Commit graph

15 commits

Author SHA1 Message Date
Jan Janssen 5bdf22430e logind,systemctl: add reboot to EFI firmware support 2015-04-07 18:51:45 +02:00
Jasper St. Pierre 9c413373d2 login: Allow calling org.freedesktop.login1.Seat.SwitchTo 2014-02-25 13:14:55 +01:00
Lennart Poettering adacb9575a bus: introduce "trusted" bus concept and encode access control in object vtables
Introduces a new concept of "trusted" vs. "untrusted" busses. For the
latter libsystemd-bus will automatically do per-method access control,
for the former all access is automatically granted. Per-method access
control is encoded in the vtables: by default all methods are only
accessible to privileged clients. If the SD_BUS_VTABLE_UNPRIVILEGED flag
is set for a method it is accessible to unprivileged clients too. By
default whether a client is privileged is determined via checking for
its CAP_SYS_ADMIN capability, but this can be altered via the
SD_BUS_VTABLE_CAPABILITY() macro that can be ORed into the flags field
of the method.

Writable properties are also subject to SD_BUS_VTABLE_UNPRIVILEGED and
SD_BUS_VTABLE_CAPABILITY() for controlling write access to them. Note
however that read access is unrestricted, as PropertiesChanged messages
might send out the values anyway as an unrestricted broadcast.

By default the system bus is set to "untrusted" and the user bus is
"trusted" since per-method access control on the latter is unnecessary.

On dbus1 busses we check the UID of the caller rather than the
configured capability since the capability cannot be determined without
race. On kdbus the capability is checked if possible from the attached
meta-data of a message and otherwise queried from the sending peer.

This also decorates the vtables of the various daemons we ship with
these flags.
2013-12-10 16:52:49 +00:00
David Herrmann d7d1c8f983 logind: allow unprivileged session-device access
The session-device/control API was introduced for unprivileged device
access from within a session. Add the required dbus policy to the default
logind policies.

Note: logind validates that only root and the user of a session can
use the API. Furthermore, only a single API user gets access at a time.
2013-10-15 21:13:39 +02:00
Lennart Poettering 5caef0fc19 logind: make ListMachines bus call public 2013-06-20 04:00:28 +02:00
Mantas Mikulėnas b6262e80b9 logind: allow HybridSleep methods in default DBus context 2012-12-18 17:45:20 +01:00
Lennart Poettering d889a2069a logind: implement suspend/hibernate calls with inhibition logic 2012-05-08 19:02:25 +02:00
Lennart Poettering f8e2fb7b14 logind: add shutdown/suspend/idle inhibition framework 2012-04-16 18:59:08 +02:00
Lennart Poettering 5430f7f2bc relicense to LGPLv2.1 (with exceptions)
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.

Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.

The bits that used to be MIT continue to be MIT.

The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
2012-04-12 00:24:39 +02:00
Lennart Poettering 89f134406a logind: introduce CanReboot/CanPowerOff bus calls 2012-02-11 00:13:10 +01:00
Lennart Poettering 1b73da108b logind: make seat device management accessible to normal users/via polkit 2012-02-10 02:35:48 +01:00
Benjamin Franzke 80df5f4c3b logind: Allow PowerOff/Reboot in default context 2012-02-10 02:33:41 +01:00
Lennart Poettering 84c3361e12 logind: introduce ActivateSessionOnSeat() 2012-02-07 20:12:13 +01:00
Lennart Poettering c4aa65e714 logind: add GetSessionByPID() bus call 2012-02-01 19:04:54 +01:00
Lennart Poettering 4deba28559 logind: move more files into subdirectory 2011-12-31 03:24:31 +01:00
Renamed from src/org.freedesktop.login1.conf (Browse further)