** Also affects: policykit-1 (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1591672
Title:
update-manager does not obey require-password policy
Status in policykit-1 package in Ubuntu:
New
Status in update-manager package in Ubuntu:
New
Bug description:
In order to enforce password check prior an update to occur, policy
file was installed.
/var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla
[Require password to upgrade already installed software]
Identity=unix-group:admin
Action=org.debian.apt.upgrade-packages
ResultActive=auth_admin
Up to a recent update this was working as expected. No anymore.
What happens
------------
Updates are performed without requesting administrative password
Expected result
---------------
update-manager to request administrative password prior performing the update
System info
-----------
# lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04
# dpkg -l | grep update-manager
ii python3-update-manager 1:16.04.3
all python 3.x module for
update-manager
ii update-manager 1:16.04.3
all GNOME application that manages apt
updates
ii update-manager-core 1:16.04.3
all manage release upgrades
# dpkg -l | grep policy
ii libnuma1:amd64 2.0.11-1ubuntu1
amd64 Libraries for controlling NUMA
policy
ii libsemanage-common 2.3-1build3
all Common files for SELinux policy
management libraries
ii libsemanage1:amd64 2.3-1build3
amd64 SELinux policy management library
ii plainbox-secure-policy 0.25-1
all policykit policy required to use
plainbox (secure version)
ii policykit-1 0.105-14.1
amd64 framework for managing
administrative policies and privileges
ii policykit-1-gnome 0.105-2ubuntu2
amd64 GNOME authentication agent for
PolicyKit-1
ii policykit-desktop-privileges 0.20
all run common desktop actions without
password
# apt-cache policy update-manager
update-manager:
Installed: 1:16.04.3
Candidate: 1:16.04.3
Version table:
*** 1:16.04.3 500
500 http://fr.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
500 http://fr.archive.ubuntu.com/ubuntu xenial/main i386 Packages
100 /var/lib/dpkg/status
# find /var/lib/polkit-1/localauthority
/var/lib/polkit-1/localauthority
/var/lib/polkit-1/localauthority/50-local.d
/var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla
/var/lib/polkit-1/localauthority/90-mandatory.d
/var/lib/polkit-1/localauthority/20-org.d
/var/lib/polkit-1/localauthority/10-vendor.d
/var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/fwupd.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/com.canonical.unity.webapps.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/50-com.canonical.indicator.sound.AccountsService.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/unity-greeter.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla
/var/lib/polkit-1/localauthority/30-site.d
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1591672/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
