/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-monitor

  • Committer: Teddy Hogeborn
  • Date: 2016-03-04 22:07:35 UTC
  • Revision ID: teddy@recompile.se-20160304220735-4xeeqt5p4nhw5cuh
Restrict the Mandos server daemon in the systemd service file.

* mandos.service ([Service]/ProtectSystem): Set to "full".
 ([Service]/PrivateTmp, [Service]/PrivateDevices,
  [Service]/ProtectHome): Set to "yes".
 ([Service]/CapabilityBoundingSet): Set to "CAP_SETUID
                                    CAP_DAC_OVERRIDE CAP_NET_RAW".

Show diffs side-by-side

added added

removed removed

Lines of Context:
39
39
import urwid
40
40
 
41
41
from dbus.mainloop.glib import DBusGMainLoop
42
 
from gi.repository import GLib
 
42
try:
 
43
    import gobject
 
44
except ImportError:
 
45
    from gi.repository import GObject as gobject
43
46
 
44
47
import dbus
45
48
 
57
60
domain = 'se.recompile'
58
61
server_interface = domain + '.Mandos'
59
62
client_interface = domain + '.Mandos.Client'
60
 
version = "1.7.6"
 
63
version = "1.7.3"
61
64
 
62
65
try:
63
66
    dbus.OBJECT_MANAGER_IFACE
169
172
        """
170
173
        if flag and self._update_timer_callback_tag is None:
171
174
            # Will update the shown timer value every second
172
 
            self._update_timer_callback_tag = (GLib.timeout_add
 
175
            self._update_timer_callback_tag = (gobject.timeout_add
173
176
                                               (1000,
174
177
                                                self.update_timer))
175
178
        elif not (flag or self._update_timer_callback_tag is None):
176
 
            GLib.source_remove(self._update_timer_callback_tag)
 
179
            gobject.source_remove(self._update_timer_callback_tag)
177
180
            self._update_timer_callback_tag = None
178
181
    
179
182
    def checker_completed(self, exitstatus, condition, command):
306
309
            self.update_hook()
307
310
    
308
311
    def update_timer(self):
309
 
        """called by GLib. Will indefinitely loop until
310
 
        GLib.source_remove() on tag is called
311
 
        """
 
312
        """called by gobject. Will indefinitely loop until
 
313
        gobject.source_remove() on tag is called"""
312
314
        self.update()
313
315
        return True             # Keep calling this
314
316
    
315
317
    def delete(self, **kwargs):
316
318
        if self._update_timer_callback_tag is not None:
317
 
            GLib.source_remove(self._update_timer_callback_tag)
 
319
            gobject.source_remove(self._update_timer_callback_tag)
318
320
            self._update_timer_callback_tag = None
319
321
        for match in self.match_objects:
320
322
            match.remove()
463
465
                              "q: Quit  ?: Help"))
464
466
        
465
467
        self.busname = domain + '.Mandos'
466
 
        self.main_loop = GLib.MainLoop()
 
468
        self.main_loop = gobject.MainLoop()
467
469
    
468
470
    def client_not_found(self, fingerprint, address):
469
471
        self.log_message("Client with address {} and fingerprint {}"
638
640
                            path=path)
639
641
        
640
642
        self.refresh()
641
 
        self._input_callback_tag = (GLib.io_add_watch
 
643
        self._input_callback_tag = (gobject.io_add_watch
642
644
                                    (sys.stdin.fileno(),
643
 
                                     GLib.IO_IN,
 
645
                                     gobject.IO_IN,
644
646
                                     self.process_input))
645
647
        self.main_loop.run()
646
648
        # Main loop has finished, we should close everything now
647
 
        GLib.source_remove(self._input_callback_tag)
 
649
        gobject.source_remove(self._input_callback_tag)
648
650
        self.screen.stop()
649
651
    
650
652
    def stop(self):