c529695e7a
Also, allow clients to alter their own objects without any further priviliges. i.e. this allows clients to kill and lock their own sessions without involving PK.
294 lines
16 KiB
XML
294 lines
16 KiB
XML
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
|
|
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
|
|
|
|
<!--
|
|
This file is part of systemd.
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
-->
|
|
|
|
<policyconfig>
|
|
|
|
<vendor>The systemd Project</vendor>
|
|
<vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-block-shutdown">
|
|
<_description>Allow applications to inhibit system shutdown</_description>
|
|
<_message>Authentication is required for an application to inhibit system shutdown.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.inhibit-delay-shutdown org.freedesktop.login1.inhibit-block-sleep org.freedesktop.login1.inhibit-delay-sleep org.freedesktop.login1.inhibit-block-idle</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-delay-shutdown">
|
|
<_description>Allow applications to delay system shutdown</_description>
|
|
<_message>Authentication is required for an application to delay system shutdown.</_message>
|
|
<defaults>
|
|
<allow_any>yes</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.inhibit-delay-sleep</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-block-sleep">
|
|
<_description>Allow applications to inhibit system sleep</_description>
|
|
<_message>Authentication is required for an application to inhibit system sleep.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.inhibit-delay-sleep org.freedesktop.login1.inhibit-block-idle</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-delay-sleep">
|
|
<_description>Allow applications to delay system sleep</_description>
|
|
<_message>Authentication is required for an application to delay system sleep.</_message>
|
|
<defaults>
|
|
<allow_any>yes</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-block-idle">
|
|
<_description>Allow applications to inhibit automatic system suspend</_description>
|
|
<_message>Authentication is required for an application to inhibit automatic system suspend.</_message>
|
|
<defaults>
|
|
<allow_any>yes</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-handle-power-key">
|
|
<_description>Allow applications to inhibit system handling of the power key</_description>
|
|
<_message>Authentication is required for an application to inhibit system handling of the power key.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.inhibit-handle-suspend-key org.freedesktop.login1.inhibit-handle-hibernate-key org.freedesktop.login1.inhibit-handle-lid-switch</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-handle-suspend-key">
|
|
<_description>Allow applications to inhibit system handling of the suspend key</_description>
|
|
<_message>Authentication is required for an application to inhibit system handling of the suspend key.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.inhibit-handle-hibernate-key org.freedesktop.login1.inhibit-handle-lid-switch</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-handle-hibernate-key">
|
|
<_description>Allow applications to inhibit system handling of the hibernate key</_description>
|
|
<_message>Authentication is required for an application to inhibit system handling of the hibernate key.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-handle-lid-switch">
|
|
<_description>Allow applications to inhibit system handling of the lid switch</_description>
|
|
<_message>Authentication is required for an application to inhibit system handling of the lid switch.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.set-user-linger">
|
|
<_description>Allow non-logged-in users to run programs</_description>
|
|
<_message>Authentication is required to run programs as a non-logged-in user.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.attach-device">
|
|
<_description>Allow attaching devices to seats</_description>
|
|
<_message>Authentication is required for attaching a device to a seat.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.flush-devices</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.flush-devices">
|
|
<_description>Flush device to seat attachments</_description>
|
|
<_message>Authentication is required for resetting how devices are attached to seats.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.power-off">
|
|
<_description>Power off the system</_description>
|
|
<_message>Authentication is required for powering off the system.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.power-off-multiple-sessions">
|
|
<_description>Power off the system while other users are logged in</_description>
|
|
<_message>Authentication is required for powering off the system while other users are logged in.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.power-off</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.power-off-ignore-inhibit">
|
|
<_description>Power off the system while an application asked to inhibit it</_description>
|
|
<_message>Authentication is required for powering off the system while an application asked to inhibit it.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.power-off</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.reboot">
|
|
<_description>Reboot the system</_description>
|
|
<_message>Authentication is required for rebooting the system.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.reboot-multiple-sessions">
|
|
<_description>Reboot the system while other users are logged in</_description>
|
|
<_message>Authentication is required for rebooting the system while other users are logged in.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.reboot</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.reboot-ignore-inhibit">
|
|
<_description>Reboot the system while an application asked to inhibit it</_description>
|
|
<_message>Authentication is required for rebooting the system while an application asked to inhibit it.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.reboot</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.suspend">
|
|
<_description>Suspend the system</_description>
|
|
<_message>Authentication is required for suspending the system.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.suspend-multiple-sessions">
|
|
<_description>Suspend the system while other users are logged in</_description>
|
|
<_message>Authentication is required for suspending the system while other users are logged in.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.suspend</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.suspend-ignore-inhibit">
|
|
<_description>Suspend the system while an application asked to inhibit it</_description>
|
|
<_message>Authentication is required for suspending the system while an application asked to inhibit it.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.suspend</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.hibernate">
|
|
<_description>Hibernate the system</_description>
|
|
<_message>Authentication is required for hibernating the system.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.hibernate-multiple-sessions">
|
|
<_description>Hibernate the system while other users are logged in</_description>
|
|
<_message>Authentication is required for hibernating the system while other users are logged in.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.hibernate</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.hibernate-ignore-inhibit">
|
|
<_description>Hibernate the system while an application asked to inhibit it</_description>
|
|
<_message>Authentication is required for hibernating the system while an application asked to inhibit it.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.hibernate</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.manage">
|
|
<_description>Manager active sessions, users and seats</_description>
|
|
<_message>Authentication is required for managing active sessions, users and seats.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.lock-sessions">
|
|
<_description>Lock or unlock active sessions</_description>
|
|
<_message>Authentication is required for locking or unlocking active sessions.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
</policyconfig>
|