man/org.freedesktop.machine1.xml

@@ -336,8 +336,7 @@ node /org/freedesktop/machine1 {
       be either <literal>container</literal> or <literal>vm</literal> indicating whether the machine to
       register is of the respective class. The leader PID should be the host PID of the init process of the
       container or the encapsulating process of the VM. If the root directory of the container is known and
-      available in the host's hierarchy, it should be passed (note that this is for informational purposes
+      available in the host's hierarchy, it should be passed. Otherwise, pass the empty string instead. Finally, the
-      only, and will not be used otherwise). Otherwise, pass the empty string instead. Finally, the
       scope properties are passed as array in the same way as to PID1's
       <function>StartTransientUnit()</function> method. Calling this method will internally register a transient scope
       unit for the calling client (utilizing the passed scope_properties) and move the leader PID into

mkosi/mkosi.conf.d/opensuse/mkosi.conf

@@ -28,7 +28,6 @@ VolatilePackages=
         systemd-resolved
         systemd-sysvcompat
         systemd-testsuite
-        systemd-ukify
         udev
 
 # We install gawk, gzip, grep, xz, sed, rsync and docbook-xsl-stylesheets here explicitly so that the busybox

mkosi/mkosi.conf.d/opensuse/mkosi.conf.d/pkgenv.conf

@@ -5,5 +5,5 @@ Environment=
         GIT_URL=https://github.com/bmwiedemann/openSUSE
         GIT_SUBDIR=packages/s/systemd
         GIT_BRANCH=master
-        GIT_COMMIT=7d9cf5c934705c175766eaa688baa503da84e06a
+        GIT_COMMIT=2dc224ae5d446e928519315f4d46f76d1e34b8a8
         PKG_SUBDIR=opensuse

src/machine/machine-varlink.c

@@ -15,7 +15,6 @@
 #include "machine-varlink.h"
 #include "machined.h"
 #include "mount-util.h"
-#include "namespace-util.h"
 #include "operation.h"
 #include "pidref.h"
 #include "socket-util.h"
@@ -137,7 +136,7 @@ int vl_method_register(sd_varlink *link, sd_json_variant *parameters, sd_varlink
                 { "leaderProcessId",     SD_JSON_VARIANT_OBJECT,        machine_pidref,           offsetof(Machine, leader),               SD_JSON_STRICT    },
                 { "supervisor",          _SD_JSON_VARIANT_TYPE_INVALID, machine_pidref,           offsetof(Machine, supervisor),           SD_JSON_STRICT    },
                 { "supervisorProcessId", SD_JSON_VARIANT_OBJECT,        machine_pidref,           offsetof(Machine, supervisor),           SD_JSON_STRICT    },
-                { "rootDirectory",       SD_JSON_VARIANT_STRING,        json_dispatch_path,       offsetof(Machine, root_directory),       SD_JSON_STRICT    },
+                { "rootDirectory",       SD_JSON_VARIANT_STRING,        json_dispatch_path,       offsetof(Machine, root_directory),       0                 },
                 { "ifIndices",           SD_JSON_VARIANT_ARRAY,         machine_ifindices,        0,                                       0                 },
                 { "vSockCid",            _SD_JSON_VARIANT_TYPE_INVALID, machine_cid,              offsetof(Machine, vsock_cid),            0                 },
                 { "sshAddress",          SD_JSON_VARIANT_STRING,        sd_json_dispatch_string,  offsetof(Machine, ssh_address),          SD_JSON_STRICT    },
@@ -187,15 +186,6 @@ int vl_method_register(sd_varlink *link, sd_json_variant *parameters, sd_varlink
         if (r < 0)
                 return r;
 
-        /* Ensure an unprivileged user cannot claim any process they don't control as their own machine */
-        if (machine->uid != 0) {
-                r = process_is_owned_by_uid(&machine->leader, machine->uid);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return sd_varlink_error(link, SD_VARLINK_ERROR_PERMISSION_DENIED, NULL);
-        }
-
         r = machine_link(manager, machine);
         if (r == -EEXIST)
                 return sd_varlink_error(link, VARLINK_ERROR_MACHINE_EXISTS, NULL);

src/machine/machine.h

@@ -45,8 +45,6 @@ typedef struct Machine {
 
         char *state_file;
         char *service;
-        /* Note that the root directory is accepted as-is from the caller, including unprivileged users, so
-         * do not use it for anything but informational purposes. */
         char *root_directory;
 
         char *unit;

src/machine/machined-dbus.c

@@ -29,7 +29,6 @@
 #include "machine-dbus.h"
 #include "machine-pool.h"
 #include "machined.h"
-#include "namespace-util.h"
 #include "operation.h"
 #include "os-util.h"
 #include "path-util.h"
@@ -322,15 +321,6 @@ static int method_create_or_register_machine(
         if (r < 0)
                 return r;
 
-        /* Ensure an unprivileged user cannot claim any process they don't control as their own machine */
-        if (uid != 0) {
-                r = process_is_owned_by_uid(&leader_pidref, uid);
-                if (r < 0)
-                        return r;
-                if (r == 0)
-                        return sd_bus_error_set(error, SD_BUS_ERROR_ACCESS_DENIED, "Only root may register machines for other users");
-        }
-
         const char *details[] = {
                 "name",  name,
                 "class", machine_class_to_string(c),

test/units/TEST-13-NSPAWN.unpriv.sh

@@ -15,7 +15,7 @@ fi
 at_exit() {
     rm -rf /home/testuser/.local/state/machines/zurps ||:
     machinectl terminate zurps ||:
-    rm -f /etc/polkit-1/rules.d/registermachinetest.rules
+    rm -f /usr/share/polkit-1/rules.d/registermachinetest.rules
 }
 
 trap at_exit EXIT
@@ -33,8 +33,7 @@ systemd-dissect --shift /home/testuser/.local/state/machines/zurps foreign
 
 # Install a PK rule that allows 'testuser' user to register a machine even
 # though they are not on an fg console, just for testing
-mkdir -p /etc/polkit-1/rules.d
+cat >/usr/share/polkit-1/rules.d/registermachinetest.rules <<'EOF'
-cat >/etc/polkit-1/rules.d/registermachinetest.rules <<'EOF'
 polkit.addRule(function(action, subject) {
     if (action.id == "org.freedesktop.machine1.register-machine" &&
         subject.user == "testuser") {
@@ -55,18 +54,4 @@ machinectl terminate zurps
 
 (! run0 -u testuser systemctl is-active --user systemd-nspawn@zurps.service)
 
-(! run0 -u testuser \
-    busctl call \
-        org.freedesktop.machine1 \
-        /org/freedesktop/machine1 \
-        org.freedesktop.machine1.Manager \
-        RegisterMachine \
-        'sayssus' \
-        shouldnotwork1 \
-        16 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 \
-        "" \
-        container \
-        "$(systemctl show -p MainPID --value systemd-logind.service)" \
-        "$PWD")
-
 loginctl disable-linger testuser