Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Revert "Run nm-applet as normal user"

Browse Source 
This reverts commit 2f5b6e6582e71630193d0098d4cc60db019e1e9b.

Dbus policy hacking not needed any more. ConsoleKit session is correctly started.
This commit is contained in:
Marek Marczykowski 2011-04-29 02:26:25 +02:00
parent 638473a364
commit 59071d87b9
2 changed files with 0 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
netvm/dbus-nm-applet.conf
View File

@ -1,42 +0,0 @@
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!--
WARNING: if running any D-Bus version prior to 1.2.6, you may be
vulnerable to information leakage via the NM D-Bus interface.
Previous D-Bus versions did not deny-by-default, and this permissions
config file assumes that D-Bus will deny rules by default unless
explicitly over-ridden with an <allow /> tag.
-->
<policy user="root">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
<!-- Only root can get secrets -->
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
</policy>
<policy user="user">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
</policy>
<policy context="default">
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.DBus.Introspectable"/>
</policy>
<limit name="max_replies_per_connection">512</limit>
</busconfig>

9
rpm_spec/core-netvm.spec
View File

@ -66,9 +66,6 @@ mkdir -p $RPM_BUILD_ROOT/var/run/qubes
mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts
cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
mkdir -p $RPM_BUILD_ROOT/etc/dbus-1/system.d
cp ../netvm/dbus-nm-applet.conf $RPM_BUILD_ROOT/etc/dbus-1/system.d/qubes-nm-applet.conf
%post %post
# Create NetworkManager configuration if we do not have it # Create NetworkManager configuration if we do not have it
@ -91,11 +88,6 @@ if [ "$1" = 0 ] ; then
chkconfig qubes_core_netvm off chkconfig qubes_core_netvm off
fi fi
%triggerin -- NetworkManager
# Fix PolicyKit settings to allow run as normal user not visible to ConsoleKit
sed 's#<defaults>$#\0<allow_any>yes</allow_any>#' -i /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -108,4 +100,3 @@ rm -rf $RPM_BUILD_ROOT
/etc/NetworkManager/dispatcher.d/qubes_nmhook /etc/NetworkManager/dispatcher.d/qubes_nmhook
/etc/NetworkManager/dispatcher.d/30-qubes_external_ip /etc/NetworkManager/dispatcher.d/30-qubes_external_ip
/etc/xen/scripts/vif-route-qubes /etc/xen/scripts/vif-route-qubes
/etc/dbus-1/system.d/qubes-nm-applet.conf