Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/travier/betterkit

WIP Polkit replacement
https://github.com/travier/betterkit

Last synced: about 2 months ago
JSON representation

WIP Polkit replacement

Host: GitHub
URL: https://github.com/travier/betterkit
Owner: travier
License: other
Created: 2022-02-09T17:54:39.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2024-07-25T17:50:42.000Z (6 months ago)
Last Synced: 2024-11-29T17:50:53.808Z (about 2 months ago)
Language: Rust
Size: 22.5 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Alternative to polkit based on DBus and systemd-run

## Design

- Define a set of actions (commands) that will be executed via [systemd-run].
- Define a set of rules that grant access to those actions to users based on
various conditions (logged-in locally, system administrator, etc.).
- Run as a privileged system daemon that will execture the action for users if
they match the rules.

## Security

- Limited parsing of untrusted data
- Declarative and easy to understand configuration syntax for actions and rules
- Actions are run fully un-privileged and confined by default: privileged
access is opt-in
- No SUID binary
- Clear logging of which user requested which action and which rules enabled it
- Written in pure safe Rust

## Example

```
$ cat /usr/lib/betterkit/actions/rpm-ostree.conf
[Action]
Id=org.coreos.rpm-ostree.rollback
Description=Roolback to previous deployment with rpm-ostree
Command=rpm-ostree rollback
User=root
Access=dbus-system

$ cat /usr/lib/betterkit/rules/rpm-ostree.conf
[Rule]
Action=org.coreos.rpm-ostree.rollback
Group=wheel
Result=Accept

[Rule]
Action=org.coreos.rpm-ostree.rollback
Active=true
Result=Ask
```

[systemd-run]: https://www.freedesktop.org/software/systemd/man/systemd-run.html

## Current status

Currently only working with the session bus:

```
$ cargo run -- -v --user
[INFO deadend] Received: Signal NameAcquired from org.freedesktop.DBus
[INFO deadend] Received: Signal NameAcquired from org.freedesktop.DBus
[INFO deadend] Writing MOTD with reason: Test
[INFO deadend] Successfully wrote MOTD
```

```
$ busctl --user call --json=pretty -- org.betterkit /org/betterkit/betterkit1 org.betterkit.betterkit1 Run as 2 "ls" "-alh" | jq -r ".data[0]"
$ busctl --user call --json=pretty -- org.betterkit /org/betterkit/betterkit1 org.betterkit.betterkit1 Get t 6 | jq -r ".data[0]"
```