The above still stands... but that isn't it for `snap` ... I changed all the `isIngroup("sudo")` to use `sudoA` since that's the actually group that's in sudoers...
And snap is still letting me install the blender snap in `--classic` mode. So.... How do you find out what polkit rules are running at any given time?
The `io.snapcraft.snapd.manage' action has:
```
<allow_any>auth_admin</allow_any>
```
But where is what `auth_admin` does defined? It *looks* like it's seeing it as a local login and just allowing it. If I log in through SSH and try the same command I get:
The above still stands... but that isn't it for `snap` ... I changed all the `isIngroup("sudo")` to use `sudoA` since that's the actually group that's in sudoers...
And snap is still letting me install the blender snap in `--classic` mode. So.... How do you find out what polkit rules are running at any given time?
The `io.snapcraft. snapd.manage' action has: any>auth_ admin</ allow_any>
```
<allow_
```
But where is what `auth_admin` does defined? It *looks* like it's seeing it as a local login and just allowing it. If I log in through SSH and try the same command I get:
$ snap install blender --classic
error: access denied (try with sudo)
Being a locally logged in user does not mean you should have the ability to install software. Again, that's an incorrect assumption being made.... :/