[systemd-devel] Avoid polkit queries from systemctl in package maintainer scripts/when running as root?
Colin Walters
walters at verbum.org
Mon Apr 4 17:06:02 UTC 2016
On Mon, Apr 4, 2016, at 11:31 AM, Martin Pitt wrote:
> A more upstreamable approach would be to not query polkit at all if
> geteuid() == 0. Is there any legit scenario where root would be denied
> running systemctl directly, but a polkit rule would allow it
> nevertheless?
I can't think of one. However, see:
https://bugs.freedesktop.org/show_bug.cgi?id=35623
But that's okay, if kdbus happens I'm sure sd-bus/systemd
would be easy to change to teach it about CAP_SYS_ADMIN.
The uid-vs-CAP_SYS_ADMIN is a lot more important in a
world of containers though.
> In such a scenario, is it really legit to get an
> interactive PK auth prompt for something like "systemctl enable foo"
> when installing package foo?
I think this would be good to cross-post to the polkit list, or at least
if a choice is determined, summarize it there.
But basically sounds fine to me to special case euid == 0, I think
there is precedent elsewhere too. I thought NM did this, but
I'm not seeing it in the code offhand.
More information about the systemd-devel
mailing list