bridge: Add polkit action for privileged bridge
This provides a nicer polkit prompt with using cockpit-desktop. It also defines a polkit action ID, so that it's possible to have a custom polkit policy for this. https://bugzilla.redhat.com/show_bug.cgi?id=1651264 Closes #10782
This commit is contained in:
parent
e64cb8fa6f
commit
c2f2dd1927
|
@ -9,6 +9,7 @@
|
|||
*.gir
|
||||
*.pyc
|
||||
*.typelib
|
||||
*.policy
|
||||
*.so
|
||||
*.mo
|
||||
*~
|
||||
|
|
|
@ -272,6 +272,25 @@ EXTRA_DIST += \
|
|||
src/bridge/mock-server.key \
|
||||
$(NULL)
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# polkit
|
||||
|
||||
polkitdir = $(datadir)/polkit-1/actions
|
||||
polkit_in_files = src/bridge/org.cockpit-project.cockpit-bridge.policy.in
|
||||
polkit_DATA = $(polkit_in_files:.policy.in=.policy)
|
||||
|
||||
%.policy: %.policy.in $(PO_FILES)
|
||||
$(AM_V_GEN) $(INTLTOOL_MERGE) -x $(top_srcdir)/po $< $@
|
||||
|
||||
EXTRA_DIST += $(polkit_in_files)
|
||||
CLEANFILES += $(polkit_DATA)
|
||||
|
||||
prepare-po-bridge-policy: $(polkit_in_files)
|
||||
cp $< .
|
||||
$(AM_V_GEN) $(INTLTOOL_EXTRACT) -l --type=gettext/xml $(notdir $<)
|
||||
|
||||
prepare-po:: prepare-po-bridge-policy
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
# PCP
|
||||
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
|
||||
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
|
||||
|
||||
<policyconfig>
|
||||
<vendor>Cockpit Project</vendor>
|
||||
<vendor_url>https://www.cockpit-project.org</vendor_url>
|
||||
|
||||
<action id="org.cockpit-project.cockpit.root-bridge">
|
||||
<_description gettext-domain="cockpit">Administration with Cockpit Web Console</_description>
|
||||
<_message gettext-domain="cockpit">Authentication is required to perform privileged tasks with the Cockpit Web Console</_message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/cockpit-bridge</annotate>
|
||||
</action>
|
||||
</policyconfig>
|
|
@ -212,6 +212,7 @@ echo '%{_libexecdir}/cockpit-ssh' >> dashboard.list
|
|||
%else
|
||||
find %{buildroot}%{_datadir}/cockpit/ssh -type f >> base.list
|
||||
echo '%{_libexecdir}/cockpit-ssh' >> base.list
|
||||
echo %{buildroot}%{_datadir}/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy >> base.list
|
||||
%endif
|
||||
|
||||
%if %{defined build_dashboard}
|
||||
|
@ -311,7 +312,7 @@ for pkg in base1 branding motd kdump networkmanager realmd selinux shell sosrepo
|
|||
rm -r %{buildroot}/%{_datadir}/cockpit/$pkg
|
||||
rm -f %{buildroot}/%{_datadir}/metainfo/org.cockpit-project.cockpit-${pkg}.metainfo.xml
|
||||
done
|
||||
for data in doc locale man pixmaps; do
|
||||
for data in doc locale man pixmaps polkit-1; do
|
||||
rm -r %{buildroot}/%{_datadir}/$data
|
||||
done
|
||||
for lib in systemd tmpfiles.d firewalld; do
|
||||
|
|
|
@ -5,3 +5,4 @@ usr/lib/cockpit/cockpit-ssh
|
|||
usr/share/cockpit/base1/
|
||||
usr/share/cockpit/ssh/
|
||||
usr/share/man/man1/cockpit-bridge.1
|
||||
usr/share/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy
|
||||
|
|
Loading…
Reference in New Issue