From 17759873c4b5144b14cea550a2a3995f4c806b46 Mon Sep 17 00:00:00 2001
From: Philip Withnall <philip.withnall@collabora.co.uk>
Date: Thu, 19 May 2016 10:08:08 +0100
Subject: [PATCH] data: Set GIO_USE_VFS=local in the .service file environment
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There is no need for polkit to ever use GVFS to load files from
non-local sources, so it’s best to avoid loading GVFS code, and to just
rely on the local implementation in GIO instead. This reduces the attack
surface of polkit.

https://bugs.freedesktop.org/show_bug.cgi?id=95487
---
 data/polkit.service.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/polkit.service.in b/data/polkit.service.in
index 9665043..f656e33 100644
--- a/data/polkit.service.in
+++ b/data/polkit.service.in
@@ -6,3 +6,4 @@ Documentation=man:polkit(8)
 Type=dbus
 BusName=org.freedesktop.PolicyKit1
 ExecStart=@libprivdir@/polkitd --no-debug
+Environment=GIO_USE_VFS=local
-- 
2.5.5