[oe] [PATCH 2/5] networkmanager: introduce polkit package config
Andreas Müller
schnitzeltony at gmail.com
Thu Jan 17 20:01:23 UTC 2019
On Thu, Jan 17, 2019 at 8:09 PM Stefan Agner <stefan at agner.ch> wrote:
>
> On 17.01.2019 18:50, Andreas Müller wrote:
> > On Thu, Jan 17, 2019 at 5:27 PM Stefan Agner <stefan at agner.ch> wrote:
> > Hi Stefan,
> >
> > sorry but don't like this patch as is:
> >>
> >> From: Stefan Agner <stefan.agner at toradex.com>
> >>
> >> Currently polkit is enabled if systemd is in package config. Those
> >> two things are orthogonal: NetworkManager can be used with systemd
> >> and without polkit just fine.
> > Did you test this (=change networkmanager connections settings) as an
> > unpriviledged user?
>
> Works as expected: need to be root to change connection settings :-)
>
> We plan to use D-Bus and D-Bus policies (<policy> tags) to allow some
> settings to unpriviledged users/groups.
>
> >>
> >> Introduce a new polkit package config and enable it depending on
> >> whether polkit is in DISTRO_FEATURES.
> >
> > * it changes the current behaviour and the default suggested by
> > configure.ac: 'we usually compile with polkit support.' and
> > meson.build sets polkit by default.
>
> Yes, this changes default behavior. I did not do that lightly, but I
> think it is sensible to have a global policy on polkit, and also let
> NetworkManager follow it. I guess the change in default behavior needs
> to be pointed out in the documentation e.g. in the chapter "Moving to
> the Yocto Project 2.7 Release".
>
> Throughout OpenEmbedded we had vastly different behavior wrt polkit.
> ConnMan disables it by default without any option to enable it. Quite
> some packages make it dependent on systemd, some have just a local
> package config polkit etc...
>
> We have a WiFi capable headless device with restricted flash and would
> like to use NetworkManager. Using polkit pulls in mozjs, which is rather
> large. We do not need interactive authentication capabilities, since our
> device does not allow direct user interaction...
>
>
> > * as far as I know there is no polkit DISTRO_FEATURE in metaverse yet.
>
> Hm, yes, we definitely should add polkit. How can I do this?
>
> >
> > I suggest to add polkit PACKAGECONFIG if systemd is in DISTRO_FEATURES
> > - if you don't want polkit you can add a PACKAGECONFIG_remove =
> > "polkit" somewhere.
>
> Yes, I know that. We had this in place so far.
>
> However, rather than having a bunch of PACKAGECONFIG, I'd rather have a
> distro wide policy on polkit. I did send an email to oe-core with a
> cover letter, and since that patch got merged, I was assuming that
> polkit as a distro policy is the way to go.
> http://lists.openembedded.org/pipermail/openembedded-core/2019-January/278021.html
>
Ahh - I see am too late in the game - decision was already made - go
on and forget my last email.
Andreas
More information about the Openembedded-devel
mailing list