1 files changed, 46 insertions, 0 deletions

diff --git a/dracut/polkit.sh b/dracut/polkit.sh
new file mode 100644
index 0000000..c6dfd7f
--- /dev/null
+++ b/dracut/polkit.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
+
+USERNAME=$(getarg live.user)
+[ -z "$USERNAME" ] && USERNAME=anon
+
+# Check that polkit is installed.
+if [ ! -x ${NEWROOT}/usr/libexec/polkitd ]; then
+    exit 0
+fi
+
+# configure PolicyKit in live session
+mkdir -m0755 -p ${NEWROOT}/etc/PolicyKit
+cat << EOF > ${NEWROOT}/etc/PolicyKit/PolicyKit.conf
+<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
+
+<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
+"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
+
+<!-- See the manual page PolicyKit.conf(5) for file format -->
+
+<config version="0.1">
+    <match user="root">
+        <return result="yes"/>
+    </match>
+    <!-- don't ask password for user in live session -->
+    <match user="$USERNAME">
+        <return result="yes"/>
+    </match>
+    <define_admin_auth group="admin"/>
+</config>
+EOF
+
+mkdir -m0750 -p ${NEWROOT}/var/lib/polkit-1/localauthority/10-vendor.d
+cat << EOF > ${NEWROOT}/var/lib/polkit-1/localauthority/10-vendor.d/10-live-cd.pkla
+# Policy to allow the livecd user to bypass policykit
+[Live CD user permissions]
+Identity=unix-user:$USERNAME
+Action=*
+ResultAny=no
+ResultInactive=no
+ResultActive=yes
+EOF