diff options
author | Thomas Haller <thaller@redhat.com> | 2014-08-19 18:56:23 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2014-09-29 13:51:11 +0200 |
commit | 53e244bef637c3e4004961651d4ed23eda7393b5 (patch) | |
tree | fcc07fb0b3fe5ecab3b2b5c00587a9075a3d8ee7 /configure.ac | |
parent | eabe7d856c243673bbaba3295ce74d72e188596d (diff) | |
download | NetworkManager-53e244bef637c3e4004961651d4ed23eda7393b5.tar.gz |
auth: support disabling POLKIT authentication entirely at compile time
Let the user completly disable polkit authentication by
building NM with configure option '--enable-polkit=disabled'.
In that case, configuring 'main.auth-polkit=yes' will fail all
authentication requests (except root-requests, which are always granted).
This reduces the size of the NetworkManager binary by some 26KB (16KB
stripped).
Signed-off-by: Thomas Haller <thaller@redhat.com>
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/configure.ac b/configure.ac index 93fc135265..13bd82d203 100644 --- a/configure.ac +++ b/configure.ac @@ -457,9 +457,14 @@ else fi AM_CONDITIONAL(WITH_TEAMDCTL, test "${enable_teamdctl}" = "yes") -AC_ARG_ENABLE(polkit, AS_HELP_STRING([--enable-polkit], [set default value for auth-polkit configuration option]), +# we usually compile with polkit support. --enable-polkit=yes|no only sets the +# default configuration for main.auth-polkit. User can always enable/disable polkit +# autorization via config. Only when specifying --enable-polkit=disabled, we do +# not compile support. In this case, the user cannot enable polkit authorization via +# configuration. +AC_ARG_ENABLE(polkit, AS_HELP_STRING([--enable-polkit=yes|no|disabled], [set default value for auth-polkit configuration option. This value can be overwritten by NM configuration. 'disabled' compiles NM without any support]), [enable_polkit=${enableval}], [enable_polkit=yes]) -if (test "${enable_polkit}" != "no"); then +if (test "${enable_polkit}" != "no" -a "${enable_polkit}" != "disabled"); then enable_polkit=yes AC_DEFINE(NM_CONFIG_DEFAULT_AUTH_POLKIT, TRUE, [The default value of the auth-polkit configuration option]) NM_CONFIG_DEFAULT_AUTH_POLKIT_TEXT='true' @@ -467,6 +472,11 @@ else AC_DEFINE(NM_CONFIG_DEFAULT_AUTH_POLKIT, FALSE, [The default value of the auth-polkit configuration option]) NM_CONFIG_DEFAULT_AUTH_POLKIT_TEXT='false' fi +if (test "${enable_polkit}" != "disabled"); then + AC_DEFINE(WITH_POLKIT, 1, [whether to compile polkit support]) +else + AC_DEFINE(WITH_POLKIT, 0, [whether to compile polkit support]) +fi AC_SUBST(NM_CONFIG_DEFAULT_AUTH_POLKIT_TEXT) AC_ARG_ENABLE(modify-system, @@ -961,10 +971,14 @@ echo echo "Platform:" echo " session tracking: $with_session_tracking" echo " suspend/resume: $with_suspend_resume" -if test "${enable_modify_system}" = "yes"; then - echo " policykit: yes (permissive modify.system) (default=${enable_polkit})" +if test "${enable_polkit}" = "yes"; then + if test "${enable_modify_system}" = "yes"; then + echo " policykit: yes (permissive modify.system) (default=${enable_polkit})" + else + echo " policykit: yes (restrictive modify.system) (default=${enable_polkit})" + fi else - echo " policykit: yes (restrictive modify.system) (default=${enable_polkit})" + echo " policykit: no" fi echo " selinux: $have_selinux" echo |