Run polkitd as an unprivileged user

There's really no reason to run all this code as uid 0. Signed-off-by: David Zeuthen <davidz@redhat.com>
author: David Zeuthen <davidz@redhat.com> 2012-05-25 12:40:42 -0400
committer: David Zeuthen <davidz@redhat.com> 2012-05-25 12:40:42 -0400
commit: 8e0383cb9972f5b3b86e64f9b015f53671ce0323 (patch)
tree: 4696f1d0071ed0abe27287a14907a42f7af9d147 /data/org.freedesktop.PolicyKit1.conf.in
parent: e5dafb816bcefdceb617e32fbfb527f865c8879c (diff)
download: polkit-8e0383cb9972f5b3b86e64f9b015f53671ce0323.tar.gz
1 files changed, 20 insertions, 0 deletions
diff --git a/data/org.freedesktop.PolicyKit1.conf.in b/data/org.freedesktop.PolicyKit1.conf.in
new file mode 100644
index 0000000..c749207
--- /dev/null
+++ b/data/org.freedesktop.PolicyKit1.conf.in
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
+
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+  <policy user="@polkitd_user@">
+    <allow own="org.freedesktop.PolicyKit1"/>
+  </policy>
+
+  <policy context="default">
+    <allow send_destination="org.freedesktop.PolicyKit1"/>
+  </policy>
+
+  <!-- Allow uid 0 to send messages on the org.freedesktop.PolicyKit1.AuthenticationAgent interface -->
+  <policy user="@polkitd_user@">
+    <allow send_interface="org.freedesktop.PolicyKit1.AuthenticationAgent"/>
+  </policy>
+
+</busconfig>
author	David Zeuthen <davidz@redhat.com>	2012-05-25 12:40:42 -0400
committer	David Zeuthen <davidz@redhat.com>	2012-05-25 12:40:42 -0400
commit	8e0383cb9972f5b3b86e64f9b015f53671ce0323 (patch)
tree	4696f1d0071ed0abe27287a14907a42f7af9d147 /data/org.freedesktop.PolicyKit1.conf.in
parent	e5dafb816bcefdceb617e32fbfb527f865c8879c (diff)
download	polkit-8e0383cb9972f5b3b86e64f9b015f53671ce0323.tar.gz