mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-03 01:17:45 +03:00
tree-wide: use "polkit" to refer to PolicyKit/polkit
Back in 2012 the project was renamed, see the release notes for v 0.105 [https://cgit.freedesktop.org/polkit/tree/NEWS#n754]. Let's update our documentation and comments to do the same. Referring to PolicyKit is confusing to users because at the time the polkit api changed too, and we support the new version. I updated NEWS too, since all the references to PolicyKit there were added after the rename. "PolicyKit" is unchanged in various URLs and method call names.
This commit is contained in:
parent
b750778751
commit
d35f51ea84
76
NEWS
76
NEWS
@ -3327,11 +3327,10 @@ CHANGES WITH 226:
|
||||
correct dequeuing of real-time signals, without losing
|
||||
signal events.
|
||||
|
||||
* When systemd requests a PolicyKit decision when managing
|
||||
units it will now add additional fields to the request,
|
||||
including unit name and desired operation. This enables more
|
||||
powerful PolicyKit policies, that make decisions depending
|
||||
on these parameters.
|
||||
* When systemd requests a polkit decision when managing units it
|
||||
will now add additional fields to the request, including unit
|
||||
name and desired operation. This enables more powerful polkit
|
||||
policies, that make decisions depending on these parameters.
|
||||
|
||||
* nspawn learnt support for .nspawn settings files, that may
|
||||
accompany the image files or directories of containers, and
|
||||
@ -3366,13 +3365,12 @@ CHANGES WITH 225:
|
||||
options and allows other programs to query the values.
|
||||
|
||||
* SELinux access control when enabling/disabling units is no
|
||||
longer enforced with this release. The previous
|
||||
implementation was incorrect, and a new corrected
|
||||
implementation is not yet available. As unit file operations
|
||||
are still protected via PolicyKit and D-Bus policy this is
|
||||
not a security problem. Yet, distributions which care about
|
||||
optimal SELinux support should probably not stabilize on
|
||||
this release.
|
||||
longer enforced with this release. The previous implementation
|
||||
was incorrect, and a new corrected implementation is not yet
|
||||
available. As unit file operations are still protected via
|
||||
polkit and D-Bus policy this is not a security problem. Yet,
|
||||
distributions which care about optimal SELinux support should
|
||||
probably not stabilize on this release.
|
||||
|
||||
* sd-bus gained support for matches of type "arg0has=", that
|
||||
test for membership of strings in string arrays sent in bus
|
||||
@ -3744,11 +3742,10 @@ CHANGES WITH 220:
|
||||
* systemd-importd gained support for verifying downloaded
|
||||
images with gpg2 (previously only gpg1 was supported).
|
||||
|
||||
* systemd-machined, systemd-logind, systemd: most bus calls
|
||||
are now accessible to unprivileged processes via
|
||||
PolicyKit. Also, systemd-logind will now allow users to kill
|
||||
their own sessions without further privileges or
|
||||
authorization.
|
||||
* systemd-machined, systemd-logind, systemd: most bus calls are
|
||||
now accessible to unprivileged processes via polkit. Also,
|
||||
systemd-logind will now allow users to kill their own sessions
|
||||
without further privileges or authorization.
|
||||
|
||||
* systemd-shutdownd has been removed. This service was
|
||||
previously responsible for implementing scheduled shutdowns
|
||||
@ -4530,11 +4527,11 @@ CHANGES WITH 217:
|
||||
directly from now on, again.
|
||||
|
||||
* Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus
|
||||
message flag has been added for all of systemd's PolicyKit
|
||||
authenticated method calls has been added. In particular
|
||||
this now allows optional interactive authorization via
|
||||
PolicyKit for many of PID1's privileged operations such as
|
||||
unit file enabling and disabling.
|
||||
message flag has been added for all of systemd's polkit
|
||||
authenticated method calls has been added. In particular this
|
||||
now allows optional interactive authorization via polkit for
|
||||
many of PID1's privileged operations such as unit file
|
||||
enabling and disabling.
|
||||
|
||||
* "udevadm hwdb --update" learnt a new switch "--usr" for
|
||||
placing the rebuilt hardware database in /usr instead of
|
||||
@ -4613,11 +4610,11 @@ CHANGES WITH 216:
|
||||
well as the user/group databases, which should enhance
|
||||
compatibility with certain tools like grpck.
|
||||
|
||||
* A number of bus APIs of PID 1 now optionally consult
|
||||
PolicyKit to permit access for otherwise unprivileged
|
||||
clients under certain conditions. Note that this currently
|
||||
doesn't support interactive authentication yet, but this is
|
||||
expected to be added eventually, too.
|
||||
* A number of bus APIs of PID 1 now optionally consult polkit to
|
||||
permit access for otherwise unprivileged clients under certain
|
||||
conditions. Note that this currently doesn't support
|
||||
interactive authentication yet, but this is expected to be
|
||||
added eventually, too.
|
||||
|
||||
* /etc/machine-info now has new fields for configuring the
|
||||
deployment environment of the machine, as well as the
|
||||
@ -7090,8 +7087,8 @@ CHANGES WITH 198:
|
||||
the rest of the package. It also has been updated to work
|
||||
correctly in initrds.
|
||||
|
||||
* Policykit previously has been runtime optional, and is now
|
||||
also compile time optional via a configure switch.
|
||||
* polkit previously has been runtime optional, and is now also
|
||||
compile time optional via a configure switch.
|
||||
|
||||
* systemd-analyze has been reimplemented in C. Also "systemctl
|
||||
dot" has moved into systemd-analyze.
|
||||
@ -7259,9 +7256,9 @@ CHANGES WITH 197:
|
||||
user/vendor or is automatically determined from ACPI and DMI
|
||||
information if possible.
|
||||
|
||||
* A number of PolicyKit actions are now bound together with
|
||||
"imply" rules. This should simplify creating UIs because
|
||||
many actions will now authenticate similar ones as well.
|
||||
* A number of polkit actions are now bound together with "imply"
|
||||
rules. This should simplify creating UIs because many actions
|
||||
will now authenticate similar ones as well.
|
||||
|
||||
* Unit files learnt a new condition ConditionACPower= which
|
||||
may be used to conditionalize a unit depending on whether an
|
||||
@ -7400,14 +7397,13 @@ CHANGES WITH 196:
|
||||
to maintain the necessary patches downstream, or find a
|
||||
different solution. (Talk to us if you have questions!)
|
||||
|
||||
* Various systemd components will now bypass PolicyKit checks
|
||||
for root and otherwise handle properly if PolicyKit is not
|
||||
found to be around. This should fix most issues for
|
||||
PolicyKit-less systems. Quite frankly this should have been
|
||||
this way since day one. It is absolutely our intention to
|
||||
make systemd work fine on PolicyKit-less systems, and we
|
||||
consider it a bug if something does not work as it should if
|
||||
PolicyKit is not around.
|
||||
* Various systemd components will now bypass polkit checks for
|
||||
root and otherwise handle properly if polkit is not found to
|
||||
be around. This should fix most issues for polkit-less
|
||||
systems. Quite frankly this should have been this way since
|
||||
day one. It is absolutely our intention to make systemd work
|
||||
fine on polkit-less systems, and we consider it a bug if
|
||||
something does not work as it should if polkit is not around.
|
||||
|
||||
* For embedded systems it is now possible to build udev and
|
||||
systemd without blkid and/or kmod support.
|
||||
|
2
README
2
README
@ -173,7 +173,7 @@ REQUIREMENTS:
|
||||
NOTE: If using dbus < 1.9.18, you should override the default
|
||||
policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
|
||||
dracut (optional)
|
||||
PolicyKit (optional)
|
||||
polkit (optional)
|
||||
|
||||
To build in directory build/:
|
||||
meson build/ && ninja -C build
|
||||
|
@ -45,8 +45,10 @@
|
||||
a session, then this ID is reused as the session ID. Otherwise, an independent session counter is
|
||||
used.</para></listitem>
|
||||
|
||||
<listitem><para>Providing PolicyKit-based access for users for
|
||||
operations such as system shutdown or sleep</para></listitem>
|
||||
<listitem><para>Providing <ulink
|
||||
url="http://www.freedesktop.org/wiki/Software/polkit">polkit</ulink>-based
|
||||
access for users for operations such as system shutdown or sleep</para>
|
||||
</listitem>
|
||||
|
||||
<listitem><para>Implementing a shutdown/sleep inhibition logic
|
||||
for applications</para></listitem>
|
||||
|
@ -220,7 +220,7 @@ option('smack', type : 'boolean',
|
||||
option('smack-run-label', type : 'string',
|
||||
description : 'run systemd --system itself with a specific SMACK label')
|
||||
option('polkit', type : 'combo', choices : ['auto', 'true', 'false'],
|
||||
description : 'PolicyKit support')
|
||||
description : 'polkit support')
|
||||
option('ima', type : 'boolean',
|
||||
description : 'IMA support')
|
||||
|
||||
|
@ -50,7 +50,7 @@ int bus_job_method_cancel(sd_bus_message *message, void *userdata, sd_bus_error
|
||||
/* Access is granted to the job owner */
|
||||
if (!sd_bus_track_contains(j->bus_track, sd_bus_message_get_sender(message))) {
|
||||
|
||||
/* And for everybody else consult PolicyKit */
|
||||
/* And for everybody else consult polkit */
|
||||
r = bus_verify_manage_units_async(j->unit->manager, message, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
@ -3178,7 +3178,7 @@ static int logind_set_wall_message(void) {
|
||||
#endif
|
||||
|
||||
/* Ask systemd-logind, which might grant access to unprivileged users
|
||||
* through PolicyKit */
|
||||
* through polkit */
|
||||
static int logind_reboot(enum action a) {
|
||||
#if ENABLE_LOGIND
|
||||
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
|
||||
@ -8414,7 +8414,7 @@ static int halt_main(void) {
|
||||
}
|
||||
|
||||
/* Try logind if we are a normal user and no special
|
||||
* mode applies. Maybe PolicyKit allows us to shutdown
|
||||
* mode applies. Maybe polkit allows us to shutdown
|
||||
* the machine. */
|
||||
if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) {
|
||||
r = logind_reboot(arg_action);
|
||||
|
Loading…
Reference in New Issue
Block a user