From b115862e5ae5af4a9df28876bb60ceffc81166c5 Mon Sep 17 00:00:00 2001
From: Bruce Leidl <bruce@subgraph.com>
Date: Tue, 27 Mar 2018 16:03:01 -0400
Subject: [PATCH] Polkit rule added to permit a couple of actions

---
 meta-citadel/recipes-core/base-files/base-files_%.bbappend | 4 ++++
 .../recipes-core/base-files/files/polkit/citadel.rules     | 7 +++++++
 2 files changed, 11 insertions(+)
 create mode 100644 meta-citadel/recipes-core/base-files/files/polkit/citadel.rules

diff --git a/meta-citadel/recipes-core/base-files/base-files_%.bbappend b/meta-citadel/recipes-core/base-files/base-files_%.bbappend
index 4ec5d47..58091bd 100644
--- a/meta-citadel/recipes-core/base-files/base-files_%.bbappend
+++ b/meta-citadel/recipes-core/base-files/base-files_%.bbappend
@@ -13,6 +13,7 @@ SRC_URI += "\
     file://NetworkManager.conf \
     file://zram-swap.service \
     file://share/dot.vimrc \
+    file://polkit/citadel.rules \
 "
 
 dirs1777_remove = "${localstatedir}/volatile/tmp"
@@ -35,6 +36,7 @@ do_install_append () {
     install -m 0755 -d ${D}${sysconfdir}/tmpfiles.d
     install -m 0755 -d ${D}${sysconfdir}/udev/rules.d
     install -m 0755 -d ${D}${sysconfdir}/NetworkManager
+    install -m 0755 -d ${D}${sysconfdir}/polkit-1/rules.d
     install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager
     install -m 0700 -d ${D}${localstatedir}/lib/NetworkManager/system-connections
 
@@ -58,6 +60,8 @@ do_install_append () {
 
     install -m 0755 ${WORKDIR}/share/dot.vimrc ${D}${sysconfdir}/skel/.vimrc
 
+    install -m 0755 ${WORKDIR}/polkit/citadel.rules ${D}${sysconfdir}/polkit-1/rules.d/
+
     ln -s /storage/citadel-state/resolv.conf ${D}${sysconfdir}/resolv.conf
     ln -s /dev/null ${D}${sysconfdir}/tmpfiles.d/etc.conf
     ln -s /dev/null ${D}${sysconfdir}/tmpfiles.d/home.conf
diff --git a/meta-citadel/recipes-core/base-files/files/polkit/citadel.rules b/meta-citadel/recipes-core/base-files/files/polkit/citadel.rules
new file mode 100644
index 0000000..8584506
--- /dev/null
+++ b/meta-citadel/recipes-core/base-files/files/polkit/citadel.rules
@@ -0,0 +1,7 @@
+polkit.addRule(function(action, subject) {
+    if ((action.id == "org.freedesktop.NetworkManager.settings.modify.system" ||
+        action.id == "org.freedesktop.machine1.host-open-pty") &&
+        subject.local && subject.isInGroup("citadel")) {
+            return polkit.Result.YES;
+    }
+});