Summary: | net-misc/networkmanager: Include PolicyKit .pkla file for "plugdev" group to grant access even for inactive users etc. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Markos Chandras (RETIRED) <hwoarang> |
Component: | New packages | Assignee: | Robert Piasek (RETIRED) <dagger> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | nirbheek, ssuominen, steev |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://forums.gentoo.org/viewtopic-t-856143.html | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | 01-org.freedesktop.NetworkManager.pkla |
Description
Markos Chandras (RETIRED)
2010-12-12 15:03:32 UTC
Steps to reproduce: 1. Update networkmanager & nm-applet to 0.8.2 2. Reload dbus 3. Restart NetworkManager service 4. Launch nm-applet For people who are not using polkit - I'll re-introduce dbus policy patch. R I've now re-added plugdev group patch Well, nm-applet still doesn't work And to be more precise, Enable Networking and Enable wireless are grey (disabled) on nm-applet. Furthermore when I try to launch any of my vpn connections I get the following result ** (nm-applet:3914): WARNING **: <WARN> activate_vpn_cb(): VPN Connection activation failed: (org.freedesktop.NetworkManager.PermissionDenied) No user settings service available I'm not sure what is wrong. Is there a decent way to configure networkmanager+nm-applet will polkit? (In reply to comment #5) > And to be more precise, Enable Networking and Enable wireless are grey > (disabled) on nm-applet. Furthermore when I try to launch any of my vpn > connections I get the following result > > > ** (nm-applet:3914): WARNING **: <WARN> activate_vpn_cb(): VPN Connection > activation failed: (org.freedesktop.NetworkManager.PermissionDenied) No user > settings service available > > > I'm not sure what is wrong. Is there a decent way to configure > networkmanager+nm-applet will polkit? > Ok, ignore me. dbus works fine. Polkit is the one that has troubles. Sorry for the noise reopen as the solution is incorrect and I would even claim this is a gaping security hole. plugdev group is useless. hwoarang, please see this thread: http://forums.gentoo.org/viewtopic-t-858965-highlight-tips+tricks.html tampakrap is working on converting it into a guidexml official documentation. Will remove the plugdev group support in couple of days as it's redudant. Created attachment 275813 [details] 01-org.freedesktop.NetworkManager.pkla See bug 369667. Then see what files get installed into /usr/share/polkit-1 by networkmanager to find out the current defaults for active vs. inactive users. Then you can create even more specific .pkla file. This file in $FILESDIR and installed with from ebuild's src_install(): insinto /etc/polkit-1/localauthority/10-vendor.d doins "${FILESDIR}"/01-org.freedesktop.NetworkManager.pkla The "enewgroup plugdev" should then be restored into networkmanager's ebuild. And: man 8 pklocalauthority This is finally fixed by this commit today: +*networkmanager-0.9.1.90-r3 (29 Oct 2011) + + 29 Oct 2011; Alexandre Rostovtsev <tetromino@gentoo.org> + +files/01-org.freedesktop.NetworkManager.settings.modify.system.pkla, + +networkmanager-0.9.1.90-r3.ebuild, + +files/networkmanager-0.9.1.90-force-libnl1.1.patch, + +files/networkmanager-0.9.1.90-if.h.patch, + +files/networkmanager-0.9.1.90-rfkill.patch: + Bump to 0.9.1.90 from the gnome overlay. Allow users in plugdev group to + modify system connections (so dropped wireless connections no longer bring up + a modal root password prompt), thanks to Samuli Suominen for the solution. + Numerous code changes. |