morgan/systemd - systemd - Gitea

morgan/systemd

mirror of https://github.com/morgan9e/systemd synced 2026-04-15 00:47:10 +09:00

Go to file

Nick Rosbrook 4b1e7a5822 login: handle -EALREADY from bus_verify_polkit_async_full()

Commit 536c18e5c3 ("bus-polkit: shortcut auth. after first denial")
added logic to async_polkit_query_check_action() that returns
-EALREADY when a failure or denial decision was made for a previous
action.

This has the consequence that root is able to ignore inhibitors and
shutdown etc. even when polkit explicitly denies it. This is because
when systemctl's verb_start_special() calls logind_reboot(), unless
the call succeeds or returns one of -EACCES, -EOPNOTSUPP, or
-EINPROGRESS, a fallback path is taken to attempt the action without
going through logind. Hence, since logind_reboot() started returning
-EALREADY in some cases, the fallback path was taken, and the shutdown
was performed anyways.

For example:

 root@ubuntu:/# cat /etc/polkit-1/rules.d/10-systemd-logind-no-skip-inhibitors.rules
 // Never allow strong inhibitors to be ignored.
 polkit.addRule(function(action, subject) {
     if ((action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
          action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
          action.id == "org.freedesktop.login1.halt-ignore-inhibit" ||
          action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
          action.id == "org.freedesktop.login1.hibernate-ignore-inhibit")) {

         return polkit.Result.NO;
     }
 });
 root@ubuntu:/# systemctl reboot -i
 Call to Reboot failed: Operation already in progress

..but the reboot continues anyways due to the fallback.

To fix this, add logic in systemd-logind's verify_shutdown_creds() to
handle -EALREADY from bus_verify_polkit_async_full(): if we receive
-EALREADY when checking authorization for <action>-multiple-sessions,
and we are blocked on inhibitors, continue on to get the decision for
<action>-ignore-inhibit directly.

While here, add similar logic to method_inhibit(), which may need to
verify multiple polkit actions in a single call.

Fixes 536c18e5c3

2025-03-25 16:15:34 -04:00

.clusterfuzzlite

…

mkosi: Bump to Fedora 42

2025-03-18 20:35:59 +01:00

obs: trigger systemd-suse instead of systemd-fedora

2025-02-18 23:10:00 +00:00

semaphore-runner: disable cgroup setup in lxc

2025-03-16 15:30:38 +01:00

tpm2-clear: optionally reset TPM during a factory reset

2025-03-05 12:37:51 +01:00

coccinelle: add .gitignore for cache files

2025-01-19 08:27:47 +09:00

condition: introduce ConditionVersion=/AssertVersion=

2025-03-18 18:36:59 +09:00

pam_systemd_home: tweak order in authentication stack

2025-02-26 18:12:08 +01:00

hwdb: fix backspace not working on HP Pavilion laptop (#36777 )

2025-03-18 09:25:51 +09:00

boot: Add HWID calculation from SMBIOS strings and matching against a built-in list

2024-11-05 22:29:58 +03:00

man/systed.swap: update description of implicit deps

2025-03-25 10:40:12 +01:00

mime: add mimetype for luks home dir

2025-03-07 17:27:20 +01:00

mkosi: Disable BuildSourcesEphemeral=

2025-03-07 15:28:53 +01:00

mkosi: Make sure the /coverage directory exists

2024-12-05 22:03:07 +01:00

mkosi.credentials

mkosi: Create testuser at runtime

2025-03-18 22:46:10 +01:00

mkosi: Create testuser at runtime

2025-03-18 22:46:10 +01:00

mkosi.extra.common

mkosi: Make sure systemd-userdbd.socket is enabled

2025-03-18 22:46:10 +01:00

mkosi: update fedora commit reference

2025-03-25 15:09:11 +00:00

mkosi: switch rootfs to ext4

2025-01-22 22:50:52 +00:00

mkosi.sanitizers

mkosi: Add unix_chkpwd to sanitizer wrapped binaries

2025-03-18 22:46:10 +01:00

mkosi.uki-profiles

Rework TEST-86-MULTI-PROFILE-UKI

2024-10-21 17:24:14 +02:00

modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0

2024-01-12 23:24:54 +00:00

network: also manage namespace tap links

2025-03-17 16:03:18 +01:00

po: Translated using Weblate (Spanish)

2025-03-21 13:41:56 +00:00

tpm2-clear: optionally reset TPM during a factory reset

2025-03-05 12:37:51 +01:00

meson: use install_symlink() where applicable

2025-03-10 02:41:40 +09:00

rules: tag /dev/tpm0 with "systemd" too

2025-03-07 16:09:32 +01:00

shell-completion

shell-completion: add factory_reset udev builtin command

2025-03-17 12:42:28 +09:00

login: handle -EALREADY from bus_verify_polkit_async_full()

2025-03-25 16:15:34 -04:00

sysctl.d: Fix pid_max comment

2023-10-31 13:07:49 +01:00

udev: set clock group for PTP and RTC devices

2025-01-16 21:12:47 +01:00

test: Disable pager in integration test units

2025-03-25 12:35:23 +01:00

profile: generate shell + command OSC events

2025-02-27 15:13:15 +01:00

tools/check-version-history: avoid DeprecationWarning with newer lxml

2025-03-25 17:16:16 +01:00

userdb: Add userdb.user.* and userdb.group.* credentials (#36740 )

2025-03-19 10:30:52 +01:00

…

.clang-format

Improve the formatting by adding AlignArrayOfStructures and setting it to Right(right justify)

2024-03-06 15:24:23 +01:00

.ctags

…

.dir-locals.el

…

.editorconfig

editorconfig: add NEWS whitespace configuration

2023-10-26 22:41:03 +01:00

.gitattributes

Mark all base64 files as generated

2023-08-16 12:49:45 +02:00

.gitignore

gitignore: add .mkosi-private/ to the list again

2025-03-25 17:37:48 +01:00

.mailmap

mailmap: fix entries for Tobias Klauser

2024-12-11 13:55:07 +00:00

.packit.yml

mkosi: update fedora commit reference

2025-03-25 15:09:11 +00:00

.pylintrc

…

.vimrc

vimrc: explicitly set shiftwidth for the C file type

2023-09-18 13:11:45 +02:00

.ycm_extra_conf.py

…

LICENSE.GPL2

…

LICENSE.LGPL2.1

…

meson_options.txt

meson: drop split-usr, rootlibdir, and rootprefix from meson_options.txt

2025-03-12 15:21:57 +01:00

meson.build

meson: make pointer-sign warning critical

2025-03-16 10:16:08 +09:00

meson.version

meson: update version to 258~devel

2024-12-10 19:30:06 +00:00

mkosi.clangd

mkosi: Switch to --rerun-build-scripts in mkosi.clangd

2025-03-07 16:09:03 +01:00

mkosi.clean

mkosi: Add missing SPDX line

2024-09-22 15:23:08 +02:00

mkosi.conf

mkosi: Enable History= option

2025-02-25 10:59:50 +01:00

mkosi.functions

mkosi: Move copying packages to the output directory to the postinst script

2024-10-29 11:28:47 +01:00

mkosi.postinst.chroot

mkosi: Create testuser at runtime

2025-03-18 22:46:10 +01:00

mypy.ini

Move mypy.ini and ruff.toml to top level

2024-11-24 16:47:20 +01:00

NEWS

meson: drop split-usr, rootlibdir, and rootprefix from meson_options.txt

2025-03-12 15:21:57 +01:00

README

mount-setup: generalize cgroupfs_recursiveprot_supported()

2025-03-16 15:22:13 +01:00

README.md

README: fix broken link in OBS badge

2025-02-15 01:32:51 +00:00

ruff.toml

Move mypy.ini and ruff.toml to top level

2024-11-24 16:47:20 +01:00

TODO

Update TODO

2025-03-18 22:46:10 +01:00

README.md

System and Service Manager

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack

Repositories with distribution packages built from git main are available on OBS