polkit (formerly PolicyKit) is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes.
Other
41
stars
22
forks
source link
Only instances affected by sessions change should call for CheckAuthorization #453
Currently, every time the systemd-logind monitor sends a notification about change in sessions, all instances of PolkitPermission (and probably other classes using PolkitAuthority) send CheckAuthorization to the daemon even though their session is not affected. This hogs the cpu needlessly, because ALL programs/applets in ALL instances for ALL users send CheckAuthorization, making each such request even repeated. This PR adds recognition of a change in sessions, adds it to the "Changed" dbus signal as a parameter, and on the client side of polkit (i.e. PolkitAuthority) enables to react accordingly. This enables PolkitPermission to assess whether the session change affects just the objects in affected sessions.
Detailed description and/or reproducer
The problem can be observed if running gnome-shell, then just logging in (in a terminal, over ssh, etc.) and watching the output in dbus-monitor: sudo busctl monitor org.freedesktop.PolicyKit1 | grep -e "PolicyKit1.*Changed\|CheckAuthorization
Here, on just one log-in, more than one (usually three) "Changed" signals are generated (three events sent by logind monitor), each of which starts huge "CheckAuthorization" train.
With the fix, the CheckAuthorization is triggered only if the session really changed (e.g. user logged in on a new tty and gnome-shell's session goes from "active" to "online" state).
Summary
Currently, every time the systemd-logind monitor sends a notification about change in sessions, all instances of PolkitPermission (and probably other classes using PolkitAuthority) send CheckAuthorization to the daemon even though their session is not affected. This hogs the cpu needlessly, because ALL programs/applets in ALL instances for ALL users send CheckAuthorization, making each such request even repeated. This PR adds recognition of a change in sessions, adds it to the "Changed" dbus signal as a parameter, and on the client side of polkit (i.e. PolkitAuthority) enables to react accordingly. This enables PolkitPermission to assess whether the session change affects just the objects in affected sessions.
Detailed description and/or reproducer
The problem can be observed if running gnome-shell, then just logging in (in a terminal, over ssh, etc.) and watching the output in dbus-monitor:
sudo busctl monitor org.freedesktop.PolicyKit1 | grep -e "PolicyKit1.*Changed\|CheckAuthorization
Here, on just one log-in, more than one (usually three) "Changed" signals are generated (three events sent by logind monitor), each of which starts huge "CheckAuthorization" train.With the fix, the CheckAuthorization is triggered only if the session really changed (e.g. user logged in on a new tty and gnome-shell's session goes from "active" to "online" state).