diff options
author | David Zeuthen <davidz@redhat.com> | 2012-05-25 12:40:42 -0400 |
---|---|---|
committer | David Zeuthen <davidz@redhat.com> | 2012-05-25 12:40:42 -0400 |
commit | 8e0383cb9972f5b3b86e64f9b015f53671ce0323 (patch) | |
tree | 4696f1d0071ed0abe27287a14907a42f7af9d147 /data/org.freedesktop.PolicyKit1.conf.in | |
parent | e5dafb816bcefdceb617e32fbfb527f865c8879c (diff) | |
download | polkit-8e0383cb9972f5b3b86e64f9b015f53671ce0323.tar.gz |
Run polkitd as an unprivileged user
There's really no reason to run all this code as uid 0.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Diffstat (limited to 'data/org.freedesktop.PolicyKit1.conf.in')
-rw-r--r-- | data/org.freedesktop.PolicyKit1.conf.in | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/data/org.freedesktop.PolicyKit1.conf.in b/data/org.freedesktop.PolicyKit1.conf.in new file mode 100644 index 0000000..c749207 --- /dev/null +++ b/data/org.freedesktop.PolicyKit1.conf.in @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- --> + +<!DOCTYPE busconfig PUBLIC + "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <policy user="@polkitd_user@"> + <allow own="org.freedesktop.PolicyKit1"/> + </policy> + + <policy context="default"> + <allow send_destination="org.freedesktop.PolicyKit1"/> + </policy> + + <!-- Allow uid 0 to send messages on the org.freedesktop.PolicyKit1.AuthenticationAgent interface --> + <policy user="@polkitd_user@"> + <allow send_interface="org.freedesktop.PolicyKit1.AuthenticationAgent"/> + </policy> + +</busconfig> |