diff options
author | Thomas Haller <thaller@redhat.com> | 2016-04-22 11:36:26 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2016-04-22 14:41:13 +0200 |
commit | 3d505b3f87c9cb9bfdc9b9a1fc67f57330701d03 (patch) | |
tree | 851c46b8277e82eda6be358f40089b3c12b21794 /src/nm-auth-subject.c | |
parent | 2d59e70c6f8161bf2fe08a05351a7e3d826834ff (diff) | |
download | NetworkManager-3d505b3f87c9cb9bfdc9b9a1fc67f57330701d03.tar.gz |
auth: allow failures to read process start_time from /proc/$PID/stat with hidepid
When mounting /proc with hidepid, we might fail to read the
start-time of the process from /proc/$PID/stat. In this case,
we should just accept a start-time of zero.
On the other side of authentication, polkit should accept a zero
start-time too.
nm_utils_get_start_time_for_pid() has other uses in NetworkManager,
mostly when killing a process from a PIDFILE or during
nm_utils_kill_process_sync(). In both these cases, this will only
succeed if we try to kill a process that also runs a root.
For processes started by the current instance, we don't care about the
PIDFILE and use nm_utils_kill_child_?sync() -- so there is no problem
with hidepid there.
https://bugzilla.gnome.org/show_bug.cgi?id=764502
Diffstat (limited to 'src/nm-auth-subject.c')
-rw-r--r-- | src/nm-auth-subject.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/nm-auth-subject.c b/src/nm-auth-subject.c index 494d52d3e8..86b873f0f2 100644 --- a/src/nm-auth-subject.c +++ b/src/nm-auth-subject.c @@ -360,9 +360,18 @@ constructed (GObject *object) priv->unix_process.start_time = nm_utils_get_start_time_for_pid (priv->unix_process.pid, NULL, NULL); if (!priv->unix_process.start_time) { - /* could not detect the process start time. The subject is invalid, but don't - * assert against it. */ - _clear_private (priv); + /* Is the process already gone? Then fail creation of the auth subject + * by clearing the type. */ + if (kill (priv->unix_process.pid, 0) != 0) + _clear_private (priv); + + /* Otherwise, although we didn't detect a start_time, the process is still around. + * That could be due to procfs mounted with hidepid. So just accept the request. + * + * Polkit on the other side, will accept 0 and try to lookup /proc/$PID/stat + * itself (and if it fails to do so, assume a start-time of 0 and proceed). + * The only combination that would fail here, is when NM is able to read the + * start-time, but polkit is not. */ } return; default: |