bless-boot: drop must_be_root() checks

If we lack permissions, we will fail anyway. But by not doing the artifial
check, we get more information. For example, on my machine, I see
$ build/systemd-bless-boot good
Not booted with boot counting in effect.

while "Need to be root" is actually untrue, because being root doesn't change
the outcome in any way.

Letting the operation fail on the actual error makes it easier to do test runs:
we *know* the command will fail, but we want to see what the first step would
be.

Not doing the articial check makes it also easier to do create alternative
security arrangements, for example where the directories are mounted with
special ownership mode and an otherwise unprivileged user can perform certain
operations.

diff --git a/src/boot/bless-boot.c b/src/boot/bless-boot.c
index b5d110f4224aa111e8b5419fa9bb16b18e85df5e..f2d033fc407f624bbdfb7be438ad2466e79b898f 100644 (file)
--- a/src/boot/bless-boot.c
+++ b/src/boot/bless-boot.c
@@ -480,13 +480,12 @@ exists:
 }
 
 static int run(int argc, char *argv[]) {
-
         static const Verb verbs[] = {
-                { "help",          VERB_ANY, VERB_ANY, 0,                 help        },
-                { "status",        VERB_ANY, 1,        VERB_DEFAULT,      verb_status },
-                { "good",          VERB_ANY, 1,        VERB_MUST_BE_ROOT, verb_set    },
-                { "bad",           VERB_ANY, 1,        VERB_MUST_BE_ROOT, verb_set    },
-                { "indeterminate", VERB_ANY, 1,        VERB_MUST_BE_ROOT, verb_set    },
+                { "help",          VERB_ANY, VERB_ANY, 0,            help        },
+                { "status",        VERB_ANY, 1,        VERB_DEFAULT, verb_status },
+                { "good",          VERB_ANY, 1,        0,            verb_set    },
+                { "bad",           VERB_ANY, 1,        0,            verb_set    },
+                { "indeterminate", VERB_ANY, 1,        0,            verb_set    },
                 {}
         };