add polkit rule for admin users

2021-03-23 10:02:30 -05:00 · 2021-03-23 10:02:30 -05:00 · be056e2323
commit be056e2323
parent 0d5db8abea
2 changed files with 25 additions and 1 deletions
--- a/firewalld.spec
+++ b/firewalld.spec
@ -1,12 +1,13 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.9.3
-Release: 3%{?dist}
+Release: 4%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
 Source1: FedoraServer.xml
 Source2: FedoraWorkstation.xml
+Source3: org.fedoraproject.FirewallD1.rules
 Patch0: firewalld-0.2.6-MDNS-default.patch
 BuildArch: noarch
 BuildRequires: autoconf
@ -118,6 +119,7 @@ desktop-file-install --delete-original \
 install -d -m 755 %{buildroot}%{_prefix}/lib/firewalld/zones/
 install -c -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraServer.xml
 install -c -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/firewalld/zones/FedoraWorkstation.xml
+install -m 644 -D %{SOURCE3} %{buildroot}%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirwallD1.rules

 # standard firewalld.conf
 mv %{buildroot}%{_sysconfdir}/firewalld/firewalld.conf \
@ -193,6 +195,7 @@ fi
 %{_datadir}/bash-completion/completions/firewall-cmd
 %dir %{_datadir}/zsh/site-functions
 %{_datadir}/zsh/site-functions/_firewalld
+%{_datadir}/polkit-1/rules.d/org.fedoraproject.FirwallD1.rules
 %{_prefix}/lib/firewalld/icmptypes/*.xml
 %{_prefix}/lib/firewalld/ipsets/README
 %{_prefix}/lib/firewalld/policies/*.xml
@ -278,6 +281,9 @@ fi
 %{_mandir}/man1/firewall-config*.1*

 %changelog
+* Tue Mar 23 2021 Rex Dieter <rdieter@fedoraproject.org> - 0.9.3-4
+- add polkit rule for admin users
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.9.3-3
 - Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.
--- a/org.fedoraproject.FirewallD1.rules
+++ b/org.fedoraproject.FirewallD1.rules
@ -0,0 +1,18 @@
+// firewalld authorizations/policy for the wheel group.
+//
+// DO NOT EDIT THIS FILE, it will be overwritten on update.
+//
+// Allow users in the wheel group to use firewalld without being 
+// interrupted by a password dialog
+
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.fedoraproject.FirewallD1.config" ||
+	 action.id == "org.fedoraproject.FirewallD1.direct" ||
+         action.id == "org.fedoraproject.FirewallD1.ipset" ||
+         action.id == "org.fedoraproject.FirewallD1.policy" ||
+         action.id == "org.fedoraproject.FirewallD1.zone") &&
+	 subject.active == true && subject.local == true &&
+         subject.isInGroup("wheel")) {
+         return polkit.Result.YES;
+    }
+});