Skip to content

Add a policykit policy that allows yast to run via pkexec #1132

Description

@sp1ritCS

I'd like to graphically execute yast with pkexec. This is currently not possible, as pkexec does not pass environment vars to the privileged process (similar to sudo without -E).

It is possible to define a policy that would allow yast to be run graphically. In comparison with sudo -E the org.freedesktop.policykit.exec.allow_gui only passes $DISPLAY and $XAUTHORITY. This causes yast to not honor qt and icon themes. (I have no experience with polkit, so I don't know if this can be fixed)

I've created a working (with above mentioned issues) policy.

/usr/share/polkit-1/actions/org.freedesktop.policykit.YaST.policy:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
 "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
	<action id="org.freedesktop.policykit.pkexec.YaST">
		<description>Run YaST</description>
		<message>Authentication is required to run YaST</message>
		<icon_name>yast-control-center</icon_name>
		<defaults>
			<allow_any>auth_admin</allow_any>
			<allow_inactive>auth_admin</allow_inactive>
			<allow_active>auth_admin</allow_active>
		</defaults>
		<annotate key="org.freedesktop.policykit.exec.path">/sbin/yast2</annotate>
		<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
	</action>
</policyconfig>

I'd love to see this integrated (maybe even with the desktop entries, as xdg-su/gnomesu is incredibly slow)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions