Authorization not granted with 8cabb118 and following
Current behaviour, description of the problem
A non-root user is granted permissions to start, stop and restart a specific systemd service without an interactive password request for the root password. With the previously mentioned commit this no longer works and the password of root is requested.
Desired behaviour
The expected behavior would be rule based authentication:
[testuser@host ~]$ systemctl start polkit_test.service ; echo $?
0
[testuser@host ~]$
What happens now is:
[testuser@host ~]$ systemctl start polkit_test.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ====
Authentication is required to start 'polkit_test.service'.
Authenticating as: root
Password:
Reproducer
Create a simple service and define a rule which grants a non-root user permission to manage this without an interactive request for a password not-related to this user.
cat >/etc/systemd/system/polkit_test.service <<EOF
[Unit]
Description=Start as non-root user with polkit rules granting permissions
[Service]
Type=oneshot
ExecStart=/bin/true
[Install]
WantedBy=multi-user.target
EOF
cat >/etc/polkit-1/rules.d/10-test.rules <<EOF
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units") {
if (subject.user == "testuser" && action.lookup("unit") == "polkit_test.service" &&
(action.lookup("verb") == "restart" || action.lookup("verb") == "stop" || action.lookup("verb") == "start")) {
return polkit.Result.YES;
}
}
});
EOF
# optional:
useradd -m testuser
Detailed description
[Version of polkit]: git based 8cabb118 [Version of OS]: Arch Linux [Anything else related to the issue]: #