[Bug 1591672] Re: update-manager does not obey require-password policy
Julian Andres Klode
1591672 at bugs.launchpad.net
Tue Sep 1 12:46:25 UTC 2020
(That policy quoted above was the default rule in 16.04 BTW)
I tested on focal, but I can check xenial
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptdaemon in Ubuntu.
https://bugs.launchpad.net/bugs/1591672
Title:
update-manager does not obey require-password policy
Status in aptdaemon package in Ubuntu:
Incomplete
Bug description:
In order to enforce password check prior an update to occur, policy
file was installed.
/var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla
[Require password to upgrade already installed software]
Identity=unix-group:admin
Action=org.debian.apt.upgrade-packages
ResultActive=auth_admin
Up to a recent update this was working as expected. No anymore.
What happens
------------
Updates are performed without requesting administrative password
Expected result
---------------
update-manager to request administrative password prior performing the update
System info
-----------
# lsb_release -rd
Description: Ubuntu 16.04 LTS
Release: 16.04
# dpkg -l | grep update-manager
ii python3-update-manager 1:16.04.3 all python 3.x module for update-manager
ii update-manager 1:16.04.3 all GNOME application that manages apt updates
ii update-manager-core 1:16.04.3 all manage release upgrades
# dpkg -l | grep policy
ii libnuma1:amd64 2.0.11-1ubuntu1 amd64 Libraries for controlling NUMA policy
ii libsemanage-common 2.3-1build3 all Common files for SELinux policy management libraries
ii libsemanage1:amd64 2.3-1build3 amd64 SELinux policy management library
ii plainbox-secure-policy 0.25-1 all policykit policy required to use plainbox (secure version)
ii policykit-1 0.105-14.1 amd64 framework for managing administrative policies and privileges
ii policykit-1-gnome 0.105-2ubuntu2 amd64 GNOME authentication agent for PolicyKit-1
ii policykit-desktop-privileges 0.20 all run common desktop actions without password
# apt-cache policy update-manager
update-manager:
Installed: 1:16.04.3
Candidate: 1:16.04.3
Version table:
*** 1:16.04.3 500
500 http://fr.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
500 http://fr.archive.ubuntu.com/ubuntu xenial/main i386 Packages
100 /var/lib/dpkg/status
# find /var/lib/polkit-1/localauthority
/var/lib/polkit-1/localauthority
/var/lib/polkit-1/localauthority/50-local.d
/var/lib/polkit-1/localauthority/50-local.d/require-password-to-update.pkla
/var/lib/polkit-1/localauthority/90-mandatory.d
/var/lib/polkit-1/localauthority/20-org.d
/var/lib/polkit-1/localauthority/10-vendor.d
/var/lib/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/fwupd.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/com.canonical.unity.webapps.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/50-com.canonical.indicator.sound.AccountsService.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/unity-greeter.pkla
/var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla
/var/lib/polkit-1/localauthority/30-site.d
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1591672/+subscriptions
More information about the foundations-bugs
mailing list