You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
1.5 KiB
33 lines
1.5 KiB
From 8914e11968a934faa651311fd98a98a3a19218ae Mon Sep 17 00:00:00 2001
|
|
From: Michael Catanzaro <mcatanzaro@gnome.org>
|
|
Date: Wed, 3 Jun 2020 10:45:12 -0500
|
|
Subject: [PATCH] Allow admin users to remove packages without password prompt
|
|
|
|
A local, active admin user can install packages without a password
|
|
prompt, but has to enter the admin password to remove packages. This
|
|
doesn't make much sense. It should be parallel.
|
|
|
|
Note that this change has no effect on what users are able to do,
|
|
because it only applies to admin users. The password only protects
|
|
against unlocked workstation attackers, where an attacker gains physical
|
|
access to an unlocked desktop. It's pretty weird to prevent such an
|
|
attacker from removing software, but allow installing new stuff.
|
|
|
|
https://pagure.io/fedora-workstation/issue/233
|
|
---
|
|
policy/org.freedesktop.packagekit.rules | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/policy/org.freedesktop.packagekit.rules b/policy/org.freedesktop.packagekit.rules
|
|
index 6a1c8a701..95d21925f 100644
|
|
--- a/policy/org.freedesktop.packagekit.rules
|
|
+++ b/policy/org.freedesktop.packagekit.rules
|
|
@@ -1,5 +1,6 @@
|
|
polkit.addRule(function(action, subject) {
|
|
- if (action.id == "org.freedesktop.packagekit.package-install" &&
|
|
+ if ((action.id == "org.freedesktop.packagekit.package-install" ||
|
|
+ action.id == "org.freedesktop.packagekit.package-remove") &&
|
|
subject.active == true && subject.local == true &&
|
|
subject.isInGroup("wheel")) {
|
|
return polkit.Result.YES;
|