- Previously, running the pkaction command with invalid arguments opened the corresponding manual page instead of generating a warning, or giving any other indication of erroneous behavior. With this update, the user is informed by an error message.
- Prior to this update, in PolicyKit local authority, the order of processing configuration files within a directory depended only on file system specifics. The ordering has been made consistent to avoid surprising changes in behavior but remains unspecified and may change in future updates of Red Hat Enterprise Linux; use the documented ordering of directory names if your configuration relies on ordering of the .pkla configuration files.
- Prior to this update, if a process subject to an authorization query became a zombie before completing the authorization, the polkitd daemon could terminate unexpectedly. Handling of zombie processes has been improved to fix this crash.
- With this update, all polkit binary files have been compiled with the RELRO option, and where applicable, with the PIE option, to increase resilience against various attacks.
- With this update, more flexibility in polkit rules is allowed. In addition to the existing “unix-user:" and “unix-group:” identity specifications, a new specification “default” can be used to specify authorization result for users that do not match either of the ”unix-user:” or “unix-group:” specifications.