[systemd-devel] Avoid polkit queries from systemctl in package maintainer scripts/when running as root?
Lennart Poettering
lennart at poettering.net
Mon Apr 4 19:29:30 UTC 2016
On Mon, 04.04.16 13:06, Colin Walters (walters at verbum.org) wrote:
>
>
> On Mon, Apr 4, 2016, at 11:31 AM, Martin Pitt wrote:
>
> > A more upstreamable approach would be to not query polkit at all if
> > geteuid() == 0. Is there any legit scenario where root would be denied
> > running systemctl directly, but a polkit rule would allow it
> > nevertheless?
>
> I can't think of one. However, see:
> https://bugs.freedesktop.org/show_bug.cgi?id=35623
>
> But that's okay, if kdbus happens I'm sure sd-bus/systemd
> would be easy to change to teach it about CAP_SYS_ADMIN.
>
> The uid-vs-CAP_SYS_ADMIN is a lot more important in a
> world of containers though.
The code is actually written in a way that a specific capability is
checked, depending on the method call is used. However this is only
done if kdbus is used, since querying caps is not safely
(i.e. non-racy) possible is kdbus is not available. On non-kdbus we
simply check the euid == 0.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list