What | Removed | Added |
---|---|---|
Flags | needinfo?(mchandras@suse.com) |
(In reply to Sebastian Krahmer from comment #2) > This was by intention. Accessing firewall rules may not > be something for the average user. Whats wrong with entering > admin credentials when doing so? > Which rules in particular you want to have relaxed for .standard? Hi Sebastian, If you compare the 'desktop' and 'server' polkit files as provided by the firewalld package you will see that they only differ in the *.info actions (eg org.fedoraproject.FirewallD1.policies.info). The desktop file is far more relaxed in allowing users to obtain the current configuration without authentication. Altering the configuration needs authentication of course. I can provide the diff between these two files if needed. This will affect desktop users using NetworkManager in the future (currently firewalld is disabled in our NM builds) because it means that whenever you edit or query a network connection for your user session you will have to gain extra privileges in order for NM to talk to firewalld via dbus obtain the zone for the network interface. I think this is not very user friendly for desktop environments. For what is worth, Fedora (I am mentioning Fedora because it's been using firewalld as default for a while) also uses the desktop polkit file in the workstation builds so querying the firewall as a user is allowed there. My understanding is that the restrictive file targets secure environments (servers, secured workstations etc) and the standard one targets home-based environments so the current behavior is probably not very user friendly for regular users.