doczkal / rpms / abrt

Forked from rpms/abrt 4 years ago
Clone

Blame SOURCES/0140-dbus-keep-the-polkit-authorization-for-all-clients.patch

47a88a
From 9c807b4f4d808201118f15182e12a9e68e12dc36 Mon Sep 17 00:00:00 2001
47a88a
From: Jakub Filak <jfilak@redhat.com>
47a88a
Date: Thu, 2 Jul 2015 12:19:30 +0200
47a88a
Subject: [PATCH] dbus: keep the polkit authorization for all clients
47a88a
47a88a
I played with the defaults and I've found out that:
47a88a
 - allow_any == clients like ssh
47a88a
 - allow_active == for local console (X, terminal)
47a88a
 - allow_inactive had no effect
47a88a
47a88a
Anyway, I do not find any reason to prevent any client from getting
47a88a
access to all ABRT problems and I also think we should use
47a88a
'auth_admin_keep' until we implement the new abrt dbus service.
47a88a
47a88a
auth_admin_keep - requires authorization for the first request and the
47a88a
authorization is kept for a brief period (polkit(8)).
47a88a
47a88a
commit e98c8766655216db3d9a08b1fa52ba7decf57c46
47a88a
Author: Stef Walter <stefw@redhat.com>
47a88a
Date:   Mon May 5 08:41:00 2014 +0200
47a88a
47a88a
dbus: Fix desktop centric polkit policy file
47a88a
47a88a
In order to allow use of ABRT's DBus API on servers, the polkit
47a88a
policy should allow admin usage even when not logged in an active
47a88a
seat (ie: monitor and keyboard). Otherwise use from ssh logins and
47a88a
Cockpit is prevented.
47a88a
47a88a
Related: #1224984
47a88a
47a88a
Signed-off-by: Jakub Filak <jfilak@redhat.com>
47a88a
47a88a
Conflicts:
47a88a
	src/dbus/abrt_polkit.policy
47a88a
---
47a88a
 src/dbus/abrt_polkit.policy | 8 ++++----
47a88a
 1 file changed, 4 insertions(+), 4 deletions(-)
47a88a
47a88a
diff --git a/src/dbus/abrt_polkit.policy b/src/dbus/abrt_polkit.policy
47a88a
index 06008b4..beb615f 100644
47a88a
--- a/src/dbus/abrt_polkit.policy
47a88a
+++ b/src/dbus/abrt_polkit.policy
47a88a
@@ -19,9 +19,9 @@ Copyright (c) 2012 ABRT Team <crash-catcher@fedorahosted.com>
47a88a
     <description>Get problems from all users</description>
47a88a
     <message>Reading others problems requires authentication</message>
47a88a
     <defaults>
47a88a
-      <allow_any>no</allow_any>
47a88a
+      <allow_any>auth_admin_keep</allow_any>
47a88a
       <allow_active>auth_admin_keep</allow_active>
47a88a
-      <allow_inactive>no</allow_inactive>
47a88a
+      <allow_inactive>auth_admin_keep</allow_inactive>
47a88a
     </defaults>
47a88a
   </action>
47a88a
 
47a88a
@@ -30,9 +30,9 @@ Copyright (c) 2012 ABRT Team <crash-catcher@fedorahosted.com>
47a88a
     <description>Set value of configuration properties</description>
47a88a
     <message>Update configuration values reuquires authentication</message>
47a88a
     <defaults>
47a88a
-      <allow_any>no</allow_any>
47a88a
+      <allow_any>auth_admin_keep</allow_any>
47a88a
       <allow_active>auth_admin_keep</allow_active>
47a88a
-      <allow_inactive>no</allow_inactive>
47a88a
+      <allow_inactive>auth_admin_keep</allow_inactive>
47a88a
     </defaults>
47a88a
   </action>
47a88a
 
47a88a
-- 
47a88a
2.4.3
47a88a