• 0 Posts
  • 39 Comments
Joined 2 years ago
cake
Cake day: June 18th, 2023

help-circle





  • They should test this much more often and frequently. Unlike Gnome, KDE do actually care about their users, not just about themselves.

    It’s not like GNOME is the only outlier here (for the specific icon problem sure), someone on the linux subreddid also posted this screenshot https://imgur.com/a/1ELtsJb. It seems to really just be that KDE apps kinda struggle out side of KDE. And most of the GNOME devs do care about the users as well, just they also care that their apps look as intended.





  • I don’t understand how this is any improvement over pkexec

    That has the same problem as sudo: the SUID bit is set for it.

    The fact that run0 uses polkit is more of a byproduct that this kinda authentication is already done with polkit all over the place in systemd. You can have individual subcommand accessible to different users (for example everyone can systemctl status, but systemctl reboot needs to be in the wheel group) which is why its generally used within systemd already. And it wouldn’t surprise me if again you can do it with this as well, limiting what commands can unconditionally run, need prompt or are completely blocked.










  • The thing with this is: its just a symlink to the systemd-run binary, which talks to PID1 to spawn new processes (in separate cgroups IIRC). Its one of the most fundamental parts of systemd. Even the debian systemd package includes systemd-run.

    I guess the other question is if some tools the distro provides might switch to supporting it by default. For example on Arch there is makepkg that should never be executed as root, but does internally call some things with elevated privileges (mostly pacman to install and remove packages). Currently it checks for sudo and if not falls back to su, but maybe it might be worth considering changing su for run0 if its guaranteed to be there.