[oe] [PATCH 2/5] networkmanager: introduce polkit package config
Stefan Agner
stefan at agner.ch
Thu Jan 17 19:09:56 UTC 2019
On 17.01.2019 18:50, Andreas Müller wrote:
> On Thu, Jan 17, 2019 at 5:27 PM Stefan Agner <stefan at agner.ch> wrote:
> Hi Stefan,
>
> sorry but don't like this patch as is:
>>
>> From: Stefan Agner <stefan.agner at toradex.com>
>>
>> Currently polkit is enabled if systemd is in package config. Those
>> two things are orthogonal: NetworkManager can be used with systemd
>> and without polkit just fine.
> Did you test this (=change networkmanager connections settings) as an
> unpriviledged user?
Works as expected: need to be root to change connection settings :-)
We plan to use D-Bus and D-Bus policies (<policy> tags) to allow some
settings to unpriviledged users/groups.
>>
>> Introduce a new polkit package config and enable it depending on
>> whether polkit is in DISTRO_FEATURES.
>
> * it changes the current behaviour and the default suggested by
> configure.ac: 'we usually compile with polkit support.' and
> meson.build sets polkit by default.
Yes, this changes default behavior. I did not do that lightly, but I
think it is sensible to have a global policy on polkit, and also let
NetworkManager follow it. I guess the change in default behavior needs
to be pointed out in the documentation e.g. in the chapter "Moving to
the Yocto Project 2.7 Release".
Throughout OpenEmbedded we had vastly different behavior wrt polkit.
ConnMan disables it by default without any option to enable it. Quite
some packages make it dependent on systemd, some have just a local
package config polkit etc...
We have a WiFi capable headless device with restricted flash and would
like to use NetworkManager. Using polkit pulls in mozjs, which is rather
large. We do not need interactive authentication capabilities, since our
device does not allow direct user interaction...
> * as far as I know there is no polkit DISTRO_FEATURE in metaverse yet.
Hm, yes, we definitely should add polkit. How can I do this?
>
> I suggest to add polkit PACKAGECONFIG if systemd is in DISTRO_FEATURES
> - if you don't want polkit you can add a PACKAGECONFIG_remove =
> "polkit" somewhere.
Yes, I know that. We had this in place so far.
However, rather than having a bunch of PACKAGECONFIG, I'd rather have a
distro wide policy on polkit. I did send an email to oe-core with a
cover letter, and since that patch got merged, I was assuming that
polkit as a distro policy is the way to go.
http://lists.openembedded.org/pipermail/openembedded-core/2019-January/278021.html
--
Stefan
More information about the Openembedded-devel
mailing list