]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 276d200) | patch
machined: use different polkit actions for registering and creating a machine
authorLennart Poettering <lennart@poettering.net>
Fri, 23 May 2025 20:10:36 +0000 (22:10 +0200)
committerLennart Poettering <lennart@poettering.net>
Fri, 11 Jul 2025 16:15:12 +0000 (18:15 +0200)
commitadaff8eb35d9c471af81fddaa4403bc5843a256f
treed0995380c5aa28d72f0481b2a4923db104d23046tree | snapshot
parent276d20018623ef14956ce87975be48da5de63f29commit | diff
machined: use different polkit actions for registering and creating a machine

The difference between these two operations are large: one is relatively
superficial: for "registration" all resources remain associated with the
invoking user, only the cgroup is reported to machined which then keeps
track of the machine, too. OTOH "creation" a scope is allocated in
system context, hence the invoked code will be owned by the system, and
its resource usage charged against the system.

Hence, use two distinct polkit actions for this, so that we can relax
access to registration, but keep access to creation tough.
src/machine/machine-varlink.c diff | blob | blame | history
src/machine/machined-dbus.c diff | blob | blame | history
src/machine/org.freedesktop.machine1.policy diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.