[gdm/wip/initial-setup2] Add policy to allow gdm-initial-setup to copy account data

From: Matthias Clasen <matthiasc src gnome org>
To: commits-list gnome org
Cc:
Subject: [gdm/wip/initial-setup2] Add policy to allow gdm-initial-setup to copy account data
Date: Mon, 16 Apr 2012 03:57:03 +0000 (UTC)

commit 8ecdfa506d4e2b69d9489356402c247f89bbcb59
Author: Matthias Clasen <mclasen redhat com>
Date:   Mon Apr 16 05:00:24 2012 +0200

    Add policy to allow gdm-initial-setup to copy account data
    
    We are using pkexec to run /usr/bin/install. The action
    we are installing here has an annotation that tells polkit
    to allow this.

 data/20-gdm-initial-setup.pkla          |    2 +-
 data/Makefile.am                        |    4 ++++
 data/org.gnome.gdm-initial-setup.policy |   20 ++++++++++++++++++++
 3 files changed, 25 insertions(+), 1 deletions(-)
---
diff --git a/data/20-gdm-initial-setup.pkla b/data/20-gdm-initial-setup.pkla
index ef6c381..f8b6c55 100644
--- a/data/20-gdm-initial-setup.pkla
+++ b/data/20-gdm-initial-setup.pkla
@@ -7,7 +7,7 @@
 #
 [Initial Setup Permissions]
 Identity=unix-user:gdm-initial-setup
-Action=org.freedesktop.accounts.*;org.freedesktop.timedate1.*;org.freedesktop.udisks.filesystem-mount-system-internal;org.freedesktop.RealtimeKit1.*
+Action=org.freedesktop.accounts.*;org.freedesktop.timedate1.*;org.freedesktop.udisks.filesystem-mount-system-internal;org.freedesktop.RealtimeKit1.*;org.gnome.gdm-initial-setup.pkexec.install;
 ResultAny=auth_admin
 ResultInactive=auth_admin
 ResultActive=yes
diff --git a/data/Makefile.am b/data/Makefile.am
index 24a2756..6a243ac 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -100,12 +100,16 @@ pam_DATA = gdm-fingerprint gdm-smartcard
 policydir = $(datadir)/gdm
 policy_DATA = 20-gdm-initial-setup.pkla
 
+polkitdir = $(datadir)/polkit-1/actions
+polkit_DATA = org.gnome.gdm-initial-setup.policy
+
 EXTRA_DIST =			\
 	$(schemas_in_files)	\
 	$(schemas_DATA)		\
 	$(dbusconf_in_files)	\
 	$(localealias_DATA)	\
 	$(policy_DATA)		\
+	$(polkit_DATA)		\
 	gdm.schemas.in.in	\
 	gdm.conf-custom.in 	\
 	Xsession.in 		\
diff --git a/data/org.gnome.gdm-initial-setup.policy b/data/org.gnome.gdm-initial-setup.policy
new file mode 100644
index 0000000..bd7be8d
--- /dev/null
+++ b/data/org.gnome.gdm-initial-setup.policy
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd";>
+<policyconfig>
+
+ <vendor>GNOME</vendor>
+ <vendor_url>http://www.gnome.org</vendor_url>
+
+ <action id="org.gnome.gdm-initial-setup.pkexec.install">
+    <description>Copy account data</description>
+    <message>Authentication is required to copy account data</message>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>no</allow_inactive>
+     <allow_active>auth_admin</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/install</annotate>
+ </action>
+</policyconfig>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]