Hello,
Lennart Poettering [2016-04-04 21:28 +0200]:
> We already bypass PK if the client is privileged. See
> bus_verify_polkit_async() in src/shared/bus-util.c, the calls for
> sd_bus_query_sender_privilege(). Are you saying that bypass doesn't
> work for you?
Right, it still calls Polkit as
On Mon, Apr 4, 2016 at 10:28 PM, Lennart Poettering
wrote:
> On Mon, 04.04.16 17:31, Martin Pitt (martin.p...@ubuntu.com) wrote:
>
> > Hello all,
> >
> > a recent (mostly cosmetical) bug report [1] made me aware that we
> > currently query polkit for a lot of systemctl
>
On Mon, 04.04.16 13:06, Colin Walters (walt...@verbum.org) wrote:
>
>
> On Mon, Apr 4, 2016, at 11:31 AM, Martin Pitt wrote:
>
> > A more upstreamable approach would be to not query polkit at all if
> > geteuid() == 0. Is there any legit scenario where root would be denied
> > running
On Mon, 04.04.16 17:31, Martin Pitt (martin.p...@ubuntu.com) wrote:
> Hello all,
>
> a recent (mostly cosmetical) bug report [1] made me aware that we
> currently query polkit for a lot of systemctl
> enable/daemon-reload/etc. calls from package maintainer scripts. At
> least in Debian,
On Mon, Apr 4, 2016, at 11:31 AM, Martin Pitt wrote:
> A more upstreamable approach would be to not query polkit at all if
> geteuid() == 0. Is there any legit scenario where root would be denied
> running systemctl directly, but a polkit rule would allow it
> nevertheless?
I can't think of