diff options
author | David Zeuthen <davidz@redhat.com> | 2007-04-22 21:14:56 -0400 |
---|---|---|
committer | David Zeuthen <davidz@redhat.com> | 2007-04-22 21:14:56 -0400 |
commit | 9e37dd339cba8e16587fa666c58906bf3bc1ef35 (patch) | |
tree | 725a72c1966d8ea19613349ac432ed113ece8927 /policy | |
parent | b2ee178b46b40d6f5e1ff77d7ec36424f859e5c3 (diff) |
policy definitions are now XML files in PolicKit master
Diffstat (limited to 'policy')
-rw-r--r-- | policy/Makefile.am | 1 | ||||
-rw-r--r-- | policy/hal-device-file.policy | 192 | ||||
-rw-r--r-- | policy/hal-killswitch.policy | 78 | ||||
-rw-r--r-- | policy/hal-power.policy | 249 | ||||
-rw-r--r-- | policy/hal-storage.policy | 149 |
5 files changed, 409 insertions, 260 deletions
diff --git a/policy/Makefile.am b/policy/Makefile.am index f72c6afc..71e1bf2a 100644 --- a/policy/Makefile.am +++ b/policy/Makefile.am @@ -3,6 +3,7 @@ if HAVE_POLKIT polkit_privilegedir = $(sysconfdir)/PolicyKit/policy dist_polkit_privilege_DATA = \ + hal-lock.policy \ hal-storage.policy \ hal-power.policy \ hal-killswitch.policy diff --git a/policy/hal-device-file.policy b/policy/hal-device-file.policy index 16e91b30..4eccbfb7 100644 --- a/policy/hal-device-file.policy +++ b/policy/hal-device-file.policy @@ -1,86 +1,122 @@ -# -*- Conf -*- -# -# Policy definitions for HAL's ACL management mechanism. -# -# Copyright (c) 2007 David Zeuthen <david@fubar.dk> -# -# HAL is licensed to you under your choice of the the Academic Free -# License Version 2.1, or the GNU General Public License version -# 2. Some individual source files may be under the GPL only. See -# COPYING for details. -# -# NOTE: If you make changes to this file, make sure to validate the -# file using the polkit-privilege-file-validate(1) tool. Changes made -# to this file are applied instantly. +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> -# Directly access sound devices -# -# device-file: special device file -[Action hal-device-file-sound] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes +<!-- +Policy definitions for HAL's ACL Management mechanism -# Directly access video4linux devices -# -# device-file: special device file -[Action hal-device-file-video4linux] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes +Copyright (c) 2007 David Zeuthen <david@fubar.dk> -# Directly access optical drives -# -# device-file: special device file -[Action hal-device-file-cdrom] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=yes -AllowLocalActive=yes +HAL is licensed to you under your choice of the the Academic Free +License Version 2.1, or the GNU General Public License version 2. Some +individual source files may be under the GPL only. See COPYING for +details. -# Directly access DVB devices -# -# device-file: special device file -[Action hal-device-file-dvb] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes +NOTE: If you make changes to this file, make sure to validate the file +using the polkit-policy-file-validate(1) tool. Changes made to this +file are instantly applied. +--> -# Directly access digital cameras -# -# device-file: special device file -[Action hal-device-file-camera] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes +<policyconfig> + <group id="hal-device-file"> + <description>Raw device access</description> + <description_short>Raw device access</description_short> -# Directly access scanners -# -# device-file: special device file -[Action hal-device-file-scanner] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes + <policy id="hal-device-file-sound"> + <description>Directly access sound devices</description> + <missing>System policy prevents direct access to the sound device '%s'.</missing> + <apply_to_all_mnemonic>Apply to all sound devices</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>yes</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> -# Directly access Firewire IIDC devices -# -# device-file: special device file -[Action hal-device-file-ieee1394-iidc] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes + <policy id="hal-device-file-video4linux"> + <description>Directly access video capture devices</description> + <missing>System policy prevents direct access to the video capture device '%s'.</missing> + <apply_to_all_mnemonic>Apply to all video capture devices</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>yes</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> -# Directly access Firewire AVC devices -# -# device-file: special device file -[Action hal-device-file-ieee1394-avc] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes + <policy id="hal-device-file-cdrom"> + <description>Directly access optical drives</description> + <missing>System policy prevents direct access to the optical drive '%s'.</missing> + <apply_to_all_mnemonic>Apply to all video optical drives</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>yes</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-device-file-dvb"> + <description>Directly access DVB devices</description> + <missing>System policy prevents direct access to the DVB device '%s'.</missing> + <apply_to_all_mnemonic>Apply to all DVB devices</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>yes</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-device-file-camera"> + <description>Directly access digital cameras</description> + <missing>System policy prevents direct access to the digital camera '%s'.</missing> + <apply_to_all_mnemonic>Apply to all digital cameras</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>yes</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-device-file-scanner"> + <description>Directly access scanners</description> + <missing>System policy prevents direct access to the scanner '%s'.</missing> + <apply_to_all_mnemonic>Apply to all scanners</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>yes</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-device-file-ieee1394-iidc"> + <description>Directly access Firewire IIDC devices</description> + <missing>System policy prevents direct access to the Firewire IIDC device '%s'.</missing> + <apply_to_all_mnemonic>Apply to all Firewire IIDC devices</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>yes</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-device-file-ieee1394-avc"> + <description>Directly access Firewire AVC devices</description> + <missing>System policy prevents direct access to the Firewire AVC device '%s'.</missing> + <apply_to_all_mnemonic>Apply to all Firewire AVC devices</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>yes</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + </group> +</policyconfig> diff --git a/policy/hal-killswitch.policy b/policy/hal-killswitch.policy index d514bf4b..0fb82c44 100644 --- a/policy/hal-killswitch.policy +++ b/policy/hal-killswitch.policy @@ -1,28 +1,50 @@ -# -*- Conf -*- -# -# Policy definitions for HAL's RF kill switching mechanism. -# -# Copyright (c) 2007 David Zeuthen <david@fubar.dk> -# -# HAL is licensed to you under your choice of the the Academic Free -# License Version 2.1, or the GNU General Public License version -# 2. Some individual source files may be under the GPL only. See -# COPYING for details. -# -# NOTE: If you make changes to this file, make sure to validate the -# file using the polkit-privilege-file-validate(1) tool. Changes made -# to this file are applied instantly. - -# Turn Bluetooth radio on/off -[Action hal-killswitch-bluetooth] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Turn Wireless 802.11 radio on/off -[Action hal-killswitch-wlan] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> + +<!-- +Policy definitions for HAL's RF kill switch mechanism + +Copyright (c) 2007 David Zeuthen <david@fubar.dk> + +HAL is licensed to you under your choice of the the Academic Free +License Version 2.1, or the GNU General Public License version 2. Some +individual source files may be under the GPL only. See COPYING for +details. + +NOTE: If you make changes to this file, make sure to validate the file +using the polkit-policy-file-validate(1) tool. Changes made to this +file are instantly applied. +--> + +<policyconfig> + <group id="hal-killswitch"> + <description>Radio Killswitches</description> + <description_short>RF Killswitch</description_short> + + <policy id="hal-killswitch-bluetooth"> + <description>Turn Bluetooth radio On/Off</description> + <missing>Turning the Bluetooth radio On or Off is restricted by system policy.</missing> + <apply_to_all_mnemonic>Apply to all Bluetooth radios.</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-killswitch-wlan"> + <description>Turn WLAN radio On/Off</description> + <missing>Turning the WLAN radio On or Off is restricted by system policy.</missing> + <apply_to_all_mnemonic>Apply to all WLAN radios.</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + </group> +</policyconfig> diff --git a/policy/hal-power.policy b/policy/hal-power.policy index 0376a0f0..fcb45170 100644 --- a/policy/hal-power.policy +++ b/policy/hal-power.policy @@ -1,91 +1,158 @@ -# -*- Conf -*- -# -# Policy definitions for HAL's power management mechanisms. -# -# Copyright (c) 2007 David Zeuthen <david@fubar.dk> -# -# HAL is licensed to you under your choice of the the Academic Free -# License Version 2.1, or the GNU General Public License version -# 2. Some individual source files may be under the GPL only. See -# COPYING for details. -# -# NOTE: If you make changes to this file, make sure to validate the -# file using the polkit-privilege-file-validate(1) tool. Changes made -# to this file are applied instantly. - -# Shutdown the computer -[Action hal-power-shutdown] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Shutdown computer when multiple users are logged in -[Action hal-power-shutdown-multiple-sessions] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=auth_root - -# Reboot the computer -[Action hal-power-reboot] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Reboot the computer when multiple users are logged in -[Action hal-power-reboot-multiple-sessions] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=auth_root - -# Configure the system to prefer power savings -[Action hal-power-set-powersave] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Suspend the system -[Action hal-power-suspend] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Hibernate the system -[Action hal-power-hibernate] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Configure CPU frequency scaling -[Action hal-power-cpufreq] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Set laptop panel brightness -[Action hal-power-lcd-panel] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Read values from ambient light sensor -[Action hal-power-light-sensor] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Set the keyboard backlight -[Action hal-power-keyboard-backlight] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> + +<!-- +Policy definitions for HAL's ACL Management mechanism + +Copyright (c) 2007 David Zeuthen <david@fubar.dk> + +HAL is licensed to you under your choice of the the Academic Free +License Version 2.1, or the GNU General Public License version 2. Some +individual source files may be under the GPL only. See COPYING for +details. + +NOTE: If you make changes to this file, make sure to validate the file +using the polkit-policy-file-validate(1) tool. Changes made to this +file are instantly applied. +--> + +<policyconfig> + <group id="hal-power"> + <description>Power Management</description> + <description_short>Power Management</description_short> + + <policy id="hal-power-shutdown"> + <description>Shut down the system</description> + <missing>System policy prevents shutting down the system.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-power-shutdown-multiple-sessions"> + <description>Shut down the system when multiple users are logged in</description> + <missing>System policy prevents shutting down the system when multiple users are logged in.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>auth_root</allow_local_active> + </defaults> + </policy> + + <policy id="hal-power-reboot"> + <description>Reboot the system</description> + <missing>System policy prevents rebooting the system.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-power-reboot-multiple-sessions"> + <description>Reboot the system when multiple users are logged in</description> + <missing>System policy prevents rebooting the system when multiple users are logged in.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>auth_root</allow_local_active> + </defaults> + </policy> + + <policy id="hal-power-set-powersave"> + <description>Configure to system to prefer power savings</description> + <missing>System policy prevents configuring power savings on the system.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-power-suspend"> + <description>Suspend the system</description> + <missing>System policy prevents suspending the system.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-power-hibernate"> + <description>Hibernate the system</description> + <missing>System policy prevents hibernating the system.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-power-cpufreq"> + <description>Configure CPU frequency scaling</description> + <missing>System policy prevents configuration of CPU frequency scaling.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-power-lcd-panel"> + <description>Set laptop panel brightness</description> + <missing>System policy prevents setting laptop panel brightness.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-power-light-sensor"> + <description>Detect ambient light using light sensor</description> + <missing>System policy prevents detecting ambient light using the light sensor.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-power-keyboard-backlight"> + <description>Set keyboard backlight</description> + <missing>System policy prevents setting keyboard backlight.</missing> + <apply_to_all_mnemonic>Apply to all</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + </group> +</policyconfig> diff --git a/policy/hal-storage.policy b/policy/hal-storage.policy index a61d0c6e..1bd80838 100644 --- a/policy/hal-storage.policy +++ b/policy/hal-storage.policy @@ -1,63 +1,86 @@ -# -*- Conf -*- -# -# Policy definitions for HAL's drives/media mechanims. -# -# Copyright (c) 2007 David Zeuthen <david@fubar.dk> -# -# HAL is licensed to you under your choice of the the Academic Free -# License Version 2.1, or the GNU General Public License version -# 2. Some individual source files may be under the GPL only. See -# COPYING for details. -# -# NOTE: If you make changes to this file, make sure to validate the -# file using the polkit-privilege-file-validate(1) tool. Changes made -# to this file are instantly applied. - -# Mount file systems from internal drives -[Action hal-storage-mount-fixed] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=auth_self_keep_always - -# Mount file systems from internal drives using options not explicitly granted -[Action hal-storage-mount-fixed-extra-options] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=auth_self_keep_always - -# Mount file systems from removable/hotpluggable drives -[Action hal-storage-mount-removable] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Mount file systems from internal drives using options not explicitly granted -[Action hal-storage-mount-removable-extra-options] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=auth_self_keep_always - -# Unmount file systems mounted by other users -[Action hal-storage-unmount-others] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=auth_self_keep_always - -# Eject media from drives -[Action hal-storage-eject] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes - -# Set up decryption for encrypted storage devices -[Action hal-storage-crypto-setup] -AllowRemoteInactive=no -AllowRemoteActive=no -AllowLocalInactive=no -AllowLocalActive=yes +<!DOCTYPE policyconfig PUBLIC + "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" + "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> + +<!-- +Policy definitions for HAL's drives/media mechanims. + +Copyright (c) 2007 David Zeuthen <david@fubar.dk> + +HAL is licensed to you under your choice of the the Academic Free +License Version 2.1, or the GNU General Public License version 2. Some +individual source files may be under the GPL only. See COPYING for +details. + +NOTE: If you make changes to this file, make sure to validate the file +using the polkit-policy-file-validate(1) tool. Changes made to this +file are instantly applied. +--> + +<policyconfig> + <group id="hal-storage"> + <description>Storage Drives and Media</description> + <description_short>Storage</description_short> + + <policy id="hal-storage-mount-fixed"> + <description>Mount file systems from internal drives.</description> + <missing>Mounting the volume '%s' is restricted by system policy.</missing> + <apply_to_all_mnemonic>Apply to all volumes from _fixed drives.</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>auth_root_keep_always</allow_local_active> + </defaults> + </policy> + + <policy id="hal-storage-mount-removable"> + <description>Mount file systems from removable drives.</description> + <missing>Mounting the volume '%s' is restricted by system policy.</missing> + <apply_to_all_mnemonic>Apply to all volumes from _removable drives.</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-storage-unmount-others"> + <description>Unmount file systems mounted by other users.</description> + <missing>The volume '%s' is mounting by another user.</missing> + <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>auth_root_keep_always</allow_local_active> + </defaults> + </policy> + + <policy id="hal-storage-eject"> + <description>Eject removable media.</description> + <missing>Ejecting the volume '%s' is restricted by system policy.</missing> + <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + <policy id="hal-storage-crypto-setup"> + <description>Set up decryption for encrypted storage devices.</description> + <missing>Decrypting the volume '%s' is restricted by system policy.</missing> + <apply_to_all_mnemonic>Apply to all volumes.</apply_to_all_mnemonic> + <defaults> + <allow_remote_inactive>no</allow_remote_inactive> + <allow_remote_active>no</allow_remote_active> + <allow_local_inactive>no</allow_local_inactive> + <allow_local_active>yes</allow_local_active> + </defaults> + </policy> + + </group> +</policyconfig> |