From: Zbigniew Jędrzejewski-Szmek Date: Fri, 18 Jan 2019 15:46:37 +0000 (+0100) Subject: bless-boot: drop must_be_root() checks X-Git-Tag: v243-rc1~308^2~5 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ded3a403016494a3e01b6de2f4ed14dde78a62b4;p=thirdparty%2Fsystemd.git bless-boot: drop must_be_root() checks If we lack permissions, we will fail anyway. But by not doing the artifial check, we get more information. For example, on my machine, I see $ build/systemd-bless-boot good Not booted with boot counting in effect. while "Need to be root" is actually untrue, because being root doesn't change the outcome in any way. Letting the operation fail on the actual error makes it easier to do test runs: we *know* the command will fail, but we want to see what the first step would be. Not doing the articial check makes it also easier to do create alternative security arrangements, for example where the directories are mounted with special ownership mode and an otherwise unprivileged user can perform certain operations. --- diff --git a/src/boot/bless-boot.c b/src/boot/bless-boot.c index b5d110f4224..f2d033fc407 100644 --- a/src/boot/bless-boot.c +++ b/src/boot/bless-boot.c @@ -480,13 +480,12 @@ exists: } static int run(int argc, char *argv[]) { - static const Verb verbs[] = { - { "help", VERB_ANY, VERB_ANY, 0, help }, - { "status", VERB_ANY, 1, VERB_DEFAULT, verb_status }, - { "good", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_set }, - { "bad", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_set }, - { "indeterminate", VERB_ANY, 1, VERB_MUST_BE_ROOT, verb_set }, + { "help", VERB_ANY, VERB_ANY, 0, help }, + { "status", VERB_ANY, 1, VERB_DEFAULT, verb_status }, + { "good", VERB_ANY, 1, 0, verb_set }, + { "bad", VERB_ANY, 1, 0, verb_set }, + { "indeterminate", VERB_ANY, 1, 0, verb_set }, {} };