|
 |
d9d99f |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
d9d99f |
From: Hans de Goede <hdegoede@redhat.com>
|
|
|
d9d99f |
Date: Fri, 14 Sep 2018 16:39:40 +0200
|
|
|
d9d99f |
Subject: [PATCH] docs: Stop using polkit / pkexec for grub-boot-success.timer
|
|
|
d9d99f |
/ service
|
|
|
d9d99f |
|
|
|
d9d99f |
We also want to call grub2-set-bootflag under gdm and pkexec does not
|
|
|
d9d99f |
work under gdm because the gdm user has /sbin/nologin as shell.
|
|
|
d9d99f |
|
|
|
d9d99f |
So instead we are going to install grub2-set-bootflag as suid root,
|
|
|
d9d99f |
grub2-set-bootflag was written with this usage in mind, so is safe
|
|
|
d9d99f |
to be made suid root.
|
|
|
d9d99f |
|
|
|
d9d99f |
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
d9d99f |
---
|
|
|
d9d99f |
docs/grub-boot-success.service | 2 +-
|
|
|
d9d99f |
docs/grub-boot-success.timer | 1 -
|
|
|
d9d99f |
docs/org.gnu.grub.policy | 20 --------------------
|
|
|
d9d99f |
3 files changed, 1 insertion(+), 22 deletions(-)
|
|
|
d9d99f |
delete mode 100644 docs/org.gnu.grub.policy
|
|
|
d9d99f |
|
|
|
d9d99f |
diff --git a/docs/grub-boot-success.service b/docs/grub-boot-success.service
|
|
|
d9d99f |
index c8c91c34d49..80e79584c91 100644
|
|
|
d9d99f |
--- a/docs/grub-boot-success.service
|
|
|
d9d99f |
+++ b/docs/grub-boot-success.service
|
|
|
d9d99f |
@@ -3,4 +3,4 @@ Description=Mark boot as successful
|
|
|
d9d99f |
|
|
|
d9d99f |
[Service]
|
|
|
d9d99f |
Type=oneshot
|
|
|
d9d99f |
-ExecStart=/usr/bin/pkexec /usr/sbin/grub2-set-bootflag boot_success
|
|
|
d9d99f |
+ExecStart=/usr/sbin/grub2-set-bootflag boot_success
|
|
|
d9d99f |
diff --git a/docs/grub-boot-success.timer b/docs/grub-boot-success.timer
|
|
|
d9d99f |
index 67bd829b795..5d8fcba21aa 100644
|
|
|
d9d99f |
--- a/docs/grub-boot-success.timer
|
|
|
d9d99f |
+++ b/docs/grub-boot-success.timer
|
|
|
d9d99f |
@@ -1,7 +1,6 @@
|
|
|
d9d99f |
[Unit]
|
|
|
d9d99f |
Description=Mark boot as successful after the user session has run 2 minutes
|
|
|
d9d99f |
ConditionUser=!@system
|
|
|
d9d99f |
-ConditionPathExists=/usr/bin/pkexec
|
|
|
d9d99f |
|
|
|
d9d99f |
[Timer]
|
|
|
d9d99f |
OnActiveSec=2min
|
|
|
d9d99f |
diff --git a/docs/org.gnu.grub.policy b/docs/org.gnu.grub.policy
|
|
|
d9d99f |
deleted file mode 100644
|
|
|
d9d99f |
index 18391efc8e7..00000000000
|
|
|
d9d99f |
--- a/docs/org.gnu.grub.policy
|
|
|
d9d99f |
+++ /dev/null
|
|
|
d9d99f |
@@ -1,20 +0,0 @@
|
|
|
d9d99f |
-
|
|
|
d9d99f |
-
|
|
|
d9d99f |
-<policyconfig>
|
|
|
d9d99f |
- <vendor>GNU GRUB</vendor>
|
|
|
d9d99f |
- <vendor_url>https://www.gnu.org/software/grub/</vendor_url>
|
|
|
d9d99f |
- <action id="org.gnu.grub.set-bootflag">
|
|
|
d9d99f |
-
|
|
|
d9d99f |
- - A normal active user on the local machine does not need permission
|
|
|
d9d99f |
- to set bootflags to show the menu / mark current boot successful.
|
|
|
d9d99f |
- -->
|
|
|
d9d99f |
- <description>Set GRUB bootflags</description>
|
|
|
d9d99f |
- <message>Authentication is required to modify the bootloaders bootflags</message>
|
|
|
d9d99f |
- <defaults>
|
|
|
d9d99f |
- <allow_any>no</allow_any>
|
|
|
d9d99f |
- <allow_inactive>no</allow_inactive>
|
|
|
d9d99f |
- <allow_active>yes</allow_active>
|
|
|
d9d99f |
- </defaults>
|
|
|
d9d99f |
- <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/grub2-set-bootflag</annotate>
|
|
|
d9d99f |
- </action>
|
|
|
d9d99f |
-</policyconfig>
|