From 0b513277ad04f78981ad487ae4a7c7ade2da2d1f Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Thu, 8 Jun 2017 14:43:18 +0100
Subject: [PATCH] bus/driver: Treat connections from inside containers as
 unprivileged

Even if the uid matches, a contained app shouldn't count as the owner
of the bus.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 bus/driver.c | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/bus/driver.c b/bus/driver.c
index 97c5451f..49205e8c 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -110,6 +110,28 @@ bus_driver_get_conn_helper (DBusConnection  *connection,
   return BUS_DRIVER_FOUND_PEER;
 }
 
+static dbus_bool_t
+bus_driver_check_caller_is_not_container (DBusConnection *connection,
+                                          BusTransaction *transaction,
+                                          DBusMessage    *message,
+                                          DBusError      *error)
+{
+  if (bus_containers_connection_is_contained (connection, NULL, NULL, NULL))
+    {
+      const char *method = dbus_message_get_member (message);
+
+      bus_context_log_and_set_error (bus_transaction_get_context (transaction),
+          DBUS_SYSTEM_LOG_SECURITY, error, DBUS_ERROR_ACCESS_DENIED,
+          "rejected attempt to call %s by connection %s (%s) in "
+          "container", method,
+          nonnull (bus_connection_get_name (connection), "(inactive)"),
+          bus_connection_get_loginfo (connection));
+      return FALSE;
+    }
+
+  return TRUE;
+}
+
 /*
  * Log a security warning and set error unless the uid of the connection
  * is either the uid of this process, or on Unix, uid 0 (root).
@@ -129,7 +151,16 @@ bus_driver_check_caller_is_privileged (DBusConnection *connection,
 {
 #ifdef DBUS_UNIX
   unsigned long uid;
+#elif defined(DBUS_WIN)
+  char *windows_sid = NULL;
+  dbus_bool_t ret = FALSE;
+#endif
 
+  if (!bus_driver_check_caller_is_not_container (connection, transaction,
+                                                 message, error))
+    return FALSE;
+
+#ifdef DBUS_UNIX
   if (!dbus_connection_get_unix_user (connection, &uid))
     {
       const char *method = dbus_message_get_member (message);
@@ -169,9 +200,6 @@ bus_driver_check_caller_is_privileged (DBusConnection *connection,
 
   return TRUE;
 #elif defined(DBUS_WIN)
-  char *windows_sid = NULL;
-  dbus_bool_t ret = FALSE;
-
   if (!dbus_connection_get_windows_user (connection, &windows_sid))
     {
       const char *method = dbus_message_get_member (message);
-- 
2.13.2