arrfab / rpms / abrt

Forked from rpms/abrt 5 years ago
Clone

Blame SOURCES/0140-dbus-keep-the-polkit-authorization-for-all-clients.patch

baab13
From 9c807b4f4d808201118f15182e12a9e68e12dc36 Mon Sep 17 00:00:00 2001
baab13
From: Jakub Filak <jfilak@redhat.com>
baab13
Date: Thu, 2 Jul 2015 12:19:30 +0200
baab13
Subject: [PATCH] dbus: keep the polkit authorization for all clients
baab13
baab13
I played with the defaults and I've found out that:
baab13
 - allow_any == clients like ssh
baab13
 - allow_active == for local console (X, terminal)
baab13
 - allow_inactive had no effect
baab13
baab13
Anyway, I do not find any reason to prevent any client from getting
baab13
access to all ABRT problems and I also think we should use
baab13
'auth_admin_keep' until we implement the new abrt dbus service.
baab13
baab13
auth_admin_keep - requires authorization for the first request and the
baab13
authorization is kept for a brief period (polkit(8)).
baab13
baab13
commit e98c8766655216db3d9a08b1fa52ba7decf57c46
baab13
Author: Stef Walter <stefw@redhat.com>
baab13
Date:   Mon May 5 08:41:00 2014 +0200
baab13
baab13
dbus: Fix desktop centric polkit policy file
baab13
baab13
In order to allow use of ABRT's DBus API on servers, the polkit
baab13
policy should allow admin usage even when not logged in an active
baab13
seat (ie: monitor and keyboard). Otherwise use from ssh logins and
baab13
Cockpit is prevented.
baab13
baab13
Related: #1224984
baab13
baab13
Signed-off-by: Jakub Filak <jfilak@redhat.com>
baab13
baab13
Conflicts:
baab13
	src/dbus/abrt_polkit.policy
baab13
---
baab13
 src/dbus/abrt_polkit.policy | 8 ++++----
baab13
 1 file changed, 4 insertions(+), 4 deletions(-)
baab13
baab13
diff --git a/src/dbus/abrt_polkit.policy b/src/dbus/abrt_polkit.policy
baab13
index 06008b4..beb615f 100644
baab13
--- a/src/dbus/abrt_polkit.policy
baab13
+++ b/src/dbus/abrt_polkit.policy
baab13
@@ -19,9 +19,9 @@ Copyright (c) 2012 ABRT Team <crash-catcher@fedorahosted.com>
baab13
     <description>Get problems from all users</description>
baab13
     <message>Reading others problems requires authentication</message>
baab13
     <defaults>
baab13
-      <allow_any>no</allow_any>
baab13
+      <allow_any>auth_admin_keep</allow_any>
baab13
       <allow_active>auth_admin_keep</allow_active>
baab13
-      <allow_inactive>no</allow_inactive>
baab13
+      <allow_inactive>auth_admin_keep</allow_inactive>
baab13
     </defaults>
baab13
   </action>
baab13
 
baab13
@@ -30,9 +30,9 @@ Copyright (c) 2012 ABRT Team <crash-catcher@fedorahosted.com>
baab13
     <description>Set value of configuration properties</description>
baab13
     <message>Update configuration values reuquires authentication</message>
baab13
     <defaults>
baab13
-      <allow_any>no</allow_any>
baab13
+      <allow_any>auth_admin_keep</allow_any>
baab13
       <allow_active>auth_admin_keep</allow_active>
baab13
-      <allow_inactive>no</allow_inactive>
baab13
+      <allow_inactive>auth_admin_keep</allow_inactive>
baab13
     </defaults>
baab13
   </action>
baab13
 
baab13
-- 
baab13
2.4.3
baab13