On Wed, Aug 29, 2012 at 6:30 PM, C Anthony Risinger <anthony@xxxxxxx> wrote:
> On Wed, Aug 29, 2012 at 11:13 AM, Joakim Hernberg <jbh@xxxxxxxxxx> wrote:
>> On Wed, 29 Aug 2012 16:57:05 +0100
>> Kevin Chadwick <ma1l1ists@xxxxxxxxxxx> wrote:
>>
>>> p.s. I wasn't being sarcastic about the JS package, polkit now has
>>> javascript based config files!
>>
>> WTF...
>>
>> I want some of that stuff they smoke at Red Hat :)
>
> ... i'm guessing it's not "javascript based config files", but rather
> a little thing known as JSON, which is hardly confined to JavaScript.
Nope. It's the whole of JS.
Here's a sample rule file from my laptop:
polkit.addRule(function(action, subject) {
if (subject.local && subject.active) {
if (action.id == "org.libvirt.unix.manage" && subject.isInGroup("wheel"))
return polkit.Result.YES;
if (action.id ==
"org.freedesktop.NetworkManager.settings.modify.system" &&
subject.isInGroup("users"))
return polkit.Result.YES;
}
});
This defines that when the user has a local, active session, "wheel"
users may manage VMs and "users" users may modify network connections,
both without additional authentication. For any other conditions, the
default system policy applies.
