[systemd-devel] Unprivileged poweroff

Simon McVittie simon.mcvittie at collabora.co.uk
Wed Oct 22 04:59:45 PDT 2014


On 22/10/14 12:37, Lennart Poettering wrote:
> When used with kdbus we actually do check for that client-side
> capability. THis is not available on dbus1 however, since we cannot
> determine the capability racefreely and thus safely

... because the kernel doesn't give us that ability on Unix sockets. See
<https://bugs.freedesktop.org/show_bug.cgi?id=83499> for more on what
Unix socket semantics *do* allow socket-based D-Bus to rely on.

A solution requires new kernel features: either something like kdbus, or
a way for a Unix socket client to prove to the server that it had a
particular capability either at the time the socket opened (a new
SCM_CAPABILITIES analogous to SCM_CREDS?) or at the time that a
particular message was queued (subtle, probably best avoided).

    S



More information about the systemd-devel mailing list