Re: polickit rules - what wrong
Brian writes:
> On Thu 20 Oct 2016 at 20:38:35 +0200, Ansgar Burchardt wrote:
>> Kamil Jońca writes:
>> > I try to make
>> > /etc/polkit-1/localauthority/50-local.d/49-nopasswd_limited.conf
>> > which contains:
>> > polkit.addRule(function(action, subject) {
>> [ Javascript ]
>> > });
>> > but no effect.
>> > What do I wrong?
>>
>> Which version of policykit-1 do you have installed?
>>
>> In Debian, only the version from experimental (0.113) supports the
>> newer, JavaScript-using rules. 0.105 from stable/testing/unstable does
>> *not* support them, but uses an older format (which also lacks some
>> features).
>
> What features does the .pkla format lack?
>From the original mail:
+---
| if (action.id == "org.freedesktop.systemd1.manage-units") {
| if (action.lookup("unit") == "openvpn.service") {
| var verb = action.lookup("verb");
| if (verb == "start" || verb == "stop" || verb == "restart") {
+---
The .pkla files only have Action=xyz (equivalent to action.id == "..."),
but additional variables can be provided (action.lookup(...)) that the
old system cannot use (as far as I know).
In particular here systemd also provides the unit and verb so one can
allow a user to only start and stop the "openvpn.service" unit. The old
system could only allow managing all units (and all unit-actions).
Ansgar
Reply to: