diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-14 14:28:05 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-15 08:17:01 +0100 |
| commit | 7edd8fb198f3e8a95677df8a8f5016ed40dcff54 (patch) | |
| tree | 7cd54a978febc32c41d177026c653ee084cde1f1 /src/shared/bus-util.c | |
| parent | seccomp: more comprehensive protection against libseccomp's __NR_xyz namespac... (diff) | |
| download | systemd-7edd8fb198f3e8a95677df8a8f5016ed40dcff54.tar.xz systemd-7edd8fb198f3e8a95677df8a8f5016ed40dcff54.zip | |
core: do not propagate polkit error to caller
If we fail to start polkit, we get a message like
"org.freedesktop.DBus.Error.NameHasNoOwner: Could not activate remote peer.",
which has no meaning for the caller of our StartUnit method. Let's just
return -EACCES.
$ systemctl start apache
Failed to start apache.service: Could not activate remote peer. (before)
Failed to start apache.service: Access denied (after)
Fixes #13865.
Diffstat (limited to 'src/shared/bus-util.c')
| -rw-r--r-- | src/shared/bus-util.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c index 5fbc55770e..aea46d3119 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -411,7 +411,8 @@ int bus_verify_polkit_async( e = sd_bus_message_get_error(q->reply); /* Treat no PK available as access denied */ - if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) + if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN) || + sd_bus_error_has_name(e, SD_BUS_ERROR_NAME_HAS_NO_OWNER)) return -EACCES; /* Copy error from polkit reply */ @@ -422,7 +423,6 @@ int bus_verify_polkit_async( r = sd_bus_message_enter_container(q->reply, 'r', "bba{ss}"); if (r >= 0) r = sd_bus_message_read(q->reply, "bb", &authorized, &challenge); - if (r < 0) return r; |