From c9b6f13c56583d95199857b9e0390962b642dae5 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Fri, 24 Jan 2014 12:28:35 -0600 Subject: [PATCH] policy: fix policy after dcbw/kill-at-console merge (bgo #707983) (rh #979416) Polkit documentation suggests that applies to all clients, but that's actually not the case. allow_any, allow_inactive, and allow_active are evaluated individually based on whether the user is local and active (allow_active), local and inactive (allow_inactive), and not local (allow_any). Thus all three allow options must be specified for any authorization other than 'no'. --- policy/org.freedesktop.NetworkManager.policy.in.in | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/policy/org.freedesktop.NetworkManager.policy.in.in b/policy/org.freedesktop.NetworkManager.policy.in.in index 2de066c1e0..cb229990ca 100644 --- a/policy/org.freedesktop.NetworkManager.policy.in.in +++ b/policy/org.freedesktop.NetworkManager.policy.in.in @@ -85,7 +85,9 @@ <_description>Modify personal network connections <_message>System policy prevents modification of personal network settings - yes + auth_self_keep + yes + yes @@ -93,7 +95,9 @@ <_description>Modify network connections for all users <_message>System policy prevents modification of network settings for all users - @NM_MODIFY_SYSTEM_POLICY@ + auth_admin_keep + @NM_MODIFY_SYSTEM_POLICY@ + @NM_MODIFY_SYSTEM_POLICY@ @@ -102,6 +106,8 @@ <_message>System policy prevents modification of the persistent system hostname auth_admin_keep + auth_admin_keep + auth_admin_keep