• chameleon@kbin.social
    link
    fedilink
    arrow-up
    6
    ·
    7 months ago

    Looking at the implementation, it doesn’t really implement sudoers or tools like sudoedit in any way. systemd-run has already been an existing tool for quite some time and this is really just a different CLI for it. That tool asks systemd to make a temporary new service and immediately run it. That, in turn, requires blanket yes/no approval for org.freedesktop.systemd1.manage-units via polkit.

    So with run0, you can either do everything or you can do nothing. In-betweens are just not a thing at the moment. There’s very little new backend code running as root.

    run0 bash should behave very similar to something like systemd-run --uid=0 --gid=0 --wait --same-dir --send-sighup --pty --pipe --collect bash and the majority of those options have been available for quite a while.