From e8c0de91271331ddbae872de63d0a267d4f71e12 Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Fri, 18 Nov 2016 16:17:01 +0100 Subject: hostnamed: allow networkd to set the transient hostname systemd-networkd runs as user "systemd-network" and thus is not privileged to set the transient hostname: systemd-networkd[516]: ens3: Could not set hostname: Interactive authentication required. Standard polkit *.policy files do not have a syntax for granting privileges to a user, so ship a pklocalauthority (for polkit < 106) and a JavaScript rules file (for polkit >= 106) that grants the "systemd-network" system user that privilege. Add DnsmasqClientTest.test_transient_hostname() test to networkd-test.py to cover this. Make do_test() a bit more flexible by interpreting "coldplug==None" as "test sets up the interface by itself". Change DnsmasqClientTest to set up test_eth42 with a fixed MAC address so that we can configure dnsmasq to send a special host name for that. Fixes #4646 --- src/hostname/systemd-networkd-hostname.pkla | 4 ++++ src/hostname/systemd-networkd-hostname.rules | 5 +++++ 2 files changed, 9 insertions(+) create mode 100644 src/hostname/systemd-networkd-hostname.pkla create mode 100644 src/hostname/systemd-networkd-hostname.rules (limited to 'src') diff --git a/src/hostname/systemd-networkd-hostname.pkla b/src/hostname/systemd-networkd-hostname.pkla new file mode 100644 index 0000000000..345ce617c6 --- /dev/null +++ b/src/hostname/systemd-networkd-hostname.pkla @@ -0,0 +1,4 @@ +[Allow systemd-networkd to set transient hostname] +Identity=unix-user:systemd-network +Action=org.freedesktop.hostname1.set-hostname +ResultAny=yes diff --git a/src/hostname/systemd-networkd-hostname.rules b/src/hostname/systemd-networkd-hostname.rules new file mode 100644 index 0000000000..b7b780da9e --- /dev/null +++ b/src/hostname/systemd-networkd-hostname.rules @@ -0,0 +1,5 @@ +polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.hostname1.set-hostname" && subject.user == "systemd-network") { + return polkit.Result.YES; + } +}); -- cgit v1.2.3-54-g00ecf