a1104deef02699082f6b61008edd6ecf3033ed25 |
|
25-Aug-2015 |
Lennart Poettering <lennart@poettering.net> |
machine: policykit string fixes |
4289c3a725062e2750da0baaf67fc53ba90e4739 |
|
24-Aug-2015 |
Lennart Poettering <lennart@poettering.net> |
machined: beef up PolicyKit actions
Introduce separate actions for creating login or shell sessions for
the local host or a local container. By default allow local unprivileged
clients to create new login sessions (which is safe, since getty will
ask for username and authentication).
Also, imply login privs from shell privs, as well as shell and login
privs from manage privs. |
fbe550738d03b178bb004a1390e74115e904118a |
|
24-Aug-2015 |
Lennart Poettering <lennart@poettering.net> |
machined: introduce pseudo-machine ".host" refererring to the host system
Some of the operations machined/machinectl implement are also very
useful when applied to the host system (such as machinectl login,
machinectl shell or machinectl status), hence introduce a pseudo-machine
by the name of ".host" in machined that refers to the host system, and
may be used top execute operations on the host system with.
This copies the pseudo-image ".host" machined already implements for
image related commands.
(This commit also adds a PK privilege for opening a PTY in a container,
which was previously not accessible for non-root.) |
49af9e1368571f4e423cde0fd45ee284451434d1 |
|
24-Aug-2015 |
Lennart Poettering <lennart@poettering.net> |
machined: add new OpenShell() bus call
This new bus call opens an interactive shell in a container. It works
like the existing OpenLogin() call, but does not involve getty, and
instead opens an arbitrary command line.
This is similar to "systemd-run -t -M" but is controlled by a specific
PolicyKit privilege. |
70244d1d25eb80b57e160ea004d0e6bf793d4caf |
|
18-Feb-2015 |
Lennart Poettering <lennart@poettering.net> |
machined: open up most of machined's commands to unprivileged clients via PolicyKit |
2e219e5672689dad60e110f0b3366765506c4c58 |
|
01-Jan-2015 |
Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> |
Remove "to allow" from policy messages
It carries no additional information and forces a passive sentence
structure which is longer and harder to parse. |
a4a57bb6ce442a0c8317459b30bdc89dad207a5b |
|
01-Jan-2015 |
Piotr DrÄ…g <piotrdrag@gmail.com> |
machined: fix grammar in org.freedesktop.machine1.policy.in
[zj: change "in into" to "into".]
https://bugs.freedesktop.org/show_bug.cgi?id=87722 |
d04c1fb8e215600b4950c6778c6c16ddafc14024 |
|
23-Dec-2014 |
Lennart Poettering <lennart@poettering.net> |
machined: introduce polkit for OpenLogin() call
This way "machinectl login" can be opened up to run without privileges. |