Hello To do tests I made a new Arch Linux (x86_64) base installation running in qemu/kvm with systemd-210-3 and polkit-0.112-1 to discard any weird thing on my system.
I can reboot/poweroff/suspend/hibernate the system with a normal user
logged from a local VT or remote SSH does not care. I can not disable
this even with a set of polkit rules.
I am sure that this works fine before (maybe systemd-204 age?)
The weird thing here, is that If I ask to login1 about "Can*" methods it
returns 'no'. Also system can be rebooted or poweroff if other users are
logged on the system (i.e root on tty1).
I have another question: If polkit is not installed at all, what is
supposed to happens on these actions? Because I can reboot/poweroff/etc
by default, is this right?
Thanks in advance.
[djgera@host322 ~]$ loginctl show-user djgera
UID=1000
GID=1000
Name=djgera
Timestamp=Sun 2014-03-09 19:29:33 ART
TimestampMonotonic=16659804
RuntimePath=/run/user/1000
Service=user@1000.service
Slice=user-1000.slice
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
Linger=no
[djgera@host322 ~]$ loginctl show-session 1
Id=1
Name=djgera
Timestamp=Sun 2014-03-09 19:29:33 ART
TimestampMonotonic=16673677
VTNr=0
Remote=yes
RemoteHost=192.168.0.77
Service=sshd
Scope=session-1.scope
Leader=166
Audit=1
Type=tty
Class=user
Active=yes
State=active
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0
[djgera@host322 ~]$ gdbus call --system --dest org.freedesktop.login1
--object-path /org/freedesktop/login1 --method
org.freedesktop.login1.Manager.CanReboot
('no',)
[djgera@host322 ~]$ gdbus call --system --dest org.freedesktop.login1
--object-path /org/freedesktop/login1 --method
org.freedesktop.login1.Manager.Reboot true
()
Connection to 192.168.0.218 closed by remote host.
Connection to 192.168.0.218 closed.
[djgera@host322 ~]$ reboot
User root is logged in on tty1.
Please retry operation after closing inhibitors and logging out other users.
Alternatively, ignore inhibitors and users with 'systemctl reboot -i'.
[djgera@host322 ~]$ gdbus call --system --dest org.freedesktop.login1
--object-path /org/freedesktop/login1 --method
org.freedesktop.login1.Manager.Reboot true
()
Connection to 192.168.0.218 closed by remote host.
Connection to 192.168.0.218 closed.
[djgera@exequiel ~]$
-------------------------------------
/etc/polkit-1/rules.d/69-djgera.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.login1.power-off" ||
action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
action.id == "org.freedesktop.login1.reboot" ||
action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
action.id == "org.freedesktop.login1.hibernate" ||
action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" ||
action.id == "org.freedesktop.login1.hibernate-multiple-sessions" ||
action.id == "org.freedesktop.login1.suspend" ||
action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
action.id == "org.freedesktop.login1.suspend-multiple-sessions") {
return polkit.Result.NO;
}
});
-------------------------------------
--
Gerardo Exequiel Pozzi
\cos^2\alpha + \sin^2\alpha = 1
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
