On Mon, 20 May 2019 at 11:49:42 +0200, Lennart Poettering wrote:
> Ideally some infrastructure like PK would supply this mechanism
> instead of us btw.
polkit is for controlled privilege escalation where an unprivileged user
asks a privileged system service to do something, and the system service
asks polkit whether that should be allowed to happen, with possible answers
that include yes, no, or a sudo-like "only if you re-authenticate first".
It also isn't an early-boot service (it needs D-Bus).
Things like prompting for the password for a LUKS volume are really
outside the scope of polkit, but it might make sense for there to be
some lower-level system-wide password prompting concept that can be used
by multiple things that need passwords: systemd, LUKS volume mounting,
polkit agents (the part that implements the "only if you re-authenticate"
policy), gnome-keyring, sudo and so on.
smcv
_______________________________________________
systemd-devel mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
