Blame SOURCES/0140-dbus-keep-the-polkit-authorization-for-all-clients.patch

a60cd7
From 9c807b4f4d808201118f15182e12a9e68e12dc36 Mon Sep 17 00:00:00 2001
a60cd7
From: Jakub Filak <jfilak@redhat.com>
a60cd7
Date: Thu, 2 Jul 2015 12:19:30 +0200
a60cd7
Subject: [PATCH] dbus: keep the polkit authorization for all clients
a60cd7
a60cd7
I played with the defaults and I've found out that:
a60cd7
 - allow_any == clients like ssh
a60cd7
 - allow_active == for local console (X, terminal)
a60cd7
 - allow_inactive had no effect
a60cd7
a60cd7
Anyway, I do not find any reason to prevent any client from getting
a60cd7
access to all ABRT problems and I also think we should use
a60cd7
'auth_admin_keep' until we implement the new abrt dbus service.
a60cd7
a60cd7
auth_admin_keep - requires authorization for the first request and the
a60cd7
authorization is kept for a brief period (polkit(8)).
a60cd7
a60cd7
commit e98c8766655216db3d9a08b1fa52ba7decf57c46
a60cd7
Author: Stef Walter <stefw@redhat.com>
a60cd7
Date:   Mon May 5 08:41:00 2014 +0200
a60cd7
a60cd7
dbus: Fix desktop centric polkit policy file
a60cd7
a60cd7
In order to allow use of ABRT's DBus API on servers, the polkit
a60cd7
policy should allow admin usage even when not logged in an active
a60cd7
seat (ie: monitor and keyboard). Otherwise use from ssh logins and
a60cd7
Cockpit is prevented.
a60cd7
a60cd7
Related: #1224984
a60cd7
a60cd7
Signed-off-by: Jakub Filak <jfilak@redhat.com>
a60cd7
a60cd7
Conflicts:
a60cd7
	src/dbus/abrt_polkit.policy
a60cd7
---
a60cd7
 src/dbus/abrt_polkit.policy | 8 ++++----
a60cd7
 1 file changed, 4 insertions(+), 4 deletions(-)
a60cd7
a60cd7
diff --git a/src/dbus/abrt_polkit.policy b/src/dbus/abrt_polkit.policy
a60cd7
index 06008b4..beb615f 100644
a60cd7
--- a/src/dbus/abrt_polkit.policy
a60cd7
+++ b/src/dbus/abrt_polkit.policy
a60cd7
@@ -19,9 +19,9 @@ Copyright (c) 2012 ABRT Team <crash-catcher@fedorahosted.com>
a60cd7
     <description>Get problems from all users</description>
a60cd7
     <message>Reading others problems requires authentication</message>
a60cd7
     <defaults>
a60cd7
-      <allow_any>no</allow_any>
a60cd7
+      <allow_any>auth_admin_keep</allow_any>
a60cd7
       <allow_active>auth_admin_keep</allow_active>
a60cd7
-      <allow_inactive>no</allow_inactive>
a60cd7
+      <allow_inactive>auth_admin_keep</allow_inactive>
a60cd7
     </defaults>
a60cd7
   </action>
a60cd7
 
a60cd7
@@ -30,9 +30,9 @@ Copyright (c) 2012 ABRT Team <crash-catcher@fedorahosted.com>
a60cd7
     <description>Set value of configuration properties</description>
a60cd7
     <message>Update configuration values reuquires authentication</message>
a60cd7
     <defaults>
a60cd7
-      <allow_any>no</allow_any>
a60cd7
+      <allow_any>auth_admin_keep</allow_any>
a60cd7
       <allow_active>auth_admin_keep</allow_active>
a60cd7
-      <allow_inactive>no</allow_inactive>
a60cd7
+      <allow_inactive>auth_admin_keep</allow_inactive>
a60cd7
     </defaults>
a60cd7
   </action>
a60cd7
 
a60cd7
-- 
a60cd7
2.4.3
a60cd7