Skip to content

systemctl: fix various aspects of polkit authorization in legacy tools.#1227

Merged
poettering merged 5 commits intosystemd:masterfrom
intelfx:systemctl-legacy-tools-polkit
Sep 10, 2015
Merged

systemctl: fix various aspects of polkit authorization in legacy tools.#1227
poettering merged 5 commits intosystemd:masterfrom
intelfx:systemctl-legacy-tools-polkit

Conversation

@intelfx
Copy link
Copy Markdown
Contributor

@intelfx intelfx commented Sep 9, 2015

This deals with multiple concerns raised in the issue #213.

First, disallow interactive polkit auth(orization|entication) if we're being called not as systemctl but as one of the legacy tools (halt, poweroff, reboot, shutdown, telinit).

Then, relax preliminary root permission check in halt_main() to allow (non-interactive) polkit auth to kick in the "activate special target" code path (i. e. non-root non-logind non-delayed non-forced mode).

Finally, there are three ad-hoc fixes:

  • fix logind bus call error handling in halt_main() to make it look similar to the call in start_special(),
  • improve error messages in the logind call code path (reboot_with_logind()) to make it clear for the user which exact operation had failed,
  • and (while at it) refactor repeated comparisons into applications of IN_SET().

(Maybe I'm overzealous with the last one.)

@intelfx
systemctl: legacy tools shall never be interactive
16f017f 
Fixes (the main concern of) issue #213.
intelfx referenced this pull request Sep 9, 2015
@zonque
systemctl: add dry-run support for scheduled shutdowns
7681f5b 
Prefix the action parameter with "dry-" in case the --dry-run command
line switch was passed.
@poettering
Copy link
Copy Markdown
Member

poettering commented Sep 10, 2015

Looks good to me otherwise.

@zonque can you comment on the arg_dry issue @intelfx was wondering about, please?

@poettering poettering added reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks systemctl labels Sep 10, 2015
@intelfx
systemctl: minor: use IN_SET() instead of repeated equality checks.
4c315c2
@intelfx
systemctl: fix logind bus call error handling in halt_main()
a9085ea 
Handle -EOPNOTSUPP and -EINPROGRESS like in start_special().
@intelfx
systemctl: relax permission checks in halt_main()
2ac3930 
Thus we allow (non-interactive) polkit auth to kick in for legacy commands
(halt, poweroff, reboot, telinit) as well.

Fixes (another aspect of) issue #213.
@intelfx
systemctl: improve clarity of error messages in the logind path
58158dc
@poettering
Copy link
Copy Markdown
Member

poettering commented Sep 10, 2015

@zonque suggested that @intelfx is right regarding the arg_dry thing. Hence merging.

poettering added a commit that referenced this pull request Sep 10, 2015
@poettering
Merge pull request #1227 from intelfx/systemctl-legacy-tools-polkit
3227b2b 
systemctl: fix various aspects of polkit authorization in legacy tools.
@poettering poettering merged commit 3227b2b into systemd:master Sep 10, 2015
@intelfx intelfx deleted the systemctl-legacy-tools-polkit branch October 13, 2015 20:15
@marcosfrm marcosfrm mentioned this pull request Dec 31, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

reviewed/needs-rework 🔨 PR has been reviewed and needs another round of reworks systemctl

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@intelfx @poettering