From 2361c9e0b6b3792ca82a2ffdda670dbc59e8fa8e Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Wed, 4 Mar 2020 10:26:33 -0800 Subject: [PATCH] firewalld: Add polkit JS authority rules files This should help with FreedomBox getting authorizations to access firewalld D-Bus API for polkit versions > 0.105 where polkit local authority is not available. Helps #1728. Tests performed: - Install policykit-1 version 0.105. Something like apt install policykit-1=0.105-26 libpolkit-agent-1-0=0.105-26 libpolkit-gobject-1-0=0.105-26 - Visit privoxy page. See internal networks warning with all the interfaces listed properly. - Visit firewalld page, view list of apps and services properly. - Enable privoxy, see the port opened in firewalld page. - Disable privoxy, see the port closed in firewalld page. - Run diagnostics for privoxy see that ports' diagnostics results pass. - Add Debian experimental to /etc/apt/sources.list. apt update. Then install policykit-1 version 0.116. apt install -t experimental policykit-1. - Repeat all above tests. Signed-off-by: Sunil Mohan Adapa Reviewed-by: Veiko Aasa --- .../rules.d/50-freedombox-firewalld.rules | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 plinth/modules/firewall/data/usr/share/polkit-1/rules.d/50-freedombox-firewalld.rules diff --git a/plinth/modules/firewall/data/usr/share/polkit-1/rules.d/50-freedombox-firewalld.rules b/plinth/modules/firewall/data/usr/share/polkit-1/rules.d/50-freedombox-firewalld.rules new file mode 100644 index 000000000..ff9edc2dd --- /dev/null +++ b/plinth/modules/firewall/data/usr/share/polkit-1/rules.d/50-freedombox-firewalld.rules @@ -0,0 +1,16 @@ +/* +# SPDX-License-Identifier: AGPL-3.0-or-later + +This file is used only by policykit-1 version > 0.105. A corresponding .pkla +file is used by policykit-1 <= 0.105. See: +https://davidz25.blogspot.com/2012/06/authorization-rules-in-polkit.html + +*/ + +polkit.addRule(function(action, subject) { + if ((action.id == "org.fedoraproject.FirewallD1.config.info" || + action.id == "org.fedoraproject.FirewallD1.config") && + subject.user == "plinth") { + return polkit.Result.YES; + } +});