9ef15026c0
Enable unprivileged users to set wall message on a shutdown operation. When the message is set via the --message option, it is logged together with the default shutdown message. $ systemctl reboot --message "Applied kernel updates." $ journalctl -b -1 ... systemd-logind[27]: System is rebooting. (Applied kernel updates.) ...
316 lines
17 KiB
XML
316 lines
17 KiB
XML
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
|
|
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
|
|
|
|
<!--
|
|
This file is part of systemd.
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
-->
|
|
|
|
<policyconfig>
|
|
|
|
<vendor>The systemd Project</vendor>
|
|
<vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-block-shutdown">
|
|
<_description>Allow applications to inhibit system shutdown</_description>
|
|
<_message>Authentication is required for an application to inhibit system shutdown.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.inhibit-delay-shutdown org.freedesktop.login1.inhibit-block-sleep org.freedesktop.login1.inhibit-delay-sleep org.freedesktop.login1.inhibit-block-idle</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-delay-shutdown">
|
|
<_description>Allow applications to delay system shutdown</_description>
|
|
<_message>Authentication is required for an application to delay system shutdown.</_message>
|
|
<defaults>
|
|
<allow_any>yes</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.inhibit-delay-sleep</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-block-sleep">
|
|
<_description>Allow applications to inhibit system sleep</_description>
|
|
<_message>Authentication is required for an application to inhibit system sleep.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.inhibit-delay-sleep org.freedesktop.login1.inhibit-block-idle</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-delay-sleep">
|
|
<_description>Allow applications to delay system sleep</_description>
|
|
<_message>Authentication is required for an application to delay system sleep.</_message>
|
|
<defaults>
|
|
<allow_any>yes</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-block-idle">
|
|
<_description>Allow applications to inhibit automatic system suspend</_description>
|
|
<_message>Authentication is required for an application to inhibit automatic system suspend.</_message>
|
|
<defaults>
|
|
<allow_any>yes</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-handle-power-key">
|
|
<_description>Allow applications to inhibit system handling of the power key</_description>
|
|
<_message>Authentication is required for an application to inhibit system handling of the power key.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.inhibit-handle-suspend-key org.freedesktop.login1.inhibit-handle-hibernate-key org.freedesktop.login1.inhibit-handle-lid-switch</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-handle-suspend-key">
|
|
<_description>Allow applications to inhibit system handling of the suspend key</_description>
|
|
<_message>Authentication is required for an application to inhibit system handling of the suspend key.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.inhibit-handle-hibernate-key org.freedesktop.login1.inhibit-handle-lid-switch</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-handle-hibernate-key">
|
|
<_description>Allow applications to inhibit system handling of the hibernate key</_description>
|
|
<_message>Authentication is required for an application to inhibit system handling of the hibernate key.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.inhibit-handle-lid-switch">
|
|
<_description>Allow applications to inhibit system handling of the lid switch</_description>
|
|
<_message>Authentication is required for an application to inhibit system handling of the lid switch.</_message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>yes</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.set-user-linger">
|
|
<_description>Allow non-logged-in users to run programs</_description>
|
|
<_message>Authentication is required to run programs as a non-logged-in user.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.attach-device">
|
|
<_description>Allow attaching devices to seats</_description>
|
|
<_message>Authentication is required for attaching a device to a seat.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.flush-devices</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.flush-devices">
|
|
<_description>Flush device to seat attachments</_description>
|
|
<_message>Authentication is required for resetting how devices are attached to seats.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.power-off">
|
|
<_description>Power off the system</_description>
|
|
<_message>Authentication is required for powering off the system.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.set-wall-message</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.power-off-multiple-sessions">
|
|
<_description>Power off the system while other users are logged in</_description>
|
|
<_message>Authentication is required for powering off the system while other users are logged in.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.power-off</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.power-off-ignore-inhibit">
|
|
<_description>Power off the system while an application asked to inhibit it</_description>
|
|
<_message>Authentication is required for powering off the system while an application asked to inhibit it.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.power-off</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.reboot">
|
|
<_description>Reboot the system</_description>
|
|
<_message>Authentication is required for rebooting the system.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.set-wall-message</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.reboot-multiple-sessions">
|
|
<_description>Reboot the system while other users are logged in</_description>
|
|
<_message>Authentication is required for rebooting the system while other users are logged in.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.reboot</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.reboot-ignore-inhibit">
|
|
<_description>Reboot the system while an application asked to inhibit it</_description>
|
|
<_message>Authentication is required for rebooting the system while an application asked to inhibit it.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.reboot</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.suspend">
|
|
<_description>Suspend the system</_description>
|
|
<_message>Authentication is required for suspending the system.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.suspend-multiple-sessions">
|
|
<_description>Suspend the system while other users are logged in</_description>
|
|
<_message>Authentication is required for suspending the system while other users are logged in.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.suspend</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.suspend-ignore-inhibit">
|
|
<_description>Suspend the system while an application asked to inhibit it</_description>
|
|
<_message>Authentication is required for suspending the system while an application asked to inhibit it.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.suspend</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.hibernate">
|
|
<_description>Hibernate the system</_description>
|
|
<_message>Authentication is required for hibernating the system.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.hibernate-multiple-sessions">
|
|
<_description>Hibernate the system while other users are logged in</_description>
|
|
<_message>Authentication is required for hibernating the system while other users are logged in.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>yes</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.hibernate</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.hibernate-ignore-inhibit">
|
|
<_description>Hibernate the system while an application asked to inhibit it</_description>
|
|
<_message>Authentication is required for hibernating the system while an application asked to inhibit it.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.hibernate</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.manage">
|
|
<_description>Manage active sessions, users and seats</_description>
|
|
<_message>Authentication is required for managing active sessions, users and seats.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.lock-sessions">
|
|
<_description>Lock or unlock active sessions</_description>
|
|
<_message>Authentication is required to lock or unlock active sessions.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.set-reboot-to-firmware-setup">
|
|
<_description>Allow indication to the firmware to boot to setup interface</_description>
|
|
<_message>Authentication is required to indicate to the firmware to boot to setup interface.</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.login1.set-wall-message">
|
|
<_description>Set a wall message</_description>
|
|
<_message>Authentication is required to set a wall message</_message>
|
|
<defaults>
|
|
<allow_any>auth_admin_keep</allow_any>
|
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
</policyconfig>
|