a8f2b6912e
This makes e.g. `systemctl enable --now` ask password only once. Follow-up for b07abe63d3abf03df559f7cb2c9863943df22274.
74 lines
3.7 KiB
XML
74 lines
3.7 KiB
XML
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
|
|
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
|
|
|
|
<!--
|
|
SPDX-License-Identifier: LGPL-2.1+
|
|
|
|
This file is part of systemd.
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
-->
|
|
|
|
<policyconfig>
|
|
|
|
<vendor>The systemd Project</vendor>
|
|
<vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url>
|
|
|
|
<action id="org.freedesktop.systemd1.reply-password">
|
|
<description gettext-domain="systemd">Send passphrase back to system</description>
|
|
<message gettext-domain="systemd">Authentication is required to send the entered passphrase back to the system.</message>
|
|
<defaults>
|
|
<allow_any>no</allow_any>
|
|
<allow_inactive>no</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.exec.path">@rootlibexecdir@/systemd-reply-password</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.systemd1.manage-units">
|
|
<description gettext-domain="systemd">Manage system services or other units</description>
|
|
<message gettext-domain="systemd">Authentication is required to manage system services or other units.</message>
|
|
<defaults>
|
|
<allow_any>auth_admin</allow_any>
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.systemd1.manage-unit-files">
|
|
<description gettext-domain="systemd">Manage system service or unit files</description>
|
|
<message gettext-domain="systemd">Authentication is required to manage system service or unit files.</message>
|
|
<defaults>
|
|
<allow_any>auth_admin</allow_any>
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.systemd1.reload-daemon org.freedesktop.systemd1.manage-units</annotate>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.systemd1.set-environment">
|
|
<description gettext-domain="systemd">Set or unset system and service manager environment variables</description>
|
|
<message gettext-domain="systemd">Authentication is required to set or unset system and service manager environment variables.</message>
|
|
<defaults>
|
|
<allow_any>auth_admin</allow_any>
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
<action id="org.freedesktop.systemd1.reload-daemon">
|
|
<description gettext-domain="systemd">Reload the systemd state</description>
|
|
<message gettext-domain="systemd">Authentication is required to reload the systemd state.</message>
|
|
<defaults>
|
|
<allow_any>auth_admin</allow_any>
|
|
<allow_inactive>auth_admin</allow_inactive>
|
|
<allow_active>auth_admin_keep</allow_active>
|
|
</defaults>
|
|
</action>
|
|
|
|
</policyconfig>
|