[systemd-bugs] [Bug 81626] networkd lacks access to hostnamed

Tue Aug 19 12:10:03 PDT 2014

https://bugs.freedesktop.org/show_bug.cgi?id=81626

--- Comment #5 from Lennart Poettering <lennart at poettering.net> ---
(In reply to comment #4)
> I strongly discourage you from installing rules with systemd. Please see the
> polkit man-page. Rules are meant exclusively for administrator-control and
> non-generic system setups. A system should run just fine with an empty
> /usr/share/polkit-1/rules.d/.
> 
> I don't have any better solution for this problem, though. So maybe we
> should document this polkit-rule as workaround in the wiki until we find a
> real fix.
> 
> This problem is kind of nasty because we want to allow a non-root user to
> access APIs that other non-root users cannot. But access-control has always
> been under control of the API-provider, not of the API-user. Therefore,
> installing rule files with networkd sounds wrong to me. It's hostnamed that
> should open the API to a specific set of users.
> 
> Meh.. we really need a proper solution here.

Hmm? All kinds of packages install files in /usr/share/polkit-1/rules.d/, and I
think that's totally and OK thing to do.

[root at delta systemd]# ls -l /usr/share/polkit-1/rules.d/
total 12
-rw-r--r--. 1 root root  443 12. Okt 2012  11-fedora-kde-policy.rules
-rw-r--r--. 1 root root 1016 29. Nov 2013  20-gnome-initial-setup.rules
-rw-r--r--. 1 root root  488  3. Mär 13:14 gnome-control-center.rules
[root at delta systemd]# rpm -qf /usr/share/polkit-1/rules.d/*
kde-settings-20-14.fc20.noarch
gnome-initial-setup-3.10.1.1-4.fc20.x86_64
control-center-3.10.3-1.fc20.x86_64

So,  am all for adding a patch for this.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20140819/8b0c4f99/attachment.html>