diff options
author | Petr Oros <poros@redhat.com> | 2013-06-20 13:18:00 +0200 |
---|---|---|
committer | Arnaldo Carvalho de Melo <acme@redhat.com> | 2013-07-24 11:31:44 -0300 |
commit | ef83898c745462832d88d6bcf5b706544436f32f (patch) | |
tree | f224163b80bb2ae260d8a26dc03cdff2caaa1a7b | |
parent | 3109e8c23477be7cb556cec75285ccc8575339ed (diff) | |
download | tuna-ef83898c745462832d88d6bcf5b706544436f32f.tar.gz |
tuna: Do polkit auth for GUI BZ:919212,974027
The user should be able to invoke the tuna GUI from the desktop. Since
running a desktop as root is inadvisable, the tuna GUI should be able to
ask for authorization and run as root.
Tested-by: Jiri Kastner <jkastner@redhat.com>
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=919212
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=974027
Signed-off-by: Petr Oros <poros@redhat.com>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-rw-r--r-- | org.tuna.policy | 16 | ||||
-rw-r--r-- | rpm/SPECS/tuna.spec | 3 | ||||
-rwxr-xr-x | tuna/tuna_gui.py | 17 |
3 files changed, 22 insertions, 14 deletions
diff --git a/org.tuna.policy b/org.tuna.policy new file mode 100644 index 0000000..4f71d4a --- /dev/null +++ b/org.tuna.policy @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" +"http://www.freedesktop.org/software/polkit/policyconfig-1.dtd"> +<policyconfig> + <action id="org.tuna.run"> + <description>Run Tuna as root</description> + <message>Authentication is required to run Tuna</message> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>auth_admin</allow_active> + </defaults> + <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/tuna</annotate> + <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate> + </action> +</policyconfig> diff --git a/rpm/SPECS/tuna.spec b/rpm/SPECS/tuna.spec index e0b8b8b..57a1912 100644 --- a/rpm/SPECS/tuna.spec +++ b/rpm/SPECS/tuna.spec @@ -54,6 +54,7 @@ rm -rf %{buildroot} %{__python} setup.py install --skip-build --root %{buildroot} mkdir -p %{buildroot}/%{_sysconfdir}/tuna/ mkdir -p %{buildroot}/{%{_bindir},%{_datadir}/tuna/help/kthreads,%{_mandir}/man8} +mkdir -p %{buildroot}/%{_datadir}/polkit-1/actions/ install -p -m644 tuna/tuna_gui.glade %{buildroot}/%{_datadir}/tuna/ install -p -m755 tuna-cmd.py %{buildroot}/%{_bindir}/tuna install -p -m755 oscilloscope-cmd.py %{buildroot}/%{_bindir}/oscilloscope @@ -61,6 +62,7 @@ install -p -m644 help/kthreads/* %{buildroot}/%{_datadir}/tuna/help/kthreads/ install -p -m644 docs/tuna.8 %{buildroot}/%{_mandir}/man8/ install -p -m644 etc/tuna/example.conf %{buildroot}/%{_sysconfdir}/tuna/ install -p -m644 etc/tuna.conf %{buildroot}/%{_sysconfdir}/ +install -p -m644 org.tuna.policy %{buildroot}/%{_datadir}/polkit-1/actions/ # l10n-ed message catalogues for lng in `cat po/LINGUAS`; do @@ -86,6 +88,7 @@ rm -rf %{buildroot} %{_mandir}/man8/tuna.8* %{_sysconfdir}/tuna.conf %{_sysconfdir}/tuna/* +%{_datadir}/polkit-1/actions/org.tuna.policy %files -n oscilloscope %defattr(-,root,root,-) diff --git a/tuna/tuna_gui.py b/tuna/tuna_gui.py index d99f447..22a53b9 100755 --- a/tuna/tuna_gui.py +++ b/tuna/tuna_gui.py @@ -128,20 +128,9 @@ class main_gui: def check_root(self): if os.getuid() == 0: return False - - dialog = gtk.MessageDialog(None, - gtk.DIALOG_MODAL | gtk.DIALOG_DESTROY_WITH_PARENT, - gtk.MESSAGE_WARNING, - gtk.BUTTONS_YES_NO, - "%s\n\n%s\n%s" % \ - (_("Root privilege required"), - _("Some functions will not work without root privilege."), - _("Do you want to continue?"))) - ret = dialog.run() - dialog.destroy() - if ret == gtk.RESPONSE_NO: - return True - return False + self.binpath = sys.executable.strip(os.path.basename(sys.executable)) + os.execv(self.binpath + 'pkexec', [sys.executable] + [self.binpath + 'tuna'] + sys.argv[1:]) + return True def check_env(self): if not os.path.exists(self.config.config["root"]): |