GNOME Bugzilla – Bug 700141
turn --enable-modify-system into NetworkManager.conf setting
Last modified: 2013-05-22 15:19:30 UTC
The configuration modification policy is now determined at build time but should IMO be determined by local configuration file.
Not sure about this... policykit has a configuration mechanism for this stuff. Adding our own layer on top of that could make things confusing. Also, you can override the installed policy with a file in /etc/polkit-1/rules.d/, so it *is* run-time configurable.
Thanks for your comment. But if it is run-time configurable, then it doesn't make sense to have the compile-time option at all, does it?
The compile-time option is for setting the defaults so that distro maintainers (ie, us) don't have to carry patches around locally for it. Logically there are two sets of defaults for NM: permissive and locked-down. Fedora uses permissive, other distros use locked-down by default. It's then up to the administrator post-install to customize the PolicyKit rules for their specific requirements.
What he said: /usr/share/polkit-1/actions/ contains the default setting for the distribution, and so is set at build time. /etc/polkit-1/rules.d/ contains site-specific overrides, and is configured at run time.