diff --git a/.gitignore b/.gitignore index d410fa327..1732fbb3f 100644 --- a/.gitignore +++ b/.gitignore @@ -193,8 +193,8 @@ m4/intltool.m4 m4/libtool.m4 m4/lt*.m4 -policy/org.freedesktop.network-manager-settings.system.policy policy/org.freedesktop.NetworkManager.policy +policy/org.freedesktop.NetworkManager.policy.in data/NetworkManager.service data/NetworkManager-wait-online.service diff --git a/configure.ac b/configure.ac index 46640b1bd..e76e193ec 100644 --- a/configure.ac +++ b/configure.ac @@ -464,6 +464,18 @@ else fi AM_CONDITIONAL(WITH_POLKIT, test "${enable_polkit}" = "yes") +AC_ARG_ENABLE(modify-system, + AS_HELP_STRING([--enable-modify-system], [Allow users to modify system connections])) +if test "${enable_modify_system}" = "yes"; then + if ! test "${enable_polkit}" = "yes"; then + AC_MSG_ERROR([--enable-modify-system requires --enable-polkit]) + fi + NM_MODIFY_SYSTEM_POLICY="yes" +else + NM_MODIFY_SYSTEM_POLICY="auth_admin_keep" +fi +AC_SUBST(NM_MODIFY_SYSTEM_POLICY) + AC_ARG_WITH(crypto, AS_HELP_STRING([--with-crypto=nss|gnutls], [Cryptography library to use for certificate and key operations]),ac_crypto=$withval, ac_crypto=nss) with_nss=no @@ -822,6 +834,7 @@ man/nm-online.1 man/nmcli.1 po/Makefile.in policy/Makefile +policy/org.freedesktop.NetworkManager.policy.in data/Makefile docs/Makefile docs/api/Makefile @@ -869,7 +882,11 @@ else fi if test "${enable_polkit}" = "yes"; then - echo PolicyKit support: yes + if test "${enable_modify_system}"; then + echo "PolicyKit support: yes (permissive modify.system)" + else + echo "PolicyKit support: yes (restrictive modify.system)" + fi else echo PolicyKit support: no fi diff --git a/policy/Makefile.am b/policy/Makefile.am index 289d220bd..274651953 100644 --- a/policy/Makefile.am +++ b/policy/Makefile.am @@ -1,9 +1,9 @@ polkit_policydir = $(datadir)/polkit-1/actions -dist_polkit_policy_in_files = \ - org.freedesktop.NetworkManager.policy.in +dist_polkit_policy_in_in_files = \ + org.freedesktop.NetworkManager.policy.in.in -dist_polkit_policy_DATA = $(dist_polkit_policy_in_files:.policy.in=.policy) +polkit_policy_DATA = $(dist_polkit_policy_in_in_files:.policy.in.in=.policy) @INTLTOOL_POLICY_RULE@ diff --git a/policy/org.freedesktop.NetworkManager.policy.in b/policy/org.freedesktop.NetworkManager.policy.in.in similarity index 98% rename from policy/org.freedesktop.NetworkManager.policy.in rename to policy/org.freedesktop.NetworkManager.policy.in.in index 8e43809fb..ea3777a47 100644 --- a/policy/org.freedesktop.NetworkManager.policy.in +++ b/policy/org.freedesktop.NetworkManager.policy.in.in @@ -95,7 +95,7 @@ <_message>System policy prevents modification of network settings for all users no - auth_admin_keep + @NM_MODIFY_SYSTEM_POLICY@