| |
@@ -3,22 +3,4 @@
|
| |
subject.active == true && subject.local == true) {
|
| |
return polkit.Result.YES;
|
| |
}
|
| |
-
|
| |
- if ((action.id == "org.projectatomic.rpmostree1.install-uninstall-packages" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.install-local-packages" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.override" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.deploy" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.upgrade" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.rebase" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.rollback" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.bootconfig" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.reload-daemon" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.cancel" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.cleanup" ||
|
| |
- action.id == "org.projectatomic.rpmostree1.client-management") &&
|
| |
- subject.active == true &&
|
| |
- subject.local == true &&
|
| |
- subject.isInGroup("wheel")) {
|
| |
- return polkit.Result.YES;
|
| |
- }
|
| |
});
|
| |
Like on Workstation, a password should be required to prevent arbitrary manipulations of the OS without a password.
https://github.com/rohanssrao/silverblue-privesc
Issue: https://gitlab.com/fedora/ostree/sig/-/issues/7
Previous, closed PR: https://src.fedoraproject.org/rpms/fedora-release/pull-request/316