Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Unverified Commit a813be07 authored Jan 26, 2022 by Martin Weinelt

nixos/polkit: don't enable by default

SUID wrappers really shouldn't be enabled by default, unless a consumer
relies on them. So in my opinion this falls upon the desktop
environments if needed or a user to explicltly enable this if wanted.

Most desktop environments and services like CUPS already enable polkit
by default, that should really be sufficient.

parent 071dbeb5

nixos/doc/manual/from_md/release-notes/rl-2205.section.xml

+8 −0

Original line number	Diff line number	Diff line
		@@ -721,6 +721,14 @@
		<literal>tmux</literal>.
		</para>
		</listitem>
		<listitem>
		<para>
		The polkit service, available at
		<literal>security.polkit.enable</literal>, is now disabled by
		default. It will automatically be enabled through services and
		desktop environments as needed.
		</para>
		</listitem>
		</itemizedlist>
		</section>
		</section>

nixos/doc/manual/release-notes/rl-2205.section.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -245,4 +245,6 @@ In addition to numerous new and upgraded packages, this release has the followin

		- `programs.tmux` has a new option `plugins` that accepts a list of packages from the `tmuxPlugins` group. The specified packages are added to the system and loaded by `tmux`.

		- The polkit service, available at `security.polkit.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed.

		<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

nixos/modules/security/polkit.nix

+1 −5

Original line number	Diff line number	Diff line
		@@ -12,11 +12,7 @@ in

		options = {

		security.polkit.enable = mkOption {
		type = types.bool;
		default = true;
		description = "Whether to enable PolKit.";
		};
		security.polkit.enable = mkEnableOption "polkit";

		security.polkit.extraConfig = mkOption {
		type = types.lines;