tuna: Do polkit auth for GUI BZ:919212,974027

The user should be able to invoke the tuna GUI from the desktop. Since
running a desktop as root is inadvisable, the tuna GUI should be able to
ask for authorization and run as root.

Tested-by: Jiri Kastner <jkastner@redhat.com>
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=919212
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=974027
Signed-off-by: Petr Oros <poros@redhat.com>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

3 files changed, 22 insertions, 14 deletions

diff --git a/org.tuna.policy b/org.tuna.policy
new file mode 100644
index 0000000..4f71d4a
--- /dev/null
+++ b/org.tuna.policy
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/software/polkit/policyconfig-1.dtd">
+<policyconfig>
+  <action id="org.tuna.run">
+    <description>Run Tuna as root</description>
+    <message>Authentication is required to run Tuna</message>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin</allow_active>
+    </defaults>
+     <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/tuna</annotate>
+     <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+  </action>
+</policyconfig>
diff --git a/rpm/SPECS/tuna.spec b/rpm/SPECS/tuna.spec
index e0b8b8b..57a1912 100644
--- a/rpm/SPECS/tuna.spec
+++ b/rpm/SPECS/tuna.spec
@@ -54,6 +54,7 @@ rm -rf %{buildroot}
 %{__python} setup.py install --skip-build --root %{buildroot}
 mkdir -p %{buildroot}/%{_sysconfdir}/tuna/
 mkdir -p %{buildroot}/{%{_bindir},%{_datadir}/tuna/help/kthreads,%{_mandir}/man8}
+mkdir -p %{buildroot}/%{_datadir}/polkit-1/actions/
 install -p -m644 tuna/tuna_gui.glade %{buildroot}/%{_datadir}/tuna/
 install -p -m755 tuna-cmd.py %{buildroot}/%{_bindir}/tuna
 install -p -m755 oscilloscope-cmd.py %{buildroot}/%{_bindir}/oscilloscope
@@ -61,6 +62,7 @@ install -p -m644 help/kthreads/* %{buildroot}/%{_datadir}/tuna/help/kthreads/
 install -p -m644 docs/tuna.8 %{buildroot}/%{_mandir}/man8/
 install -p -m644 etc/tuna/example.conf %{buildroot}/%{_sysconfdir}/tuna/
 install -p -m644 etc/tuna.conf %{buildroot}/%{_sysconfdir}/
+install -p -m644 org.tuna.policy %{buildroot}/%{_datadir}/polkit-1/actions/
 
 # l10n-ed message catalogues
 for lng in `cat po/LINGUAS`; do
@@ -86,6 +88,7 @@ rm -rf %{buildroot}
 %{_mandir}/man8/tuna.8*
 %{_sysconfdir}/tuna.conf
 %{_sysconfdir}/tuna/*
+%{_datadir}/polkit-1/actions/org.tuna.policy
 
 %files -n oscilloscope
 %defattr(-,root,root,-)
diff --git a/tuna/tuna_gui.py b/tuna/tuna_gui.py
index d99f447..22a53b9 100755
--- a/tuna/tuna_gui.py
+++ b/tuna/tuna_gui.py
@@ -128,20 +128,9 @@ class main_gui:
 	def check_root(self):
 		if os.getuid() == 0:
 			return False
-
-		dialog = gtk.MessageDialog(None,
-					   gtk.DIALOG_MODAL | gtk.DIALOG_DESTROY_WITH_PARENT,
-					   gtk.MESSAGE_WARNING,
-					   gtk.BUTTONS_YES_NO,
-					   "%s\n\n%s\n%s" % \
-					   (_("Root privilege required"),
-					    _("Some functions will not work without root privilege."),
-					    _("Do you want to continue?")))
-		ret = dialog.run()
-		dialog.destroy()
-		if ret == gtk.RESPONSE_NO:
-			return True
-		return False
+		self.binpath = sys.executable.strip(os.path.basename(sys.executable))
+		os.execv(self.binpath + 'pkexec', [sys.executable] + [self.binpath + 'tuna'] + sys.argv[1:])
+		return True
 	
 	def check_env(self):
 		if not os.path.exists(self.config.config["root"]):