From 575d82dd0e4b0088084966506120f3237962a472 Mon Sep 17 00:00:00 2001
From: Pragmatic Software <pragma78@gmail.com>
Date: Sat, 29 Jan 2022 17:29:55 -0800
Subject: [PATCH] compiler_vm: add polkit rule to require admin password for
 all actions

---
 applets/compiler_vm/guest/bin/setup-guest           | 4 ++++
 applets/compiler_vm/guest/polkit/00-auth-only.rules | 5 +++++
 2 files changed, 9 insertions(+)
 create mode 100644 applets/compiler_vm/guest/polkit/00-auth-only.rules

diff --git a/applets/compiler_vm/guest/bin/setup-guest b/applets/compiler_vm/guest/bin/setup-guest
index 4e927368..988a5541 100755
--- a/applets/compiler_vm/guest/bin/setup-guest
+++ b/applets/compiler_vm/guest/bin/setup-guest
@@ -1,8 +1,12 @@
 cp guest/bin/* /usr/local/bin
+
 mkdir /usr/local/share/pbot-vm/
 cp -r guest/lib/Languages/ /usr/local/share/pbot-vm/
+
 cp guest/include/prelude.h /usr/include
 
+cp guest/polkit/* /etc/polkit-1/rules.d/
+
 echo unset DEBUGINFOD_URLS >> /root/.bashrc
 echo export ASAN_OPTIONS=detect_leaks=0 >> /root/.bashrc
 
diff --git a/applets/compiler_vm/guest/polkit/00-auth-only.rules b/applets/compiler_vm/guest/polkit/00-auth-only.rules
new file mode 100644
index 00000000..26a66a6f
--- /dev/null
+++ b/applets/compiler_vm/guest/polkit/00-auth-only.rules
@@ -0,0 +1,5 @@
+// require admin login for all polkit actions
+// e.g. NetworkManager, shutdown, reboot, etc now require root password
+polkit.addRule(function(action, subject) {
+        return polkit.Result.AUTH_ADMIN;
+});