Git Repositories

Add pkexec policy (Bug #11122)
authorEric Koegel <eric.koegel@gmail.com>
Sat, 1 Nov 2014 19:13:18 +0000 (22:13 +0300)
committerSimon Steinbeiss <simon.steinbeiss@elfenbeinturm.at>
Sat, 1 Nov 2014 19:20:02 +0000 (20:20 +0100)
This adds a pkexec policy file to Thunar. This way if the user
of a desktop system wants to use thunar to modify files as root
and has the proper credentials they can.
pkexec comes from polkit which does about the same thing as
sudo/gksu except also supports authentication methods like
fingerprint or smart card readers.

Signed-off-by: Simon Steinbeiss <simon.steinbeiss@elfenbeinturm.at>
Makefile.am
org.xfce.thunar.policy.in.in [new file with mode: 0644]
po/POTFILES.in

index 0cb69b4..13b991e 100644 (file)
@@ -82,6 +82,15 @@ service_DATA = $(service_in_files:.service.in=.service)
        $(AM_V_GEN) $(SED) -e "s,\@bindir\@,$(bindir),g" < $< > $@
 endif
 
+polkit_policydir = $(datadir)/polkit-1/actions
+polkit_in_in_files =                   \
+       org.xfce.thunar.policy.in.in
+polkit_in_files = $(polkit_in_in_files:.policy.in.in=.policy.in)
+%.policy.in: %.policy.in.in
+       sed -e "s,\@bindir\@,$(bindir),g" < $< > $@
+polkit_policy_DATA = $(polkit_in_files:.policy.in=.policy)
+@INTLTOOL_POLICY_RULE@
+
 EXTRA_DIST =                                                           \
        FAQ                                                             \
        HACKING                                                         \
@@ -91,7 +100,8 @@ EXTRA_DIST =                                                         \
        intltool-update.in                                              \
        $(desktop_in_in_files)                                          \
        $(service_in_files)                                             \
-       $(appdata_in_files)
+       $(appdata_in_files)                                             \
+       $(polkit_in_in_files)
 
 CLEANFILES             = $(appdata_DATA)
 
@@ -102,7 +112,9 @@ DISTCLEANFILES =                                                    \
        intltool-update                                                 \
        $(desktop_in_files)                                             \
        $(desktop_DATA)                                                 \
-       $(service_DATA)
+       $(service_DATA)                                                 \
+       $(polkit_in_files)                                              \
+       $(polkit_policy_DATA)
 
 DISTCHECK_CONFIGURE_FLAGS =                                            \
        --enable-gtk-doc                                                \
diff --git a/org.xfce.thunar.policy.in.in b/org.xfce.thunar.policy.in.in
new file mode 100644 (file)
index 0000000..d64113e
--- /dev/null
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+  <!--
+ Policy definitions for Thunar.
+ Copyright (c) 2014 Benedikt Meurer <benny@xfce.org>
+                    Jannis Pohlmann <jannis@xfce.org>
+                    Jeffs Franks    <jcfranks@xfce.org>
+                    Nick Schermer   <nick@xfce.org>
+ -->
+
+ <vendor>Thunar</vendor>
+ <vendor_url>http://xfce.org/</vendor_url>
+ <icon_name>system-file-manager</icon_name>
+
+
+ <action id="org.xfce.thunar">
+ <!-- SECURITY:
+ - A normal active user can run thunar without elevated rights. They
+   may wish to modify files they normally do not have read/write access
+   to. This isn't a good idea, but is common on single user systems.
+ -->
+ <_description>Run Thunar as root</_description>
+ <_message>Authentication is required to run Thunar as root.</_message>
+ <defaults>
+ <allow_any>no</allow_any>
+ <allow_inactive>auth_admin</allow_inactive>
+ <allow_active>auth_admin</allow_active>
+ </defaults>
+ <annotate key="org.freedesktop.policykit.exec.path">@bindir@/thunar</annotate>
+ <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+ </action>
+
+</policyconfig>
index c47182a..1c487a9 100644 (file)
@@ -130,3 +130,4 @@ Thunar-bulk-rename.desktop.in.in
 Thunar-folder-handler.desktop.in.in
 thunar/thunar-settings.desktop.in
 thunar.appdata.xml.in
+org.xfce.thunar.policy.in.in