[systemd-devel] Polkit and systemd D-Bus API

Lennart Poettering lennart at poettering.net
Tue Jul 15 06:15:20 PDT 2014


On Tue, 15.07.14 13:35, Stef Walter (stef at thewalter.net) wrote:

> Cockpit, OpenLMI, and others want to use the systemd D-Bus API to manage
> system services/sockets etc. In addition we use polkit to authorize
> users and allow people to escalate privileges as needed.
> 
> It seems that the D-Bus API of systemd doesn't support polkit:
> 
> http://www.freedesktop.org/wiki/Software/systemd/dbus/
> 
> So currently only root users can call this D-Bus API.
> 
> Is the concept here that we write our own wrapper daemon (something like
> systemd-polkit-verifyd) that listens on a different bus name and
> authorizes with polkit before forwarding messages to systemd?

Previously our hook up with PK was awful, and could cause deadlocks when
done from PID 1, which would then be both the process managing polkitd
and its client -- which is why I never did polkit support for PID 1
calls, but only for the other daemons. But this has been fixed since
then, the polkit queries are now fully asynchronous, and we should
probably open this up via polkit.

Which bus calls precisely are you interested in?

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list