machined: reject invalid class types when registering machines

Follow-up for fbe550738d03b178bb004a1390e74115e904118a

(cherry picked from commit 6df5f80bd374be1b45c52d740e88f0236da922c7)
(cherry picked from commit 497d0172416cbb5b70f96b95399d041407c223bd)
(cherry picked from commit 749e2eaf7086c91598cf7043a31919854b1c2dfe)

Origin: backport, https://github.com/systemd/systemd/commit/6941d92dc299667036cbe264435971cec59ebc76

Gbp-Pq: Name CVE-2026-4105.patch

diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index 1e16046d17ff69df3d45318c1050244ce26d04f6..9fb955fb06b1d718312957dd0c67560b99f04ca6 100644 (file)
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -270,7 +270,7 @@ static int method_create_or_register_machine(Manager *manager, sd_bus_message *m
                 c = _MACHINE_CLASS_INVALID;
         else {
                 c = machine_class_from_string(class);
-                if (c < 0)
+                if (c < 0 || !IN_SET(c, MACHINE_CONTAINER, MACHINE_VM))
                         return sd_bus_error_set(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid machine class parameter");
         }