Re: Starting transient services securely from other service without root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Apr 28, 2022 at 6:56 PM Vašek Šraier <vaclav.sraier@xxxxxx> wrote:
To update the current list of options:

- PolicyKit
  could technically help, but I've discovered that the documentation 
  explicitly prohibits our potential use-case:
  "In particular, applications, [...] must never include any 
   authorization rules."

That didn't stop many of them (including, apparently, systemd itself) from doing so anyway.

$ pkgfile -vg '/usr/share/polkit-1/rules.d/*'
core/systemd 250.4-2                    /usr/share/polkit-1/rules.d/systemd-networkd.rules
extra/brltty 6.4-10                     /usr/share/polkit-1/rules.d/org.a11y.brlapi.rules
extra/flatpak 1:1.12.7-1                /usr/share/polkit-1/rules.d/org.freedesktop.Flatpak.rules
extra/geoclue 2.6.0-2                   /usr/share/polkit-1/rules.d/org.freedesktop.GeoClue2.rules
extra/gnome-control-center 42.1-1       /usr/share/polkit-1/rules.d/gnome-control-center.rules
extra/gvfs 1.50.1-1                     /usr/share/polkit-1/rules.d/org.gtk.vfs.file-operations.rules
extra/lightdm 1:1.30.0-4                /usr/share/polkit-1/rules.d/lightdm.rules
extra/malcontent 0.10.3-2               /usr/share/polkit-1/rules.d/com.endlessm.ParentalControls.rules
extra/polkit 0.120-5                    /usr/share/polkit-1/rules.d/50-default.rules
community/bolt 0.9.2-1                  /usr/share/polkit-1/rules.d/org.freedesktop.bolt.rules
community/fwupd 1.7.7-1                 /usr/share/polkit-1/rules.d/org.freedesktop.fwupd.rules
community/gnome-initial-setup 41.4-1    /usr/share/polkit-1/rules.d/20-gnome-initial-setup.rules
community/libvirt 1:8.2.0-4             /usr/share/polkit-1/rules.d/50-libvirt.rules
community/libvirt-dbus 1.4.1-2          /usr/share/polkit-1/rules.d/libvirt-dbus.rules
community/packagekit 1.2.5-1            /usr/share/polkit-1/rules.d/org.freedesktop.packagekit.rules

I found a bugzilla about this: https://bugs.freedesktop.org/show_bug.cgi?id=80921

--
Mantas Mikulėnas
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux