From 7e0468d0d424faabcd4a6922da507aed68cab4ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 14 Feb 2013 14:48:20 +0100 Subject: [PATCH] Use auth_admin* instead of auth_self* in examples From time to time, application developers just copy example configuration without examining it in details. Because polkit is typically used to control access to system-level operations, the policy (and therefore the examples) should limit access to system administrators only. --- docs/man/polkit.xml | 2 +- docs/polkit/overview.xml | 4 ++-- src/examples/org.freedesktop.policykit.examples.pkexec.policy.in | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index aaac4f4..f8b4849 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -913,7 +913,7 @@ polkit.addRule(function(action, subject) { polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/usr/bin/cat") { - return polkit.Result.AUTH_SELF; + return polkit.Result.AUTH_ADMIN; } }); ]]> diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 8d22570..fb14e50 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -261,8 +261,8 @@ that can be used together with GtkLockButton. Note that for GtkLockButton to work well, the - polkit action backing it should use auth_self_keep or - auth_admin_keep for its implicit authorizations. + polkit action backing it should use auth_admin_keep or + auth_self_keep for its implicit authorizations. This is often used to implement an instant apply paradigm whereby the user diff --git a/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in b/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in index 049c024..eab7729 100644 --- a/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in +++ b/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in @@ -13,7 +13,7 @@ no no - auth_self_keep + auth_admin_keep /usr/bin/pk-example-frobnicate -- 1.8.1.2