From d35f51ea848ca76bd3747db69e8c5dd864e82bc3 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 16 Jul 2018 12:44:24 +0200 Subject: [PATCH] tree-wide: use "polkit" to refer to PolicyKit/polkit Back in 2012 the project was renamed, see the release notes for v 0.105 [https://cgit.freedesktop.org/polkit/tree/NEWS#n754]. Let's update our documentation and comments to do the same. Referring to PolicyKit is confusing to users because at the time the polkit api changed too, and we support the new version. I updated NEWS too, since all the references to PolicyKit there were added after the rename. "PolicyKit" is unchanged in various URLs and method call names. --- NEWS | 76 ++++++++++++++++------------------ README | 2 +- man/systemd-logind.service.xml | 6 ++- meson_options.txt | 2 +- src/core/dbus-job.c | 2 +- src/systemctl/systemctl.c | 4 +- 6 files changed, 45 insertions(+), 47 deletions(-) diff --git a/NEWS b/NEWS index fb00f4ba63b..537c4b6131a 100644 --- a/NEWS +++ b/NEWS @@ -3327,11 +3327,10 @@ CHANGES WITH 226: correct dequeuing of real-time signals, without losing signal events. - * When systemd requests a PolicyKit decision when managing - units it will now add additional fields to the request, - including unit name and desired operation. This enables more - powerful PolicyKit policies, that make decisions depending - on these parameters. + * When systemd requests a polkit decision when managing units it + will now add additional fields to the request, including unit + name and desired operation. This enables more powerful polkit + policies, that make decisions depending on these parameters. * nspawn learnt support for .nspawn settings files, that may accompany the image files or directories of containers, and @@ -3366,13 +3365,12 @@ CHANGES WITH 225: options and allows other programs to query the values. * SELinux access control when enabling/disabling units is no - longer enforced with this release. The previous - implementation was incorrect, and a new corrected - implementation is not yet available. As unit file operations - are still protected via PolicyKit and D-Bus policy this is - not a security problem. Yet, distributions which care about - optimal SELinux support should probably not stabilize on - this release. + longer enforced with this release. The previous implementation + was incorrect, and a new corrected implementation is not yet + available. As unit file operations are still protected via + polkit and D-Bus policy this is not a security problem. Yet, + distributions which care about optimal SELinux support should + probably not stabilize on this release. * sd-bus gained support for matches of type "arg0has=", that test for membership of strings in string arrays sent in bus @@ -3744,11 +3742,10 @@ CHANGES WITH 220: * systemd-importd gained support for verifying downloaded images with gpg2 (previously only gpg1 was supported). - * systemd-machined, systemd-logind, systemd: most bus calls - are now accessible to unprivileged processes via - PolicyKit. Also, systemd-logind will now allow users to kill - their own sessions without further privileges or - authorization. + * systemd-machined, systemd-logind, systemd: most bus calls are + now accessible to unprivileged processes via polkit. Also, + systemd-logind will now allow users to kill their own sessions + without further privileges or authorization. * systemd-shutdownd has been removed. This service was previously responsible for implementing scheduled shutdowns @@ -4530,11 +4527,11 @@ CHANGES WITH 217: directly from now on, again. * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus - message flag has been added for all of systemd's PolicyKit - authenticated method calls has been added. In particular - this now allows optional interactive authorization via - PolicyKit for many of PID1's privileged operations such as - unit file enabling and disabling. + message flag has been added for all of systemd's polkit + authenticated method calls has been added. In particular this + now allows optional interactive authorization via polkit for + many of PID1's privileged operations such as unit file + enabling and disabling. * "udevadm hwdb --update" learnt a new switch "--usr" for placing the rebuilt hardware database in /usr instead of @@ -4613,11 +4610,11 @@ CHANGES WITH 216: well as the user/group databases, which should enhance compatibility with certain tools like grpck. - * A number of bus APIs of PID 1 now optionally consult - PolicyKit to permit access for otherwise unprivileged - clients under certain conditions. Note that this currently - doesn't support interactive authentication yet, but this is - expected to be added eventually, too. + * A number of bus APIs of PID 1 now optionally consult polkit to + permit access for otherwise unprivileged clients under certain + conditions. Note that this currently doesn't support + interactive authentication yet, but this is expected to be + added eventually, too. * /etc/machine-info now has new fields for configuring the deployment environment of the machine, as well as the @@ -7090,8 +7087,8 @@ CHANGES WITH 198: the rest of the package. It also has been updated to work correctly in initrds. - * Policykit previously has been runtime optional, and is now - also compile time optional via a configure switch. + * polkit previously has been runtime optional, and is now also + compile time optional via a configure switch. * systemd-analyze has been reimplemented in C. Also "systemctl dot" has moved into systemd-analyze. @@ -7259,9 +7256,9 @@ CHANGES WITH 197: user/vendor or is automatically determined from ACPI and DMI information if possible. - * A number of PolicyKit actions are now bound together with - "imply" rules. This should simplify creating UIs because - many actions will now authenticate similar ones as well. + * A number of polkit actions are now bound together with "imply" + rules. This should simplify creating UIs because many actions + will now authenticate similar ones as well. * Unit files learnt a new condition ConditionACPower= which may be used to conditionalize a unit depending on whether an @@ -7400,14 +7397,13 @@ CHANGES WITH 196: to maintain the necessary patches downstream, or find a different solution. (Talk to us if you have questions!) - * Various systemd components will now bypass PolicyKit checks - for root and otherwise handle properly if PolicyKit is not - found to be around. This should fix most issues for - PolicyKit-less systems. Quite frankly this should have been - this way since day one. It is absolutely our intention to - make systemd work fine on PolicyKit-less systems, and we - consider it a bug if something does not work as it should if - PolicyKit is not around. + * Various systemd components will now bypass polkit checks for + root and otherwise handle properly if polkit is not found to + be around. This should fix most issues for polkit-less + systems. Quite frankly this should have been this way since + day one. It is absolutely our intention to make systemd work + fine on polkit-less systems, and we consider it a bug if + something does not work as it should if polkit is not around. * For embedded systems it is now possible to build udev and systemd without blkid and/or kmod support. diff --git a/README b/README index 7d06e048008..61a1fd45bfe 100644 --- a/README +++ b/README @@ -173,7 +173,7 @@ REQUIREMENTS: NOTE: If using dbus < 1.9.18, you should override the default policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d). dracut (optional) - PolicyKit (optional) + polkit (optional) To build in directory build/: meson build/ && ninja -C build diff --git a/man/systemd-logind.service.xml b/man/systemd-logind.service.xml index 33ed8f522ea..1c29b337767 100644 --- a/man/systemd-logind.service.xml +++ b/man/systemd-logind.service.xml @@ -45,8 +45,10 @@ a session, then this ID is reused as the session ID. Otherwise, an independent session counter is used. - Providing PolicyKit-based access for users for - operations such as system shutdown or sleep + Providing polkit-based + access for users for operations such as system shutdown or sleep + Implementing a shutdown/sleep inhibition logic for applications diff --git a/meson_options.txt b/meson_options.txt index a79fcbcf378..0b531d96caf 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -220,7 +220,7 @@ option('smack', type : 'boolean', option('smack-run-label', type : 'string', description : 'run systemd --system itself with a specific SMACK label') option('polkit', type : 'combo', choices : ['auto', 'true', 'false'], - description : 'PolicyKit support') + description : 'polkit support') option('ima', type : 'boolean', description : 'IMA support') diff --git a/src/core/dbus-job.c b/src/core/dbus-job.c index 5551c56d0e9..20d890b36c3 100644 --- a/src/core/dbus-job.c +++ b/src/core/dbus-job.c @@ -50,7 +50,7 @@ int bus_job_method_cancel(sd_bus_message *message, void *userdata, sd_bus_error /* Access is granted to the job owner */ if (!sd_bus_track_contains(j->bus_track, sd_bus_message_get_sender(message))) { - /* And for everybody else consult PolicyKit */ + /* And for everybody else consult polkit */ r = bus_verify_manage_units_async(j->unit->manager, message, error); if (r < 0) return r; diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index 9c6156237a2..68d6f8ac250 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -3178,7 +3178,7 @@ static int logind_set_wall_message(void) { #endif /* Ask systemd-logind, which might grant access to unprivileged users - * through PolicyKit */ + * through polkit */ static int logind_reboot(enum action a) { #if ENABLE_LOGIND _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; @@ -8414,7 +8414,7 @@ static int halt_main(void) { } /* Try logind if we are a normal user and no special - * mode applies. Maybe PolicyKit allows us to shutdown + * mode applies. Maybe polkit allows us to shutdown * the machine. */ if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) { r = logind_reboot(arg_action); -- 2.47.3