Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

loginctl cannot lock own session #471

Closed
maxcrees opened this issue Jul 2, 2015 · 3 comments
Closed

loginctl cannot lock own session #471

maxcrees opened this issue Jul 2, 2015 · 3 comments
Labels
login

Comments

@maxcrees
Copy link

maxcrees commented Jul 2, 2015

shell output:

max ~ $ loginctl
   SESSION        UID USER             SEAT            
        c1       1000 max              seat0           

1 sessions listed.
max ~ $ loginctl lock-session c1
Failed to issue method call: Access denied

journal entries:

Jul 02 03:49:43 bebop polkitd[3294]: Registered Authentication Agent for unix-process:14722:1378609 (system bus name :1.38 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Jul 02 03:49:43 bebop dbus[1312]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.39" (uid=1000 pid=14722 comm="loginctl lock-session ") interface="org.freedesktop.login1.Manager" member="LockSession" error name="(unset)" requested_reply="0" destination="org.freedesktop.login1" (uid=0 pid=1269 comm="/usr/lib/systemd/systemd-logind ")
Jul 02 03:49:43 bebop polkitd[3294]: Unregistered Authentication Agent for unix-process:14722:1378609 (system bus name :1.38, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

Arch Linux with systemd 221-2
@zonque zonque added the login label Jul 2, 2015
@dvdhrm
Copy link
Contributor

dvdhrm commented Jul 4, 2015

Yeah, our dbus-policy lacks entries for LockSession.

@poettering Given that we use AllowWorld=talk for kdbus, what's the reason to keep shipping those elaborate dbus1 policies? Why not punch holes for everyone to talk to our daemons?

@poettering
Copy link
Member

@dvdhrm Well, so far we did the policy as precise and locked-down as possible for the technology used. Not that it would matter much, but I think that's a fine policy, and we should continue to do this. (we should punch the hole for LockSession though)

poettering added a commit to poettering/systemd that referenced this issue Jul 11, 2015
@poettering
logind: bring bus policy up-to-date
559b5cc 
A while back we opened up all of logind's bus calls to unprivileged
users, via PK. However, the dbus1 policy wasn't updated accordingly.

With this change, the dbus1 policy is opened up for all bus calls that
should be available to unprivileged clients.

(also rearranges some calls in the vtable, to make more sense, and be in
line with the order in the bus policy file)

Fixes systemd#471.
@poettering poettering mentioned this issue Jul 11, 2015
Merged
@poettering
Copy link
Member

PR #558 contains a fix for this issue.

@teg teg closed this as completed in #558 Jul 12, 2015
This was referenced Jun 17, 2016
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
login
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zonque @maxcrees @dvdhrm @poettering