[Pkg-utopia-maintainers] Bug#800598: Please switch from --with-polkit=strict to --with-polkit=permissive
Alexander Kurtz
alexander at kurtz.be
Thu Oct 1 14:28:39 UTC 2015
Package: modemmanager
Version: 1.4.10-1
Severity: wishlist
Hi,
when unlocking a SIM (for example with `mmcli --sim=1 --pin=1234`),
ModemManager will trigger a polkit authorization dialog as shown in the
attached screenshot. This means, that even if you let gnome-keyring or
another password manager store the PIN for your SIM, you'll still be
required to answer a password prompt (requiring either your user or
root password, depending on your system configuration) every time your
modem loses power (suspends, reboots, USB disconnects, etc.) which is a
a major inconvenience if you regularly use a mobile data connection.
This is unnecessary at least for local users, since they always can
just remove the SIM from the computer and insert it into any device of
their choice. Upstream had this discussion a couple of years back [0]
and decided to add an optional argument to the --with-polkit configure
parameter [1].
When enabling PolicyKit support, Guido Günther set this argument to
"strict" [2]. Unless there are compelling reasons not to, I ask you to
change this to "permissive". This would change every "auth_self_keep"
in /usr/share/polkit-1/actions/org.freedesktop.ModemManager1.policy to
"yes" which means that local users would no longer be required to to
authenticate for actions they could also accomplish by simply removing
the SIM.
Best regards
Alexander Kurtz
PS: For the time being, I worked around this by creating /etc/polkit-1/localauthority/50-local.d/org.freedesktop.ModemManager1.pkla like this:
[org.freedesktop.ModemManager1 extensions]
Identity=unix-user:*
Action=org.freedesktop.ModemManager1.Device.Control;org.freedesktop.ModemManager1.Contacts;org.freedesktop.ModemManager1.Messaging;org.freedesktop.ModemManager1.Location
ResultActive=yes
[0] https://bugzilla.gnome.org/show_bug.cgi?id=701740
[1] http://cgit.freedesktop.org/ModemManager/ModemManager/tree/configure.ac#n220
[2] https://anonscm.debian.org/cgit/collab-maint/modemmanager.git/commit/?id=083a598c429365ff9475972315c936bed5d9fe03file:///home/alexander/Downloads/authorization-dialog.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: authorization-dialog.png
Type: image/png
Size: 786141 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20151001/3fe09b53/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20151001/3fe09b53/attachment-0001.sig>
More information about the Pkg-utopia-maintainers
mailing list