diff options
author | Miloslav Trmač <mitr@redhat.com> | 2013-02-14 14:48:20 +0100 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2013-05-06 19:50:18 +0200 |
commit | 31b138d17f259f2d06a86dbbd31202ef43dbfa41 (patch) | |
tree | 6f53612641f1feb019b975ccb73eee6ab15ba95d | |
parent | 44bea5072f804c03546d35c4f855f9641c29110d (diff) |
Use auth_admin* instead of auth_self* in examples
From time to time, application developers just copy example
configuration without examining it in details. Because polkit is
typically used to control access to system-level operations, the policy
(and therefore the examples) should limit access to system
administrators only.
-rw-r--r-- | docs/man/polkit.xml | 2 | ||||
-rw-r--r-- | docs/polkit/overview.xml | 4 | ||||
-rw-r--r-- | src/examples/org.freedesktop.policykit.examples.pkexec.policy.in | 2 |
3 files changed, 4 insertions, 4 deletions
diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index aaac4f4..f8b4849 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -913,7 +913,7 @@ polkit.addRule(function(action, subject) { polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/usr/bin/cat") { - return polkit.Result.AUTH_SELF; + return polkit.Result.AUTH_ADMIN; } }); ]]></programlisting> diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 8d22570..fb14e50 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -261,8 +261,8 @@ that can be used together with <ulink url="http://developer.gnome.org/gtk3/unstable/GtkLockButton.html"><type>GtkLockButton</type></ulink>. Note that for <type>GtkLockButton</type> to work well, the - polkit action backing it should use <literal>auth_self_keep</literal> or - <literal>auth_admin_keep</literal> for its implicit authorizations. + polkit action backing it should use <literal>auth_admin_keep</literal> or + <literal>auth_self_keep</literal> for its implicit authorizations. This is often used to implement an <ulink url="http://developer.gnome.org/hig-book/3.2/hig-book.html#windows-instant-apply">instant apply</ulink> paradigm whereby the user diff --git a/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in b/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in index 049c024..eab7729 100644 --- a/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in +++ b/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in @@ -13,7 +13,7 @@ <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> - <allow_active>auth_self_keep</allow_active> + <allow_active>auth_admin_keep</allow_active> </defaults> <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pk-example-frobnicate</annotate> </action> |