[systemd-devel] [210] logind bypasses polkit? bug or new feature?

[Gerardo Exequiel Pozzi]

On 03/10/2014 12:10 PM, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Mar 10, 2014 at 11:41:52AM -0300, Gerardo Exequiel Pozzi wrote:
>> On 03/10/2014 06:48 AM, Djalal Harouni wrote:
>>> On Sun, Mar 09, 2014 at 08:00:22PM -0300, Gerardo Exequiel Pozzi wrote:
>>>> Hello
>>>>
>>>> To do tests I made a new Arch Linux (x86_64) base installation running
>>>> in qemu/kvm with systemd-210-3 and polkit-0.112-1 to discard any weird
>>>> thing on my system.
>>>>
>>>> I can reboot/poweroff/suspend/hibernate the system with a normal user
>>>> logged from a local VT or remote SSH does not care. I can not disable
>>>> this even with a set of polkit rules.
>>>> I am sure that this works fine before (maybe systemd-204 age?)
>>> Yes! I did notice that, normally it should return 'challenge' ?!
>>
>> Yes. Except if you change it as I did to "NO" per custom rule.
> 
> Could you check if current git behaves as expected?
> 
> Zbyszek
> 
> 

Perfecto, thanks you. :)
Aplying 055d4066 (logind: fix policykit checks) fixed the issue.


Now works as expected:

(with polkit rule to deny)
[djgera at host322 ~]$ systemctl reboot
Failed to execute operation: Access denied
Failed to start reboot.target: Access denied
[djgera at host322 ~]$

Without polkit installed at all:
[djgera at host322 ~]$ systemctl reboot
Failed to execute operation: The name org.freedesktop.PolicyKit1 was not
provided by any .service files
Must be root.
[djgera at host322 ~]$


-- 
Gerardo Exequiel Pozzi
\cos^2\alpha + \sin^2\alpha = 1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140310/6afbcab1/attachment.pgp>