diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-02-28 21:56:55 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-03-13 10:43:44 +0100 |
| commit | 91180a1eec6f864de8e559a1d87dc33476a601b1 (patch) | |
| tree | 830d18d6cc50677556e6af6fff1aafcba12f25b1 /src/shared/bus-polkit.h | |
| parent | polkit: add new POLKIT_ALWAYS_QUERY flag (diff) | |
| download | systemd-91180a1eec6f864de8e559a1d87dc33476a601b1.tar.xz systemd-91180a1eec6f864de8e559a1d87dc33476a601b1.zip | |
polkit: add another flag that controls how to treat the PK absent case
Typically if PK is not present we want to treat this as "denied". But
sometimes it makes sense to treat this case as "allowed".
In particular the combination POLKIT_ALWAYS_QUERY and
POLKIT_DEFAULT_ALLOW makes a lot of sense: it means we can enable PK
logic for actions where we so far bypassed the checks for root. With the
new combination we can have a default policy of allowing some operation
but still provide an effective hook to disable it.
Also add some debug logging about PK operations and results as they are ongoing.
Diffstat (limited to '')
| -rw-r--r-- | src/shared/bus-polkit.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/shared/bus-polkit.h b/src/shared/bus-polkit.h index 9fb5d83f0c..15c621dfa3 100644 --- a/src/shared/bus-polkit.h +++ b/src/shared/bus-polkit.h @@ -10,6 +10,7 @@ typedef enum PolkitFLags { POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */ POLKIT_ALWAYS_QUERY = 1 << 1, /* Query polkit even if client is privileged */ + POLKIT_DEFAULT_ALLOW = 1 << 2, /* If polkit is not around, assume "allow" rather than the usual "deny" */ } PolkitFlags; int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e); |