[Touch-packages] [Bug 1591672] Re: update-manager does not obey require-password policy
** No longer affects: policykit-1 (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1591672 Title: update-manager does not obey require-password policy Status in update-manager package in Ubuntu: New Bug description: In order to enforce password check prior an update to occur, policy file was installed. /var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla [Require password to upgrade already installed software] Identity=unix-group:admin Action=org.debian.apt.upgrade-packages ResultActive=auth_admin Up to a recent update this was working as expected. No anymore. What happens Updates are performed without requesting administrative password Expected result --- update-manager to request administrative password prior performing the update System info --- # lsb_release -rd Description: Ubuntu 16.04 LTS Release: 16.04 # dpkg -l | grep update-manager ii python3-update-manager 1:16.04.3 all python 3.x module for update-manager ii update-manager 1:16.04.3 all GNOME application that manages apt updates ii update-manager-core 1:16.04.3 all manage release upgrades # dpkg -l | grep policy ii libnuma1:amd64 2.0.11-1ubuntu1 amd64Libraries for controlling NUMA policy ii libsemanage-common 2.3-1build3 all Common files for SELinux policy management libraries ii libsemanage1:amd64 2.3-1build3 amd64SELinux policy management library ii plainbox-secure-policy 0.25-1 all policykit policy required to use plainbox (secure version) ii policykit-1 0.105-14.1 amd64framework for managing administrative policies and privileges ii policykit-1-gnome0.105-2ubuntu2 amd64GNOME authentication agent for PolicyKit-1 ii policykit-desktop-privileges 0.20 all run common desktop actions without password # apt-cache policy update-manager update-manager: Installed: 1:16.04.3 Candidate: 1:16.04.3 Version table: *** 1:16.04.3 500 500 http://fr.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 500 http://fr.archive.ubuntu.com/ubuntu xenial/main i386 Packages 100 /var/lib/dpkg/status # find /var/lib/polkit-1/localauthority /var/lib/polkit-1/localauthority /var/lib/polkit-1/localauthority/50-local.d /var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla /var/lib/polkit-1/localauthority/90-mandatory.d /var/lib/polkit-1/localauthority/20-org.d /var/lib/polkit-1/localauthority/10-vendor.d /var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla /var/lib/polkit-1/localauthority/10-vendor.d/fwupd.pkla /var/lib/polkit-1/localauthority/10-vendor.d/com.canonical.unity.webapps.pkla /var/lib/polkit-1/localauthority/10-vendor.d/50-com.canonical.indicator.sound.AccountsService.pkla /var/lib/polkit-1/localauthority/10-vendor.d/unity-greeter.pkla /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla /var/lib/polkit-1/localauthority/30-site.d To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1591672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1591672] Re: update-manager does not obey require-password policy
** Also affects: policykit-1 (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to policykit-1 in Ubuntu. https://bugs.launchpad.net/bugs/1591672 Title: update-manager does not obey require-password policy Status in policykit-1 package in Ubuntu: New Status in update-manager package in Ubuntu: New Bug description: In order to enforce password check prior an update to occur, policy file was installed. /var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla [Require password to upgrade already installed software] Identity=unix-group:admin Action=org.debian.apt.upgrade-packages ResultActive=auth_admin Up to a recent update this was working as expected. No anymore. What happens Updates are performed without requesting administrative password Expected result --- update-manager to request administrative password prior performing the update System info --- # lsb_release -rd Description: Ubuntu 16.04 LTS Release: 16.04 # dpkg -l | grep update-manager ii python3-update-manager 1:16.04.3 all python 3.x module for update-manager ii update-manager 1:16.04.3 all GNOME application that manages apt updates ii update-manager-core 1:16.04.3 all manage release upgrades # dpkg -l | grep policy ii libnuma1:amd64 2.0.11-1ubuntu1 amd64Libraries for controlling NUMA policy ii libsemanage-common 2.3-1build3 all Common files for SELinux policy management libraries ii libsemanage1:amd64 2.3-1build3 amd64SELinux policy management library ii plainbox-secure-policy 0.25-1 all policykit policy required to use plainbox (secure version) ii policykit-1 0.105-14.1 amd64framework for managing administrative policies and privileges ii policykit-1-gnome0.105-2ubuntu2 amd64GNOME authentication agent for PolicyKit-1 ii policykit-desktop-privileges 0.20 all run common desktop actions without password # apt-cache policy update-manager update-manager: Installed: 1:16.04.3 Candidate: 1:16.04.3 Version table: *** 1:16.04.3 500 500 http://fr.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 500 http://fr.archive.ubuntu.com/ubuntu xenial/main i386 Packages 100 /var/lib/dpkg/status # find /var/lib/polkit-1/localauthority /var/lib/polkit-1/localauthority /var/lib/polkit-1/localauthority/50-local.d /var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla /var/lib/polkit-1/localauthority/90-mandatory.d /var/lib/polkit-1/localauthority/20-org.d /var/lib/polkit-1/localauthority/10-vendor.d /var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla /var/lib/polkit-1/localauthority/10-vendor.d/fwupd.pkla /var/lib/polkit-1/localauthority/10-vendor.d/com.canonical.unity.webapps.pkla /var/lib/polkit-1/localauthority/10-vendor.d/50-com.canonical.indicator.sound.AccountsService.pkla /var/lib/polkit-1/localauthority/10-vendor.d/unity-greeter.pkla /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla /var/lib/polkit-1/localauthority/30-site.d To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1591672/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp