I've done initial work on adding polkit support to systemd1 DBus methods. You can see it here:
https://github.com/stefwalter/systemd/commits/polkit-systemd1 Basic rules: * Read access for everyone * Methods that modifies running unit state is controlled by a polkit action: org.freedesktop.systemd1.manage-units * Methods that modifies unit state files is controlled by a polkit action: org.freedesktop.systemd1.manage-unit-files * Many methods are only callable by root callers, like: Poweroff() Kexec() etc... * Job.Cancel() and Manager.CancelJob() are callable by the caller(s) that started the job. * Setting properties is only possible by root callers. The way that each callback in sd-bus has to handle verification seems a bit risky to me. So I've only opened up the specific interfaces I touched in the DBus policy file. Eventually the DBus policy file would go away, but hopefully sd-bus will have a less risky way of verifying callers at that point. I need to work on testing this. Will send a patch set when I'm done. I'd be happy to add documentation here when we're done: http://www.freedesktop.org/wiki/Software/systemd/dbus/ Cheers, Stef _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
