2011-05-25 00:55:58 +02:00
|
|
|
<?xml version="1.0"?> <!--*-nxml-*-->
|
|
|
|
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
|
|
|
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
|
|
|
|
|
|
<!--
|
2017-11-18 18:18:16 +01:00
|
|
|
SPDX-License-Identifier: LGPL-2.1+
|
|
|
|
|
2011-05-25 00:55:58 +02:00
|
|
|
This file is part of systemd.
|
|
|
|
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
2012-04-12 00:20:58 +02:00
|
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
2011-05-25 00:55:58 +02:00
|
|
|
(at your option) any later version.
|
|
|
|
-->
|
|
|
|
|
|
|
|
<busconfig>
|
|
|
|
|
|
|
|
<policy user="root">
|
|
|
|
<allow own="org.freedesktop.login1"/>
|
|
|
|
<allow send_destination="org.freedesktop.login1"/>
|
|
|
|
<allow receive_sender="org.freedesktop.login1"/>
|
|
|
|
</policy>
|
|
|
|
|
|
|
|
<policy context="default">
|
2011-06-28 21:56:41 +02:00
|
|
|
<deny send_destination="org.freedesktop.login1"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.DBus.Introspectable"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.DBus.Peer"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.DBus.Properties"
|
|
|
|
send_member="Get"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.DBus.Properties"
|
|
|
|
send_member="GetAll"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="GetSession"/>
|
|
|
|
|
2012-02-01 19:04:54 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="GetSessionByPID"/>
|
|
|
|
|
2011-06-28 21:56:41 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="GetUser"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2013-12-10 17:41:39 +01:00
|
|
|
send_member="GetUserByPID"/>
|
2011-06-28 21:56:41 +02:00
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2013-12-10 17:41:39 +01:00
|
|
|
send_member="GetSeat"/>
|
2011-06-28 21:56:41 +02:00
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2013-12-10 17:41:39 +01:00
|
|
|
send_member="ListSessions"/>
|
2011-06-28 21:56:41 +02:00
|
|
|
|
2013-06-20 04:00:28 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2013-12-10 17:41:39 +01:00
|
|
|
send_member="ListUsers"/>
|
2013-06-20 04:00:28 +02:00
|
|
|
|
2011-06-28 21:56:41 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="ListSeats"/>
|
|
|
|
|
2012-04-16 16:47:33 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="ListInhibitors"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="Inhibit"/>
|
|
|
|
|
2011-06-28 21:56:41 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="SetUserLinger"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="ActivateSession"/>
|
|
|
|
|
2012-02-07 20:12:13 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="ActivateSessionOnSeat"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="LockSession"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="UnlockSession"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="LockSessions"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="UnlockSessions"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="KillSession"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="KillUser"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="TerminateSession"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="TerminateUser"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="TerminateSeat"/>
|
|
|
|
|
2012-02-10 00:56:44 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="PowerOff"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="Reboot"/>
|
|
|
|
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="Halt"/>
|
|
|
|
|
2012-05-08 19:02:25 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="Suspend"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="Hibernate"/>
|
|
|
|
|
2012-12-17 21:32:21 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="HybridSleep"/>
|
|
|
|
|
2018-03-08 14:17:33 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2018-03-28 18:00:06 +02:00
|
|
|
send_member="SuspendThenHibernate"/>
|
2018-03-08 14:17:33 +01:00
|
|
|
|
2012-02-10 02:35:48 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
2012-02-11 00:13:10 +01:00
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanPowerOff"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanReboot"/>
|
|
|
|
|
logind: add Halt() and CanHalt() APIs
This adds new method calls Halt() and CanHalt() to the logind bus APIs.
They aren't overly useful (as the whole concept of halting isn't really
too useful), however they clean up one major asymmetry: currently, using
the "shutdown" legacy commands it is possibly to enqueue a "halt"
operation through logind, while logind officially doesn't actually
support this. Moreover, the path through "shutdown" currently ultimately
fails, since the referenced "halt" action isn't actually defined in
PolicyKit.
Finally, the current logic results in an unexpected asymmetry in
systemctl: "systemctl poweroff", "systemctl reboot" are currently
asynchronous (due to the logind involvement) while "systemctl halt"
isnt. Let's clean this up, and make all three APIs implemented by
logind natively, and all three hence asynchronous in "systemctl".
Moreover, let's add the missing PK action.
Fixes: #6957
2017-10-02 16:03:55 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanHalt"/>
|
|
|
|
|
2012-02-11 00:13:10 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
2012-05-08 19:02:25 +02:00
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanSuspend"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanHibernate"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
2012-12-17 21:32:21 +01:00
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanHybridSleep"/>
|
|
|
|
|
2018-03-08 14:17:33 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
2018-03-28 18:00:06 +02:00
|
|
|
send_member="CanSuspendThenHibernate"/>
|
2018-03-08 14:17:33 +01:00
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="ScheduleShutdown"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CancelScheduledShutdown"/>
|
|
|
|
|
2015-04-03 18:03:06 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="CanRebootToFirmwareSetup"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="SetRebootToFirmwareSetup"/>
|
|
|
|
|
2015-08-24 14:54:22 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="SetWallMessage"/>
|
|
|
|
|
2012-12-17 21:32:21 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
2012-02-10 02:35:48 +01:00
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="AttachDevice"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Manager"
|
|
|
|
send_member="FlushDevices"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Seat"
|
|
|
|
send_member="Terminate"/>
|
|
|
|
|
2011-06-28 21:56:41 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Seat"
|
|
|
|
send_member="ActivateSession"/>
|
|
|
|
|
2014-02-22 00:23:17 +01:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Seat"
|
|
|
|
send_member="SwitchTo"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Seat"
|
|
|
|
send_member="SwitchToPrevious"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Seat"
|
|
|
|
send_member="SwitchToNext"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="Terminate"/>
|
|
|
|
|
2011-06-28 21:56:41 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="Activate"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="Lock"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="Unlock"/>
|
|
|
|
|
2011-06-29 19:53:27 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="SetIdleHint"/>
|
|
|
|
|
2016-05-11 19:34:13 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="SetLockedHint"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="Kill"/>
|
|
|
|
|
2013-10-15 21:13:39 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="TakeControl"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="ReleaseControl"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="TakeDevice"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="ReleaseDevice"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.Session"
|
|
|
|
send_member="PauseDeviceComplete"/>
|
|
|
|
|
2015-07-11 22:00:26 +02:00
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.User"
|
|
|
|
send_member="Terminate"/>
|
|
|
|
|
|
|
|
<allow send_destination="org.freedesktop.login1"
|
|
|
|
send_interface="org.freedesktop.login1.User"
|
|
|
|
send_member="Kill"/>
|
|
|
|
|
2011-05-25 00:55:58 +02:00
|
|
|
<allow receive_sender="org.freedesktop.login1"/>
|
|
|
|
</policy>
|
|
|
|
|
|
|
|
</busconfig>
|