[systemd-devel] Work on adding polkit support to systemd1
Lennart Poettering
lennart at poettering.net
Wed Aug 13 11:32:06 PDT 2014
On Wed, 06.08.14 13:23, Colin Guthrie (gmane at colin.guthr.ie) wrote:
>
> Stef Walter wrote on 06/08/14 12:23:
> > I've done initial work on adding polkit support to systemd1 DBus
> > methods.
>
> Hmmm, I thought this was deliberately not included as it meant a
> circular dep on polkit when talking to the system that's used to start
> up polkitd itself...
This indeed used to be a problem, since our polkit client code was
naively written synchronously, so that we might have ended up waiting
for polkit from PID1, while polkit needed to be started by PID 1 thus
resulting in a deadlock. However, I have since rewritten the logic
entirely, it's fully asynchronous now. While the cyclic dep is still not
ideal (and we should be careful when adding more cases like this), it's
not a real problem now, and in this case sounds like a good idea.
> what happens if you try to talk to systemd1
> interface during early boot before polkitd has started (and before a dep
> that's needed by it) has started?
This should quickly fail and access be refused. Note that polkit is only
ever consulted if the client lacks priviliges, hence this actually never
happens during the normal boot process.
> I thought the main reason for logind to essentially proxy the
> Power/Reboot related stuff was such that polkit support could be added
> there outside of systemd1 itself and thus not have any circular dep
> problems.
Not really. It's mostly about the inhibition stuff and figuring out the
right policy depending on who is logged in on which seats, and things
like that...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list