[Bug 1591672] Re: update-manager does not obey require-password policy

Fri Aug 28 09:35:41 UTC 2020

aptdaemon does not seem to check policykit or something, I created the
file and could still upgrade with aptdcon --upgrade

** Package changed: update-manager (Ubuntu) => aptdaemon (Ubuntu)

** Changed in: aptdaemon (Ubuntu)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptdaemon in Ubuntu.
https://bugs.launchpad.net/bugs/1591672

Title:
  update-manager does not obey require-password policy

Status in aptdaemon package in Ubuntu:
  Triaged

Bug description:
  In order to enforce password check prior an update to occur, policy
  file was installed.

  /var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla
  [Require password to upgrade already installed software]
  Identity=unix-group:admin
  Action=org.debian.apt.upgrade-packages
  ResultActive=auth_admin

  Up to a recent update this was working as expected. No anymore.

  What happens
  ------------
  Updates are performed without requesting administrative password

  Expected result
  ---------------
  update-manager to request administrative password prior performing the update

  System info
  -----------
  # lsb_release -rd
  Description:	Ubuntu 16.04 LTS
  Release:	16.04

  # dpkg -l | grep update-manager
  ii  python3-update-manager                               1:16.04.3                                            all          python 3.x module for update-manager
  ii  update-manager                                       1:16.04.3                                            all          GNOME application that manages apt updates
  ii  update-manager-core                                  1:16.04.3                                            all          manage release upgrades
  # dpkg -l | grep policy
  ii  libnuma1:amd64                                       2.0.11-1ubuntu1                                      amd64        Libraries for controlling NUMA policy
  ii  libsemanage-common                                   2.3-1build3                                          all          Common files for SELinux policy management libraries
  ii  libsemanage1:amd64                                   2.3-1build3                                          amd64        SELinux policy management library
  ii  plainbox-secure-policy                               0.25-1                                               all          policykit policy required to use plainbox (secure version)
  ii  policykit-1                                          0.105-14.1                                           amd64        framework for managing administrative policies and privileges
  ii  policykit-1-gnome                                    0.105-2ubuntu2                                       amd64        GNOME authentication agent for PolicyKit-1
  ii  policykit-desktop-privileges                         0.20                                                 all          run common desktop actions without password

  # apt-cache policy update-manager
  update-manager:
    Installed: 1:16.04.3
    Candidate: 1:16.04.3
    Version table:
   *** 1:16.04.3 500
          500 http://fr.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
          500 http://fr.archive.ubuntu.com/ubuntu xenial/main i386 Packages
          100 /var/lib/dpkg/status

  # find /var/lib/polkit-1/localauthority
  /var/lib/polkit-1/localauthority
  /var/lib/polkit-1/localauthority/50-local.d
  /var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla
  /var/lib/polkit-1/localauthority/90-mandatory.d
  /var/lib/polkit-1/localauthority/20-org.d
  /var/lib/polkit-1/localauthority/10-vendor.d
  /var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla
  /var/lib/polkit-1/localauthority/10-vendor.d/fwupd.pkla
  /var/lib/polkit-1/localauthority/10-vendor.d/com.canonical.unity.webapps.pkla
  /var/lib/polkit-1/localauthority/10-vendor.d/50-com.canonical.indicator.sound.AccountsService.pkla
  /var/lib/polkit-1/localauthority/10-vendor.d/unity-greeter.pkla
  /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla
  /var/lib/polkit-1/localauthority/30-site.d

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1591672/+subscriptions