mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git
synced 2025-12-20 02:20:06 +01:00
39143f8bdd
Add a build option to allow installing a Polkit rule that will grant permissions for admin users without asking for their password if they're in a local console. This shouldn't be encouraged, though. It's common practice that admin users has to introduce their password to make system-wide changes. The standard polkit policy, without this rule, is auth_admin_keep. This policy will ask for the password once and won't ask for it again for ~5 minutes, so it is not too unconvenient. Different distros use different group names for users with admin rights, typically 'sudo' or 'wheel'. The build option allows to define the desired group, or to leave it empty to not install the rule. However, until the previous commit it was allowed that local users (even non-admin) could do system-wide changes without introducing a password. This option allows to maintain the same behavior for admin users, keeping backwards compatibility so we avoid breaking existing scripts, for example. We cannot achieve the same for non-admin users because allowing them to create system-wide connection causes security vulnerabilities that cannot be fixed in any other way.
83 lines
8.4 KiB
Meson
83 lines
8.4 KiB
Meson
# system paths
|
|
option('systemdsystemunitdir', type: 'string', value: '', description: 'Directory for systemd service files')
|
|
option('systemdsystemgeneratordir', type: 'string', value: '', description: 'Directory for systemd generator files')
|
|
option('system_ca_path', type: 'string', value: '/etc/ssl/certs', description: 'path to system CA certificates')
|
|
option('udev_dir', type: 'string', value: '', description: 'Absolute path of the udev base directory. Set to \'no\' not to install the udev rule')
|
|
option('dbus_conf_dir', type: 'string', value: '', description: 'where D-Bus system.d directory is')
|
|
option('kernel_firmware_dir', type: 'string', value: '/lib/firmware', description: 'where kernel firmware directory is (default is /lib/firmware)')
|
|
option('runtime_dir', type: 'string', value: '', description: 'Directory for transient runtime state [default: LOCALSTATEDIR/run or /run]')
|
|
option('iptables', type: 'string', value: '', description: 'path to iptables')
|
|
option('ip6tables', type: 'string', value: '', description: 'path to ip6tables')
|
|
option('nft', type: 'string', value: '', description: 'path to nft')
|
|
option('dnsmasq', type: 'string', value: '', description: 'path to dnsmasq')
|
|
option('modprobe', type: 'string', value: '', description: 'path to modprobe')
|
|
|
|
# platform
|
|
option('dist_version', type: 'string', value: '', description: 'Define the NM\'s distribution version string')
|
|
option('session_tracking_consolekit', type: 'boolean', value: true, description: 'Support consolekit session tracking')
|
|
option('session_tracking', type: 'combo', choices: ['systemd', 'elogind', 'no'], value: 'systemd', description: 'Compatibility option to choose one session tracking module')
|
|
option('suspend_resume', type: 'combo', choices: ['systemd', 'elogind', 'consolekit', 'auto'], value: 'auto', description: 'Build NetworkManager with specific suspend/resume support')
|
|
option('polkit', type: 'boolean', value: true, description: 'User auth-polkit configuration option.')
|
|
option('config_auth_polkit_default', type: 'combo', choices: ['default', 'true', 'false', 'root-only'], value: 'default', description: 'Default value for configuration main.auth-polkit.')
|
|
option('modify_system', type: 'boolean', value: false, description: 'Allow users to modify system connections (option no longer supported, don\'t use)')
|
|
option('polkit_noauth_group', type: 'string', value: '', description: 'Allow users of the selected group, typically sudo or wheel, to modify system connections without introducing a password (discouraged)')
|
|
option('polkit_agent_helper_1', type: 'string', value: '', description: 'Path name to the polkit-agent-helper-1 binary from polkit')
|
|
option('selinux', type: 'boolean', value: true, description: 'Build with SELinux')
|
|
option('systemd_journal', type: 'boolean', value: true, description: 'Use systemd journal for logging')
|
|
option('config_logging_backend_default', type: 'combo', choices: ['default', 'syslog', 'journal'], value: 'default', description: 'Default value for logging.backend')
|
|
option('config_wifi_backend_default', type: 'combo', choices: ['default', 'wpa_supplicant', 'iwd'], value: 'default', description: 'Default value for wifi.backend')
|
|
option('hostname_persist', type: 'combo', choices: ['default', 'suse', 'gentoo', 'slackware'], value: 'default', description: 'Hostname persist method')
|
|
option('libaudit', type: 'combo', choices: ['yes', 'yes-disabled-by-default', 'no'], value: 'yes', description: 'Build with audit daemon support. yes-disabled-by-default enables support, but disables it unless explicitly configured via NetworkManager.conf')
|
|
|
|
# features
|
|
option('wext', type: 'boolean', value: true, description: 'Enable or disable Linux Wireless Extensions')
|
|
option('wifi', type: 'boolean', value: true, description: 'enable Wi-Fi support')
|
|
option('iwd', type: 'boolean', value: false, description: 'enable iwd support (experimental)')
|
|
option('ppp', type: 'boolean', value: true, description: 'enable PPP/PPPoE support')
|
|
option('pppd', type: 'string', value: '', description: 'path to pppd binary')
|
|
option('pppd_plugin_dir', type: 'string', value: '', description: 'path to the pppd plugins directory')
|
|
option('modem_manager', type: 'boolean', value: true, description: 'Enable new ModemManager1 interface support')
|
|
option('mobile_broadband_provider_info_database', type: 'string', value: '', description: 'path to the mobile-broadband-provider-info database')
|
|
option('ofono', type: 'boolean', value: false, description: 'Enable oFono support (experimental)')
|
|
option('concheck', type: 'boolean', value: true, description: 'enable connectivity checking support')
|
|
option('teamdctl', type: 'boolean', value: false, description: 'enable Teamd control support')
|
|
option('ovs', type: 'boolean', value: true, description: 'enable Open vSwitch support')
|
|
option('nmcli', type: 'boolean', value: true, description: 'Build nmcli')
|
|
option('nmtui', type: 'boolean', value: true, description: 'Build nmtui')
|
|
option('nm_cloud_setup', type: 'boolean', value: true, description: 'Build nm-cloud-setup, a tool for automatically configuring networking in cloud')
|
|
option('bluez5_dun', type: 'boolean', value: false, description: 'enable Bluez5 DUN support')
|
|
option('ebpf', type: 'combo', choices: ['auto', 'true', 'false'], description: 'Enable eBPF support (deprecated)')
|
|
option('nbft', type: 'boolean', value: true, description: 'Enable NBFT support in the initrd generator')
|
|
|
|
# configuration plugins
|
|
option('config_plugins_default', type: 'string', value: '', description: 'Default configuration option for main.plugins setting, used as fallback if the configuration option is unset')
|
|
option('ifcfg_rh', type: 'boolean', value: false, description: 'enable ifcfg-rh configuration plugin (Fedora/RHEL) (deprecated)')
|
|
option('ifupdown', type: 'combo', choices:['auto', 'true', 'false'], value: 'auto', description: 'enable ifupdown configuration plugin (Debian/Ubuntu)')
|
|
option('config_migrate_ifcfg_rh_default', type: 'boolean', value: false, description: 'The default value of the main.migrate-ifcfg-rh configuration option')
|
|
|
|
# handlers for resolv.conf
|
|
option('resolvconf', type: 'string', value: '', description: 'Enable resolvconf support')
|
|
option('netconfig', type: 'string', value: '', description: 'Enable SUSE netconfig support')
|
|
option('config_dns_rc_manager_default', type: 'combo', choices: ['auto', 'symlink', 'file', 'netconfig', 'resolvconf'], value: 'auto', description: 'Configure default value for main.rc-manager setting')
|
|
|
|
# dhcp clients
|
|
option('dhclient', type: 'string', value: 'no', description: 'Enable dhclient support (deprecated)')
|
|
option('dhcpcd', type: 'string', value: '', description: 'Enable dhcpcd support')
|
|
option('config_dhcp_default', type: 'combo', choices: ['dhclient', 'dhcpcd', 'internal', 'nettools'], value: 'internal', description: 'Default configuration option for main.dhcp setting, used as fallback if the configuration option is unset')
|
|
|
|
# miscellaneous
|
|
option('introspection', type: 'boolean', value: true, description: 'Enable introspection for this build')
|
|
option('vapi', type : 'combo', choices : ['auto', 'true', 'false'], description: 'build Vala bindings')
|
|
option('docs', type: 'boolean', value: false, description: 'use to build documentation')
|
|
option('man', type: 'boolean', value: true, description: 'Install manpages')
|
|
option('tests', type: 'combo', choices: ['yes', 'no', 'root'], value: 'yes', description: 'Build NetworkManager tests')
|
|
option('firewalld_zone', type: 'boolean', value: true, description: 'Install and use firewalld zone for shared mode')
|
|
option('more_asserts', type: 'string', value: 'auto', description: 'Enable more assertions for debugging (0 = no, 100 = all, default: auto)')
|
|
option('more_logging', type: 'boolean', value: true, description: 'Enable more debug logging')
|
|
option('valgrind', type: 'array', value: ['no'], description: 'Use valgrind to memory-check the tests')
|
|
option('valgrind_suppressions', type: 'string', value: '', description: 'Use specific valgrind suppression file')
|
|
option('ld_gc', type: 'boolean', value: true, description: 'Enable garbage collection of unused symbols on linking')
|
|
option('libpsl', type: 'boolean', value: true, description: 'Link against libpsl')
|
|
option('crypto', type: 'combo', choices: ['nss', 'gnutls', 'null'], value: 'nss', description: 'Cryptography library to use for certificate and key operations')
|
|
option('qt', type: 'combo', choices: ['auto', 'true', 'false'], value: 'auto', description: 'enable Qt examples')
|
|
option('readline', type: 'combo', choices: ['auto', 'libreadline', 'libedit', 'none'], description: 'Using readline (auto) or libedit)')
|