diff options
author | Martin Pitt <martin.pitt@ubuntu.com> | 2016-11-22 08:05:18 +0100 |
---|---|---|
committer | Martin Pitt <martin.pitt@ubuntu.com> | 2016-11-23 16:32:06 +0100 |
commit | 2c99aba7260a402e8f81d85aab12ce25d3d8786a (patch) | |
tree | 16caebc4f668f07ee986db11a418520168ef5f24 /src | |
parent | 59eb33e0fec9b1502a9089561dcfda3f16a1816e (diff) |
networkd: allow networkd to set the timezone in timedated
systemd-networkd runs as user "systemd-network" and thus is not privileged to
set the timezone acquired from DHCP:
systemd-networkd[4167]: test_eth42: Could not set timezone: Interactive authentication required.
Similarly to commit e8c0de912, add a polkit rule to grant
org.freedesktop.timedate1.set-timezone to the "systemd-network" system user.
Move the polkit rules from src/hostname/ to src/network/ to avoid too many
small distributed policy snippets (there might be more in the future), as it's
easier to specify the privileges for a particular subject in this case.
Add NetworkdClientTest.test_dhcp_timezone() test case to verify this (for
all people except those in Pacific/Honolulu, there the test doesn't prove
anything -- sorry ☺ ).
Diffstat (limited to 'src')
-rw-r--r-- | src/hostname/systemd-networkd-hostname.pkla | 4 | ||||
-rw-r--r-- | src/hostname/systemd-networkd-hostname.rules | 5 | ||||
-rw-r--r-- | src/network/systemd-networkd.pkla | 4 | ||||
-rw-r--r-- | src/network/systemd-networkd.rules | 8 |
4 files changed, 12 insertions, 9 deletions
diff --git a/src/hostname/systemd-networkd-hostname.pkla b/src/hostname/systemd-networkd-hostname.pkla deleted file mode 100644 index 345ce617c6..0000000000 --- a/src/hostname/systemd-networkd-hostname.pkla +++ /dev/null @@ -1,4 +0,0 @@ -[Allow systemd-networkd to set transient hostname] -Identity=unix-user:systemd-network -Action=org.freedesktop.hostname1.set-hostname -ResultAny=yes diff --git a/src/hostname/systemd-networkd-hostname.rules b/src/hostname/systemd-networkd-hostname.rules deleted file mode 100644 index b7b780da9e..0000000000 --- a/src/hostname/systemd-networkd-hostname.rules +++ /dev/null @@ -1,5 +0,0 @@ -polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.hostname1.set-hostname" && subject.user == "systemd-network") { - return polkit.Result.YES; - } -}); diff --git a/src/network/systemd-networkd.pkla b/src/network/systemd-networkd.pkla new file mode 100644 index 0000000000..fb257d933b --- /dev/null +++ b/src/network/systemd-networkd.pkla @@ -0,0 +1,4 @@ +[Allow systemd-networkd to set timezone and transient hostname] +Identity=unix-user:systemd-network +Action=org.freedesktop.hostname1.set-hostname;org.freedesktop.timedate1.set-timezone; +ResultAny=yes diff --git a/src/network/systemd-networkd.rules b/src/network/systemd-networkd.rules new file mode 100644 index 0000000000..2e4bc42bfb --- /dev/null +++ b/src/network/systemd-networkd.rules @@ -0,0 +1,8 @@ +// Allow systemd-networkd to set timezone and transient hostname +polkit.addRule(function(action, subject) { + if ((action.id == "org.freedesktop.hostname1.set-hostname" || + action.id == "org.freedesktop.timedate1.set-timezone") && + subject.user == "systemd-network") { + return polkit.Result.YES; + } +}); |