On Mon, Apr 4, 2016 at 10:28 PM, Lennart Poettering <lenn...@poettering.net> wrote:
> On Mon, 04.04.16 17:31, Martin Pitt (martin.p...@ubuntu.com) wrote: > > > Hello all, > > > > a recent (mostly cosmetical) bug report [1] made me aware that we > > currently query polkit for a lot of systemctl > > enable/daemon-reload/etc. calls from package maintainer scripts. At > > least in Debian, installing a package with a .service usually does > > something like "systemctl enable/start foo", and installing a package > > with a SysV script runs "systemctl daemon-reload" to pick up the new > > init script. > > > > In all those cases systemctl is guaranteed to run as root, and any > > potential interactive PK prompt would be totally unexpected -- because > > of root, and because package installation is supposed to be > > non-interactive and not hang. So this introduces a potentially > > unreliable moving part and also assumes that polkit actually works all > > the time (cf. package upgrades). > > We already bypass PK if the client is privileged. See > bus_verify_polkit_async() in src/shared/bus-util.c, the calls for > sd_bus_query_sender_privilege(). Are you saying that bypass doesn't > work for you? > Yes, apparently: https://github.com/systemd/systemd/issues/2748 -- Mantas Mikulėnas <graw...@gmail.com>
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
