Add OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER

Indicates the command requires superuser privilege.  Fails early with
a more helpful message than would otherwise be returned by libostree.

Currently all admin commands except 'status' require superuser.

diff --git a/src/ostree/ot-admin-builtin-cleanup.c b/src/ostree/ot-admin-builtin-cleanup.c
index 8607c11596d3b8d7cbed8b1d18e1052717debe9a..98baf8611c4ad693b9515e0d8b3388158a861469 100644 (file)
--- a/src/ostree/ot-admin-builtin-cleanup.c
+++ b/src/ostree/ot-admin-builtin-cleanup.c
@@ -44,7 +44,7 @@ ot_admin_builtin_cleanup (int argc, char **argv, GCancellable *cancellable, GErr
   context = g_option_context_new ("Delete untagged deployments and repository objects");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-admin-builtin-deploy.c b/src/ostree/ot-admin-builtin-deploy.c
index 6e6acfc5dd9f07823f9a0f8bbb1c221fd7ef1a3e..091a7eac3e981c16e52164881badd5aa5e20db28 100644 (file)
--- a/src/ostree/ot-admin-builtin-deploy.c
+++ b/src/ostree/ot-admin-builtin-deploy.c
@@ -67,7 +67,7 @@ ot_admin_builtin_deploy (int argc, char **argv, GCancellable *cancellable, GErro
   context = g_option_context_new ("REFSPEC - Checkout revision REFSPEC as the new default deployment");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-admin-builtin-diff.c b/src/ostree/ot-admin-builtin-diff.c
index be225d9eac2b92413eeb38ddfb5443478b878c11..ede1f6e7b819eb7aa62937a07db54fcea3d92d92 100644 (file)
--- a/src/ostree/ot-admin-builtin-diff.c
+++ b/src/ostree/ot-admin-builtin-diff.c
@@ -56,7 +56,7 @@ ot_admin_builtin_diff (int argc, char **argv, GCancellable *cancellable, GError
   g_option_context_add_main_entries (context, options, NULL);
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
   

diff --git a/src/ostree/ot-admin-builtin-init-fs.c b/src/ostree/ot-admin-builtin-init-fs.c
index c6e76bec72d8dd8dd68582935620d5379be2576d..d24becc1b7db03ee7b9dd618c6ddb2e855d763ce 100644 (file)
--- a/src/ostree/ot-admin-builtin-init-fs.c
+++ b/src/ostree/ot-admin-builtin-init-fs.c
@@ -49,7 +49,7 @@ ot_admin_builtin_init_fs (int argc, char **argv, GCancellable *cancellable, GErr
   context = g_option_context_new ("PATH - Initialize a root filesystem");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-admin-builtin-instutil.c b/src/ostree/ot-admin-builtin-instutil.c
index 2d40487215f11bbdf65580ba784acaa027cd29e0..58bb78f9d14d806c67b228bd6e326ba5cd7f885d 100644 (file)
--- a/src/ostree/ot-admin-builtin-instutil.c
+++ b/src/ostree/ot-admin-builtin-instutil.c
@@ -117,7 +117,7 @@ ot_admin_builtin_instutil (int argc, char **argv, GCancellable *cancellable, GEr
 
       /* This will not return for some options (e.g. --version). */
       if (ostree_admin_option_context_parse (context, NULL, &argc, &argv,
-                                             OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                             OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                              NULL, cancellable, error))
         {
           if (subcommand_name == NULL)

diff --git a/src/ostree/ot-admin-builtin-os-init.c b/src/ostree/ot-admin-builtin-os-init.c
index 2927fe78bfc40fcfc6aed3e0f360916dd52c5cc3..b4e317c1942334744a06ebe594fbc462be9ef0e7 100644 (file)
--- a/src/ostree/ot-admin-builtin-os-init.c
+++ b/src/ostree/ot-admin-builtin-os-init.c
@@ -47,7 +47,7 @@ ot_admin_builtin_os_init (int argc, char **argv, GCancellable *cancellable, GErr
   context = g_option_context_new ("OSNAME - Initialize empty state for given operating system");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-admin-builtin-set-origin.c b/src/ostree/ot-admin-builtin-set-origin.c
index 21d8ac9c18ffd9acbe5ac1c6c6c1151d71c13492..ed2b44afa0355c90b9156c382d0159c1e8a86ecb 100644 (file)
--- a/src/ostree/ot-admin-builtin-set-origin.c
+++ b/src/ostree/ot-admin-builtin-set-origin.c
@@ -56,7 +56,7 @@ ot_admin_builtin_set_origin (int argc, char **argv, GCancellable *cancellable, G
   context = g_option_context_new ("REMOTENAME URL [BRANCH]");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-admin-builtin-switch.c b/src/ostree/ot-admin-builtin-switch.c
index 7cfaebf9e2b2a7dc81bd6421c71413252e8e1b62..ab6334f1cf288680faad78cf6963cd4eeb7f055c 100644 (file)
--- a/src/ostree/ot-admin-builtin-switch.c
+++ b/src/ostree/ot-admin-builtin-switch.c
@@ -69,7 +69,7 @@ ot_admin_builtin_switch (int argc, char **argv, GCancellable *cancellable, GErro
   context = g_option_context_new ("REF - Construct new tree from current origin and deploy it, if it changed");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-admin-builtin-undeploy.c b/src/ostree/ot-admin-builtin-undeploy.c
index be864b133337d975d1438e60aeefba1a2f3cc1a9..3390ee9c1485c318073999198c92dfb61067032a 100644 (file)
--- a/src/ostree/ot-admin-builtin-undeploy.c
+++ b/src/ostree/ot-admin-builtin-undeploy.c
@@ -47,7 +47,7 @@ ot_admin_builtin_undeploy (int argc, char **argv, GCancellable *cancellable, GEr
   context = g_option_context_new ("INDEX - Delete deployment INDEX");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-admin-builtin-upgrade.c b/src/ostree/ot-admin-builtin-upgrade.c
index a1e4aa349a22a29cf42588e8ef1ce9288d093d0d..25308aafdfd69c64b87167fd779e462664eece55 100644 (file)
--- a/src/ostree/ot-admin-builtin-upgrade.c
+++ b/src/ostree/ot-admin-builtin-upgrade.c
@@ -68,7 +68,7 @@ ot_admin_builtin_upgrade (int argc, char **argv, GCancellable *cancellable, GErr
   context = g_option_context_new ("Construct new tree from current origin and deploy it, if it changed");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-admin-instutil-builtin-grub2-generate.c b/src/ostree/ot-admin-instutil-builtin-grub2-generate.c
index 3af1f34e596bc939883a3929410d8779a7ee10c2..1903a447230340c2879944cf284bedca56d7679f 100644 (file)
--- a/src/ostree/ot-admin-instutil-builtin-grub2-generate.c
+++ b/src/ostree/ot-admin-instutil-builtin-grub2-generate.c
@@ -48,7 +48,7 @@ ot_admin_instutil_builtin_grub2_generate (int argc, char **argv, GCancellable *c
   context = g_option_context_new ("[BOOTVERSION] - generate GRUB2 configuration from given BLS entries");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-admin-instutil-builtin-selinux-ensure-labeled.c b/src/ostree/ot-admin-instutil-builtin-selinux-ensure-labeled.c
index 130cf3bcfe0fff9dbdc16a514483215facc2896c..bc20799a1099ef72b106d65ebb48d795d8b7b1c6 100644 (file)
--- a/src/ostree/ot-admin-instutil-builtin-selinux-ensure-labeled.c
+++ b/src/ostree/ot-admin-instutil-builtin-selinux-ensure-labeled.c
@@ -195,7 +195,7 @@ ot_admin_instutil_builtin_selinux_ensure_labeled (int argc, char **argv, GCancel
   context = g_option_context_new ("[SUBPATH PREFIX] - relabel all or part of a deployment");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-admin-instutil-builtin-set-kargs.c b/src/ostree/ot-admin-instutil-builtin-set-kargs.c
index 9bbad88ba361b3f82068ec9916d3e4046ea19b71..9150a26fca6766f1e6fcf7055d351910a5ec966b 100644 (file)
--- a/src/ostree/ot-admin-instutil-builtin-set-kargs.c
+++ b/src/ostree/ot-admin-instutil-builtin-set-kargs.c
@@ -57,7 +57,7 @@ ot_admin_instutil_builtin_set_kargs (int argc, char **argv, GCancellable *cancel
   context = g_option_context_new ("ARGS - set new kernel command line arguments");
 
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
-                                          OSTREE_ADMIN_BUILTIN_FLAG_NONE,
+                                          OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
                                           &sysroot, cancellable, error))
     goto out;
 

diff --git a/src/ostree/ot-main.c b/src/ostree/ot-main.c
index b1ad20e0e7700a125a3eb4e12d4ab31facbdfce5..10ff748e629cc2da6308c9aee065bf65b8aacd5f 100644 (file)
--- a/src/ostree/ot-main.c
+++ b/src/ostree/ot-main.c
@@ -325,6 +325,16 @@ ostree_admin_option_context_parse (GOptionContext *context,
   if (!ostree_option_context_parse (context, main_entries, argc, argv, OSTREE_BUILTIN_FLAG_NO_REPO, NULL, cancellable, error))
     goto out;
 
+  if (flags & OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER)
+    {
+      if (getuid () != 0)
+        {
+          g_set_error (error, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+                       "You must be root to perform this command");
+          goto out;
+        }
+    }
+
   sysroot_path = g_file_new_for_path (opt_sysroot);
   sysroot = ostree_sysroot_new (sysroot_path);
 

diff --git a/src/ostree/ot-main.h b/src/ostree/ot-main.h
index b1c58a0479a8856964eada8d23e97622e5bd9898..2ea57552ca91a995e250df4a31cb9ff1961770f6 100644 (file)
--- a/src/ostree/ot-main.h
+++ b/src/ostree/ot-main.h
@@ -32,6 +32,7 @@ typedef enum {
 
 typedef enum {
   OSTREE_ADMIN_BUILTIN_FLAG_NONE = 0,
+  OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER = 1 << 0
 } OstreeAdminBuiltinFlags;
 
 typedef struct {