Network Proxies and Polkit
In environments which must use a proxy server to access the Internet, using Polkit to launch applications which need to access the network as root will fail.
Network Manager, or the use directly, may set the necessary proxy environment variable, but Polkit strips these variable when running an application.
I read and understand this security note on Environment variables being stripped:
The environment that PROGRAM will run it, will be set to a minimal known and safe environment in order to avoid injecting code through LD_LIBRARY_PATH or similar mechanisms. In addition the PKEXEC_UID environment variable is set to the user id of the process invoking pkexec. As a result, pkexec will not by default allow you to run X11 applications as another user since the $DISPLAY and $XAUTHORITY environment variables are not set. These two variables will be retained if the org.freedesktop.policykit.exec.allow_gui annotation on an action is set to a nonempty value; this is discouraged, though, and should only be used for legacy programs.
Launching the same application with sudo
instead of pkexec
we can allow environment variable "we deem safe":
cat /etc/sudoers.d/env_keep
Defaults env_keep += "http_proxy https_proxy ftp_proxy no_proxy socks_proxy"
Defaults env_keep += "HTTP_PROXY HTTPS_PROXY FTP_PROXY NO_PROXY SOCKS_PROXY"
Is there something similar in polkit to allow the proxy information to be passed to the root (or any) user running the application?