On 29/08/14 01:34, Dan Williams wrote: > Polkit is about access control though, and if you don't care about that, > you can tell Polkit to allow all your accesses. But the problem you're > having is that you don't even get that far, because NM is checking if > you have a session first. Can you check if you have ConsoleKit or > systemd session tracking enabled? If you get a hit for this, you have > systemd enabled
Indeed, I run your command and get: > stuartl@sjl-lxc-debian:~$ ldd /usr/sbin/NetworkManager | grep systemd-login > libsystemd-login.so.0 => /lib/i386-linux-gnu/libsystemd-login.so.0 > (0xf7387000) so Debian do distribute NetworkManager with systemd session tracking enabled. This is just the stock Debian binary: from the 'sid' distribution (because the one in 'wheezy' refuses to look at my LXC container's Ethernet devices). If I can sort out the session issue, then it's feasible that in our application, we install a suitable policy file that tells Polkit to allow www-data to access NetworkManager. There's examples of doing this for the netdev group, so it's conceivable to do the same thing for www-data as well. Polkit documentation mentions the existence of a text agent, for the purpose of running such operations via SSH. Not sure if it's possible to wrap a mod_wsgi process inside one of these however, so I'm looking to see if I can make use of PolkitAgentTextListener. I have asked about it here: http://lists.freedesktop.org/archives/polkit-devel/2014-August/000407.html I'll admit I'm still very green with regards to Polkit, ConsoleKit and all these other things. As I understand it, I basically have to write my own "agent" for the web user, which means this has become more of a Polkit question than a NetworkManager one. At least now I know where to start asking further questions. Regards, -- Stuart Longland Systems Engineer _ ___ \ /|_) | T: +61 7 3535 9619 \/ | \ | 38b Douglas Street F: +61 7 3535 9699 SYSTEMS Milton QLD 4064 http://www.vrt.com.au _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
