project-lakitu/sys-apps/systemd/files/225-allow-networkd-to-hostnamed.patch - cos/overlays/board-overlays - Git at Google

 commit e58597b091dc48ef81ecd361e6f0f9ae3561a44c
 Author: Amey Deshpande <ameyd@google.com>
 Date:   Wed Feb 17 12:08:40 2016 -0800

     hostnamed: allow systemd-network user to call SetHostname

     systemd-networkd runs as a non-root user and does not have CAP_SYS_ADMIN.
     systemd-hostnamed requires that for SetHostname method, either the
     caller should have CAP_SYS_ADMIN or a PolKit rule should whitelist the
     caller uid.

     Lakitu doesn't ship with PolKit.  This patch tweaks systemd-hostnamed to
     whitelist the well-known user of systemd-networkd to call SetHostname
     method.  All other Set methods remain unchanged.

 diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
 index a78516c..1a12509 100644
 --- a/src/hostname/hostnamed.c
 +++ b/src/hostname/hostnamed.c
 @@ -41,6 +41,8 @@

  #define VALID_DEPLOYMENT_CHARS (DIGITS LETTERS "-.:")

 +#define ALLOW_NETWORKD_TO_SET_HOSTNAME 1
 +
  /* Properties we cache are indexed by an enum, to make invalidation easy and systematic (as we can iterate
   * through them all, and they are uniformly strings). */
  enum {
 @@ -737,6 +739,19 @@ static int property_get_uname_field(
          return sd_bus_message_append(reply, "s", (char*) &u + PTR_TO_SIZE(userdata));
  }

 +static uid_t get_good_user_uid(void) {
 +#ifdef ALLOW_NETWORKD_TO_SET_HOSTNAME
 +        const char *username = "systemd-network";
 +        uid_t uid;
 +        if (get_user_creds(&username, &uid, NULL, NULL, NULL, NULL)) {
 +                return UID_INVALID;
 +        }
 +        return uid;
 +#else
 +        return UID_INVALID;
 +#endif
 +}
 +
  static int method_set_hostname(sd_bus_message *m, void *userdata, sd_bus_error *error) {
          Context *c = userdata;
          const char *name;
 @@ -765,7 +780,7 @@ static int method_set_hostname(sd_bus_message *m, void *userdata, sd_bus_error *
                          "org.freedesktop.hostname1.set-hostname",
                          NULL,
                          interactive,
 -                        UID_INVALID,
 +                        get_good_user_uid(),
                          &c->polkit_registry,
                          error);
          if (r < 0)
	commit e58597b091dc48ef81ecd361e6f0f9ae3561a44c
	Author: Amey Deshpande <ameyd@google.com>
	Date: Wed Feb 17 12:08:40 2016 -0800

	hostnamed: allow systemd-network user to call SetHostname

	systemd-networkd runs as a non-root user and does not have CAP_SYS_ADMIN.
	systemd-hostnamed requires that for SetHostname method, either the
	caller should have CAP_SYS_ADMIN or a PolKit rule should whitelist the
	caller uid.

	Lakitu doesn't ship with PolKit. This patch tweaks systemd-hostnamed to
	whitelist the well-known user of systemd-networkd to call SetHostname
	method. All other Set methods remain unchanged.

	diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
	index a78516c..1a12509 100644
	--- a/src/hostname/hostnamed.c
	+++ b/src/hostname/hostnamed.c
	@@ -41,6 +41,8 @@

	#define VALID_DEPLOYMENT_CHARS (DIGITS LETTERS "-.:")

	+#define ALLOW_NETWORKD_TO_SET_HOSTNAME 1
	+
	/* Properties we cache are indexed by an enum, to make invalidation easy and systematic (as we can iterate
	* through them all, and they are uniformly strings). */
	enum {
	@@ -737,6 +739,19 @@ static int property_get_uname_field(
	return sd_bus_message_append(reply, "s", (char*) &u + PTR_TO_SIZE(userdata));
	}

	+static uid_t get_good_user_uid(void) {
	+#ifdef ALLOW_NETWORKD_TO_SET_HOSTNAME
	+ const char *username = "systemd-network";
	+ uid_t uid;
	+ if (get_user_creds(&username, &uid, NULL, NULL, NULL, NULL)) {
	+ return UID_INVALID;
	+ }
	+ return uid;
	+#else
	+ return UID_INVALID;
	+#endif
	+}
	+
	static int method_set_hostname(sd_bus_message m, void userdata, sd_bus_error *error) {
	Context *c = userdata;
	const char *name;
	@@ -765,7 +780,7 @@ static int method_set_hostname(sd_bus_message m, void userdata, sd_bus_error *
	"org.freedesktop.hostname1.set-hostname",
	NULL,
	interactive,
	- UID_INVALID,
	+ get_good_user_uid(),
	&c->polkit_registry,
	error);
	if (r < 0)