Blueman, the bluetooth manager [0], requires the user to be in the "wheel" group
in order to perform certain functions (like enabling/disabling bluetooth).
This leads to a sub-optimal user experience, where the user is prompted
to authenticate as root in order to perform certain actions. [1]
The "wheel" requirement is a result of the polkit rules for blueman, which look like this: [2]
/* Allow users in wheel group to use blueman feature requiring root without authentication */
polkit.addRule(function(action, subject) {
if ((action.id == "org.blueman.network.setup" ||
action.id == "org.blueman.dhcp.client" ||
action.id == "org.blueman.rfkill.setstate" ||
action.id == "org.blueman.pppd.pppconnect") &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
This is a simple ruleset, so removing the "wheel" requirement
and allowing any user to perform these four actions is rather trivial.
My question is, would it be safe? Should I limit this change to
the "org.blueman.rfkill.setstate" action only?
A.FI.
[0] https://src.fedoraproject.org/rpms/blueman
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2055253
[2] https://raw.githubusercontent.com/blueman-project/blueman/2.3.beta1/data/configs/blueman.rules
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
