diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-02-18 11:41:28 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-02-18 11:43:18 +0100 |
commit | 70244d1d25eb80b57e160ea004d0e6bf793d4caf (patch) | |
tree | 426754a172acd4d9fadf46e120afc9e26e653e08 /src/machine/org.freedesktop.machine1.policy.in | |
parent | c0765ddb74f20046c406a3ac99f34719d767f151 (diff) |
machined: open up most of machined's commands to unprivileged clients via PolicyKit
Diffstat (limited to 'src/machine/org.freedesktop.machine1.policy.in')
-rw-r--r-- | src/machine/org.freedesktop.machine1.policy.in | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/src/machine/org.freedesktop.machine1.policy.in b/src/machine/org.freedesktop.machine1.policy.in index 43478a84d6..02714e83ae 100644 --- a/src/machine/org.freedesktop.machine1.policy.in +++ b/src/machine/org.freedesktop.machine1.policy.in @@ -18,7 +18,27 @@ <action id="org.freedesktop.machine1.login"> <_description>Log into a local container</_description> - <_message>Authentication is required to log into a local container</_message> + <_message>Authentication is required to log into a local container.</_message> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.machine1.manage-machines"> + <_description>Manage local virtual machines and containers</_description> + <_message>Authentication is required to manage local virtual machines and containers.</_message> + <defaults> + <allow_any>auth_admin</allow_any> + <allow_inactive>auth_admin</allow_inactive> + <allow_active>auth_admin_keep</allow_active> + </defaults> + </action> + + <action id="org.freedesktop.machine1.manage-images"> + <_description>Manage local virtual machine and container images</_description> + <_message>Authentication is required to manage local virtual machine and container images.</_message> <defaults> <allow_any>auth_admin</allow_any> <allow_inactive>auth_admin</allow_inactive> |