diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-02-18 17:40:57 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-02-18 18:56:27 +0100 |
commit | 1d22e9068c52c1cf935bcdff70b9b9654e3c939e (patch) | |
tree | 7dffbb33c9d509fcaef5a38864410c778f187ae4 /src/core/org.freedesktop.systemd1.policy.in.in | |
parent | 09c3a9b67d9e2e957bfb5c940e02ec433113549f (diff) |
core: rework policykit hookup
- Always issue selinux access check as early as possible, and PK check
as late as possible.
- Introduce a new policykit action for altering environment
- Open most remaining bus calls to unprivileged clients via PK
Diffstat (limited to 'src/core/org.freedesktop.systemd1.policy.in.in')
-rw-r--r-- | src/core/org.freedesktop.systemd1.policy.in.in | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/core/org.freedesktop.systemd1.policy.in.in b/src/core/org.freedesktop.systemd1.policy.in.in index fd771b4b26..cc39a9e1c3 100644 --- a/src/core/org.freedesktop.systemd1.policy.in.in +++ b/src/core/org.freedesktop.systemd1.policy.in.in @@ -28,8 +28,8 @@ </action> <action id="org.freedesktop.systemd1.manage-units"> - <_description>Manage system services or units</_description> - <_message>Authentication is required to manage system services or units.</_message> + <_description>Manage system services or other units</_description> + <_message>Authentication is required to manage system services or other units.</_message> <defaults> <allow_any>auth_admin</allow_any> <allow_inactive>auth_admin</allow_inactive> @@ -47,6 +47,16 @@ </defaults> </action> + <action id="org.freedesktop.systemd1.set-environment"> + <_description>Set or unset system and service manager environment variables</_description> + <_message>Authentication is required to set or unset system and service manager environment variables.</_message> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + <action id="org.freedesktop.systemd1.reload-daemon"> <_description>Reload the systemd state</_description> <_message>Authentication is required to reload the systemd state.</_message> |