Comment 3 for bug 1882098

Hello Seth,

the packagekit-deny rule should not be necessary, it's there to underline what is specifically not allowed.

AFAIK, there are no other rules which could have granted this permission. This happens on a fresh install of Ubuntu where the above is the only modification to polkit rules.

I'm on vacation since yesterday evening, so I cannot currently check if the groups have some kind of unexpected effect.

See this for reference:
https://github.com/hughsie/PackageKit/blob/master/policy/org.freedesktop.packagekit.policy.in

The issue is that the command 'pkcon install-local evil-package-i-just-created.deb' triggers the action 'org.freedesktop.packagekit.package-install' instead of 'org.freedesktop.packagekit.package-install-untrusted' which it should.