From 7215aad64abd8177122ce3d47a3f4cbbc3855b44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 7 Jul 2018 18:38:06 +0200 Subject: [PATCH 1/7] sd-bus(3): synchronize the list with reality MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use to keep each reference on a separate line. With all the pages jumbled together into a paragraph, it is quite hard to find anything in that list. Also add the missing pages to the list. And remove the nonexistent ones — not much point in advertisting pages that haven't been written yet. --- man/sd-bus.xml | 60 +++++++++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/man/sd-bus.xml b/man/sd-bus.xml index 18d6333512..d6d5ab9818 100644 --- a/man/sd-bus.xml +++ b/man/sd-bus.xml @@ -43,34 +43,38 @@ See - sd-bus-errors3, - sd_bus_creds_get_pid3, - sd_bus_creds_new_from_pid3, - sd_bus_default3, - sd_bus_error3, - sd_bus_error_add_map3, - sd_bus_get_name_creds3, - sd_bus_get_owner_creds3, - sd_bus_message_append3, - sd_bus_message_append_array3, - sd_bus_message_append_basic3, - sd_bus_message_append_string_memfd3, - sd_bus_message_append_strv3, - sd_bus_message_can_send3, - sd_bus_message_get_cookie3, - sd_bus_message_get_monotonic_usec3, - sd_bus_negotiate_fds3, - sd_bus_new3, - sd_bus_path_encode3, - sd_bus_request_name3, - sd_bus_send3, - sd_bus_set_address3, - sd_bus_set_allow_interactive_authorization3 - sd_bus_set_description3, - sd_bus_set_prepare3, - sd_bus_start3, - sd_bus_track_add_name3, - sd_bus_track_new3, + sd_bus_add_match3, +sd_bus_creds_get_pid3, +sd_bus_creds_new_from_pid3, +sd_bus_default3, +sd-bus-errors3, +sd_bus_error3, +sd_bus_error_add_map3, +sd_bus_get_fd3, +sd_bus_get_n_queued_read3, +sd_bus_message_append3, +sd_bus_message_append_array3, +sd_bus_message_append_basic3, +sd_bus_message_append_string_memfd3, +sd_bus_message_append_strv3, +sd_bus_message_get_cookie3, +sd_bus_message_get_monotonic_usec3, +sd_bus_message_read_basic3, +sd_bus_message_read3, +sd_bus_message_set_destination3, +sd_bus_negotiate_fds3, +sd_bus_new3, +sd_bus_path_encode3, +sd_bus_process3, +sd_bus_request_name3, +sd_bus_set_connected_signal3, +sd_bus_set_sender3, +sd_bus_set_watch_bind3 +sd_bus_set_slot_destroy_callback3, +sd_bus_set_slot_floating3, +sd_bus_track_add_name3, +sd_bus_track_new3 + for more information about the functions available. From e50f47188800dbe565b27633979b683976fcc39b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 8 Jul 2018 12:49:32 +0200 Subject: [PATCH 2/7] man: add sd_bus_message_new_error(3) --- man/rules/meson.build | 6 + man/sd-bus.xml | 1 + man/sd_bus_message_new_method_error.xml | 190 ++++++++++++++++++++++++ 3 files changed, 197 insertions(+) create mode 100644 man/sd_bus_message_new_method_error.xml diff --git a/man/rules/meson.build b/man/rules/meson.build index 7457669fa0..18b00ef629 100644 --- a/man/rules/meson.build +++ b/man/rules/meson.build @@ -209,6 +209,12 @@ manpages = [ '3', ['sd_bus_message_get_realtime_usec', 'sd_bus_message_get_seqnum'], ''], + ['sd_bus_message_new_method_error', + '3', + ['sd_bus_message_new_method_errno', + 'sd_bus_message_new_method_errnof', + 'sd_bus_message_new_method_errorf'], + ''], ['sd_bus_message_read', '3', ['sd_bus_message_readv'], ''], ['sd_bus_message_read_basic', '3', [], ''], ['sd_bus_message_set_destination', '3', ['sd_bus_message_set_sender'], ''], diff --git a/man/sd-bus.xml b/man/sd-bus.xml index d6d5ab9818..220103bc43 100644 --- a/man/sd-bus.xml +++ b/man/sd-bus.xml @@ -59,6 +59,7 @@ sd_bus_message_append_strv3, sd_bus_message_get_cookie3, sd_bus_message_get_monotonic_usec3, +sd_bus_message_new_method_error3, sd_bus_message_read_basic3, sd_bus_message_read3, sd_bus_message_set_destination3, diff --git a/man/sd_bus_message_new_method_error.xml b/man/sd_bus_message_new_method_error.xml new file mode 100644 index 0000000000..045c74f21a --- /dev/null +++ b/man/sd_bus_message_new_method_error.xml @@ -0,0 +1,190 @@ + + + + + + + + + sd_bus_message_new_method_error + systemd + + + + sd_bus_message_new_method_error + 3 + + + + sd_bus_message_new_method_error + sd_bus_message_new_method_errorf + sd_bus_message_new_method_errno + sd_bus_message_new_method_errnof + + Create a an error reply for a method call + + + + + #include <systemd/sd-bus.h> + + + int sd_bus_message_new_method_error + sd_bus_message *call + sd_bus_message **m + const sd_bus_error *e + + + + int sd_bus_message_new_method_errorf + sd_bus_message *call + sd_bus_message **m + const char *name + const char *format + + + + + int sd_bus_message_new_method_errno + sd_bus_message *call + sd_bus_message **m + int error + const sd_bus_error *p + + + + int sd_bus_message_new_method_errnof + sd_bus_message *call + sd_bus_message **m + int error + const char *format + + + + + + + Description + + The sd_bus_message_new_method_error() function creates + a new bus message object that is an error reply to the + call message, and returns it in the + m output parameter. The error information from error + e is appended: the name field of + e is used as the error identifier in the reply header (for + example an error name such as + org.freedesktop.DBus.Error.NotSupported or the equivalent + symbolic SD_BUS_ERROR_NOT_SUPPORTED), and the + message field is set as the human readable error message + string if present. The error e must have the + name field set, see + sd_bus_error_is_set3. + + + The sd_bus_message_new_method_errorf() function + creates an error reply similarly to + sd_bus_message_new_method_error(), but instead of a ready + error structure, it takes an error identifier string name, + plus a printf3 + format string format and corresponding arguments. An error + reply is sent with the error identifier name and the + formatted string as the message. name and + format must not be NULL. + + + The sd_bus_message_new_method_errno() function creates + an error reply similarly to + sd_bus_message_new_method_error(), but in addition to the + error structure p, it takes an + errno3 + error value in parameter error. If the error + p is set (see + sd_bus_error_is_set3), + it is used in the reply. Otherwise, error is translated to + an error identifier and used to create a new error structure using + sd_bus_error_set_errno3 + and that is used in the reply. (If error is zero, no error + is actually set, and an error reply with no information is created.) + + The sd_bus_message_new_method_errnof() function + creates an error reply similarly to + sd_bus_message_new_method_error(). It takes an + errno3 + error value in parameter error, plus a printf3 + format string format and corresponding arguments. + %m may be used in the format string to refer to the error + string corresponding to the specified errno code. The error message is initalized + using the error identifier generated from error and the + formatted string. (If error is zero, no error is actually + set, and an error reply with no information is created.) + + + + Return Value + + These functions return 0 if the error reply was successfully created, and a + negative errno-style error code otherwise. + + + + Errors + + Returned errors may indicate the following problems: + + + + -EINVAL + + The call message call or the output + parameter m are NULL. + + Message call is not a method call + message. + + The error error parameter to + sd_bus_message_new_method_error is not set, see + sd_bus_error_is_set3. + + + + + + -EPERM + + Message call has been sealed. + + + + + -ENOTCONN + + The bus to which message call is + attached is not connected. + + + + -ENOMEM + + Memory allocation failed. + + + + + + + + See Also + + + systemd1, + sd-bus3 + + + + From c5fd8c39954c4777f92a3b642c3a9d48f5b9baac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 8 Jul 2018 13:51:18 +0200 Subject: [PATCH 3/7] man: add sd_bus_message_copy(3) --- man/rules/meson.build | 1 + man/sd-bus.xml | 1 + man/sd_bus_message_copy.xml | 115 ++++++++++++++++++++++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 man/sd_bus_message_copy.xml diff --git a/man/rules/meson.build b/man/rules/meson.build index 18b00ef629..74f057c013 100644 --- a/man/rules/meson.build +++ b/man/rules/meson.build @@ -204,6 +204,7 @@ manpages = [ ['sd_bus_message_append_string_iovec', 'sd_bus_message_append_string_space'], ''], ['sd_bus_message_append_strv', '3', [], ''], + ['sd_bus_message_copy', '3', [], ''], ['sd_bus_message_get_cookie', '3', ['sd_bus_message_get_reply_cookie'], ''], ['sd_bus_message_get_monotonic_usec', '3', diff --git a/man/sd-bus.xml b/man/sd-bus.xml index 220103bc43..627c7195ed 100644 --- a/man/sd-bus.xml +++ b/man/sd-bus.xml @@ -57,6 +57,7 @@ sd_bus_message_append_basic3, sd_bus_message_append_string_memfd3, sd_bus_message_append_strv3, +sd_bus_message_copy3, sd_bus_message_get_cookie3, sd_bus_message_get_monotonic_usec3, sd_bus_message_new_method_error3, diff --git a/man/sd_bus_message_copy.xml b/man/sd_bus_message_copy.xml new file mode 100644 index 0000000000..ac2a4f32b9 --- /dev/null +++ b/man/sd_bus_message_copy.xml @@ -0,0 +1,115 @@ + + + + + + + + + sd_bus_message_copy + systemd + + + + sd_bus_message_copy + 3 + + + + sd_bus_message_copy + + Copy the contents of one message to another + + + + + #include <systemd/sd-bus.h> + + + int sd_bus_message_copy + sd_bus_message *m + sd_bus_message *source + int all + + + + + + Description + + sd_bus_message_copy() copies the contents from + message source to m. If + all is false, a single complete type is copied + (basic or container). If all is true, the contents + are copied until the end of the currently open container or the end + of source. + + + + Return Value + + On success, this call returns true if anything was copied, and false if + there was nothing to copy. On failure, it returns a negative errno-style error + code. + + + + Errors + + Returned errors may indicate the following problems: + + + + + -EINVAL + + source or m are + NULL. + + + + -EPERM + + Message m has been sealed or + source has not been sealed. + + + + + -ESTALE + + Destination message is in invalid state. + + + + + -ENXIO + + Destination message cannot be appended to. + + + + + -ENOMEM + + Memory allocation failed. + + + + + + + + See Also + + + systemd1, + sd-bus3, + sd_bus_message_append3 + + + + From 629941003e6ef9ef34da7d545e771871f750cba2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 8 Jul 2018 14:11:13 +0200 Subject: [PATCH 4/7] man: add sd_bus_reply_method_error(3) --- man/rules/meson.build | 6 ++ man/sd-bus.xml | 1 + man/sd_bus_reply_method_error.xml | 161 ++++++++++++++++++++++++++++++ 3 files changed, 168 insertions(+) create mode 100644 man/sd_bus_reply_method_error.xml diff --git a/man/rules/meson.build b/man/rules/meson.build index 74f057c013..5dadd5fc6c 100644 --- a/man/rules/meson.build +++ b/man/rules/meson.build @@ -229,6 +229,12 @@ manpages = [ ['sd_bus_path_decode', 'sd_bus_path_decode_many', 'sd_bus_path_encode_many'], ''], ['sd_bus_process', '3', [], ''], + ['sd_bus_reply_method_error', + '3', + ['sd_bus_reply_method_errno', + 'sd_bus_reply_method_errnof', + 'sd_bus_reply_method_errorf'], + ''], ['sd_bus_request_name', '3', ['sd_bus_release_name', diff --git a/man/sd-bus.xml b/man/sd-bus.xml index 627c7195ed..a84af2b878 100644 --- a/man/sd-bus.xml +++ b/man/sd-bus.xml @@ -68,6 +68,7 @@ sd_bus_new3, sd_bus_path_encode3, sd_bus_process3, +sd_bus_reply_method_error3, sd_bus_request_name3, sd_bus_set_connected_signal3, sd_bus_set_sender3, diff --git a/man/sd_bus_reply_method_error.xml b/man/sd_bus_reply_method_error.xml new file mode 100644 index 0000000000..bbb916dc32 --- /dev/null +++ b/man/sd_bus_reply_method_error.xml @@ -0,0 +1,161 @@ + + + + + + + + + sd_bus_reply_method_error + systemd + + + + sd_bus_reply_method_error + 3 + + + + sd_bus_reply_method_error + sd_bus_reply_method_errorf + sd_bus_reply_method_errno + sd_bus_reply_method_errnof + + Reply with an error to a method call + + + + + #include <systemd/sd-bus.h> + + + int sd_bus_reply_method_error + sd_bus_message *call + const sd_bus_error *e + + + + int sd_bus_reply_method_errorf + sd_bus_message *call + const char *name + const char *format + + + + + int sd_bus_reply_method_errno + sd_bus_message *call + int error + const sd_bus_error *p + + + + int sd_bus_reply_method_errnof + sd_bus_message *call + int error + const char *format + + + + + + + Description + + The sd_bus_reply_method_error() function sends an + error reply to the call message. The error structure + e specifies the error to send, and is used as described in + sd_bus_message_new_error3. + If no reply is expected to call, this function returns + success without sending reply. + + The sd_bus_reply_method_errorf() is to + sd_bus_reply_method_error() what + sd_bus_message_new_method_errorf() is to + sd_bus_message_new_method_error(). + + The sd_bus_reply_method_errno() is to + sd_bus_reply_method_error() what + sd_bus_message_new_method_errno() is to + sd_bus_message_new_method_error(). + + The sd_bus_reply_method_errnof() is to + sd_bus_reply_method_error() what + sd_bus_message_new_method_errnof() is to + sd_bus_message_new_method_error(). + + + + Return Value + + These functions return 0 if the error reply was successfully sent or if + none was expected, and a negative errno-style error code otherwise. + + + + Errors + + Returned errors may indicate the following problems: + + + + -EINVAL + + The call message call is + NULL. + + Message call is not a method call message. + + + Message call is not attached to a bus. + + The error error parameter to + sd_bus_reply_method_error is not set, see + sd_bus_error_is_set3. + + + + + + -EPERM + + Message call has been sealed. + + + + + -ENOTCONN + + The bus to which message call is + attached is not connected. + + + + -ENOMEM + + Memory allocation failed. + + + + In addition, any error message returned by + sd_bus_send1 + may be returned. + + + + + + See Also + + + systemd1, + sd-bus3, + sd_bus_message_new_method_error3 + + + + From 3c775de6c590679c3de37adb09c3e3e9c0de8028 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 8 Jul 2018 15:09:23 +0200 Subject: [PATCH 5/7] man: add sd_bus_set_description(3) --- man/rules/meson.build | 8 ++ man/sd-bus.xml | 1 + man/sd_bus_set_description.xml | 188 +++++++++++++++++++++++++++++++++ 3 files changed, 197 insertions(+) create mode 100644 man/sd_bus_set_description.xml diff --git a/man/rules/meson.build b/man/rules/meson.build index 5dadd5fc6c..9673ef8886 100644 --- a/man/rules/meson.build +++ b/man/rules/meson.build @@ -242,6 +242,14 @@ manpages = [ 'sd_bus_request_name_async'], ''], ['sd_bus_set_connected_signal', '3', ['sd_bus_get_connected_signal'], ''], + ['sd_bus_set_description', + '3', + ['sd_bus_get_allow_interactive_authorization', + 'sd_bus_get_description', + 'sd_bus_set_allow_interactive_authorization', + 'sd_bus_set_anonymous', + 'sd_bus_set_trusted'], + ''], ['sd_bus_set_sender', '3', ['sd_bus_get_sender'], ''], ['sd_bus_set_watch_bind', '3', ['sd_bus_get_watch_bind'], ''], ['sd_bus_slot_set_destroy_callback', diff --git a/man/sd-bus.xml b/man/sd-bus.xml index a84af2b878..8c7b60743c 100644 --- a/man/sd-bus.xml +++ b/man/sd-bus.xml @@ -71,6 +71,7 @@ sd_bus_reply_method_error3, sd_bus_request_name3, sd_bus_set_connected_signal3, +sd_bus_set_description3, sd_bus_set_sender3, sd_bus_set_watch_bind3 sd_bus_set_slot_destroy_callback3, diff --git a/man/sd_bus_set_description.xml b/man/sd_bus_set_description.xml new file mode 100644 index 0000000000..af02c20dd8 --- /dev/null +++ b/man/sd_bus_set_description.xml @@ -0,0 +1,188 @@ + + + + + + + + + sd_bus_set_description + systemd + + + + sd_bus_set_description + 3 + + + + sd_bus_set_description + sd_bus_get_description + sd_bus_set_anonymous + sd_bus_set_trusted + sd_bus_set_allow_interactive_authorization + sd_bus_get_allow_interactive_authorization + + Set or query properties of a bus object + + + + + #include <systemd/sd-bus.h> + + + int sd_bus_set_description + sd_bus *bus + const char *description + + + + int sd_bus_get_description + sd_bus *bus + const char **description + + + + int sd_bus_set_anonymous + sd_bus *bus + int b + + + + int sd_bus_set_trusted + sd_bus *bus + int b + + + + int sd_bus_set_allow_interactive_authorization + sd_bus *bus + int b + + + + int sd_bus_get_allow_interactive_authorization + sd_bus *bus + + + + + + Description + + sd_bus_set_description() sets the description string + that is used in logging to the specified string. The string is copied internally + and freed when the bus object is deallocated. The + description argument may be NULL, in + which case the description is unset. This function must be called before the bus + has been started. + + sd_bus_get_description() returns a description string + in description. This string may have been previously set + with sd_bus_set_description() or + sd_bus_open_with_description3 + or similar. If not set this way, a default string like system + or user will be returned for the system or user buses, + and NULL otherwise. + + sd_bus_set_anonymous() enables or disables "anonymous + authentication", i.e. lack of authentication, of the bus peer. This function must + be called before the bus has been started. See the Authentication + Mechanisms section of the D-Bus specification for details. + + sd_bus_set_trusted() sets the "trusted" state on the + bus object. If true, all connections on the bus are + trusted and access to all privileged and unprivileged methods is granted. This + function must be called before the bus has been started. + + sd_bus_set_allow_interactive_authorization() + enables or disables interactive authorization for method calls. If true, + messages are marked with the + ALLOW_INTERACTIVE_AUTHORIZATION flag specified by the + D-Bus + specification, informing the receiving side that the caller is prepared to + wait for interactive authorization, which might take a considerable time to + complete. If this flag is set, the user may be queried for passwords or + confirmation via polkit or a + similar framework. + + sd_bus_get_allow_interactive_authorization() returns + true if interactive authorization is allowed and false if not. + + + + Return Value + + On success, these functions return 0 or a positive integer. On failure, + they return a negative errno-style error code. + + + + Errors + + Returned errors may indicate the following problems: + + + + -EINVAL + + An argument is invalid. + + + + + + -ENOPKG + + The bus cannot be resolved. + + + + + + -EPERM + + The bus has already been started. + + + + + + -ECHILD + + The bus was created in a different process. + + + + + + -ENOMEM + + Memory allocation failed. + + + + + + + + + See Also + + + systemd1, + sd-bus3, + sd_bus_default_user3, + sd_bus_default_system3, + sd_bus_open_user3, + sd_bus_open_system3 + + + + From b75077875194a4a9cf2f8e1fe869be673e40d8fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 8 Jul 2018 15:14:46 +0200 Subject: [PATCH 6/7] meson: allow systemd.directives and .index to be built if -Dman=false See 559d215b6733bb46533a52080522a7feca183aa8 for justification. --- man/meson.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/meson.build b/man/meson.build index ec05d73bc6..fe19268bcd 100644 --- a/man/meson.build +++ b/man/meson.build @@ -117,8 +117,8 @@ systemd_index_xml = custom_target( output : 'systemd.index.xml', command : [make_man_index_py, '@OUTPUT@'] + nonindex_xml_files) -foreach tuple : want_man or want_html ? [['systemd.directives', '7', systemd_directives_xml], - ['systemd.index', '7', systemd_index_xml]] : [] +foreach tuple : xsltproc.found() ? [['systemd.directives', '7', systemd_directives_xml], + ['systemd.index', '7', systemd_index_xml]] : [] stem = tuple[0] section = tuple[1] xml = tuple[2] From d35f51ea848ca76bd3747db69e8c5dd864e82bc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 16 Jul 2018 12:44:24 +0200 Subject: [PATCH 7/7] tree-wide: use "polkit" to refer to PolicyKit/polkit Back in 2012 the project was renamed, see the release notes for v 0.105 [https://cgit.freedesktop.org/polkit/tree/NEWS#n754]. Let's update our documentation and comments to do the same. Referring to PolicyKit is confusing to users because at the time the polkit api changed too, and we support the new version. I updated NEWS too, since all the references to PolicyKit there were added after the rename. "PolicyKit" is unchanged in various URLs and method call names. --- NEWS | 76 ++++++++++++++++------------------ README | 2 +- man/systemd-logind.service.xml | 6 ++- meson_options.txt | 2 +- src/core/dbus-job.c | 2 +- src/systemctl/systemctl.c | 4 +- 6 files changed, 45 insertions(+), 47 deletions(-) diff --git a/NEWS b/NEWS index fb00f4ba63..537c4b6131 100644 --- a/NEWS +++ b/NEWS @@ -3327,11 +3327,10 @@ CHANGES WITH 226: correct dequeuing of real-time signals, without losing signal events. - * When systemd requests a PolicyKit decision when managing - units it will now add additional fields to the request, - including unit name and desired operation. This enables more - powerful PolicyKit policies, that make decisions depending - on these parameters. + * When systemd requests a polkit decision when managing units it + will now add additional fields to the request, including unit + name and desired operation. This enables more powerful polkit + policies, that make decisions depending on these parameters. * nspawn learnt support for .nspawn settings files, that may accompany the image files or directories of containers, and @@ -3366,13 +3365,12 @@ CHANGES WITH 225: options and allows other programs to query the values. * SELinux access control when enabling/disabling units is no - longer enforced with this release. The previous - implementation was incorrect, and a new corrected - implementation is not yet available. As unit file operations - are still protected via PolicyKit and D-Bus policy this is - not a security problem. Yet, distributions which care about - optimal SELinux support should probably not stabilize on - this release. + longer enforced with this release. The previous implementation + was incorrect, and a new corrected implementation is not yet + available. As unit file operations are still protected via + polkit and D-Bus policy this is not a security problem. Yet, + distributions which care about optimal SELinux support should + probably not stabilize on this release. * sd-bus gained support for matches of type "arg0has=", that test for membership of strings in string arrays sent in bus @@ -3744,11 +3742,10 @@ CHANGES WITH 220: * systemd-importd gained support for verifying downloaded images with gpg2 (previously only gpg1 was supported). - * systemd-machined, systemd-logind, systemd: most bus calls - are now accessible to unprivileged processes via - PolicyKit. Also, systemd-logind will now allow users to kill - their own sessions without further privileges or - authorization. + * systemd-machined, systemd-logind, systemd: most bus calls are + now accessible to unprivileged processes via polkit. Also, + systemd-logind will now allow users to kill their own sessions + without further privileges or authorization. * systemd-shutdownd has been removed. This service was previously responsible for implementing scheduled shutdowns @@ -4530,11 +4527,11 @@ CHANGES WITH 217: directly from now on, again. * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus - message flag has been added for all of systemd's PolicyKit - authenticated method calls has been added. In particular - this now allows optional interactive authorization via - PolicyKit for many of PID1's privileged operations such as - unit file enabling and disabling. + message flag has been added for all of systemd's polkit + authenticated method calls has been added. In particular this + now allows optional interactive authorization via polkit for + many of PID1's privileged operations such as unit file + enabling and disabling. * "udevadm hwdb --update" learnt a new switch "--usr" for placing the rebuilt hardware database in /usr instead of @@ -4613,11 +4610,11 @@ CHANGES WITH 216: well as the user/group databases, which should enhance compatibility with certain tools like grpck. - * A number of bus APIs of PID 1 now optionally consult - PolicyKit to permit access for otherwise unprivileged - clients under certain conditions. Note that this currently - doesn't support interactive authentication yet, but this is - expected to be added eventually, too. + * A number of bus APIs of PID 1 now optionally consult polkit to + permit access for otherwise unprivileged clients under certain + conditions. Note that this currently doesn't support + interactive authentication yet, but this is expected to be + added eventually, too. * /etc/machine-info now has new fields for configuring the deployment environment of the machine, as well as the @@ -7090,8 +7087,8 @@ CHANGES WITH 198: the rest of the package. It also has been updated to work correctly in initrds. - * Policykit previously has been runtime optional, and is now - also compile time optional via a configure switch. + * polkit previously has been runtime optional, and is now also + compile time optional via a configure switch. * systemd-analyze has been reimplemented in C. Also "systemctl dot" has moved into systemd-analyze. @@ -7259,9 +7256,9 @@ CHANGES WITH 197: user/vendor or is automatically determined from ACPI and DMI information if possible. - * A number of PolicyKit actions are now bound together with - "imply" rules. This should simplify creating UIs because - many actions will now authenticate similar ones as well. + * A number of polkit actions are now bound together with "imply" + rules. This should simplify creating UIs because many actions + will now authenticate similar ones as well. * Unit files learnt a new condition ConditionACPower= which may be used to conditionalize a unit depending on whether an @@ -7400,14 +7397,13 @@ CHANGES WITH 196: to maintain the necessary patches downstream, or find a different solution. (Talk to us if you have questions!) - * Various systemd components will now bypass PolicyKit checks - for root and otherwise handle properly if PolicyKit is not - found to be around. This should fix most issues for - PolicyKit-less systems. Quite frankly this should have been - this way since day one. It is absolutely our intention to - make systemd work fine on PolicyKit-less systems, and we - consider it a bug if something does not work as it should if - PolicyKit is not around. + * Various systemd components will now bypass polkit checks for + root and otherwise handle properly if polkit is not found to + be around. This should fix most issues for polkit-less + systems. Quite frankly this should have been this way since + day one. It is absolutely our intention to make systemd work + fine on polkit-less systems, and we consider it a bug if + something does not work as it should if polkit is not around. * For embedded systems it is now possible to build udev and systemd without blkid and/or kmod support. diff --git a/README b/README index 7d06e04800..61a1fd45bf 100644 --- a/README +++ b/README @@ -173,7 +173,7 @@ REQUIREMENTS: NOTE: If using dbus < 1.9.18, you should override the default policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d). dracut (optional) - PolicyKit (optional) + polkit (optional) To build in directory build/: meson build/ && ninja -C build diff --git a/man/systemd-logind.service.xml b/man/systemd-logind.service.xml index 33ed8f522e..1c29b33776 100644 --- a/man/systemd-logind.service.xml +++ b/man/systemd-logind.service.xml @@ -45,8 +45,10 @@ a session, then this ID is reused as the session ID. Otherwise, an independent session counter is used. - Providing PolicyKit-based access for users for - operations such as system shutdown or sleep + Providing polkit-based + access for users for operations such as system shutdown or sleep + Implementing a shutdown/sleep inhibition logic for applications diff --git a/meson_options.txt b/meson_options.txt index a79fcbcf37..0b531d96ca 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -220,7 +220,7 @@ option('smack', type : 'boolean', option('smack-run-label', type : 'string', description : 'run systemd --system itself with a specific SMACK label') option('polkit', type : 'combo', choices : ['auto', 'true', 'false'], - description : 'PolicyKit support') + description : 'polkit support') option('ima', type : 'boolean', description : 'IMA support') diff --git a/src/core/dbus-job.c b/src/core/dbus-job.c index 5551c56d0e..20d890b36c 100644 --- a/src/core/dbus-job.c +++ b/src/core/dbus-job.c @@ -50,7 +50,7 @@ int bus_job_method_cancel(sd_bus_message *message, void *userdata, sd_bus_error /* Access is granted to the job owner */ if (!sd_bus_track_contains(j->bus_track, sd_bus_message_get_sender(message))) { - /* And for everybody else consult PolicyKit */ + /* And for everybody else consult polkit */ r = bus_verify_manage_units_async(j->unit->manager, message, error); if (r < 0) return r; diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c index 9c6156237a..68d6f8ac25 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c @@ -3178,7 +3178,7 @@ static int logind_set_wall_message(void) { #endif /* Ask systemd-logind, which might grant access to unprivileged users - * through PolicyKit */ + * through polkit */ static int logind_reboot(enum action a) { #if ENABLE_LOGIND _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; @@ -8414,7 +8414,7 @@ static int halt_main(void) { } /* Try logind if we are a normal user and no special - * mode applies. Maybe PolicyKit allows us to shutdown + * mode applies. Maybe polkit allows us to shutdown * the machine. */ if (IN_SET(arg_action, ACTION_POWEROFF, ACTION_REBOOT, ACTION_HALT)) { r = logind_reboot(arg_action);