mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-06 16:21:50 +00:00
Polkit documentation suggests that <allow_any> applies to all clients, but that's actually not the case. allow_any, allow_inactive, and allow_active are evaluated individually based on whether the user is local and active (allow_active), local and inactive (allow_inactive), and not local (allow_any). Thus all three allow options must be specified for any authorization other than 'no'.
This commit is contained in:
parent
de56f28db6
commit
c9b6f13c56
|
@ -85,7 +85,9 @@
|
|||
<_description>Modify personal network connections</_description>
|
||||
<_message>System policy prevents modification of personal network settings</_message>
|
||||
<defaults>
|
||||
<allow_any>yes</allow_any>
|
||||
<allow_any>auth_self_keep</allow_any>
|
||||
<allow_inactive>yes</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
|
@ -93,7 +95,9 @@
|
|||
<_description>Modify network connections for all users</_description>
|
||||
<_message>System policy prevents modification of network settings for all users</_message>
|
||||
<defaults>
|
||||
<allow_any>@NM_MODIFY_SYSTEM_POLICY@</allow_any>
|
||||
<allow_any>auth_admin_keep</allow_any>
|
||||
<allow_inactive>@NM_MODIFY_SYSTEM_POLICY@</allow_inactive>
|
||||
<allow_active>@NM_MODIFY_SYSTEM_POLICY@</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
|
@ -102,6 +106,8 @@
|
|||
<_message>System policy prevents modification of the persistent system hostname</_message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin_keep</allow_any>
|
||||
<allow_inactive>auth_admin_keep</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
|
|
Loading…
Reference in a new issue