diff options
| author | Dan Winship <danw@gnome.org> | 2012-09-28 08:45:05 -0400 |
|---|---|---|
| committer | Dan Winship <danw@gnome.org> | 2012-09-28 08:45:05 -0400 |
| commit | 14b19982f6acf4c1794f79eed7ed21bd97c74a8a (patch) | |
| tree | 9664ec241a4be08a220cf4d5af534f45667eac56 | |
| parent | a7ad36987a4c12c4d22cb462d2407c0acffdd226 (diff) | |
policy: add a configure option for a permissive modify.system default
Add --enable-modify-system, to change the default for
org.freedesktop.NetworkManager.settings.modify.system to allow users
to edit system connections without needing to authenticate.
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | configure.ac | 19 | ||||
| -rw-r--r-- | policy/Makefile.am | 6 | ||||
| -rw-r--r-- | policy/org.freedesktop.NetworkManager.policy.in.in (renamed from policy/org.freedesktop.NetworkManager.policy.in) | 2 |
4 files changed, 23 insertions, 6 deletions
@@ -193,8 +193,8 @@ m4/intltool.m4 m4/libtool.m4 m4/lt*.m4 -policy/org.freedesktop.network-manager-settings.system.policy policy/org.freedesktop.NetworkManager.policy +policy/org.freedesktop.NetworkManager.policy.in data/NetworkManager.service data/NetworkManager-wait-online.service diff --git a/configure.ac b/configure.ac index 46640b1b..e76e193e 100644 --- a/configure.ac +++ b/configure.ac @@ -464,6 +464,18 @@ else fi AM_CONDITIONAL(WITH_POLKIT, test "${enable_polkit}" = "yes") +AC_ARG_ENABLE(modify-system, + AS_HELP_STRING([--enable-modify-system], [Allow users to modify system connections])) +if test "${enable_modify_system}" = "yes"; then + if ! test "${enable_polkit}" = "yes"; then + AC_MSG_ERROR([--enable-modify-system requires --enable-polkit]) + fi + NM_MODIFY_SYSTEM_POLICY="yes" +else + NM_MODIFY_SYSTEM_POLICY="auth_admin_keep" +fi +AC_SUBST(NM_MODIFY_SYSTEM_POLICY) + AC_ARG_WITH(crypto, AS_HELP_STRING([--with-crypto=nss|gnutls], [Cryptography library to use for certificate and key operations]),ac_crypto=$withval, ac_crypto=nss) with_nss=no @@ -822,6 +834,7 @@ man/nm-online.1 man/nmcli.1 po/Makefile.in policy/Makefile +policy/org.freedesktop.NetworkManager.policy.in data/Makefile docs/Makefile docs/api/Makefile @@ -869,7 +882,11 @@ else fi if test "${enable_polkit}" = "yes"; then - echo PolicyKit support: yes + if test "${enable_modify_system}"; then + echo "PolicyKit support: yes (permissive modify.system)" + else + echo "PolicyKit support: yes (restrictive modify.system)" + fi else echo PolicyKit support: no fi diff --git a/policy/Makefile.am b/policy/Makefile.am index 289d220b..27465195 100644 --- a/policy/Makefile.am +++ b/policy/Makefile.am @@ -1,9 +1,9 @@ polkit_policydir = $(datadir)/polkit-1/actions -dist_polkit_policy_in_files = \ - org.freedesktop.NetworkManager.policy.in +dist_polkit_policy_in_in_files = \ + org.freedesktop.NetworkManager.policy.in.in -dist_polkit_policy_DATA = $(dist_polkit_policy_in_files:.policy.in=.policy) +polkit_policy_DATA = $(dist_polkit_policy_in_in_files:.policy.in.in=.policy) @INTLTOOL_POLICY_RULE@ diff --git a/policy/org.freedesktop.NetworkManager.policy.in b/policy/org.freedesktop.NetworkManager.policy.in.in index 8e43809f..ea3777a4 100644 --- a/policy/org.freedesktop.NetworkManager.policy.in +++ b/policy/org.freedesktop.NetworkManager.policy.in.in @@ -95,7 +95,7 @@ <_message>System policy prevents modification of network settings for all users</_message> <defaults> <allow_inactive>no</allow_inactive> - <allow_active>auth_admin_keep</allow_active> + <allow_active>@NM_MODIFY_SYSTEM_POLICY@</allow_active> </defaults> </action> |