On Sat, 12.04.14 22:08, Ismael Bouya (ismael.bo...@normalesup.org) wrote: > (Side question: Is there a way to say that systemd-tty-ask-password-agent > can be run by the user and not only by root to mount the disk? If he know > the disk password then he's most probably allowed to mount it...)
The GNOME password agent I wrote does support this, but it will do this only via a PoliyKit security transition. I am pretty sure that's necessary because setting up a LUKS volume is a relatively heavy operation, due to the hashing involved. We shouldn't open up such heavy operations to unpriviligied users without involing some kind of auth, so that users cannot simply DoS this. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
