summaryrefslogtreecommitdiff
path: root/policy
Commit message (Collapse)AuthorAgeFilesLines
* policy: fix policy after dcbw/kill-at-console merge (bgo #707983) (rh #979416)Dan Williams2014-01-241-2/+8
| | | | | | | | | | Polkit documentation suggests that <allow_any> applies to all clients, but that's actually not the case. allow_any, allow_inactive, and allow_active are evaluated individually based on whether the user is local and active (allow_active), local and inactive (allow_inactive), and not local (allow_any). Thus all three allow options must be specified for any authorization other than 'no'.
* policy: allow inactive (remote/SSH) sessions to perform some actions (bgo ↵Dan Williams2014-01-231-6/+3
| | | | | | | | | | | | #707983) (rh #979416) This commit allows inactive sessions (typically SSH or remote desktop logins) to modify their own connections, to modify the system hostname with authorization, and to modify system connections with authorization. https://bugzilla.redhat.com/show_bug.cgi?id=979416 https://bugzilla.gnome.org/show_bug.cgi?id=707983
* build: distcheck fixesDan Winship2012-10-041-1/+1
|
* policy: add a configure option for a permissive modify.system defaultDan Winship2012-09-282-4/+4
| | | | | | Add --enable-modify-system, to change the default for org.freedesktop.NetworkManager.settings.modify.system to allow users to edit system connections without needing to authenticate.
* policy: revert system modify permission to auth_admin_keepDan Williams2011-03-211-1/+1
| | | | | | | For now, until we figure out a better story here. We don't necessarily want to require an admin password just to connect to a wifi network after installing, but for now lets be secure-by-default while we figure out the right solution.
* policy: rename HOSTNAME_MODIFY -> MODIFY_HOSTNAME for consistencyDan Williams2011-02-111-1/+1
|
* policy: add a "modify own" permission for single-user-visible connectionsDan Williams2011-02-111-0/+9
| | | | | | | This policy will allow users to modify their personal connections (ie maybe VPN connections, etc) distinctly from system-wide connections that affect more than just their user. It makes sense to be more lenient when making changes to settings that don't affect other users.
* policy: rename "modfiy" permission to "modify system"Dan Williams2011-02-111-4/+4
| | | | | | Meaning stays the same, but this will allow us to differentiate in the future between personal connections (ie, just visible to one user) and system connections (visible to more than one user).
* Merge remote branch 'origin/master' into rm-usersetDan Williams2011-01-121-0/+9
|\
| * wimax: fix up WiMAX radio enable/disable and add polkit permissionDan Williams2011-01-021-0/+9
| |
* | core: consolidate all permissions checking into main D-Bus interfaceDan Williams2010-08-261-16/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | Moves the system settings permissions checking into the core service's permissions checking, which at the same time enables 3-way permission reporting (yes, no, auth) instead of the old yes/no that we had for system settings permissions before. This allows UI to show a lock icon or such when the user could authenticate to gain the permission. It also moves the wifi-create permissions' namespace to the main namespace (not .settings) since they really should be checked before starting a shared wifi connection, rather than having anything to do with the settings service.
* | NetworkMangerSettings -> NetworkManager.SettingsDaniel Gnoutcheff2010-08-073-49/+36
| | | | | | | | | | | | | | Just for consistency, make settings related stuff live under the org.freedesktop.NetworkManager namespace, rather than its own org.freedesktop.NetworkManagerSettings namespace. Renames are done for DBus interface names, DBus object paths, and polkit actions.
* | Remove use-user-connections polkit actionDaniel Gnoutcheff2010-08-061-9/+0
|/
* policy: don't tear down user connections on VT switch (rh #614556)Dan Williams2010-07-141-1/+1
| | | | | | | | | PK's "allow_inactive" actually means "allow inactive *local* users", so we do want to allow inactive local users to provide user connections. We don't want to allow non-local inactive users to provide user connections. So make the use-user-connections privilege match for both active and inactive so we get the behavior we want.
* core: add policy for overall network controlDan Williams2010-06-021-0/+9
| | | | | Allows for locking down connections completely and disallowing certain users from touching networking at all.
* core: PolicyKit-protect sleep/wakeDan Williams2010-05-291-0/+9
| | | | | | Default to 'not allowed', distros that need backwards compatibility can flip this to 'yes' if they need to. At this point, only power management scripts should call these functions.
* core: add permissions framework for various operations (rh #585182) (bgo ↵Dan Williams2010-05-282-1/+53
| | | | #619323)
* libnm-glib: libnm_glib -> libnm-glibDan Williams2009-08-261-13/+14
| | | | | Bothered me for a long time; now that we've bumped the soname, we can rename the library too.
* system-settings: add permissionsDan Williams2009-08-241-0/+27
| | | | | | | | | Since the new PolicyKit does away with easy checking of authorizations, we get to implement it by ourselves, but that's OK since we can actually use it for a lot more stuff. So add the GetPermissions call which returns the permissions the caller actually has, and a signal informing callers that their permissions might have changed. Hook this all up to PolicyKit so it's useful.
* polkit: fix policy for polkit >= 0.92Dan Williams2009-08-112-2/+2
|
* build: remove duplicate automake bitsDan Williams2009-07-281-2/+0
|
* fix distcheckDan Williams2009-07-081-0/+2
|
* distcheck: fix itDan Williams2009-06-111-0/+1
|
* policy-kit: make .policy file translatable (bgo #582918)David Planella2009-05-182-4/+6
|
* Build fixes from Michael BieblDan Williams2008-05-091-2/+2
| | | | git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3653 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* Remove duplicate bitDan Williams2008-05-091-1/+0
| | | | git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3652 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* remove duplicated sectionDan Williams2008-05-091-20/+1
| | | | git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3651 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* 2008-05-09 Tambet Ingo <tambet@gmail.com>Tambet Ingo2008-05-091-0/+21
| | | | | | | * Add another missing file, sigh. git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3649 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
* 2008-05-08 Tambet Ingo <tambet@gmail.com>Tambet Ingo2008-05-091-0/+42
* Add the missing policy/Makefile.am git-svn-id: http://svn-archive.gnome.org/svn/NetworkManager/trunk@3647 4912f4e0-d625-0410-9fb7-b9a5a253dbdc
View Lorry Controller Status