diff options
author | Matthias Clasen <mclasen@redhat.com> | 2012-04-16 05:00:24 +0200 |
---|---|---|
committer | Matthias Clasen <mclasen@redhat.com> | 2012-04-16 05:00:24 +0200 |
commit | 8ecdfa506d4e2b69d9489356402c247f89bbcb59 (patch) | |
tree | 1594ae3a1cf639ad3a579d370a4d388449f538dd | |
parent | a17f9d131c981b9a7c2f2f12837bb28d7cca211d (diff) | |
download | gdm-8ecdfa506d4e2b69d9489356402c247f89bbcb59.tar.gz |
Add policy to allow gdm-initial-setup to copy account data
We are using pkexec to run /usr/bin/install. The action
we are installing here has an annotation that tells polkit
to allow this.
-rw-r--r-- | data/20-gdm-initial-setup.pkla | 2 | ||||
-rw-r--r-- | data/Makefile.am | 4 | ||||
-rw-r--r-- | data/org.gnome.gdm-initial-setup.policy | 20 |
3 files changed, 25 insertions, 1 deletions
diff --git a/data/20-gdm-initial-setup.pkla b/data/20-gdm-initial-setup.pkla index ef6c381f..f8b6c55a 100644 --- a/data/20-gdm-initial-setup.pkla +++ b/data/20-gdm-initial-setup.pkla @@ -7,7 +7,7 @@ # [Initial Setup Permissions] Identity=unix-user:gdm-initial-setup -Action=org.freedesktop.accounts.*;org.freedesktop.timedate1.*;org.freedesktop.udisks.filesystem-mount-system-internal;org.freedesktop.RealtimeKit1.* +Action=org.freedesktop.accounts.*;org.freedesktop.timedate1.*;org.freedesktop.udisks.filesystem-mount-system-internal;org.freedesktop.RealtimeKit1.*;org.gnome.gdm-initial-setup.pkexec.install; ResultAny=auth_admin ResultInactive=auth_admin ResultActive=yes diff --git a/data/Makefile.am b/data/Makefile.am index 24a2756c..6a243ac1 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -100,12 +100,16 @@ pam_DATA = gdm-fingerprint gdm-smartcard policydir = $(datadir)/gdm policy_DATA = 20-gdm-initial-setup.pkla +polkitdir = $(datadir)/polkit-1/actions +polkit_DATA = org.gnome.gdm-initial-setup.policy + EXTRA_DIST = \ $(schemas_in_files) \ $(schemas_DATA) \ $(dbusconf_in_files) \ $(localealias_DATA) \ $(policy_DATA) \ + $(polkit_DATA) \ gdm.schemas.in.in \ gdm.conf-custom.in \ Xsession.in \ diff --git a/data/org.gnome.gdm-initial-setup.policy b/data/org.gnome.gdm-initial-setup.policy new file mode 100644 index 00000000..bd7be8d0 --- /dev/null +++ b/data/org.gnome.gdm-initial-setup.policy @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC +"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" +"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd"> +<policyconfig> + + <vendor>GNOME</vendor> + <vendor_url>http://www.gnome.org</vendor_url> + + <action id="org.gnome.gdm-initial-setup.pkexec.install"> + <description>Copy account data</description> + <message>Authentication is required to copy account data</message> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/install</annotate> + </action> +</policyconfig> |