aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/etc/polkit-1/rules.d/50-networkd-wheel.rules
diff options
context:
space:
mode:
Diffstat (limited to 'etc/polkit-1/rules.d/50-networkd-wheel.rules')
-rw-r--r--etc/polkit-1/rules.d/50-networkd-wheel.rules13
1 files changed, 13 insertions, 0 deletions
diff --git a/etc/polkit-1/rules.d/50-networkd-wheel.rules b/etc/polkit-1/rules.d/50-networkd-wheel.rules
new file mode 100644
index 0000000..089616a
--- /dev/null
+++ b/etc/polkit-1/rules.d/50-networkd-wheel.rules
@@ -0,0 +1,13 @@
+// Allow members of the `wheel` group to manage systemd-networkd links
+// (e.g. `networkctl up/down <iface>`) without a polkit password prompt.
+// This single-user system already trusts wheel for administrative work
+// via sudo-rs; networkd's polkit gate is a separate path that does not
+// honour sudoers, so a polkit rule is the idiomatic fix.
+polkit.addRule(function (action, subject) {
+ if (
+ action.id.indexOf("org.freedesktop.network1.") === 0 &&
+ subject.isInGroup("wheel")
+ ) {
+ return polkit.Result.YES;
+ }
+});
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-31 22:16:00 +0000