Bug 1657021

Summary: Systemd error handling is insufficient when dealing with polkit.
Product: Red Hat Enterprise Linux 7 Reporter: Trevor Vaughan <tvaughan>
Component: polkitAssignee: Polkit Maintainers <polkit-devel>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.5CC: dtardon, systemd-maint-list
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-03-15 07:32:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Trevor Vaughan 2018-12-06 20:53:00 UTC 
Description of problem:

Systemd error handling is insufficient when dealing with polkit.


Version-Release number of selected component (if applicable):

219-57.el7_5.3.x86_64

How reproducible:

1. Follow the instructions at https://gitlab.freedesktop.org/polkit/polkit/issues/74

2. Run `virsh connect qemu:///system` as the new user

Actual results:

Unprivileged user has the ability to perform privileged actions with systemd commands. Evaluated 'systemctl' and 'loginctl' and was able to modify system settings without issue.

Expected results:

Systemd will deny access to invalid users attempting to run privileged commands in a manner similar to libvirt.

Libvirt error message: "error: error from service: CheckAuthorization: Unix process subject does not have uid set"
Comment 4 RHEL Program Management 2021-03-15 07:32:16 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.