diff options
| author | Thomas Haller <thaller@redhat.com> | 2019-12-10 08:51:03 +0100 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2019-12-11 13:13:05 +0100 |
| commit | a0a5b0b2f51a01b651270a4de72c6d7e80d47a84 (patch) | |
| tree | 654273a9b11fd8726194bd9564eaf02c5e7e235a /meson_options.txt | |
| parent | d27fcd07541ae6f524115d5b0f36e14673135ca3 (diff) | |
| download | NetworkManager-a0a5b0b2f51a01b651270a4de72c6d7e80d47a84.tar.gz | |
core: add main.auth-polkit option "root-only"
We always build with PolicyKit support enabled, because it has no
additional dependencies, beside some D-Bus calls.
However, in NetworkManager.conf the user could configure
"main.auth-polkit" to disable PolicyKit. However, previously it would
only allow to disable PolicyKit while granting access to all users.
I think it's useful to have an option that disables PolicyKit and grants
access only to root. I think we should not go too far in implementing
our own authorization mechanisms beside PolicyKit (e.g. you cannot
disable PolicyKit and grant access based on group membership of the
user). However, disabling PolicyKit can be useful sometimes, and it's
simple to implement a "root-only" setup.
Note one change is that when NetworkManager now runs without a D-Bus
connection (in initrd), it would deny all non-root requests. Previously
it would grant access. I think there should be little difference in
practice, because if we have no D-Bus we also don't have any requests to
authenticate.
(cherry picked from commit 6d7446e52f5bfe379c2b1f54f9244b33fd236e32)
Diffstat (limited to 'meson_options.txt')
| -rw-r--r-- | meson_options.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meson_options.txt b/meson_options.txt index 4f4f0d5c5a..041d9bfc38 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -14,7 +14,7 @@ option('session_tracking_consolekit', type: 'boolean', value: true, description: option('session_tracking', type: 'combo', choices: ['systemd', 'elogind', 'no'], value: 'systemd', description: 'Compatibility option to choose one session tracking module') option('suspend_resume', type: 'combo', choices: ['upower', 'systemd', 'elogind', 'consolekit', 'auto'], value: 'auto', description: 'Build NetworkManager with specific suspend/resume support') option('polkit', type: 'boolean', value: true, description: 'User auth-polkit configuration option.') -option('config_auth_polkit_default', type: 'combo', choices: ['default', 'true', 'false'], value: 'default', description: 'Default value for configuration main.auth-polkit.') +option('config_auth_polkit_default', type: 'combo', choices: ['default', 'true', 'false', 'root-only'], value: 'default', description: 'Default value for configuration main.auth-polkit.') option('modify_system', type: 'boolean', value: false, description: 'Allow users to modify system connections') option('polkit_agent', type: 'boolean', value: false, description: 'enable polkit agent for clients') option('selinux', type: 'boolean', value: true, description: 'Build with SELinux') |