diff options
| author | David Zeuthen <davidz@redhat.com> | 2012-05-25 12:40:42 -0400 |
|---|---|---|
| committer | David Zeuthen <davidz@redhat.com> | 2012-05-25 12:40:42 -0400 |
| commit | 8e0383cb9972f5b3b86e64f9b015f53671ce0323 (patch) | |
| tree | 4696f1d0071ed0abe27287a14907a42f7af9d147 /data | |
| parent | e5dafb816bcefdceb617e32fbfb527f865c8879c (diff) | |
| download | polkit-8e0383cb9972f5b3b86e64f9b015f53671ce0323.tar.gz | |
Run polkitd as an unprivileged user
There's really no reason to run all this code as uid 0.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Diffstat (limited to 'data')
| -rw-r--r-- | data/Makefile.am | 21 | ||||
| -rw-r--r-- | data/org.freedesktop.PolicyKit1.conf.in (renamed from data/org.freedesktop.PolicyKit1.conf) | 4 |
2 files changed, 20 insertions, 5 deletions
diff --git a/data/Makefile.am b/data/Makefile.am index 6623286..b2d0cde 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -4,6 +4,8 @@ NULL = libprivdir = $(prefix)/lib/polkit-1 +# ---------------------------------------------------------------------------------------------------- + servicedir = $(datadir)/dbus-1/system-services service_in_files = org.freedesktop.PolicyKit1.service.in service_DATA = $(service_in_files:.service.in=.service) @@ -11,17 +13,28 @@ service_DATA = $(service_in_files:.service.in=.service) $(service_DATA): $(service_in_files) Makefile @sed -e "s|\@libprivdir\@|$(libprivdir)|" $< > $@ +# ---------------------------------------------------------------------------------------------------- + dbusconfdir = $(sysconfdir)/dbus-1/system.d -dbusconf_DATA = org.freedesktop.PolicyKit1.conf +dbusconf_in_files = org.freedesktop.PolicyKit1.conf.in +dbusconf_DATA = $(dbusconf_in_files:.conf.in=.conf) + +$(dbusconf_DATA): $(dbusconf_in_files) Makefile + @sed -e "s|\@polkitd_user\@|$(POLKITD_USER)|" $< > $@ + +# ---------------------------------------------------------------------------------------------------- if POLKIT_AUTHFW_PAM pamdir = $(sysconfdir)/pam.d pam_DATA = polkit-1 endif +# ---------------------------------------------------------------------------------------------------- + pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +# ---------------------------------------------------------------------------------------------------- systemdservice_in_files = polkit.service.in @@ -32,16 +45,18 @@ $(systemdservice_DATA): $(systemdservice_in_files) Makefile @sed -e "s|\@libprivdir\@|$(libprivdir)|" $< > $@ endif +# ---------------------------------------------------------------------------------------------------- + CLEANFILES = $(BUILT_SOURCES) EXTRA_DIST = \ org.freedesktop.PolicyKit1.Authority.xml \ org.freedesktop.PolicyKit1.AuthenticationAgent.xml \ $(service_in_files) \ + $(dbusconf_in_files) \ $(systemdservice_in_files) \ - $(dbusconf_DATA) \ $(NULL) clean-local : - rm -f *~ $(service_DATA) $(systemdservice_DATA) + rm -f *~ $(service_DATA) $(dbusconf_DATA) $(systemdservice_DATA) diff --git a/data/org.freedesktop.PolicyKit1.conf b/data/org.freedesktop.PolicyKit1.conf.in index c8ef513..c749207 100644 --- a/data/org.freedesktop.PolicyKit1.conf +++ b/data/org.freedesktop.PolicyKit1.conf.in @@ -4,7 +4,7 @@ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> - <policy user="root"> + <policy user="@polkitd_user@"> <allow own="org.freedesktop.PolicyKit1"/> </policy> @@ -13,7 +13,7 @@ </policy> <!-- Allow uid 0 to send messages on the org.freedesktop.PolicyKit1.AuthenticationAgent interface --> - <policy user="root"> + <policy user="@polkitd_user@"> <allow send_interface="org.freedesktop.PolicyKit1.AuthenticationAgent"/> </policy> |