diff options
author | Alexander Larsson <alexl@redhat.com> | 2016-05-17 13:06:59 +0200 |
---|---|---|
committer | Alexander Larsson <alexl@redhat.com> | 2016-05-17 13:06:59 +0200 |
commit | b697a78dd3a39052b5497c7d9e19ef75421f9064 (patch) | |
tree | acce74de70d256e740190e6369e744bc4a045661 | |
parent | 294639ba2af53ee66baa98dbfdf058500e19ed3f (diff) | |
download | xdg-app-b697a78dd3a39052b5497c7d9e19ef75421f9064.tar.gz |
system-helper: Support running unprivileged on session bus
This is only useful for testing.
-rw-r--r-- | common/flatpak-dir.c | 3 | ||||
-rw-r--r-- | system-helper/flatpak-system-helper.c | 15 |
2 files changed, 15 insertions, 3 deletions
diff --git a/common/flatpak-dir.c b/common/flatpak-dir.c index 736a5ec..9c1b0d8 100644 --- a/common/flatpak-dir.c +++ b/common/flatpak-dir.c @@ -237,12 +237,13 @@ flatpak_dir_get_system_helper (FlatpakDir *self) if (g_once_init_enter (&self->system_helper)) { FlatpakSystemHelper *system_helper; + const char *on_session = g_getenv ("FLATPAK_SYSTEM_HELPER_ON_SESSION"); /* To ensure reverse mapping */ flatpak_error_quark (); system_helper = - flatpak_system_helper_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + flatpak_system_helper_proxy_new_for_bus_sync (on_session != NULL ? G_BUS_TYPE_SESSION : G_BUS_TYPE_SYSTEM, G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, "org.freedesktop.Flatpak.SystemHelper", diff --git a/system-helper/flatpak-system-helper.c b/system-helper/flatpak-system-helper.c index 40a7037..8b5c1aa 100644 --- a/system-helper/flatpak-system-helper.c +++ b/system-helper/flatpak-system-helper.c @@ -35,6 +35,7 @@ static FlatpakSystemHelper *helper = NULL; static GMainLoop *main_loop = NULL; static guint name_owner_id = 0; +static gboolean on_session_bus = FALSE; static gboolean no_idle_exit = FALSE; #define IDLE_TIMEOUT_SECS 10*60 @@ -447,7 +448,16 @@ flatpak_authorize_method_handler (GDBusInterfaceSkeleton *interface, sender = g_dbus_method_invocation_get_sender (invocation); subject = polkit_system_bus_name_new (sender); - if (g_strcmp0 (method_name, "Deploy") == 0) + if (on_session_bus) + { + /* This is test code, make sure it never runs with privileges */ + g_assert (geteuid () != 0); + g_assert (getuid () != 0); + g_assert (getegid () != 0); + g_assert (getgid () != 0); + authorized = TRUE; + } + else if (g_strcmp0 (method_name, "Deploy") == 0) { const char *ref, *origin; guint32 flags; @@ -682,6 +692,7 @@ main (int argc, const GOptionEntry options[] = { { "replace", 'r', 0, G_OPTION_ARG_NONE, &replace, "Replace old daemon.", NULL }, { "verbose", 'v', 0, G_OPTION_ARG_NONE, &verbose, "Enable debug output.", NULL }, + { "session", 0, 0, G_OPTION_ARG_NONE, &on_session_bus, "Run in session, not system scope (for tests).", NULL }, { "no-idle-exit", 0, 0, G_OPTION_ARG_NONE, &no_idle_exit, "Don't exit when idle.", NULL }, { "version", 0, 0, G_OPTION_ARG_NONE, &show_version, "Show program version.", NULL}, { NULL } @@ -755,7 +766,7 @@ main (int argc, if (replace) flags |= G_BUS_NAME_OWNER_FLAGS_REPLACE; - name_owner_id = g_bus_own_name (G_BUS_TYPE_SYSTEM, + name_owner_id = g_bus_own_name (on_session_bus ? G_BUS_TYPE_SESSION : G_BUS_TYPE_SYSTEM, "org.freedesktop.Flatpak.SystemHelper", flags, on_bus_acquired, |