[Pkg-utopia-maintainers] Bug#808162: Bug#808162: NetworkManager does not allow remote management
Marius Vollmer
marius.vollmer at redhat.com
Wed Sep 14 11:40:49 UTC 2016
(Sorry for the late reply)
Michael Biebl <biebl at debian.org> writes:
> Am 16.12.2015 um 18:18 schrieb Marius Vollmer:
>
>> the NetworkManager polkit policy in Debian does not allow changing or
>> adding connections from a remote session, such as a ssh or Cockpit
>> login.
>>
>> The default upstream policy explicitly allows this. See
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1145646
>>
>> for some discussion.
>>
>> In the bug report above, the action that needed adjustement was
>> "org.freedesktop.NetworkManager.network-control". In Debian,
>> "org.freedesktop.NetworkManager.settings.modify.system" would need to be
>> allowed for "any".
>
> I don't think we should allow
> org.freedesktop.NetworkManager.settings.modify.system for everyone.
>
> Why is auth_admin(_keep) not sufficient here?
If I can remember this right, the actual entry in the polkit file would
be
<allow_any>auth_admin</allow_any>
The "any" in the original report referred to "allow_any" in contrast to
allow_inactive and allow_active. I didn't mean "yes" instead of
auth_admin.
Sorry for being too terse in the original report.
More information about the Pkg-utopia-maintainers
mailing list