From 0114e4d965e138ca2f2d81c342ff103525ecb56e Mon Sep 17 00:00:00 2001 From: Sergey Shatunov Date: Thu, 18 Jun 2020 03:34:55 +0700 Subject: [PATCH 1/2] Add option to tweak privileged group in polkit rules Signed-off-by: Sergey Shatunov --- ...ls.rules => com.endlessm.ParentalControls.rules.in} | 2 +- accounts-service/meson.build | 10 ++++++++-- meson_options.txt | 6 ++++++ 3 files changed, 15 insertions(+), 3 deletions(-) rename accounts-service/{com.endlessm.ParentalControls.rules => com.endlessm.ParentalControls.rules.in} (96%) diff --git a/accounts-service/com.endlessm.ParentalControls.rules b/accounts-service/com.endlessm.ParentalControls.rules.in similarity index 96% rename from accounts-service/com.endlessm.ParentalControls.rules rename to accounts-service/com.endlessm.ParentalControls.rules.in index b3bf998..fa021fa 100644 --- a/accounts-service/com.endlessm.ParentalControls.rules +++ b/accounts-service/com.endlessm.ParentalControls.rules.in @@ -27,7 +27,7 @@ polkit.addRule(function(action, subject) { action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" || action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") && subject.active && subject.local && - subject.isInGroup("sudo")) { + subject.isInGroup("@PRIVILEGED_GROUP@")) { return polkit.Result.YES; } diff --git a/accounts-service/meson.build b/accounts-service/meson.build index 09a149e..6942d2b 100644 --- a/accounts-service/meson.build +++ b/accounts-service/meson.build @@ -21,5 +21,11 @@ foreach dbus_interface: dbus_interfaces join_paths(accountsserviceinterfacesdir, filename)) endforeach -install_data('com.endlessm.ParentalControls.rules', - install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d')) +polkit_conf = configuration_data() +polkit_conf.set('PRIVILEGED_GROUP', get_option('privileged_group')) +configure_file( + input: 'com.endlessm.ParentalControls.rules.in', + output: 'com.endlessm.ParentalControls.rules', + configuration: polkit_conf, + install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d') +) diff --git a/meson_options.txt b/meson_options.txt index d516c70..726cac1 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -21,3 +21,9 @@ option( value: false, description: 'use installed libmalcontent rather than building it; used in distros to break a dependency cycle' ) +option( + 'privileged_group', + type: 'string', + value: 'wheel', + description: 'name of group that has elevated permissions' +) From ffb12793014cce5e87ced18283d4f4c1dfca1d2e Mon Sep 17 00:00:00 2001 From: Sergey Shatunov Date: Thu, 18 Jun 2020 03:39:01 +0700 Subject: [PATCH 2/2] Use sudo group in debian ci build Signed-off-by: Sergey Shatunov --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a204fb3..aee3715 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -22,7 +22,7 @@ debian: except: - tags script: - - meson --buildtype debug --werror -Db_coverage=true -Ddocumentation=true _build . + - meson --buildtype debug --werror -Db_coverage=true -Ddocumentation=true -Dprivileged_group=sudo _build . - meson test -C _build # FIXME: lcov doesn't support gcc9 yet: # https://github.com/linux-test-project/lcov/issues/58