Merge branch 'privileged_group' into 'master'

Add option to tweak privileged group in polkit rules

Closes #22

See merge request pwithnall/malcontent!76
This commit is contained in:
Philip Withnall 2020-06-18 13:12:39 +00:00
commit 363bd53e7d
4 changed files with 16 additions and 4 deletions

View File

@ -22,7 +22,7 @@ debian:
except:
- tags
script:
- meson --buildtype debug --werror -Db_coverage=true -Ddocumentation=true _build .
- meson --buildtype debug --werror -Db_coverage=true -Ddocumentation=true -Dprivileged_group=sudo _build .
- meson test -C _build
# FIXME: lcov doesn't support gcc9 yet:
# https://github.com/linux-test-project/lcov/issues/58

View File

@ -27,7 +27,7 @@ polkit.addRule(function(action, subject) {
action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" ||
action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") &&
subject.active && subject.local &&
subject.isInGroup("sudo")) {
subject.isInGroup("@PRIVILEGED_GROUP@")) {
return polkit.Result.YES;
}

View File

@ -21,5 +21,11 @@ foreach dbus_interface: dbus_interfaces
join_paths(accountsserviceinterfacesdir, filename))
endforeach
install_data('com.endlessm.ParentalControls.rules',
install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d'))
polkit_conf = configuration_data()
polkit_conf.set('PRIVILEGED_GROUP', get_option('privileged_group'))
configure_file(
input: 'com.endlessm.ParentalControls.rules.in',
output: 'com.endlessm.ParentalControls.rules',
configuration: polkit_conf,
install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d')
)

View File

@ -21,3 +21,9 @@ option(
value: false,
description: 'use installed libmalcontent rather than building it; used in distros to break a dependency cycle'
)
option(
'privileged_group',
type: 'string',
value: 'wheel',
description: 'name of group that has elevated permissions'
)