On Mon, 04.04.16 17:31, Martin Pitt ([email protected]) wrote: > Hello all, > > a recent (mostly cosmetical) bug report [1] made me aware that we > currently query polkit for a lot of systemctl > enable/daemon-reload/etc. calls from package maintainer scripts. At > least in Debian, installing a package with a .service usually does > something like "systemctl enable/start foo", and installing a package > with a SysV script runs "systemctl daemon-reload" to pick up the new > init script. > > In all those cases systemctl is guaranteed to run as root, and any > potential interactive PK prompt would be totally unexpected -- because > of root, and because package installation is supposed to be > non-interactive and not hang. So this introduces a potentially > unreliable moving part and also assumes that polkit actually works all > the time (cf. package upgrades).
We already bypass PK if the client is privileged. See bus_verify_polkit_async() in src/shared/bus-util.c, the calls for sd_bus_query_sender_privilege(). Are you saying that bypass doesn't work for you? Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
