systemd/src/core/org.freedesktop.systemd1.policy.in.in
Lennart Poettering 1d22e9068c core: rework policykit hookup
- Always issue selinux access check as early as possible, and PK check
  as late as possible.

- Introduce a new policykit action for altering environment

- Open most remaining bus calls to unprivileged clients via PK
2015-02-18 18:56:27 +01:00

71 lines
3.3 KiB
XML

<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<!--
This file is part of systemd.
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
-->
<policyconfig>
<vendor>The systemd Project</vendor>
<vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url>
<action id="org.freedesktop.systemd1.reply-password">
<_description>Send passphrase back to system</_description>
<_message>Authentication is required to send the entered passphrase back to the system.</_message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">@rootlibexecdir@/systemd-reply-password</annotate>
</action>
<action id="org.freedesktop.systemd1.manage-units">
<_description>Manage system services or other units</_description>
<_message>Authentication is required to manage system services or other units.</_message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.systemd1.manage-unit-files">
<_description>Manage system service or unit files</_description>
<_message>Authentication is required to manage system service or unit files.</_message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.systemd1.set-environment">
<_description>Set or unset system and service manager environment variables</_description>
<_message>Authentication is required to set or unset system and service manager environment variables.</_message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.systemd1.reload-daemon">
<_description>Reload the systemd state</_description>
<_message>Authentication is required to reload the systemd state.</_message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
</policyconfig>