diff options
author | David Zeuthen <davidz@zelda.fubar.dk> | 2006-07-27 20:52:26 -0400 |
---|---|---|
committer | David Zeuthen <davidz@zelda.fubar.dk> | 2006-07-27 20:52:26 -0400 |
commit | 1c45f6df90ce7968fd212c8c8f92fd2840ce6ce2 (patch) | |
tree | 4b9bf70b76e4bd812f87bca7a14b6274251f2ef1 | |
parent | 520608eedd5652ad51acc27073f8a6c75abc0c8b (diff) | |
download | polkit-1c45f6df90ce7968fd212c8c8f92fd2840ce6ce2.tar.gz |
Remove ChangeLog file and add rules to Makefile.am to generate one for
disted tarballs.
-rw-r--r-- | ChangeLog | 308 | ||||
-rw-r--r-- | Makefile.am | 22 | ||||
-rw-r--r-- | doc/spec/polkit-spec.html | 28 |
3 files changed, 35 insertions, 323 deletions
diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 249608b..0000000 --- a/ChangeLog +++ /dev/null @@ -1,308 +0,0 @@ -2006-06-06 David Zeuthen <davidz@redhat.com> - - * polkitd/polkit-manager.c (polkit_manager_get_caller_info): For - now, comment out SELinux stuff as it breaks when SELinux is not - available. - -2006-06-06 David Zeuthen <davidz@redhat.com> - - Patch from Frederic Peters <fpeters@entrouvert.com>. jhbuild - monitors files being installed and prevents them from being - written out of its target directory. This means HAL now prevents - jhautobuild[1] to complete since pam-polkit-console hardcodes - /lib/security. Attached is a patch with a configure - option (--with-pam-module-dir) so it is possible to set an other - directory. [1] http://jhbuild.bxlug.be - - * pam-polkit-console/Makefile.am: - * configure.in: - -2006-06-06 David Zeuthen <davidz@redhat.com> - - Patch from Frederic Peters <fpeters@entrouvert.com>. - http://jhbuild.bxlug.be/builds/2006-06-06-0000/logs/PolicyKit/#build - shows a error when building newest PolicyKit with Debian PAM - libraries. - - Attached patch adds new configure checks; pam-polkit-console.c may - need alternate behaviour if pam_vsyslog is missing (using straight - vsyslog?). - - * configure.in, - * pam-polkit-console/pam-polkit-console.c: (_pam_log): - * doc/TODO: - -2006-06-05 David Zeuthen <davidz@redhat.com> - - Lots of changes! Almost ready for 0.2 release. - - * Makefile.am: - * README: - * configure.in: - * doc/TODO: - * doc/api/polkit-docs.xml: - * doc/spec/Makefile.am: - * doc/spec/polkit-spec.html: - * doc/spec/polkit-spec.xml.in: - * libpolkit/Makefile.am: - * libpolkit/libpolkit-grant.c: (have_questions_handler), - (libpolkit_grant_provide_answers), (auth_done_handler), - (libpolkit_grant_new_context), - (libpolkit_grant_get_libpolkit_context), - (libpolkit_grant_set_questions_handler), - (libpolkit_grant_set_grant_complete_handler), - (libpolkit_grant_initiate_temporary_grant), - (libpolkit_grant_get_user_for_auth), - (libpolkit_grant_get_pam_service_for_auth), - (libpolkit_grant_close), (libpolkit_grant_free_context), - (libpolkit_grant_get_user), (libpolkit_grant_get_privilege), - (libpolkit_grant_get_resource): - * libpolkit/libpolkit-grant.h: - * libpolkit/libpolkit.c: - (libpolkit_get_allowed_resources_for_privilege_for_uid), - (libpolkit_is_uid_allowed_for_privilege): - * libpolkit/libpolkit.h: - * pam-polkit-console/Makefile.am: - * pam-polkit-console/pam-polkit-console.c: (_pam_log), - (_parse_module_args), (_is_local_xconsole), (_poke_polkitd), - (pam_sm_authenticate), (pam_sm_setcred), (pam_sm_open_session), - (pam_sm_close_session): - * polkit-interface-manager.xml: - * polkit-interface-session.xml: - * polkit.pc.in: - * polkitd/PolicyKit.in: - * polkitd/main.c: (handle_sigusr1), (sigusr1_iochn_data), (main): - * polkitd/policy.c: (txt_backend_read_policy), - (txt_backend_read_list), (txt_backend_read_word), - (policy_get_sufficient_privileges), - (policy_get_required_privileges), - (policy_get_auth_details_for_policy), - (_policy_is_uid_gid_allowed_for_policy), - (policy_is_uid_gid_allowed_for_policy), - (policy_is_uid_allowed_for_policy): - * polkitd/policy.h: - * polkitd/polkit-manager.c: (_granting_temp_priv), - (_revoking_temp_priv), (polkit_manager_error_get_type), - (bus_name_owner_changed), (polkit_manager_get_caller_info), - (_check_for_temp_privilege), - (polkit_manager_initiate_temporary_privilege_grant), - (polkit_manager_is_user_privileged), - (polkit_manager_get_allowed_resources_for_privilege), - (polkit_manager_revoke_temporary_privilege), - (polkit_manager_add_temporary_privilege), - (polkit_manager_remove_temporary_privilege), - (polkit_manager_update_desktop_console_privileges): - * polkitd/polkit-manager.h: - * polkitd/polkit-session.c: (polkit_session_close), - (polkit_session_grant_privilege_temporarily), (polkit_session_new), - (polkit_session_initiator_disconnected): - * polkitd/polkit-session.h: - * privileges/desktop-console.privilege: - * tools/Makefile.am: - * tools/polkit-grant-privilege.c: (questions_cb), - (grant_complete_cb), (main): - * tools/polkit-is-privileged.c: (usage), (main): - * tools/polkit-list-privileges.c: (main): - * tools/polkit-revoke-privilege.c: (main): - -2006-04-22 David Zeuthen <davidz@redhat.com> - - * tools/polkit-list-privileges.c (main): Update to new D-BUS API; - print " (temporary)" for privilege if appropriate. - - * tools/polkit-is-privileged.c (main): Update to new D-BUS API - - * tools/polkit-grant-privilege.c: - (do_grant_privilege): Update to new D-BUS API - (main): --do-- - - * tools/polkit-revoke-privilege.c: New file - - * tools/Makefile.am: Add build rules for polkit-revoke-privilege - - * polkitd/polkit-manager.h: Fix up prototypes - - * polkitd/polkit-manager.c: - (polkit_manager_initiate_temporary_privilege_grant): Update to new - D-BUS API - (polkit_manager_get_allowed_resources_for_privilege): --do-- - (polkit_manager_revoke_temporary_privilege): New function - (polkit_manager_remove_temporary_privilege): Fix up resource handling - (polkit_manager_add_temporary_privilege): --do-- - - * libpolkit/libpolkit.h: - (libpolkit_get_allowed_resources_for_privilege_for_uid): Update to - new D-BUS API and export libpolkit_revoke_temporary_privilege() - - * libpolkit/libpolkit.c: - (libpolkit_is_uid_allowed_for_privilege): Update to new D-BUS API - (libpolkit_get_allowed_resources_for_privilege_for_uid): --do-- - (libpolkit_revoke_temporary_privilege): New function - - * polkit-interface-manager.xml: Rename InitiatePrivilegeGrant() to - InitiateTemporaryPrivilegeGrant(). Add new function - RevokeTemporaryPrivilege(). Make IsUserPrivileged() output a - boolean is_temporary. GetAllowedResourcesForPrivilege() now also - outputs an integer num_non_temp. - -2006-04-21 David Zeuthen <davidz@redhat.com> - - * doc/spec/polkit-spec.xml.in: Write some more stuff - -2006-04-04 Richard Hughes <richard@hughsie.com> - - * doc/Makefile.am: Add in the new spec directory so we add the folder - to the tarball. - - * doc/spec/polkit-spec.xml.in: Fix this up in one place so it validates - and so that make distcheck can run again.. - -2006-03-29 David Zeuthen <davidz@redhat.com> - - * configure.in: Add docbook detection - - * doc/spec/*: New files - - * polkitd/polkit-session.c (polkit_session_finalize): Free the - questions to prevent memory leak - -2006-03-27 Richard Hughes <richard@hughsie.com> - - * .cvsignore, doc/.cvsignore, libpolkit/.cvsignore, - polkitd/.cvsignore, privileges/.cvsignore, tools/.cvsignore: - Add these files. - -2006-03-16 David Zeuthen <davidz@redhat.com> - - * polkitd/polkit-session.c (polkit_session_close): Remember to - kill the child here - -2006-03-16 David Zeuthen <davidz@redhat.com> - - * polkitd/main.c (main): Bail if we can't become primary owner - - * polkitd/polkit-session.c (data_from_pam): Unref when the child dies - (polkit_session_initiate_auth): Ref the object after creating child - (polkit_session_initiator_disconnected): Make sure to nuke the kids - -2006-03-15 David Zeuthen <davidz@redhat.com> - - * polkitd/polkit-manager.h: Include sys/types.h; fixed fd.o - bug #6280. Patch from Wouter Bolsterlee <uws+freedesktop@xs4all.nl>. - -2006-03-14 David Zeuthen <davidz@redhat.com> - - * polkitd/PolicyKit.in: Change priorities from 90 10 to 98 02 to make - this work - - * polkitd/PolicyKit.conf.in: Remove user="@POLKIT_USER@" bits as I'm - not sure we need a dedicated user - - * configure.in: Cosmetic things - -2006-03-15 Kay Sievers <kay.sievers@vrfy.org> - - Add SUSE distro bits. - - * configure.in: - * policy-kit.in: - -2006-03-14 David Zeuthen <davidz@redhat.com> - - Add a bunch of code; basically a full rewrite moving all queries - to the daemon. - - * COPYING: - * Makefile.am: - * configure.in: - * libpolkit/Makefile.am: - * libpolkit/libpolkit-test.c: - * libpolkit/libpolkit.c: (libpolkit_new_context), - (libpolkit_free_context), - (libpolkit_get_allowed_resources_for_privilege_for_uid), - (libpolkit_is_uid_allowed_for_privilege), - (libpolkit_get_privilege_list): - * libpolkit/libpolkit.h: - * policy-kit.in: - * polkit-interface-manager.xml: - * polkit-interface-session.xml: - * polkit.pc.in: - * polkitd/Makefile.am: - * polkitd/debug-polkitd.sh: - * polkitd/main.c: (usage), (delete_pid), (main): - * polkitd/policy.c: (policy_util_set_policy_directory), - (policy_element_new), (policy_element_free), - (policy_element_free_list), (policy_element_dump), - (txt_backend_read_policy), (policy_get_whitelist), - (policy_get_blacklist), (policy_get_policies), (afp_process_elem), - (policy_get_allowed_resources_for_policy_for_uid_gid), - (policy_is_uid_gid_allowed_for_policy), (policy_util_uid_to_name), - (policy_util_gid_to_name), (policy_util_name_to_uid), - (policy_util_name_to_gid), - (policy_get_allowed_resources_for_policy_for_uid), - (policy_is_uid_allowed_for_policy), (getgrouplist): - * polkitd/policy.h: - * polkitd/polkit-manager.c: (caller_info_delete), - (polkit_manager_init), (polkit_manager_finalize), - (polkit_manager_class_init), (polkit_manager_error_quark), - (polkit_manager_error_get_type), (bus_name_owner_changed), - (session_remover), (session_finalized), (polkit_manager_new), - (uid_from_username), (safe_strcmp), - (polkit_manager_get_caller_info), - (polkit_manager_initiate_privilege_grant), - (polkit_manager_is_user_privileged), - (polkit_manager_get_allowed_resources_for_privilege), - (polkit_manager_list_privileges), - (polkit_manager_add_temporary_privilege), - (polkit_manager_remove_temporary_privilege): - * polkitd/polkit-manager.h: - * polkitd/polkit-marshal.list: - * polkitd/polkit-session.c: (polkit_session_init), - (polkit_session_finalize), (polkit_session_class_init), - (polkit_session_error_quark), (polkit_session_error_get_type), - (polkit_session_check_caller), (polkit_session_is_authenticated), - (polkit_session_get_auth_denied_reason), (safe_memset), - (my_conversation), (write_back_to_parent), (do_pam_auth), - (data_from_pam), (polkit_session_get_auth_details), - (polkit_session_initiate_auth), (polkit_session_get_questions), - (polkit_session_provide_answers), (polkit_session_close), - (polkit_session_grant_privilege_temporarily), (polkit_session_new), - (polkit_session_initiator_disconnected): - * polkitd/polkit-session.h: - * polkitd/polkitd-test.c: (my_exit), (do_check), - (write_test_policy), (do_read_tests), (main): - * polkitd/run-polkitd.sh: - * polkitd/valgrind-polkitd.sh: - * privileges/Makefile.am: - * privileges/desktop-console.privilege: - * tools/Makefile.am: - * tools/Makefile.in: - * tools/polkit-grant-privilege.c: (have_questions_handler), - (auth_done_handler), (do_grant_privilege), (usage), (main): - * tools/polkit-is-privileged.c: (usage), (main): - * tools/polkit-list-privileges.c: (usage), (main): - -2006-03-09 David Zeuthen <davidz@redhat.com> - - * polkit.pc.in (exec_prefix): Use right Cflags - -2006-03-07 David Zeuthen <davidz@redhat.com> - - * tools/polkit-is-privileged.c (usage, main): s/hal-policy/polkit/ - -2006-03-07 David Zeuthen <davidz@redhat.com> - - * polkit.pc.in: Use simpler names: user, group and txtsrc :-/ - -2006-03-07 David Zeuthen <davidz@redhat.com> - - * polkit.pc.in: Add libpoluser, libpolgroup and libpoltxtsrc variables - -2006-03-07 David Zeuthen <davidz@redhat.com> - - * polkit.pc.in (Libs): s/-llibpolkit/-lpolkit/ - -2006-03-07 David Zeuthen <davidz@redhat.com> - - Initial check-in of PolicyKit - diff --git a/Makefile.am b/Makefile.am index 414fc91..dc38d3f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -8,9 +8,29 @@ pam_DATA = policy-kit pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = polkit.pc +# Creating ChangeLog from git log (taken from cairo/Makefile.am): + +ChangeLog: $(srcdir)/ChangeLog + +$(srcdir)/ChangeLog: + @if test -d "$(srcdir)/.git"; then \ + (cd "$(srcdir)" && \ + ./missing --run git-log --stat) | fmt --split-only > $@.tmp \ + && mv -f $@.tmp $@ \ + || ($(RM) $@.tmp; \ + echo Failed to generate ChangeLog, your ChangeLog may be outdated >&2; \ + (test -f $@ || echo git-log is required to generate this file >> $@)); \ + else \ + test -f $@ || \ + (echo A git checkout and git-log is required to generate ChangeLog >&2 && \ + echo A git checkout and git-log is required to generate this file >> $@); \ + fi + +.PHONY: ChangeLog $(srcdir)/ChangeLog + DISTCLEANFILES = polkit.pc -EXTRA_DIST = HACKING polkit-interface-manager.xml polkit-interface-session.xml polkit.pc.in policy-kit.in mkinstalldirs +EXTRA_DIST = HACKING polkit-interface-manager.xml polkit-interface-session.xml polkit.pc.in policy-kit.in mkinstalldirs ChangeLog clean-local : rm -f *~ diff --git a/doc/spec/polkit-spec.html b/doc/spec/polkit-spec.html index 0f6e819..17282a6 100644 --- a/doc/spec/polkit-spec.html +++ b/doc/spec/polkit-spec.html @@ -1,10 +1,10 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>PolicyKit 0.2 Specification</title><meta name="generator" content="DocBook XSL Stylesheets V1.70.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="index"></a>PolicyKit 0.2 Specification</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Zeuthen</span></h3><div class="affiliation"><div class="address"><p><br> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>PolicyKit 0.2 Specification</title><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="index"></a>PolicyKit 0.2 Specification</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Zeuthen</span></h3><div class="affiliation"><div class="address"><p><br> <code class="email"><<a href="mailto:david@fubar.dk">david@fubar.dk</a>></code><br> - </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2502145">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2538305">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2538337">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2503495">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2506081">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2506131">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2506216">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2501541"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2501572"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2501608"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2548444"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2548536"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2502145">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2502145"></a>About</h2></div></div></div><p> + </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2689259">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2689283">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2719970">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2684484">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2684709">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2688519">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2688596">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2688622"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688650"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688683"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2684304"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2728947"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2689259">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2689259"></a>About</h2></div></div></div><p> PolicyKit is a system for enabling unprivileged desktop applications to invoke privileged methods on system-wide components in a controlled manner. - </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2538305">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2538337">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2503495">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2538305"></a>Privileges</h2></div></div></div><p> + </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2689283">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2719970">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2684484">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2689283"></a>Privileges</h2></div></div></div><p> One major concept of the PolicyKit system is the notion of privileges; a <span class="emphasis"><em>PolicyKit privilege</em></span> (referred to simply as @@ -17,7 +17,7 @@ allowed to invoke a method, the system level component defines a set of <span class="emphasis"><em>privileges</em></span>. - </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2538337"></a>Architecture</h2></div></div></div><p> + </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2719970"></a>Architecture</h2></div></div></div><p> The PolicyKit system is basically client/server and is implemented as the system-wide <code class="literal">org.freedesktop.PolicyKit</code> D-BUS @@ -34,7 +34,7 @@ In addition, the PolicyKit system includes client side libraries and command-line utilities wrapping the D-BUS API of the <code class="literal">org.freedesktop.PolicyKit</code> service. - </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2503495"></a>Example</h2></div></div></div><p> + </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2684484"></a>Example</h2></div></div></div><p> As an example, HAL exports the method <code class="literal">Mount</code> on the <code class="literal">org.freedesktop.Hal.Device.Volume</code> interface @@ -96,20 +96,20 @@ <img src="polkit-arch.png"> </p><p> The whole example is outlined in the diagram above. - </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2506081">Resource Identifiers</a></span></dt></dl></div><p> + </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2684709">Resource Identifiers</a></span></dt></dl></div><p> PolicyKit allows granting privileges only on certain <span class="emphasis"><em>resources</em></span>. For example, for HAL, it is possible to grant the privilege <span class="emphasis"><em>hal-storage-fixed-mount</em></span> to the user with uid 500 but only for the HAL device object representing e.g. the <code class="literal">/dev/hda3</code> partition. - </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2506081"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying + </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2684709"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying what service they belong to. The following resource identifiers are defined </p><div class="itemizedlist"><ul type="disc"><li><p> <code class="literal">hal://</code> HAL Unique Device Identifiers also known as HAL UID's. Example: <code class="literal">hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5</code> - </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2506131">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2506216">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2501541"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2501572"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2501608"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2548444"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2548536"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2506131"></a>Privilege Descriptors</h2></div></div></div><p> + </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2688519">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2688596">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2688622"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688650"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688683"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2684304"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2728947"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2688519"></a>Privilege Descriptors</h2></div></div></div><p> Applications, such as HAL, installs <span class="emphasis"><em>privilege descriptors</em></span> into the <code class="literal">/etc/PolicyKit/privilege.d</code> directory @@ -128,7 +128,7 @@ Information on whether the user can obtain the privilege, and if he can, whether only temporarily or permanently. </p></li><li><p> Whether a user with the privilege may permanently grant it to other users. - </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2506216"></a>File Format</h2></div></div></div><p> + </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2688596"></a>File Format</h2></div></div></div><p> A developer of a system-wide application wanting to define a privilege must create a privilege descriptor. This is a a simple <code class="literal">.ini</code>-like config file. Here is what @@ -142,7 +142,7 @@ CanObtain= CanGrant= ObtainRequireRoot= - </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2501541"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p> + </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688622"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p> This is a list of privileges the user must possess in order to possess the given privilege. If the user doesn't possess all of these privileges he is not considered to possess the @@ -151,7 +151,7 @@ for one or more resources. E.g., if <code class="literal">foo</code> is a required privilege then just having this privilege on one resource is sufficient. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2501572"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688650"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p> This is a list of privileges that, if a user possess any of these, he is consider to possess the given privilege. The list may be empty. A privilege in this list is considered @@ -159,7 +159,7 @@ resources. As with <code class="literal">RequiredPrivileges</code>, if <code class="literal">foo</code> is a sufficient privilege then just having this privilege on one resource is sufficient. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2501608"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688683"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p> Both <code class="literal">Allow</code> and <code class="literal">Deny</code> contains lists describing what users are allowed respectively denied the privilege. The elements of in each @@ -258,7 +258,7 @@ has <code class="literal">CanObtain</code> set to <code class="literal">False</code>, the user will always have to authenticate as the super user. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548444"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2684304"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p> This property (it can assume the values <code class="literal">True</code> and <code class="literal">False</code>) describes whether an user with the given privilege can @@ -289,7 +289,7 @@ the value <code class="literal">True</code> if this property assumes the value <code class="literal">True</code>. Otherwise this property effectively assumes the value <code class="literal">False</code>. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548536"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2728947"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p> If the property <code class="literal">CanObtain</code> assumes the value <code class="literal">True</code> or <code class="literal">Temporary</code> it means the user can |