 9 +++++++--
>>  1 file changed, 7 insertions(+), 2 deletions(-)
>> 
>> diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
>> index 533ce43..c2d52b2 100644
>> --- a/src/core/dbus-manager.c
>> +++ b/src/core/dbus-manager.c
>> @@ -1588,18 +1588,23 @@ static int method_enable_unit_files_generic(
>>          if (r < 0)
>>                  return r;
>>  
>> -#ifdef HAVE_SELINUX
>>          STRV_FOREACH(i, l) {
>>                  Unit *u;
>>  
>>                  u = manager_get_unit(m, *i);
>>                  if (u) {
>> +#ifdef HAVE_SELINUX
>>                          r = selinux_unit_access_check(u, message, verb, error);
>>                          if (r < 0)
>>                                  return r;
>> +#endif
>> +                        if (u->load_state == UNIT_MASKED) {
>> +                                sd_bus_error_setf(error, BUS_ERROR_UNIT_MASKED,
>> +                                                  "Unit %s is masked.", u->id);
>> +                                return -EADDRNOTAVAIL;
>> +                        }
>>                  }
>>          }
>> -#endif
>>  
>>          scope = m->running_as == SYSTEMD_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
>>  
>> -- 
>> 1.9.3
>> 
>> _______________________________________________
>> systemd-devel mailing list
>> systemd-devel at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> 
>
>
> Lennart
>
> -- 
> Lennart Poettering, Red Hat

-- 
Jan Synacek
Software Engineer, Red Hat

More information about the systemd-devel mailing list