History log of /systemd/src/machine/org.freedesktop.machine1.policy.in
Revision Date Author Comments Expand
a1104deef02699082f6b61008edd6ecf3033ed25 25-Aug-2015 Lennart Poettering <lennart@poettering.net>

machine: policykit string fixes

4289c3a725062e2750da0baaf67fc53ba90e4739 24-Aug-2015 Lennart Poettering <lennart@poettering.net>

machined: beef up PolicyKit actions Introduce separate actions for creating login or shell sessions for the local host or a local container. By default allow local unprivileged clients to create new login sessions (which is safe, since getty will ask for username and authentication). Also, imply login privs from shell privs, as well as shell and login privs from manage privs.

fbe550738d03b178bb004a1390e74115e904118a 24-Aug-2015 Lennart Poettering <lennart@poettering.net>

machined: introduce pseudo-machine ".host" refererring to the host system Some of the operations machined/machinectl implement are also very useful when applied to the host system (such as machinectl login, machinectl shell or machinectl status), hence introduce a pseudo-machine by the name of ".host" in machined that refers to the host system, and may be used top execute operations on the host system with. This copies the pseudo-image ".host" machined already implements for image related commands. (This commit also adds a PK privilege for opening a PTY in a container, which was previously not accessible for non-root.)

49af9e1368571f4e423cde0fd45ee284451434d1 24-Aug-2015 Lennart Poettering <lennart@poettering.net>

machined: add new OpenShell() bus call This new bus call opens an interactive shell in a container. It works like the existing OpenLogin() call, but does not involve getty, and instead opens an arbitrary command line. This is similar to "systemd-run -t -M" but is controlled by a specific PolicyKit privilege.

70244d1d25eb80b57e160ea004d0e6bf793d4caf 18-Feb-2015 Lennart Poettering <lennart@poettering.net>

machined: open up most of machined's commands to unprivileged clients via PolicyKit

2e219e5672689dad60e110f0b3366765506c4c58 01-Jan-2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Remove "to allow" from policy messages It carries no additional information and forces a passive sentence structure which is longer and harder to parse.

a4a57bb6ce442a0c8317459b30bdc89dad207a5b 01-Jan-2015 Piotr DrÄ…g <piotrdrag@gmail.com>

machined: fix grammar in org.freedesktop.machine1.policy.in [zj: change "in into" to "into".] https://bugs.freedesktop.org/show_bug.cgi?id=87722

d04c1fb8e215600b4950c6778c6c16ddafc14024 23-Dec-2014 Lennart Poettering <lennart@poettering.net>

machined: introduce polkit for OpenLogin() call This way "machinectl login" can be opened up to run without privileges.