From aeab9df4fed450b2373c3b113d2b1008b33dadce Mon Sep 17 00:00:00 2001 From: Matthew Barnes Date: Sun, 22 Feb 2015 16:06:39 -0500 Subject: [PATCH] Add OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER Indicates the command requires superuser privilege. Fails early with a more helpful message than would otherwise be returned by libostree. Currently all admin commands except 'status' require superuser. --- src/ostree/ot-admin-builtin-cleanup.c | 2 +- src/ostree/ot-admin-builtin-deploy.c | 2 +- src/ostree/ot-admin-builtin-diff.c | 2 +- src/ostree/ot-admin-builtin-init-fs.c | 2 +- src/ostree/ot-admin-builtin-instutil.c | 2 +- src/ostree/ot-admin-builtin-os-init.c | 2 +- src/ostree/ot-admin-builtin-set-origin.c | 2 +- src/ostree/ot-admin-builtin-switch.c | 2 +- src/ostree/ot-admin-builtin-undeploy.c | 2 +- src/ostree/ot-admin-builtin-upgrade.c | 2 +- src/ostree/ot-admin-instutil-builtin-grub2-generate.c | 2 +- .../ot-admin-instutil-builtin-selinux-ensure-labeled.c | 2 +- src/ostree/ot-admin-instutil-builtin-set-kargs.c | 2 +- src/ostree/ot-main.c | 10 ++++++++++ src/ostree/ot-main.h | 1 + 15 files changed, 24 insertions(+), 13 deletions(-) diff --git a/src/ostree/ot-admin-builtin-cleanup.c b/src/ostree/ot-admin-builtin-cleanup.c index 8607c115..98baf861 100644 --- a/src/ostree/ot-admin-builtin-cleanup.c +++ b/src/ostree/ot-admin-builtin-cleanup.c @@ -44,7 +44,7 @@ ot_admin_builtin_cleanup (int argc, char **argv, GCancellable *cancellable, GErr context = g_option_context_new ("Delete untagged deployments and repository objects"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-builtin-deploy.c b/src/ostree/ot-admin-builtin-deploy.c index 6e6acfc5..091a7eac 100644 --- a/src/ostree/ot-admin-builtin-deploy.c +++ b/src/ostree/ot-admin-builtin-deploy.c @@ -67,7 +67,7 @@ ot_admin_builtin_deploy (int argc, char **argv, GCancellable *cancellable, GErro context = g_option_context_new ("REFSPEC - Checkout revision REFSPEC as the new default deployment"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-builtin-diff.c b/src/ostree/ot-admin-builtin-diff.c index be225d9e..ede1f6e7 100644 --- a/src/ostree/ot-admin-builtin-diff.c +++ b/src/ostree/ot-admin-builtin-diff.c @@ -56,7 +56,7 @@ ot_admin_builtin_diff (int argc, char **argv, GCancellable *cancellable, GError g_option_context_add_main_entries (context, options, NULL); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-builtin-init-fs.c b/src/ostree/ot-admin-builtin-init-fs.c index c6e76bec..d24becc1 100644 --- a/src/ostree/ot-admin-builtin-init-fs.c +++ b/src/ostree/ot-admin-builtin-init-fs.c @@ -49,7 +49,7 @@ ot_admin_builtin_init_fs (int argc, char **argv, GCancellable *cancellable, GErr context = g_option_context_new ("PATH - Initialize a root filesystem"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-builtin-instutil.c b/src/ostree/ot-admin-builtin-instutil.c index 2d404872..58bb78f9 100644 --- a/src/ostree/ot-admin-builtin-instutil.c +++ b/src/ostree/ot-admin-builtin-instutil.c @@ -117,7 +117,7 @@ ot_admin_builtin_instutil (int argc, char **argv, GCancellable *cancellable, GEr /* This will not return for some options (e.g. --version). */ if (ostree_admin_option_context_parse (context, NULL, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, NULL, cancellable, error)) { if (subcommand_name == NULL) diff --git a/src/ostree/ot-admin-builtin-os-init.c b/src/ostree/ot-admin-builtin-os-init.c index 2927fe78..b4e317c1 100644 --- a/src/ostree/ot-admin-builtin-os-init.c +++ b/src/ostree/ot-admin-builtin-os-init.c @@ -47,7 +47,7 @@ ot_admin_builtin_os_init (int argc, char **argv, GCancellable *cancellable, GErr context = g_option_context_new ("OSNAME - Initialize empty state for given operating system"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-builtin-set-origin.c b/src/ostree/ot-admin-builtin-set-origin.c index 21d8ac9c..ed2b44af 100644 --- a/src/ostree/ot-admin-builtin-set-origin.c +++ b/src/ostree/ot-admin-builtin-set-origin.c @@ -56,7 +56,7 @@ ot_admin_builtin_set_origin (int argc, char **argv, GCancellable *cancellable, G context = g_option_context_new ("REMOTENAME URL [BRANCH]"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-builtin-switch.c b/src/ostree/ot-admin-builtin-switch.c index 7cfaebf9..ab6334f1 100644 --- a/src/ostree/ot-admin-builtin-switch.c +++ b/src/ostree/ot-admin-builtin-switch.c @@ -69,7 +69,7 @@ ot_admin_builtin_switch (int argc, char **argv, GCancellable *cancellable, GErro context = g_option_context_new ("REF - Construct new tree from current origin and deploy it, if it changed"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-builtin-undeploy.c b/src/ostree/ot-admin-builtin-undeploy.c index be864b13..3390ee9c 100644 --- a/src/ostree/ot-admin-builtin-undeploy.c +++ b/src/ostree/ot-admin-builtin-undeploy.c @@ -47,7 +47,7 @@ ot_admin_builtin_undeploy (int argc, char **argv, GCancellable *cancellable, GEr context = g_option_context_new ("INDEX - Delete deployment INDEX"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-builtin-upgrade.c b/src/ostree/ot-admin-builtin-upgrade.c index a1e4aa34..25308aaf 100644 --- a/src/ostree/ot-admin-builtin-upgrade.c +++ b/src/ostree/ot-admin-builtin-upgrade.c @@ -68,7 +68,7 @@ ot_admin_builtin_upgrade (int argc, char **argv, GCancellable *cancellable, GErr context = g_option_context_new ("Construct new tree from current origin and deploy it, if it changed"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-instutil-builtin-grub2-generate.c b/src/ostree/ot-admin-instutil-builtin-grub2-generate.c index 3af1f34e..1903a447 100644 --- a/src/ostree/ot-admin-instutil-builtin-grub2-generate.c +++ b/src/ostree/ot-admin-instutil-builtin-grub2-generate.c @@ -48,7 +48,7 @@ ot_admin_instutil_builtin_grub2_generate (int argc, char **argv, GCancellable *c context = g_option_context_new ("[BOOTVERSION] - generate GRUB2 configuration from given BLS entries"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-instutil-builtin-selinux-ensure-labeled.c b/src/ostree/ot-admin-instutil-builtin-selinux-ensure-labeled.c index 130cf3bc..bc20799a 100644 --- a/src/ostree/ot-admin-instutil-builtin-selinux-ensure-labeled.c +++ b/src/ostree/ot-admin-instutil-builtin-selinux-ensure-labeled.c @@ -195,7 +195,7 @@ ot_admin_instutil_builtin_selinux_ensure_labeled (int argc, char **argv, GCancel context = g_option_context_new ("[SUBPATH PREFIX] - relabel all or part of a deployment"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-admin-instutil-builtin-set-kargs.c b/src/ostree/ot-admin-instutil-builtin-set-kargs.c index 9bbad88b..9150a26f 100644 --- a/src/ostree/ot-admin-instutil-builtin-set-kargs.c +++ b/src/ostree/ot-admin-instutil-builtin-set-kargs.c @@ -57,7 +57,7 @@ ot_admin_instutil_builtin_set_kargs (int argc, char **argv, GCancellable *cancel context = g_option_context_new ("ARGS - set new kernel command line arguments"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER, &sysroot, cancellable, error)) goto out; diff --git a/src/ostree/ot-main.c b/src/ostree/ot-main.c index b1ad20e0..10ff748e 100644 --- a/src/ostree/ot-main.c +++ b/src/ostree/ot-main.c @@ -325,6 +325,16 @@ ostree_admin_option_context_parse (GOptionContext *context, if (!ostree_option_context_parse (context, main_entries, argc, argv, OSTREE_BUILTIN_FLAG_NO_REPO, NULL, cancellable, error)) goto out; + if (flags & OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER) + { + if (getuid () != 0) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED, + "You must be root to perform this command"); + goto out; + } + } + sysroot_path = g_file_new_for_path (opt_sysroot); sysroot = ostree_sysroot_new (sysroot_path); diff --git a/src/ostree/ot-main.h b/src/ostree/ot-main.h index b1c58a04..2ea57552 100644 --- a/src/ostree/ot-main.h +++ b/src/ostree/ot-main.h @@ -32,6 +32,7 @@ typedef enum { typedef enum { OSTREE_ADMIN_BUILTIN_FLAG_NONE = 0, + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER = 1 << 0 } OstreeAdminBuiltinFlags; typedef struct {