]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b2c4367) | patch
nsresourced: check polkit before executing our operations
authorLennart Poettering <lennart@poettering.net>
Mon, 10 Mar 2025 12:39:53 +0000 (13:39 +0100)
committerLennart Poettering <lennart@poettering.net>
Mon, 17 Mar 2025 15:03:18 +0000 (16:03 +0100)
commitd2f3ddfc6552ea4edafa6dce8b11dd336ff26ae3
treebe338f30fe8bc71c03730e2dbb3a90b215fc426ftree | snapshot
parentb2c43674a73858de17e7e6bfa615b4aab448ba62commit | diff
nsresourced: check polkit before executing our operations

Let's tighten rules on namespace operations: let's always ask PK for
permission before doing anything.

Note that if polkit is absent we'll still allow things, and the default
PK policy will also still allow things, but there's now a clear way how
people can not allow things if they want, by modifying the PK policy.
src/nsresourced/io.systemd.namespace-resource.policy [new file with mode: 0644] blob
src/nsresourced/meson.build diff | blob | blame | history
src/nsresourced/nsresourcework.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.