Allow any admin users to install system firmware without a password

From a security point of view, this is no more scary than allowing admin users
to install a new kernel or glibc package.
This commit is contained in:
Richard Hughes 2015-03-11 19:53:45 +00:00
parent d7022b50e6
commit d08dca72f6
3 changed files with 13 additions and 0 deletions

View File

@ -47,6 +47,7 @@ make install DESTDIR=$RPM_BUILD_ROOT
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.fwupd.conf
%{_datadir}/dbus-1/interfaces/org.freedesktop.fwupd.xml
%{_datadir}/polkit-1/actions/org.freedesktop.fwupd.policy
%{_datadir}/polkit-1/rules.d/org.freedesktop.fwupd.rules
%{_datadir}/dbus-1/system-services/org.freedesktop.fwupd.service
%{_datadir}/man/man1/fwupdmgr.1.gz
%dir %{_localstatedir}/lib/fwupd

View File

@ -1,3 +1,8 @@
polkit_rulesdir = $(datadir)/polkit-1/rules.d
dist_polkit_rules_DATA = \
org.freedesktop.fwupd.rules
@INTLTOOL_POLICY_RULE@
polkit_policydir = $(datadir)/polkit-1/actions
polkit_policy_in_files = org.freedesktop.fwupd.policy.in

View File

@ -0,0 +1,7 @@
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.fwupd.update-internal" &&
subject.active == true && subject.local == true &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});