such files in version 243.
* systemd-logind will now validate access to the operation of changing
- the virtual terminal via a PolicyKit action. By default, only users
+ the virtual terminal via a polkit action. By default, only users
with at least one session on a local VT are granted permission.
* When systemd sets up PAM sessions that invoked service processes
| [Boot Loader interface](https://systemd.io/BOOT_LOADER_INTERFACE) | EFI variables | yes | yes | gummiboot | yes | - | no |
| [Service bus API](https://www.freedesktop.org/wiki/Software/systemd/dbus) | D-Bus | yes | yes | system-config-services | no | - | no |
| [logind](https://www.freedesktop.org/wiki/Software/systemd/logind) | D-Bus | yes | yes | GNOME | no | - | no |
-| [sd-login.h API](https://www.freedesktop.org/software/systemd/man/sd-login.html) | C Library | yes | yes | GNOME, PolicyKit, ... | no | - | no |
+| [sd-login.h API](https://www.freedesktop.org/software/systemd/man/sd-login.html) | C Library | yes | yes | GNOME, polkit, ... | no | - | no |
| [sd-daemon.h API](https://www.freedesktop.org/software/systemd/man/sd-daemon.html) | C Library or Drop-in | yes | yes | numerous | yes | - | yes |
| [sd-id128.h API](https://www.freedesktop.org/software/systemd/man/sd-id128.html) | C Library | yes | yes | - | yes | - | no |
| [sd-journal.h API](https://www.freedesktop.org/software/systemd/man/sd-journal.html) | C Library | yes | yes | - | maybe | - | no |
any user management UI to expose them directly.
`systemd-homed` exposes APIs to add, remove and make changes to local users via
-D-Bus, with full PolicyKit hook-up. On the command line this is exposed via the
+D-Bus, with full [polkit](https://www.freedesktop.org/software/polkit/docs/latest/)
+hook-up. On the command line this is exposed via the
`homectl` command. A graphical UI that exposes similar functionality would be
very useful, exposing the various new account settings, and in particular
providing a stream-lined UI for enrolling new-style authentication tokens such
<para>Whenever the hostname or other metadata is changed via the daemon,
<function>PropertyChanged</function> signals are sent out to subscribed clients. Changing a hostname
- using this interface is authenticated via PolicyKit.</para>
+ using this interface is authenticated via
+ <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>.</para>
</refsect1>
<refsect1>
<para><function>GetProductUUID()</function> returns the "product uuid" as exposed by the kernel based
on DMI information in <filename>/sys/class/dmi/id/product_uuid</filename>. Reading the file directly
- requires root privileges, and this method allows access to unprivileged clients through the PolicyKit
+ requires root privileges, and this method allows access to unprivileged clients through the polkit
framework.</para>
<para><varname>KernelName</varname>, <varname>KernelRelease</varname>, and
<refsect2>
<title>Security</title>
- <para>The <varname>interactive</varname> boolean parameters can be used to control whether PolicyKit
+ <para>The <varname>interactive</varname> boolean parameters can be used to control whether polkit
should interactively ask the user for authentication credentials if required.</para>
- <para>The PolicyKit action for <function>SetHostname()</function> is
+ <para>The polkit action for <function>SetHostname()</function> is
<interfacename>org.freedesktop.hostname1.set-hostname</interfacename>. For
<function>SetStaticHostname()</function> and <function>SetPrettyHostname()</function> it is
<interfacename>org.freedesktop.hostname1.set-static-hostname</interfacename>. For
<para>Use the empty string for the keymap parameters you wish not to set.</para>
- <para>The <varname>interactive</varname> boolean parameters can be used to control whether PolicyKit
+ <para>The <varname>interactive</varname> boolean parameters can be used to control whether
+ <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
should interactively ask the user for authentication credentials if required.</para>
</refsect2>
<refsect2>
<title>Security</title>
- <para>Changing the system locale or keymap using this interface is authenticated via PolicyKit. The
- PolicyKit action for <function>SetLocale()</function> is
- <constant>org.freedesktop.locale1.set-locale</constant>. The PolicyKit action for
+ <para>Changing the system locale or keymap using this interface is authenticated via polkit. The
+ polkit action for <function>SetLocale()</function> is
+ <constant>org.freedesktop.locale1.set-locale</constant>. The polkit action for
<function>SetX11Keyboard()</function> and <function>SetVConsoleKeyboard()</function> is
<constant>org.freedesktop.locale1.set-keyboard</constant>.</para>
</refsect2>
directory of a user is kept around and he may continue to run processes while he is logged out. If
disabled, the runtime directory goes away as soon as they log out. <function>SetUserLinger()</function>
expects three arguments: the UID, a boolean whether to enable/disable and a boolean controlling the
- PolicyKit authorization interactivity (see below). Note that the user linger state is persistently
+ <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
+ authorization interactivity (see below). Note that the user linger state is persistently
stored on disk.</para>
<para><function>AttachDevice()</function> may be used to assign a specific device to a specific
seat. The device is identified by its /sys path and must be eligible for seat assignments. <function>AttachDevice()</function> takes three
- arguments: the seat id, the sysfs path, and a boolean for controlling PolicyKit interactivity (see
+ arguments: the seat id, the sysfs path, and a boolean for controlling polkit interactivity (see
below). Device assignments are persistently stored on disk. To create a new seat, simply specify a
previously unused seat id. For more information about the seat assignment logic see
<ulink url="https://www.freedesktop.org/wiki/Software/systemd/multiseat">Multi-Seat for Linux</ulink>.
</para>
<para><function>FlushDevices()</function> removes all explicit seat assignments for devices, resetting
- all assignments to the automatic defaults. The only argument it takes is the PolicyKit interactivity
+ all assignments to the automatic defaults. The only argument it takes is the polkit interactivity
boolean (see below).</para>
<para><function>PowerOff()</function>, <function>Reboot()</function>, <function>Halt()</function>,
the machine is powered down). <function>HybridSleep()</function> results in the system entering a
hybrid-sleep mode, i.e. the system is both hibernated and suspended.
<function>SuspendThenHibernate()</function> results in the system being suspended, then later woken
- using an RTC timer and hibernated. The only argument is the PolicyKit interactivity boolean
+ using an RTC timer and hibernated. The only argument is the polkit interactivity boolean
<varname>interactive</varname> (see below). The main purpose of these calls is that they enforce
- PolicyKit policy and hence allow powering off/rebooting/suspending/hibernating even by unprivileged
+ polkit policy and hence allow powering off/rebooting/suspending/hibernating even by unprivileged
users. They also enforce inhibition locks. UIs should expose these calls as the primary mechanism to
poweroff/reboot/suspend/hibernate the machine.</para>
<refsect2>
<title>Security</title>
- <para>A number of operations are protected via the PolicyKit privilege
+ <para>A number of operations are protected via the polkit privilege
system. <function>SetUserLinger()</function> requires the
<interfacename>org.freedesktop.login1.set-user-linger</interfacename>
privilege. <function>AttachDevice()</function> requires
<interfacename>org.freedesktop.login1.inhibit-handle-lid-switch</interfacename> depending on the lock
type and mode taken.</para>
- <para>The <varname>interactive</varname> boolean parameters can be used to control whether PolicyKit
+ <para>The <varname>interactive</varname> boolean parameters can be used to control whether polkit
should interactively ask the user for authentication credentials if required.</para>
</refsect2>
</refsect1>
<para>Properties exposing time values are usually encoded in microseconds (usec) on the bus, even if
their corresponding settings in the unit files are in seconds.</para>
- <para>In contrast to most of the other services of the systemd suite, PID 1 does not use PolicyKit for
- controlling access to privileged operations, but relies exclusively on the low-level D-Bus policy
- language. (This is done in order to avoid a cyclic dependency between PolicyKit and systemd/PID 1.) This
+ <para>In contrast to most of the other services of the systemd suite, PID 1 does not use
+ <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
+ for controlling access to privileged operations, but relies exclusively on the low-level D-Bus policy
+ language. (This is done in order to avoid a cyclic dependency between polkit and systemd/PID 1.) This
means that sensitive operations exposed by PID 1 on the bus are generally not available to unprivileged
processes directly. However, some operations (such as shutdown/reboot/suspend) are made available through the D-Bus
API of logind, see
<title>Security</title>
<para>Read access is generally granted to all clients. Additionally, for unprivileged clients, some
- operations are allowed through the PolicyKit privilege system. Operations which modify unit state
+ operations are allowed through the polkit privilege system. Operations which modify unit state
(<function>StartUnit()</function>, <function>StopUnit()</function>, <function>KillUnit()</function>,
<function>RestartUnit()</function> and similar, <function>SetProperty</function>) require
<interfacename>org.freedesktop.systemd1.manage-units</interfacename>. Operations which modify unit file
allowed for everyone. All operations are allowed for clients with the
<constant>CAP_SYS_ADMIN</constant> capability or when the
<interfacename>org.freedesktop.systemd1.manage-units</interfacename> privilege is granted by
- PolicyKit.</para>
+ polkit.</para>
</refsect2>
</refsect1>
<title>Security</title>
<para>The <varname>interactive</varname> boolean parameters can be used to control whether
- PolicyKit should interactively ask the user for authentication credentials if required.</para>
+ <ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>
+ should interactively ask the user for authentication credentials if required.</para>
- <para>The PolicyKit action for <function>SetTimezone()</function> is
+ <para>The polkit action for <function>SetTimezone()</function> is
<interfacename>org.freedesktop.timedate1.set-timezone</interfacename>. For
<function>SetLocalRTC()</function> it is
<interfacename>org.freedesktop.timedate1.set-local-rtc</interfacename>, for
projects / thirdparty / systemd.git / commitdiff
