summaryrefslogtreecommitdiff
path: root/src/login/org.freedesktop.login1.conf
AgeCommit message (Collapse)Author
2015-07-11logind: bring bus policy up-to-dateLennart Poettering
A while back we opened up all of logind's bus calls to unprivileged users, via PK. However, the dbus1 policy wasn't updated accordingly. With this change, the dbus1 policy is opened up for all bus calls that should be available to unprivileged clients. (also rearranges some calls in the vtable, to make more sense, and be in line with the order in the bus policy file) Fixes #471.
2015-04-07logind,systemctl: add reboot to EFI firmware supportJan Janssen
2014-02-25login: Allow calling org.freedesktop.login1.Seat.SwitchToJasper St. Pierre
2013-12-10bus: introduce "trusted" bus concept and encode access control in object vtablesLennart Poettering
Introduces a new concept of "trusted" vs. "untrusted" busses. For the latter libsystemd-bus will automatically do per-method access control, for the former all access is automatically granted. Per-method access control is encoded in the vtables: by default all methods are only accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag is set for a method it is accessible to unprivileged clients too. By default whether a client is privileged is determined via checking for its CAP_SYS_ADMIN capability, but this can be altered via the SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field of the method. Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note however that read access is unrestricted, as PropertiesChanged messages might send out the values anyway as an unrestricted broadcast. By default the system bus is set to "untrusted" and the user bus is "trusted" since per-method access control on the latter is unnecessary. On dbus1 busses we check the UID of the caller rather than the configured capability since the capability cannot be determined without race. On kdbus the capability is checked if possible from the attached meta-data of a message and otherwise queried from the sending peer. This also decorates the vtables of the various daemons we ship with these flags.
2013-10-15logind: allow unprivileged session-device accessDavid Herrmann
The session-device/control API was introduced for unprivileged device access from within a session. Add the required dbus policy to the default logind policies. Note: logind validates that only root and the user of a session can use the API. Furthermore, only a single API user gets access at a time.
2013-06-20logind: make ListMachines bus call publicLennart Poettering
2012-12-18logind: allow HybridSleep methods in default DBus contextMantas Mikulėnas
2012-05-08logind: implement suspend/hibernate calls with inhibition logicLennart Poettering
2012-04-16logind: add shutdown/suspend/idle inhibition frameworkLennart Poettering
2012-04-12relicense to LGPLv2.1 (with exceptions)Lennart Poettering
We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.
2012-02-11logind: introduce CanReboot/CanPowerOff bus callsLennart Poettering
2012-02-10logind: make seat device management accessible to normal users/via polkitLennart Poettering
2012-02-10logind: Allow PowerOff/Reboot in default contextBenjamin Franzke
2012-02-07logind: introduce ActivateSessionOnSeat()Lennart Poettering
2012-02-01logind: add GetSessionByPID() bus callLennart Poettering
2011-12-31logind: move more files into subdirectoryLennart Poettering