polkit: add owner annotations to all actions

this allows one to (optionally) run NetworkManager as a user named "networkmanager" instead of root without breaking NM-initiated polkit queries.
2024-06-02 03:59:54 +00:00
parent 99f22526ec
commit d70906fd74
1 changed files with 17 additions and 0 deletions
--- a/data/org.freedesktop.NetworkManager.policy.in.in
+++ b/data/org.freedesktop.NetworkManager.policy.in.in
@@ -16,6 +16,7 @@
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.reload">
@@ -26,6 +27,7 @@
      <allow_inactive>auth_admin_keep</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.sleep-wake">
@@ -35,6 +37,7 @@
      <allow_inactive>no</allow_inactive>
      <allow_active>no</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.enable-disable-wifi">
@@ -44,6 +47,7 @@
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.enable-disable-wwan">
@@ -53,6 +57,7 @@
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.enable-disable-wimax">
@@ -62,6 +67,7 @@
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.network-control">
@@ -72,6 +78,7 @@
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.wifi.scan">
@@ -82,6 +89,7 @@
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.wifi.share.protected">
@@ -91,6 +99,7 @@
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.wifi.share.open">
@@ -100,6 +109,7 @@
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.settings.modify.own">
@@ -110,6 +120,7 @@
      <allow_inactive>yes</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.settings.modify.system">
@@ -120,6 +131,7 @@
      <allow_inactive>@NM_MODIFY_SYSTEM_POLICY@</allow_inactive>
      <allow_active>@NM_MODIFY_SYSTEM_POLICY@</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.settings.modify.hostname">
@@ -130,6 +142,7 @@
      <allow_inactive>auth_admin_keep</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.settings.modify.global-dns">
@@ -140,6 +153,7 @@
      <allow_inactive>auth_admin_keep</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.checkpoint-rollback">
@@ -150,6 +164,7 @@
      <allow_inactive>auth_admin_keep</allow_inactive>
      <allow_active>auth_admin_keep</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.enable-disable-statistics">
@@ -159,6 +174,7 @@
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

  <action id="org.freedesktop.NetworkManager.enable-disable-connectivity-check">
@@ -168,6 +184,7 @@
      <allow_inactive>no</allow_inactive>
      <allow_active>yes</allow_active>
    </defaults>
+    <annotate key="org.freedesktop.policykit.owner">unix-user:networkmanager</annotate>
  </action>

 </policyconfig>