plainbox.impl.secure.launcher1 – plainbox-trusted-launcher-1

class plainbox.impl.secure.launcher1.TrustedLauncher[source]

Bases: object

Trusted Launcher for v1 jobs.

add_job_list(job_list)[source]

Add jobs to the trusted launcher

find_job(checksum)[source]
modify_execution_environment(target_env)[source]

Modify the job execution environment with a new set of values. It’s mandatory to do this way to keep variables automatically set by pkexec(1) when the org.freedesktop.policykit.exec.allow_gui annotation is set. It will allow the trusted launcher to run X11 applications as another user since the $DISPLAY and $XAUTHORITY environment variables will be retained.

run_generator_job(checksum, env)[source]

Run a job with and process the stdout to get a job definition.

Parameters:
  • checksum – The checksum of the job to execute
  • env – Environment to execute the job in.
Returns:

A list of job definitions that were processed from the output.

Raises:

LookupError – If the checksum does not match any known job

run_shell_from_job(checksum, env)[source]

Run a job with the given checksum.

Parameters:
  • checksum – The checksum of the job to execute.
  • env – Environment to execute the job in.
Returns:

The return code of the command

Raises:

LookupError – If the checksum does not match any known job

class plainbox.impl.secure.launcher1.UpdateAction(option_strings, dest, nargs=None, const=None, default=None, type=None, choices=None, required=False, help=None, metavar=None)[source]

Bases: argparse.Action

Argparse action that builds up a dictionary.

This action is similar to the built-in append action but it constructs a dictionary instead of a list.

plainbox.impl.secure.launcher1.get_parser_for_sphinx()[source]
plainbox.impl.secure.launcher1.main(argv=None)[source]

Entry point for the plainbox-trusted-launcher-1

Parameters:argv – Command line arguments to parse. If None (default) then sys.argv is used instead.
Returns:The return code of the job that was selected with the –target argument or zero if the –warmup argument was specified.
Raises:SystemExit if –taget or –generator point to unknown jobs.

The trusted launcher is a sudo-like program, that can grant unprivileged users permission to run something as root, that is restricted to executing shell snippets embedded inside job definitions offered by v1 plainbox providers.

As a security measure the trusted launcher only considers job providers listed in the system-wide directory since one needs to be root to add additional definitions there anyway.

Unlike the rest of plainbox, the trusted launcher does not produce job results, instead it just literally executes the shell snippet and returns stdout/stderr unaffected to the invoking process. The exception to this rule is the way –via argument is handled, where the trusted launcher needs to capture stdout to interpret that as job definitions.

Unlike sudo, the trusted launcher is not a setuid program and cannot grant root access in itself. Instead it relies on a policykit and specifically on pkexec(1) alongside with an appropriate policy file, to grant users a way to run trusted-launcher as root (or another user).

comments powered by Disqus