Modified: branches/SULeopard/launchd/src/launchd_core_logic.c (23486 => 23487)
--- branches/SULeopard/launchd/src/launchd_core_logic.c 2008-01-18 17:50:12 UTC (rev 23486)
+++ branches/SULeopard/launchd/src/launchd_core_logic.c 2008-01-18 21:24:30 UTC (rev 23487)
@@ -361,7 +361,7 @@
currently_ignored:1, forced_peers_to_demand_mode:1, setnice:1, hopefully_exits_last:1, removal_pending:1,
wait4pipe_eof:1, sent_sigkill:1, debug_before_kill:1, weird_bootstrap:1, start_on_mount:1,
per_user:1, hopefully_exits_first:1, deny_unknown_mslookups:1, unload_at_mig_return:1, abandon_pg:1,
- poll_for_vfs_changes:1, internal_exc_handler:1, can_kickstart:1;
+ poll_for_vfs_changes:1, internal_exc_handler:1, deny_job_creation:1;
const char label[0];
};
@@ -1575,10 +1575,10 @@
bool found_key = false;
switch (key[0]) {
- case 'c':
- case 'C':
- if (strcasecmp(key, LAUNCH_JOBPOLICY_CANKICKSTARTOTHERJOBS) == 0) {
- j->can_kickstart = launch_data_get_bool(obj);
+ case 'd':
+ case 'D':
+ if (strcasecmp(key, LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS) == 0) {
+ j->deny_job_creation = launch_data_get_bool(obj);
found_key = true;
}
break;
@@ -5140,6 +5140,10 @@
return BOOTSTRAP_NO_MEMORY;
}
+ if (unlikely(j->deny_job_creation)) {
+ return BOOTSTRAP_NOT_PRIVILEGED;
+ }
+
runtime_get_caller_creds(&ldc);
job_log(j, LOG_DEBUG, "Server create attempt: %s", server_cmd);
@@ -6424,16 +6428,21 @@
return BOOTSTRAP_NO_MEMORY;
}
+ if (unlikely(!(otherj = job_find(targetlabel)))) {
+ return BOOTSTRAP_UNKNOWN_SERVICE;
+ }
+
runtime_get_caller_creds(&ldc);
- if (!j->can_kickstart || (ldc.euid != 0 && ldc.euid != geteuid())) {
+ if (ldc.euid != 0 && ldc.euid != geteuid()
+#if TARGET_OS_EMBEDDED
+ && j->username && otherj->username
+ && strcmp(j->username, otherj->username) != 0
+#endif
+ ) {
return BOOTSTRAP_NOT_PRIVILEGED;
}
- if (unlikely(!(otherj = job_find(targetlabel)))) {
- return BOOTSTRAP_UNKNOWN_SERVICE;
- }
-
otherj = job_dispatch(otherj, true);
if (!job_assumes(j, otherj && otherj->p)) {
@@ -6522,6 +6531,10 @@
return BOOTSTRAP_NO_MEMORY;
}
+ if (unlikely(j->deny_job_creation)) {
+ return BOOTSTRAP_NOT_PRIVILEGED;
+ }
+
if (getpid() == 1 && ldc.euid && ldc.uid) {
job_log(j, LOG_DEBUG, "Punting spawn to per-user-context");
return VPROC_ERR_TRY_PER_USER;
Modified: branches/SULeopard/launchd/src/liblaunch_public.h (23486 => 23487)
--- branches/SULeopard/launchd/src/liblaunch_public.h 2008-01-18 17:50:12 UTC (rev 23486)
+++ branches/SULeopard/launchd/src/liblaunch_public.h 2008-01-18 21:24:30 UTC (rev 23487)
@@ -101,7 +101,7 @@
#define LAUNCH_JOBKEY_ABANDONPROCESSGROUP "AbandonProcessGroup"
#define LAUNCH_JOBKEY_POLICIES "Policies"
-#define LAUNCH_JOBPOLICY_CANKICKSTARTOTHERJOBS "CanKickStartOtherJobs"
+#define LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS "DenyCreatingOtherJobs"
#define LAUNCH_JOBINETDCOMPATIBILITY_WAIT "Wait"