[Pkg-utopia-maintainers] Bug#825766: flatpak: Allow passwordless app-install and runtime-install for sudoers in polkit 0.105
Simon McVittie
smcv at debian.org
Sun May 29 16:28:01 UTC 2016
Package: flatpak
Version: 0.6.2-1
Severity: normal
Flatpak installs /usr/share/polkit-1/rules.d/org.freedesktop.Flatpak.rules
as follows:
polkit.addRule(function(action, subject) {
if ((action.id == "org.freedesktop.Flatpak.app-install" ||
action.id == "org.freedesktop.Flatpak.runtime-install") &&
subject.active == true && subject.local == true &&
subject.isInGroup("sudo")) {
return polkit.Result.YES;
}
});
... in other words, sudoers who are logged in to an active session may
install apps and runtimes system-wide without authenticating. (The
justification is that they would already have had to authenticate when
they added the repository and its associated GPG key, which is the point
at which the trust decision was made.)
This only works with policykit-1/experimental. Since it doesn't seem
likely that we will move to that version in stretch, it would improve
convenience for users of policykit-1/unstable if we had an equivalent
"local authority" configuration file for that version, perhaps something
analogous to
/var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla.
S
More information about the Pkg-utopia-maintainers
mailing list