policy: add a configure option for a permissive modify.system default
Add --enable-modify-system, to change the default for org.freedesktop.NetworkManager.settings.modify.system to allow users to edit system connections without needing to authenticate.
This commit is contained in:
Dan Winship
2
.gitignore
vendored
2
.gitignore
vendored
@@ -193,8 +193,8 @@ m4/intltool.m4
|
||||
m4/libtool.m4
|
||||
m4/lt*.m4
|
||||
|
||||
policy/org.freedesktop.network-manager-settings.system.policy
|
||||
policy/org.freedesktop.NetworkManager.policy
|
||||
policy/org.freedesktop.NetworkManager.policy.in
|
||||
|
||||
data/NetworkManager.service
|
||||
data/NetworkManager-wait-online.service
|
||||
|
||||
19
configure.ac
19
configure.ac
@@ -464,6 +464,18 @@ else
|
||||
fi
|
||||
AM_CONDITIONAL(WITH_POLKIT, test "${enable_polkit}" = "yes")
|
||||
|
||||
AC_ARG_ENABLE(modify-system,
|
||||
AS_HELP_STRING([--enable-modify-system], [Allow users to modify system connections]))
|
||||
if test "${enable_modify_system}" = "yes"; then
|
||||
if ! test "${enable_polkit}" = "yes"; then
|
||||
AC_MSG_ERROR([--enable-modify-system requires --enable-polkit])
|
||||
fi
|
||||
NM_MODIFY_SYSTEM_POLICY="yes"
|
||||
else
|
||||
NM_MODIFY_SYSTEM_POLICY="auth_admin_keep"
|
||||
fi
|
||||
AC_SUBST(NM_MODIFY_SYSTEM_POLICY)
|
||||
|
||||
AC_ARG_WITH(crypto, AS_HELP_STRING([--with-crypto=nss|gnutls], [Cryptography library to use for certificate and key operations]),ac_crypto=$withval, ac_crypto=nss)
|
||||
|
||||
with_nss=no
|
||||
@@ -822,6 +834,7 @@ man/nm-online.1
|
||||
man/nmcli.1
|
||||
po/Makefile.in
|
||||
policy/Makefile
|
||||
policy/org.freedesktop.NetworkManager.policy.in
|
||||
data/Makefile
|
||||
docs/Makefile
|
||||
docs/api/Makefile
|
||||
@@ -869,7 +882,11 @@ else
|
||||
fi
|
||||
|
||||
if test "${enable_polkit}" = "yes"; then
|
||||
echo PolicyKit support: yes
|
||||
if test "${enable_modify_system}"; then
|
||||
echo "PolicyKit support: yes (permissive modify.system)"
|
||||
else
|
||||
echo "PolicyKit support: yes (restrictive modify.system)"
|
||||
fi
|
||||
else
|
||||
echo PolicyKit support: no
|
||||
fi
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
polkit_policydir = $(datadir)/polkit-1/actions
|
||||
|
||||
dist_polkit_policy_in_files = \
|
||||
org.freedesktop.NetworkManager.policy.in
|
||||
dist_polkit_policy_in_in_files = \
|
||||
org.freedesktop.NetworkManager.policy.in.in
|
||||
|
||||
dist_polkit_policy_DATA = $(dist_polkit_policy_in_files:.policy.in=.policy)
|
||||
polkit_policy_DATA = $(dist_polkit_policy_in_in_files:.policy.in.in=.policy)
|
||||
|
||||
@INTLTOOL_POLICY_RULE@
|
||||
|
||||
|
||||
@@ -95,7 +95,7 @@
|
||||
<_message>System policy prevents modification of network settings for all users</_message>
|
||||
<defaults>
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
<allow_active>@NM_MODIFY_SYSTEM_POLICY@</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
Reference in New Issue
Block a user