1d22e9068c
- Always issue selinux access check as early as possible, and PK check as late as possible. - Introduce a new policykit action for altering environment - Open most remaining bus calls to unprivileged clients via PK
71 lines
3.3 KiB
XML
71 lines
3.3 KiB
XML
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
|
|
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
|
|
|
|
<!--
|
|
This file is part of systemd.
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
-->
|
|
|
|
<policyconfig>
|
|
|
|
<vendor>The systemd Project</vendor>
|
|
<vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url>
|
|
|
|
<action id="org.freedesktop.systemd1.reply-password">
|
|
<_description>Send passphrase back to system</_description>
|
|
<_message>Authentication is required to send the entered passphrase back to the system.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>no</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.exec.path">@rootlibexecdir@/systemd-reply-password</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.systemd1.manage-units">
|
|
<_description>Manage system services or other units</_description>
|
|
<_message>Authentication is required to manage system services or other units.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin</allow_any>
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.systemd1.manage-unit-files">
|
|
<_description>Manage system service or unit files</_description>
|
|
<_message>Authentication is required to manage system service or unit files.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin</allow_any>
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.systemd1.set-environment">
|
|
<_description>Set or unset system and service manager environment variables</_description>
|
|
<_message>Authentication is required to set or unset system and service manager environment variables.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin</allow_any>
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.systemd1.reload-daemon">
|
|
<_description>Reload the systemd state</_description>
|
|
<_message>Authentication is required to reload the systemd state.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin</allow_any>
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
</policyconfig>
|