[oe] [PATCH 2/5] networkmanager: introduce polkit package config
Stefan Agner
stefan at agner.ch
Thu Jan 17 20:18:36 UTC 2019
On 17.01.2019 21:01, Andreas Müller wrote:
> On Thu, Jan 17, 2019 at 8:09 PM Stefan Agner <stefan at agner.ch> wrote:
>>
>> On 17.01.2019 18:50, Andreas Müller wrote:
>> > On Thu, Jan 17, 2019 at 5:27 PM Stefan Agner <stefan at agner.ch> wrote:
>> > Hi Stefan,
>> >
>> > sorry but don't like this patch as is:
>> >>
>> >> From: Stefan Agner <stefan.agner at toradex.com>
>> >>
>> >> Currently polkit is enabled if systemd is in package config. Those
>> >> two things are orthogonal: NetworkManager can be used with systemd
>> >> and without polkit just fine.
>> > Did you test this (=change networkmanager connections settings) as an
>> > unpriviledged user?
>>
>> Works as expected: need to be root to change connection settings :-)
>>
>> We plan to use D-Bus and D-Bus policies (<policy> tags) to allow some
>> settings to unpriviledged users/groups.
>>
>> >>
>> >> Introduce a new polkit package config and enable it depending on
>> >> whether polkit is in DISTRO_FEATURES.
>> >
>> > * it changes the current behaviour and the default suggested by
>> > configure.ac: 'we usually compile with polkit support.' and
>> > meson.build sets polkit by default.
>>
>> Yes, this changes default behavior. I did not do that lightly, but I
>> think it is sensible to have a global policy on polkit, and also let
>> NetworkManager follow it. I guess the change in default behavior needs
>> to be pointed out in the documentation e.g. in the chapter "Moving to
>> the Yocto Project 2.7 Release".
>>
>> Throughout OpenEmbedded we had vastly different behavior wrt polkit.
>> ConnMan disables it by default without any option to enable it. Quite
>> some packages make it dependent on systemd, some have just a local
>> package config polkit etc...
>>
>> We have a WiFi capable headless device with restricted flash and would
>> like to use NetworkManager. Using polkit pulls in mozjs, which is rather
>> large. We do not need interactive authentication capabilities, since our
>> device does not allow direct user interaction...
>>
>>
>> > * as far as I know there is no polkit DISTRO_FEATURE in metaverse yet.
>>
>> Hm, yes, we definitely should add polkit. How can I do this?
>>
>> >
>> > I suggest to add polkit PACKAGECONFIG if systemd is in DISTRO_FEATURES
>> > - if you don't want polkit you can add a PACKAGECONFIG_remove =
>> > "polkit" somewhere.
>>
>> Yes, I know that. We had this in place so far.
>>
>> However, rather than having a bunch of PACKAGECONFIG, I'd rather have a
>> distro wide policy on polkit. I did send an email to oe-core with a
>> cover letter, and since that patch got merged, I was assuming that
>> polkit as a distro policy is the way to go.
>> http://lists.openembedded.org/pipermail/openembedded-core/2019-January/278021.html
>>
> Ahh - I see am too late in the game - decision was already made - go
> on and forget my last email.
Probably should have sent out this patch set changing meta-oe stuff at
the same time to get the broader overview, sorry about that.
NetworkManager is really the most drastic change here, since this is a
prominent package where the change changes the current default. So if
you have any suggestion to ease the transition, I am happy to look into
it.
--
Stefan
More information about the Openembedded-devel
mailing list