]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f5a12ce) | patch
polkit: add another flag that controls how to treat the PK absent case 31733/head
authorLennart Poettering <lennart@poettering.net>
Wed, 28 Feb 2024 20:56:55 +0000 (21:56 +0100)
committerLennart Poettering <lennart@poettering.net>
Wed, 13 Mar 2024 09:43:44 +0000 (10:43 +0100)
commit91180a1eec6f864de8e559a1d87dc33476a601b1
tree830d18d6cc50677556e6af6fff1aafcba12f25b1tree | snapshot
parentf5a12ceaedf4d490a9dc82e9460dd6fd97acc942commit | diff
polkit: add another flag that controls how to treat the PK absent case

Typically if PK is not present we want to treat this as "denied". But
sometimes it makes sense to treat this case as "allowed".

In particular the combination POLKIT_ALWAYS_QUERY and
POLKIT_DEFAULT_ALLOW makes a lot of sense: it means we can enable PK
logic for actions where we so far bypassed the checks for root. With the
new combination we can have a default policy of allowing some operation
but still provide an effective hook to disable it.

Also add some debug logging about PK operations and results as they are ongoing.
src/shared/bus-polkit.c diff | blob | blame | history
src/shared/bus-polkit.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.