On Mon, 04.04.16 13:06, Colin Walters (walt...@verbum.org) wrote: > > > On Mon, Apr 4, 2016, at 11:31 AM, Martin Pitt wrote: > > > A more upstreamable approach would be to not query polkit at all if > > geteuid() == 0. Is there any legit scenario where root would be denied > > running systemctl directly, but a polkit rule would allow it > > nevertheless? > > I can't think of one. However, see: > https://bugs.freedesktop.org/show_bug.cgi?id=35623 > > But that's okay, if kdbus happens I'm sure sd-bus/systemd > would be easy to change to teach it about CAP_SYS_ADMIN. > > The uid-vs-CAP_SYS_ADMIN is a lot more important in a > world of containers though.
The code is actually written in a way that a specific capability is checked, depending on the method call is used. However this is only done if kdbus is used, since querying caps is not safely (i.e. non-racy) possible is kdbus is not available. On non-kdbus we simply check the euid == 0. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel