summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-04-12 22:52:28 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-04-21 00:21:33 -0400
commit152199f2d705effdcddacff63b3ca88671b1290f (patch)
treefaa4660e2df91c85e791c42d913007924df3607e
parent921f831d3e2e27a0da16d93ad3dc468263a63320 (diff)
logind: allow any user to request lingering
We enable lingering for anyone who wants this. It is still disabled by default to avoid keeping long-running processes accidentally. Admins might want to customize this policy on multi-user sites.
-rw-r--r--NEWS5
-rw-r--r--src/login/logind-dbus.c8
-rw-r--r--src/login/org.freedesktop.login1.policy.in8
3 files changed, 16 insertions, 5 deletions
diff --git a/NEWS b/NEWS
index 7199a67201..3924264e6f 100644
--- a/NEWS
+++ b/NEWS
@@ -40,8 +40,9 @@ CHANGES WITH 230 in spe:
After the user logs out of all sessions, user@.service will be
terminated too, by default, unless the user has "lingering" enabled.
To effectively allow users to run long-term tasks even if they are
- logged out, lingering must be enabled for them. See loginctl(1)
- for details.
+ logged out, lingering must be enabled for them. See loginctl(1) for
+ details. The default polkit policy was modified to allow users to
+ set lingering for themselves without authentication.
Previous defaults can be restored at compile time by the
--without-kill-user-processes option.
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 1d3133ee25..a281f99a34 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1077,11 +1077,11 @@ static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus
static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) {
_cleanup_free_ char *cc = NULL;
Manager *m = userdata;
- int b, r;
+ int r, b, interactive;
struct passwd *pw;
const char *path;
uint32_t uid;
- int interactive;
+ bool self = false;
assert(message);
assert(m);
@@ -1102,6 +1102,8 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
if (r < 0)
return r;
+ self = true;
+
} else if (!uid_is_valid(uid))
return -EINVAL;
@@ -1113,7 +1115,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
r = bus_verify_polkit_async(
message,
CAP_SYS_ADMIN,
- "org.freedesktop.login1.set-user-linger",
+ self ? "org.freedesktop.login1.set-self-linger" : "org.freedesktop.login1.set-user-linger",
NULL,
interactive,
UID_INVALID,
diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in
index 23326bb79f..1fa6441629 100644
--- a/src/login/org.freedesktop.login1.policy.in
+++ b/src/login/org.freedesktop.login1.policy.in
@@ -111,6 +111,14 @@
</defaults>
</action>
+ <action id="org.freedesktop.login1.set-self-linger">
+ <_description>Allow non-logged-in user to run programs</_description>
+ <_message>Explicit request is required to run programs as a non-logged-in user.</_message>
+ <defaults>
+ <allow_any>yes</allow_any>
+ </defaults>
+ </action>
+
<action id="org.freedesktop.login1.set-user-linger">
<_description>Allow non-logged-in users to run programs</_description>
<_message>Authentication is required to run programs as a non-logged-in user.</_message>