logind: allow any user to request lingering

We enable lingering for anyone who wants this. It is still disabled by default to avoid keeping long-running processes accidentally. Admins might want to customize this policy on multi-user sites.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2016-04-12 22:52:28 -0400
committer: Sven Eden <yamakuzure@gmx.net> 2017-06-16 10:12:57 +0200
commit: ac74a6464227c4f4b0f277046a8837c75012d401 (patch)
tree: 3fdf56f04e04f4a8e8952a4db2b6dff1be1db33e /src
parent: 9fbf2df9b782217c2c4f117734d77556d5df1d33 (diff)
2 files changed, 13 insertions, 3 deletions
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 10432b2d3..dba4c728f 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1083,11 +1083,11 @@ static int method_terminate_seat(sd_bus_message *message, void *userdata, sd_bus
 static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bus_error *error) {
         _cleanup_free_ char *cc = NULL;
         Manager *m = userdata;
-        int b, r;
+        int r, b, interactive;
         struct passwd *pw;
         const char *path;
         uint32_t uid;
-        int interactive;
+        bool self = false;
 
         assert(message);
         assert(m);
@@ -1108,6 +1108,8 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
                 if (r < 0)
                         return r;
 
+                self = true;
+
         } else if (!uid_is_valid(uid))
                 return -EINVAL;
 
@@ -1119,7 +1121,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
         r = bus_verify_polkit_async(
                         message,
                         CAP_SYS_ADMIN,
-                        "org.freedesktop.login1.set-user-linger",
+                        self ? "org.freedesktop.login1.set-self-linger" : "org.freedesktop.login1.set-user-linger",
                         NULL,
                         interactive,
                         UID_INVALID,
diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in
index 23326bb79..1fa644162 100644
--- a/src/login/org.freedesktop.login1.policy.in
+++ b/src/login/org.freedesktop.login1.policy.in
@@ -111,6 +111,14 @@
                 </defaults>
         </action>
 
+        <action id="org.freedesktop.login1.set-self-linger">
+                <_description>Allow non-logged-in user to run programs</_description>
+                <_message>Explicit request is required to run programs as a non-logged-in user.</_message>
+                <defaults>
+                        <allow_any>yes</allow_any>
+                </defaults>
+        </action>
+
         <action id="org.freedesktop.login1.set-user-linger">
                 <_description>Allow non-logged-in users to run programs</_description>
                 <_message>Authentication is required to run programs as a non-logged-in user.</_message>
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2016-04-12 22:52:28 -0400
committer	Sven Eden <yamakuzure@gmx.net>	2017-06-16 10:12:57 +0200
commit	ac74a6464227c4f4b0f277046a8837c75012d401 (patch)
tree	3fdf56f04e04f4a8e8952a4db2b6dff1be1db33e /src
parent	9fbf2df9b782217c2c4f117734d77556d5df1d33 (diff)