From 941b747e6e40bd18dd0c0fd1d0eff189faa8a149 Mon Sep 17 00:00:00 2001 From: Colin Date: Sun, 2 Jun 2024 03:59:54 +0000 Subject: [PATCH] polkit: add owner annotations to all actions this allows one to (optionally) run NetworkManager as a user named "networkmanager" instead of root without breaking NM-initiated polkit queries. dbus interactions for an operation like `nmcli device wifi rescan` look like this: ``` nmcli (pid=1234, uid=1000) | v org.freedesktop.NetworkManager.Device.Wireless.RequestScan { } (fielded by NetworkManager.service) | v org.freedesktop.PolicyKit1.Authority.CheckAuthorization { pid = 1234 start-time = ...; uid = 1000; "org.freedesktop.NetworkManager.wifi.scan" } (fielded by polkit.service) ``` --- .../org.freedesktop.NetworkManager.policy.in.in | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/data/org.freedesktop.NetworkManager.policy.in.in b/data/org.freedesktop.NetworkManager.policy.in.in index 13a0a5b50..636b3c8aa 100644 --- a/data/org.freedesktop.NetworkManager.policy.in.in +++ b/data/org.freedesktop.NetworkManager.policy.in.in @@ -16,6 +16,7 @@ no yes + unix-user:networkmanager @@ -26,6 +27,7 @@ auth_admin_keep auth_admin_keep + unix-user:networkmanager @@ -35,6 +37,7 @@ no no + unix-user:networkmanager @@ -44,6 +47,7 @@ no yes + unix-user:networkmanager @@ -53,6 +57,7 @@ no yes + unix-user:networkmanager @@ -62,6 +67,7 @@ no yes + unix-user:networkmanager @@ -72,6 +78,7 @@ yes yes + unix-user:networkmanager @@ -82,6 +89,7 @@ yes yes + unix-user:networkmanager @@ -91,6 +99,7 @@ no yes + unix-user:networkmanager @@ -100,6 +109,7 @@ no yes + unix-user:networkmanager @@ -110,6 +120,7 @@ yes yes + unix-user:networkmanager @@ -120,6 +131,7 @@ @NM_MODIFY_SYSTEM_POLICY@ @NM_MODIFY_SYSTEM_POLICY@ + unix-user:networkmanager @@ -130,6 +142,7 @@ auth_admin_keep auth_admin_keep + unix-user:networkmanager @@ -140,6 +153,7 @@ auth_admin_keep auth_admin_keep + unix-user:networkmanager @@ -150,6 +164,7 @@ auth_admin_keep auth_admin_keep + unix-user:networkmanager @@ -159,6 +174,7 @@ no yes + unix-user:networkmanager @@ -168,6 +184,7 @@ no yes + unix-user:networkmanager