Eavesdropping on unicast messages to other processes is not something
that should be done by processes in containers, or on the system bus
by users other than root or the bus owner. bus/system.conf.in
does not enable eavesdropping, but adding inadvisable configuration
could. This brings it into line with Monitoring.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567
goto failed;
bustype = bus_context_get_type (context);
- if (bus_match_rule_get_client_is_eavesdropping (rule) &&
- !bus_apparmor_allows_eavesdropping (connection, bustype, error))
- goto failed;
+
+ if (bus_match_rule_get_client_is_eavesdropping (rule))
+ {
+ if (!bus_driver_check_caller_is_privileged (connection,
+ transaction,
+ message,
+ error) ||
+ !bus_apparmor_allows_eavesdropping (connection, bustype, error))
+ goto failed;
+ }
matchmaker = bus_connection_get_matchmaker (connection);