diff options
author | kremlin <ian@kremlin.cc> | 2014-08-16 06:44:56 +0800 |
---|---|---|
committer | kremlin <ian@kremlin.cc> | 2014-08-16 06:44:56 +0800 |
commit | 89048d5b9f63b1fbc3d1520221500ed139dbc28b (patch) | |
tree | 948e8a4df4490c59c803193733a530c1b1211a6e | |
parent | aa4e15dfb588f060c4e9a7a5d652e656fd3ed553 (diff) | |
download | systembsd-89048d5b9f63b1fbc3d1520221500ed139dbc28b.tar systembsd-89048d5b9f63b1fbc3d1520221500ed139dbc28b.tar.gz systembsd-89048d5b9f63b1fbc3d1520221500ed139dbc28b.tar.bz2 systembsd-89048d5b9f63b1fbc3d1520221500ed139dbc28b.tar.lz systembsd-89048d5b9f63b1fbc3d1520221500ed139dbc28b.tar.xz systembsd-89048d5b9f63b1fbc3d1520221500ed139dbc28b.tar.zst systembsd-89048d5b9f63b1fbc3d1520221500ed139dbc28b.zip |
add polkit XML policies, include them in install target
all new .policy files are well formed but i am waiting
for freedesktop to fix the doctype DTD file:
http://thread.gmane.org/gmane.comp.freedesktop.policykit/374
-rw-r--r-- | Makefile | 3 | ||||
-rw-r--r-- | conf/polkit-policy/org.freedesktop.hostname1.policy | 57 | ||||
-rw-r--r-- | conf/polkit-policy/org.freedesktop.locale1.policy | 27 | ||||
-rw-r--r-- | conf/polkit-policy/org.freedesktop.login1.policy | 10 | ||||
-rw-r--r-- | conf/polkit-policy/org.freedesktop.timedate1.policy | 47 |
5 files changed, 144 insertions, 0 deletions
@@ -45,11 +45,13 @@ CONFDIR= conf POLICYDIR= $(CONFDIR)/sysbus-policy ISPECTDIR= $(CONFDIR)/introspect-xml SERVICEFDIR= $(CONFDIR)/service-files +POLKITDIR= $(CONFDIR)/polkit-policy INTFDIR= $(SRCDIR)/interfaces DBUS_POLICYDIR= $(SYSCONFDIR)/dbus-1/system.d DBUS_CONFIGDIR= $(PREFIX)/share/dbus-1/system-services +POLKIT_POLICYDIR= $(PREFIX)/share/polkit-1/actions INVOKE_GENFILE_SCRIPT= \ ./scripts/gen-gdbus-interfaces.sh @@ -95,6 +97,7 @@ _install_conf: _generate_servicefiles ${INSTALL_DATA} $(POLICYDIR)/*-dbus.conf $(DESTDIR)$(DBUS_POLICYDIR)/ ${INSTALL_DATA} $(SERVICEFDIR)/*.service $(DESTDIR)$(DBUS_CONFIGDIR)/ ${INSTALL_DATA} $(CONFDIR)/systemd_compat.conf $(DESTDIR)$(SYSCONFDIR)/ + ${INSTALL_DATA} $(POLKITDIR)/*.policy $(DESTDIR)$(POLKIT_POLICYDIR)/ _install_interface_binaries: $(LINKHN) ${INSTALL_PROGRAM_DIR} $(DESTDIR)$(BINDIR) diff --git a/conf/polkit-policy/org.freedesktop.hostname1.policy b/conf/polkit-policy/org.freedesktop.hostname1.policy new file mode 100644 index 0000000..c36f736 --- /dev/null +++ b/conf/polkit-policy/org.freedesktop.hostname1.policy @@ -0,0 +1,57 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd"> + +<policyconfig> + <vendor>OpenBSD</vendor> + <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase --> + + <action id="org.freedesktop.hostname1.SetHostname"> + <description>Set dynamic (system) hostname.</description> + <message>Setting the dynamic (system) hostname requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.hostname1.SetStaticHostname"> + <description>Set static hostname.</description> + <message>Setting the static hostname requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.hostname1.SetPrettyHostname"> + <description>Set pretty (UTF-8) hostname.</description> + <message>Setting the pretty (UTF-8) hostname requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.hostname1.SetIconName"> + <description>Set system's icon name.</description> + <message>Setting the system's icon name requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.hostname1.SetChassis"> + <description>Set system's chassis type.</description> + <message>Setting the system's chassis type requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> +</policyconfig> diff --git a/conf/polkit-policy/org.freedesktop.locale1.policy b/conf/polkit-policy/org.freedesktop.locale1.policy new file mode 100644 index 0000000..d605267 --- /dev/null +++ b/conf/polkit-policy/org.freedesktop.locale1.policy @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd"> + +<policyconfig> + <vendor>OpenBSD</vendor> + <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase --> + + <action id="org.freedesktop.locale1.SetLocale"> + <description>Set system's locale.</description> + <message>Setting the system's locale requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.locale1.SetX11Keyboard"> + <description>Set Xorg keymap.</description> + <message>Setting Xorg's keymap requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> +</policyconfig> diff --git a/conf/polkit-policy/org.freedesktop.login1.policy b/conf/polkit-policy/org.freedesktop.login1.policy new file mode 100644 index 0000000..e851a84 --- /dev/null +++ b/conf/polkit-policy/org.freedesktop.login1.policy @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd"> + +<policyconfig> + <vendor>OpenBSD</vendor> + <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase --> + + <!-- TODO this nightmare --> + +</policyconfig> diff --git a/conf/polkit-policy/org.freedesktop.timedate1.policy b/conf/polkit-policy/org.freedesktop.timedate1.policy new file mode 100644 index 0000000..3bd95b4 --- /dev/null +++ b/conf/polkit-policy/org.freedesktop.timedate1.policy @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD polkit Policy Configuration 1.0//EN" "http://www.freedesktop.org/software/polkit/policyconfig-1.dtd"> + +<policyconfig> + <vendor>OpenBSD</vendor> + <vendor_url>https://uglyman.kremlin.cc/gitweb/gitweb.cgi?p=systemd-utl.git</vendor_url> <!-- TODO change or redirect this URL when we rebase --> + + <action id="org.freedesktop.timedate1.SetTime"> + <description>Set system time.</description> + <message>Setting the system time requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.timedate1.SetTimezone"> + <description>Set local timezone.</description> + <message>Setting the timezone requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.timedate1.SetLocalRTC"> + <description>Switch RTC between UTC and local time.</description> + <message>Switching to the system's real time clock source requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.timedate1.SetNTP"> + <description>Toggle clock synchronization through NTP.</description> + <message>Toggling NTP requires authentication.</message> + <defaults> + <allow_any>auth_admin_keep</allow_any> + <allow_inactive>auth_admin_keep</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> +</policyconfig> |