https://bugzilla.suse.com/show_bug.cgi?id=1225317
https://bugzilla.suse.com/show_bug.cgi?id=1225317#c3
--- Comment #3 from Wolfgang Frisch ---
I went through the new D-Bus and Varlink methods, their respective
authorization policies, the Polkit check implementations, and had a
*cursory* look at the actual method implementations.
D-Bus methods:
- org.freedesktop.import1.cancel
- Implemented in: src/import/importd.c
- org.freedesktop.home1.activate-home
- Implemented in: src/home/homed-home-bus.c
- Explained in commit 336b1f1936ffbc62fa2cb189d8f86fbd982dcf15
Varlink [1] methods:
- io.systemd.credentials.encrypt
io.systemd.credentials.decrypt
- Implemented in: src/creds/creds.c
- io.systemd.mount-file-system.mount-image
io.systemd.mount-file-system.mount-image-privately
io.systemd.mount-file-system.mount-untrusted-image
io.systemd.mount-file-system.mount-untrusted-image-privately
- Implemented in: src/mountfsd/mountwork.c
- org.freedesktop.network1.set-persistent-storage
- Implemented in: src/network/networkd-manager-varlink.c
- Specifies whether persistent storage for systemd-networkd is
available
Regarding the image mounting functions, the terminology was a bit
unclear to me at first. Trusted vs untrusted refers to the location of
the image, i.e. there's a set of trusted directories, defined in
`src/shared/discover-image.c`.
Likewise, the presence/absence of the "-privately" suffix refers to the
namespace the image is mounted in. "mount-*image" mounts into the host
ns and "mount-*image-privately" mounts into a private user ns. The
latter functions have a more relaxed authorization policy.
All in all I see no obvious problem with any of this and we can
whitelist it.
[1] https://lwn.net/Articles/742675/
--
You are receiving this mail because:
You are on the CC list for the bug.