policy: allow inactive (remote/SSH) sessions to perform some actions (bgo #707983...

This commit allows inactive sessions (typically SSH or remote desktop
logins) to modify their own connections, to modify the system hostname
with authorization, and to modify system connections with
authorization.

https://bugzilla.redhat.com/show_bug.cgi?id=979416
https://bugzilla.gnome.org/show_bug.cgi?id=707983

diff --git a/policy/org.freedesktop.NetworkManager.policy.in.in b/policy/org.freedesktop.NetworkManager.policy.in.in
index ea3777a..2de066c 100644 (file)
--- a/policy/org.freedesktop.NetworkManager.policy.in.in
+++ b/policy/org.freedesktop.NetworkManager.policy.in.in
@@ -85,8 +85,7 @@
     <_description>Modify personal network connections</_description>
     <_message>System policy prevents modification of personal network settings</_message>
     <defaults>
-      <allow_inactive>no</allow_inactive>
-      <allow_active>yes</allow_active>
+      <allow_any>yes</allow_any>
     </defaults>
   </action>
 
@@ -94,8 +93,7 @@
     <_description>Modify network connections for all users</_description>
     <_message>System policy prevents modification of network settings for all users</_message>
     <defaults>
-      <allow_inactive>no</allow_inactive>
-      <allow_active>@NM_MODIFY_SYSTEM_POLICY@</allow_active>
+      <allow_any>@NM_MODIFY_SYSTEM_POLICY@</allow_any>
     </defaults>
   </action>
 
@@ -103,8 +101,7 @@
     <_description>Modify persistent system hostname</_description>
     <_message>System policy prevents modification of the persistent system hostname</_message>
     <defaults>
-      <allow_inactive>no</allow_inactive>
-      <allow_active>auth_admin_keep</allow_active>
+      <allow_any>auth_admin_keep</allow_any>
     </defaults>
   </action>