Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods
Zincati ships a polkit rule which allows the zincati system user to use the following actions: org.projectatomic.rpmostree1.deploy: used to deploy updates to the system org.projectatomic.rpmostree1.finalize-deployment: used to reboot the system into the deployed update Since Zincati v0.0.24, this polkit rule contains a logic error which broadens access of those polkit actions to any unprivileged user rather than just the zincati system user. In practice, this means that any unprivileged user …