[PATCH] Fall back to user-owned connections if user lacks, permissions


we've discussed this topic in the past and I thought I put the patches
out there in the hope to get them merged upstream.
To solve the user vs system vs PK prompts issues, we apply the following
patch in Debian. I have similar patches for gnome-shell and
gnome-control which have been posted to the bgo bug tracker [1].

We've been using those patches for a bit now and they will be in our
next stable release and generally users seem to be happy with this.

The main point is, that we *never* want to bother the user with PK
prompts for trivial actions like creating a wifi connection.

The patch description reads:

For simple operations like creating a wireless connection, we never want
to bother the user with PolicyKit prompts. On the other hand, granting
every user the org.freedesktop.NetworkManager.settings.modify.system
privilege (without authorization) might not be wanted in certain setups
(like a shared laptop/computer use case).
To address this we check in advance if the action would trigger a
PolicyKit prompt and if that is the case fall back to user-owned
connections where the secret is agent-owned.
The logic is:
- Bluetooth, CDMA and GSM connections: always user-owned
- WEP/WPA connections: system-owned if user has the permissions,
  user-owned otherwise.
- WiMax / Wired connections: always system-owned (with 802.1x
  passwords in the keyring).

Distributions can still choose to override the PolicyKit configuration
to grant all active users those provileges (currently used in Fedora),
or make that based on group memberships (like Debian does).

I've set Joss as Author since he has been doing most of the work on this


[1] https://bugzilla.gnome.org/show_bug.cgi?id=646187
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

Attachment: 0001-Fall-back-to-user-owned-connections-if-user-lacks-pe.patch
Description: Text Data

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]