(Sorry for the late reply) Michael Biebl <bi...@debian.org> writes:
> Am 16.12.2015 um 18:18 schrieb Marius Vollmer: > >> the NetworkManager polkit policy in Debian does not allow changing or >> adding connections from a remote session, such as a ssh or Cockpit >> login. >> >> The default upstream policy explicitly allows this. See >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1145646 >> >> for some discussion. >> >> In the bug report above, the action that needed adjustement was >> "org.freedesktop.NetworkManager.network-control". In Debian, >> "org.freedesktop.NetworkManager.settings.modify.system" would need to be >> allowed for "any". > > I don't think we should allow > org.freedesktop.NetworkManager.settings.modify.system for everyone. > > Why is auth_admin(_keep) not sufficient here? If I can remember this right, the actual entry in the polkit file would be <allow_any>auth_admin</allow_any> The "any" in the original report referred to "allow_any" in contrast to allow_inactive and allow_active. I didn't mean "yes" instead of auth_admin. Sorry for being too terse in the original report.
