Commit f6024358 authored by Martin Pitt's avatar Martin Pitt Committed by Michael Biebl

systemctl, loginctl, etc.: Don't start polkit agent when running as root

Patch cherry-picked from upstream master.

LP: #1565617
Closes: #774153
parent 4b937b71
From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Tue, 5 Apr 2016 10:30:45 +0200
Subject: polkit: don't start polkit agent when running as root
On the server side we already bypass the polkit checks if the caller is root
(see the sd_bus_query_sender_privilege() call in bus_verify_polkit_async()). So
there is no reason to invoke polkit when running
systemctl/machinectl/loginctl/timedatectl as root.
Fixes #2748
(cherry picked from commit 89d034822075dfa8d18af8182019028cc428a1b5)
---
src/shared/spawn-polkit-agent.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/shared/spawn-polkit-agent.c b/src/shared/spawn-polkit-agent.c
index fccf1e9..829b275 100644
--- a/src/shared/spawn-polkit-agent.c
+++ b/src/shared/spawn-polkit-agent.c
@@ -44,6 +44,10 @@ int polkit_agent_open(void) {
if (agent_pid > 0)
return 0;
+ /* Clients that run as root don't need to activate/query polkit */
+ if (geteuid() == 0)
+ return 0;
+
/* We check STDIN here, not STDOUT, since this is about input,
* not output */
if (!isatty(STDIN_FILENO))
......@@ -166,6 +166,7 @@ console-getty.service-don-t-start-when-dev-console-is-mis.patch
units-explicitly-order-systemd-user-sessions.service-afte.patch
units-order-systemd-user-sessions.service-after-network.t.patch
pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
polkit-don-t-start-polkit-agent-when-running-as-root.patch
## Debian specific patches:
Add-back-support-for-Debian-specific-config-files.patch
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment