Merge branch 'privileged_group' into 'master'

Add option to tweak privileged group in polkit rules

Closes #22

See merge request pwithnall/malcontent!76
This commit is contained in:
Philip Withnall 2020-06-18 13:12:39 +00:00
commit 363bd53e7d
4 changed files with 16 additions and 4 deletions

View File

@ -22,7 +22,7 @@ debian:
except: except:
- tags - tags
script: script:
- meson --buildtype debug --werror -Db_coverage=true -Ddocumentation=true _build . - meson --buildtype debug --werror -Db_coverage=true -Ddocumentation=true -Dprivileged_group=sudo _build .
- meson test -C _build - meson test -C _build
# FIXME: lcov doesn't support gcc9 yet: # FIXME: lcov doesn't support gcc9 yet:
# https://github.com/linux-test-project/lcov/issues/58 # https://github.com/linux-test-project/lcov/issues/58

View File

@ -27,7 +27,7 @@ polkit.addRule(function(action, subject) {
action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" || action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" ||
action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") && action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") &&
subject.active && subject.local && subject.active && subject.local &&
subject.isInGroup("sudo")) { subject.isInGroup("@PRIVILEGED_GROUP@")) {
return polkit.Result.YES; return polkit.Result.YES;
} }

View File

@ -21,5 +21,11 @@ foreach dbus_interface: dbus_interfaces
join_paths(accountsserviceinterfacesdir, filename)) join_paths(accountsserviceinterfacesdir, filename))
endforeach endforeach
install_data('com.endlessm.ParentalControls.rules', polkit_conf = configuration_data()
install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d')) polkit_conf.set('PRIVILEGED_GROUP', get_option('privileged_group'))
configure_file(
input: 'com.endlessm.ParentalControls.rules.in',
output: 'com.endlessm.ParentalControls.rules',
configuration: polkit_conf,
install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d')
)

View File

@ -21,3 +21,9 @@ option(
value: false, value: false,
description: 'use installed libmalcontent rather than building it; used in distros to break a dependency cycle' description: 'use installed libmalcontent rather than building it; used in distros to break a dependency cycle'
) )
option(
'privileged_group',
type: 'string',
value: 'wheel',
description: 'name of group that has elevated permissions'
)