[Pkg-utopia-maintainers] Bug#808162: Bug#808162: NetworkManager does not allow remote management

Marius Vollmer marius.vollmer at redhat.com
Wed Sep 14 11:40:49 UTC 2016


(Sorry for the late reply)

Michael Biebl <biebl at debian.org> writes:

> Am 16.12.2015 um 18:18 schrieb Marius Vollmer:
>
>> the NetworkManager polkit policy in Debian does not allow changing or
>> adding connections from a remote session, such as a ssh or Cockpit
>> login.
>>
>> The default upstream policy explicitly allows this.  See
>>
>>     https://bugzilla.redhat.com/show_bug.cgi?id=1145646
>>
>> for some discussion.
>>
>> In the bug report above, the action that needed adjustement was
>> "org.freedesktop.NetworkManager.network-control".  In Debian,
>> "org.freedesktop.NetworkManager.settings.modify.system" would need to be
>> allowed for "any".
>
> I don't think we should allow
> org.freedesktop.NetworkManager.settings.modify.system for everyone.
>
> Why is auth_admin(_keep) not sufficient here?

If I can remember this right, the actual entry in the polkit file would
be

    <allow_any>auth_admin</allow_any>

The "any" in the original report referred to "allow_any" in contrast to
allow_inactive and allow_active.  I didn't mean "yes" instead of
auth_admin.

Sorry for being too terse in the original report.



More information about the Pkg-utopia-maintainers mailing list