diff options
author | Michael Chapman <mike@very.puzzling.org> | 2015-09-06 00:07:17 +1000 |
---|---|---|
committer | Michael Chapman <mike@very.puzzling.org> | 2015-09-06 00:07:17 +1000 |
commit | 88ced61bf9673407f4b15bf51b1b408fd78c149d (patch) | |
tree | b6cf57f054c3e65497b01100446a6667b3ef474d /src/core/manager.h | |
parent | 403ed0e5c914f2a0a683403d8ba7eaf96e3ffcdf (diff) |
core: pass details to polkit for some unit actions
The following details are passed:
- unit: the primary name of the unit upon which the action was
invoked (i.e. after resolving any aliases);
- verb: one of 'start', 'stop', 'reload', 'restart', 'try-restart',
'reload-or-restart', 'reload-or-try-restart', 'kill',
'reset-failed', or 'set-property', corresponding to the
systemctl verb used to invoke the action.
Typical use of these details in a polkit policy rule might be:
// Allow alice to manage example.service;
// fall back to implicit authorization otherwise.
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "example.service" &&
subject.user == "alice") {
return polkit.Result.YES;
}
});
We also supply a custom polkit message that includes the unit's name and
the requested operation.
Diffstat (limited to 'src/core/manager.h')
0 files changed, 0 insertions, 0 deletions