diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-11-26 18:59:31 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-11-26 18:59:31 +0100 |
commit | cf226cfc24fec9d47a0c822188737656150356bb (patch) | |
tree | 88fb27aaf946d4ac82962d72b6c3a7cb8fdca883 | |
parent | 8fd00193803fd20bed163832ec4d0d5ba2958b87 (diff) | |
download | systemd-cf226cfc24fec9d47a0c822188737656150356bb.tar.gz systemd-cf226cfc24fec9d47a0c822188737656150356bb.tar.bz2 systemd-cf226cfc24fec9d47a0c822188737656150356bb.zip |
sd-bus: make sure that when we connect to the system bus we have enough creds to make security decisions
-rw-r--r-- | src/libsystemd/sd-bus/sd-bus.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c index 6b01c0cab5..ea056d8119 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -1096,7 +1096,8 @@ _public_ int sd_bus_open(sd_bus **ret) { /* We don't know whether the bus is trusted or not, so better * be safe, and authenticate everything */ b->trusted = false; - b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS | KDBUS_ATTACH_PIDS; + b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS; + b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS; r = sd_bus_start(b); if (r < 0) @@ -1142,6 +1143,7 @@ _public_ int sd_bus_open_system(sd_bus **ret) { * need the caller's UID and capability set for that. */ b->trusted = false; b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS; + b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS; r = sd_bus_start(b); if (r < 0) |