summaryrefslogtreecommitdiff
path: root/src/core/dbus.c
diff options
context:
space:
mode:
authorMichael Chapman <mike@very.puzzling.org>2015-09-06 00:07:17 +1000
committerMichael Chapman <mike@very.puzzling.org>2015-09-06 00:07:17 +1000
commit88ced61bf9673407f4b15bf51b1b408fd78c149d (patch)
treeb6cf57f054c3e65497b01100446a6667b3ef474d /src/core/dbus.c
parent403ed0e5c914f2a0a683403d8ba7eaf96e3ffcdf (diff)
core: pass details to polkit for some unit actions
The following details are passed: - unit: the primary name of the unit upon which the action was invoked (i.e. after resolving any aliases); - verb: one of 'start', 'stop', 'reload', 'restart', 'try-restart', 'reload-or-restart', 'reload-or-try-restart', 'kill', 'reset-failed', or 'set-property', corresponding to the systemctl verb used to invoke the action. Typical use of these details in a polkit policy rule might be: // Allow alice to manage example.service; // fall back to implicit authorization otherwise. polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "example.service" && subject.user == "alice") { return polkit.Result.YES; } }); We also supply a custom polkit message that includes the unit's name and the requested operation.
Diffstat (limited to 'src/core/dbus.c')
-rw-r--r--src/core/dbus.c5
1 files changed, 0 insertions, 5 deletions
diff --git a/src/core/dbus.c b/src/core/dbus.c
index a2ce880115..0a2180c6a7 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -1201,11 +1201,6 @@ int bus_verify_manage_units_async(Manager *m, sd_bus_message *call, sd_bus_error
return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.manage-units", NULL, false, UID_INVALID, &m->polkit_registry, error);
}
-/* Same as bus_verify_manage_unit_async(), but checks for CAP_KILL instead of CAP_SYS_ADMIN */
-int bus_verify_manage_units_async_for_kill(Manager *m, sd_bus_message *call, sd_bus_error *error) {
- return bus_verify_polkit_async(call, CAP_KILL, "org.freedesktop.systemd1.manage-units", NULL, false, UID_INVALID, &m->polkit_registry, error);
-}
-
int bus_verify_manage_unit_files_async(Manager *m, sd_bus_message *call, sd_bus_error *error) {
return bus_verify_polkit_async(call, CAP_SYS_ADMIN, "org.freedesktop.systemd1.manage-unit-files", NULL, false, UID_INVALID, &m->polkit_registry, error);
}