12.04

Differences between revisions 2 and 3
Revision 2 as of 2012-03-27 22:08:16
Size: 29350
Editor: jdstrand
Comment:
Revision 3 as of 2013-04-16 13:24:18
Size: 29373
Editor: jdstrand
Comment:
Deletions are marked like this. Additions are marked like this.
Line 13: Line 13:
The upstream documentation can be found: http://hal.freedesktop.org/docs/polkit/pklocalauthority.8.html The pklocalauthority documentation can be found at http://manpages.ubuntu.com/manpages/precise/en/man8/pklocalauthority.8.html

Overview

PolicyKit provides an authorization API intended to be used by privileged programs offering service to unprivileged programs. A client program calls a privileged helper program, and this helper program determines if the client is authorized for the requested action.

PolicyKit policies are XML files and are by default stored in:

  • /usr/share/polkit-1/actions

A distribution may override the default policy by providing .INI style .plka files in:

  • /var/lib/polkit-1/localauthority

An administrator may override the default and distribution overrides by providing .INI style .plka files in:

  • /etc/polkit-1/localauthority

The pklocalauthority documentation can be found at http://manpages.ubuntu.com/manpages/precise/en/man8/pklocalauthority.8.html

PolicyKit actions (merged)

com.hp.hplip.installplugin

  • description: Install a plug-in into a Hewlett-Packard printer
  • message: System policy prevents installation of a printer plug-in
  • defaults:
    • allow_active: auth_admin
    • allow_any: no
    • allow_inactive: no

com.ubuntu.devicedriver.check

  • description: Check for newly available drivers for, and used drivers on this system
  • message: To check the driver status, you need to authenticate.
  • defaults:
    • allow_active: yes
    • allow_inactive: yes

com.ubuntu.devicedriver.info

  • description: Get information about local device drivers
  • message: To query the device drivers, you need to authenticate.
  • defaults:
    • allow_active: yes
    • allow_any: yes
    • allow_inactive: yes

com.ubuntu.devicedriver.install

  • description: Install or remove device drivers
  • message: To install or remove device drivers, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin

com.ubuntu.devicedriver.update

  • description: Query local and remote driver databases for updated drivers for the system
  • message: To query the driver databases for updates, you need to authenticate.
  • defaults:
    • allow_active: yes
    • allow_inactive: yes

com.ubuntu.languageselector.setsystemdefaultlanguage

  • description: Set system default language
  • message: System policy prevented setting default language
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: no

com.ubuntu.softwareproperties.applychanges

  • description: Write Configuration
  • message: To change software repository settings, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin

com.ubuntu.systemservice.getkeyboard

  • description: Get current global keyboard
  • message: System policy prevents querying keyboard settings
  • defaults:
    • allow_active: yes
    • allow_inactive: yes

com.ubuntu.systemservice.getproxy

  • description: Get current global proxy
  • message: System policy prevents querying proxy settings
  • defaults:
    • allow_active: yes
    • allow_inactive: yes

com.ubuntu.systemservice.ispkgsystemlocked

  • description: Check if the package system is locked
  • message: System policy prevents querying package system lock
  • defaults:
    • allow_active: yes
    • allow_inactive: yes

com.ubuntu.systemservice.setkeyboard

  • description: Set current global keyboard
  • message: System policy prevents setting global keyboard settings
  • defaults:
    • allow_active: auth_admin_keep
    • allow_inactive: no

com.ubuntu.systemservice.setnoproxy

  • description: Set current global proxy exception
  • message: System policy prevents setting no_proxy settings
  • defaults:
    • allow_active: auth_admin_keep
    • allow_inactive: no

com.ubuntu.systemservice.setproxy

  • description: Set current global proxy
  • message: System policy prevents setting proxy settings
  • defaults:
    • allow_active: auth_admin_keep
    • allow_inactive: no

com.ubuntu.usbcreator.bootloader

  • description: Install the bootloader
  • message: System policy prevents installing the bootloader
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no

com.ubuntu.usbcreator.format

  • description: Format the device
  • message: System policy prevents formatting this device
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no

com.ubuntu.usbcreator.image

  • description: Image the device
  • message: System policy prevents writing a disk image to this device
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

com.ubuntu.usbcreator.mount

  • description: Mount a device
  • message: System policy prevents mounting
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

com.ubuntu.whoopsiepreferences.change

  • description: Privacy settings
  • message: To change your privacy settings you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.cancel-foreign

  • description: Cancel the task of another user
  • message: To cancel someone else's software changes, you need to authenticate.
  • defaults:
    • allow_active: auth_admin
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.change-config

  • description: Change software configuration
  • message: To change software settings, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.change-repository

  • description: Change software repository
  • message: To change software repository settings, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.clean

  • description: Remove downloaded package files
  • message: To clean downloaded package files, you need to authenticate.
  • defaults:
    • allow_active: yes
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.get-trusted-vendor-keys

  • description: List keys of trusted vendors
  • message: To view the list of trusted keys, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.install-file

  • description: Install package file
  • message: To install this package, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.install-or-remove-packages

  • description: Install or remove packages
  • message: To install or remove software, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.install-packages-from-new-repo

  • description: Add a new repository and install packages from it
  • message: To install software from a new source, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.install-purchased-packages

  • description: Add a new repository of purchased software and install packages from it
  • message: To install purchased software, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.set-proxy

  • description: Set a proxy for software downloads
  • message: To use a proxy server for downloading software, you need to authenticate.
  • defaults:
    • allow_active: auth_admin
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.update-cache

  • description: Update package information
  • message: To update the software catalog, you need to authenticate.
  • defaults:
    • allow_active: yes
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.debian.apt.upgrade-packages

  • description: Upgrade packages
  • message: To install updated software, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin
    • allow_inactive: auth_admin
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.debian.aptxapianindex.update

  • description: Update the xapian index
  • message: System policy prevents updating xapian index
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.debian.pkexec.gnome-system-log.run

  • description: Run gnome-system-log
  • message: Authentication is required to run gnome-system-log
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no

org.freedesktop.ModemManager.Contacts

  • description: Add, modify, and delete mobile broadband contacts
  • message: System policy prevents adding, modifying, or deleting this device's contacts.
  • defaults:
    • allow_active: auth_self_keep
    • allow_inactive: no

org.freedesktop.ModemManager.Device.Control

  • description: Unlock and control a mobile broadband device
  • message: System policy prevents unlocking or controlling the mobile broadband device.
  • defaults:
    • allow_active: auth_self_keep
    • allow_inactive: no

org.freedesktop.ModemManager.Device.Info

  • description: Request mobile broadband device identifying information
  • message: System policy prevents requesting identifying information from the mobile broadband device.
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.ModemManager.Location

  • description: Enable and view geographic location and positioning information
  • message: System policy prevents enabling or viewing geographic location information.
  • defaults:
    • allow_active: auth_self_keep
    • allow_inactive: no

org.freedesktop.ModemManager.SMS

  • description: Send, save, modify, and delete text messages
  • message: System policy prevents sending or maniuplating this device's text messages.
  • defaults:
    • allow_active: auth_self_keep
    • allow_inactive: no

org.freedesktop.ModemManager.USSD

  • description: Query and utilize network information and services
  • message: System policy prevents querying or utilizing network information and services.
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.NetworkManager.enable-disable-network

  • description: Enable or disable system networking
  • message: System policy prevents enabling or disabling system networking
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.NetworkManager.enable-disable-wifi

  • description: Enable or disable WiFi devices

  • message: System policy prevents enabling or disabling WiFi devices

  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.NetworkManager.enable-disable-wimax

  • description: Enable or disable WiMAX mobile broadband devices
  • message: System policy prevents enabling or disabling WiMAX mobile broadband devices
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.NetworkManager.enable-disable-wwan

  • description: Enable or disable mobile broadband devices
  • message: System policy prevents enabling or disabling mobile broadband devices
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.NetworkManager.network-control

  • description: Allow control of network connections
  • message: System policy prevents control of network connections
  • defaults:
    • allow_active: yes
    • allow_inactive: yes

org.freedesktop.NetworkManager.settings.modify.hostname

  • description: Modify persistent system hostname
  • message: System policy prevents modification of the persistent system hostname
  • defaults:
    • allow_active: auth_admin_keep
    • allow_inactive: no

org.freedesktop.NetworkManager.settings.modify.own

  • description: Modify personal network connections
  • message: System policy prevents modification of personal network settings
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.NetworkManager.settings.modify.system

  • description: Modify network connections for all users
  • message: System policy prevents modification of network settings for all users
  • defaults:
    • allow_active: auth_admin_keep
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.NetworkManager.sleep-wake

  • description: Put NetworkManager to sleep or wake it up (should only be used by system power management)

  • message: System policy prevents putting NetworkManager to sleep or waking it up

  • defaults:
    • allow_active: no
    • allow_inactive: no

org.freedesktop.NetworkManager.use-user-connections

  • description: Allow use of user-specific connections
  • message: System policy prevents use of user-specific connections
  • defaults:
    • allow_active: yes
    • allow_inactive: yes

org.freedesktop.NetworkManager.wifi.share.open

  • description: Connection sharing via an open WiFi network

  • message: System policy prevents sharing connections via an open WiFi network

  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.NetworkManager.wifi.share.protected

  • description: Connection sharing via a protected WiFi network

  • message: System policy prevents sharing connections via a protected WiFi network

  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.RealtimeKit1.acquire-high-priority

  • description: Grant high priority scheduling to a user process
  • message: Authentication is required to grant an application high priority scheduling
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: yes

org.freedesktop.RealtimeKit1.acquire-real-time

  • description: Grant realtime scheduling to a user process
  • message: Authentication is required to grant an application realtime scheduling
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: yes

org.freedesktop.accounts.change-own-user-data

  • description: Change your own user data
  • message: Authentication is required to change your own user data
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.accounts.set-login-option

  • description: Change the login screen configuration
  • message: Authentication is required to change the login screen configuration
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no

org.freedesktop.accounts.user-administration

  • description: Manage user accounts
  • message: Authentication is required to change user data
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no

org.freedesktop.color-manager.create-device

  • description: Create a color managed device
  • message: Authentication is required to create a color managed device
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.color-manager.create-profile

  • description: Create a color profile
  • message: Authentication is required to create a color profile
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.color-manager.delete-device

  • description: Remove a color managed device
  • message: Authentication is required to remove a color managed device
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.color-manager.delete-profile

  • description: Remove a color profile
  • message: Authentication is required to remove a color profile
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.color-manager.device-inhibit

  • description: Inhibit color profile selection
  • message: Authentication is required to disable profile matching for a device
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.color-manager.install-system-wide

  • description: Install system color profiles
  • message: Authentication is required to install the color profile for all users
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no

org.freedesktop.color-manager.modify-device

  • description: Modify color settings for a device
  • message: Authentication is required to modify the color settings for a device
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.color-manager.modify-profile

  • description: Modify a color profile
  • message: Authentication is required to modify a color profile
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.color-manager.sensor-lock

  • description: Use color sensor
  • message: Authentication is required to use the color sensor
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.consolekit.system.restart

  • description: Restart the system
  • message: System policy prevents restarting the system
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.consolekit.system.restart-multiple-users

  • description: Restart the system when multiple users are logged in
  • message: System policy prevents restarting the system when other users are logged in
  • defaults:
    • allow_active: auth_admin_keep
    • allow_inactive: no

org.freedesktop.consolekit.system.stop

  • description: Stop the system
  • message: System policy prevents stopping the system
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.consolekit.system.stop-multiple-users

  • description: Stop the system when multiple users are logged in
  • message: System policy prevents stopping the system when other users are logged in
  • defaults:
    • allow_active: auth_admin_keep
    • allow_inactive: no

org.freedesktop.hostname1.set-hostname

  • description: Set host name
  • message: Authentication is required to set the local host name.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin_keep
    • allow_inactive: auth_admin_keep

org.freedesktop.hostname1.set-machine-info

  • description: Set machine information
  • message: Authentication is required to set local machine information.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin_keep
    • allow_inactive: auth_admin_keep

org.freedesktop.hostname1.set-static-hostname

  • description: Set static host name
  • message: Authentication is required to set the statically configured local host name, as well as the pretty host name.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin_keep
    • allow_inactive: auth_admin_keep

org.freedesktop.locale1.set-keyboard

  • description: Set system keyboard settings
  • message: Authentication is required to set the system keyboard settings.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin_keep
    • allow_inactive: auth_admin_keep

org.freedesktop.locale1.set-locale

  • description: Set system locale
  • message: Authentication is required to set the system locale.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: auth_admin_keep
    • allow_inactive: auth_admin_keep

org.freedesktop.policykit.exec

  • description: Run programs as another user
  • message: Authentication is required to run a program as another user
  • defaults:
    • allow_active: auth_admin
    • allow_any: auth_admin
    • allow_inactive: auth_admin

org.freedesktop.policykit.lockdown

  • description: Configure lock down for an action
  • message: Authentication is required to configure lock down policy
  • defaults:
    • allow_active: auth_admin
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.cancel-job-others

  • description: Cancel a job initiated by another user
  • message: Authentication is required to cancel a job initiated by another user
  • defaults:
    • allow_active: auth_admin
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.change

  • description: Modify a device
  • message: Authentication is required to modify the device
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.change-system-internal

  • description: Modify a system-internal device
  • message: Authentication is required to modify the device
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.drive-ata-smart-refresh

  • description: Refresh ATA SMART data
  • message: Authentication is required to refresh ATA SMART data
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.udisks.drive-ata-smart-retrieve-historical-data

  • description: Retrieve historical ATA SMART data
  • message: Authentication is required to retrieve historical ATA SMART data
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.udisks.drive-ata-smart-selftest

  • description: Run ATA SMART Self Tests
  • message: Authentication is required to run ATA SMART self tests
  • defaults:
    • allow_active: auth_admin
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.udisks.drive-detach

  • description: Detach a drive
  • message: Authentication is required to detach the drive
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.drive-eject

  • description: Eject media from a device
  • message: Authentication is required to eject media from the device
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.drive-set-spindown

  • description: Set drive spindown timeout
  • message: Authentication is required to configure drive spindown timeout
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.filesystem-check

  • description: Check file system on a device
  • message: Authentication is required to check the file system on the device
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.udisks.filesystem-check-system-internal

  • description: Check file system of a system-internal device
  • message: Authentication is required to check the file system on the device
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.udisks.filesystem-lsof

  • description: List open files
  • message: Authentication is required to list open files on a mounted file system
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.udisks.filesystem-lsof-system-internal

  • description: List open files on a system-internal device
  • message: Authentication is required to list open files on a mounted file system
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.udisks.filesystem-mount

  • description: Mount a device
  • message: Authentication is required to mount the device
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.udisks.filesystem-mount-system-internal

  • description: Mount a system-internal device
  • message: Authentication is required to mount the device
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.udisks.filesystem-unmount-others

  • description: Unmount a device mounted by another user
  • message: Authentication is required to unmount devices mounted by another user
  • defaults:
    • allow_active: auth_admin
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

org.freedesktop.udisks.inhibit-polling

  • description: Inhibit media detection
  • message: Authentication is required to inhibit media detection
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.linux-lvm2

  • description: Configure Linux LVM2
  • message: Authentication is required to configure Linux LVM2
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.linux-md

  • description: Configure Linux Software RAID
  • message: Authentication is required to configure Linux Software RAID devices
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.luks-lock-others

  • description: Lock an encrypted device unlocked by another user
  • message: Authentication is required to lock an encrypted device unlocked by another user
  • defaults:
    • allow_active: auth_admin
    • allow_any: no
    • allow_inactive: no

org.freedesktop.udisks.luks-unlock

  • description: Unlock an encrypted device
  • message: Authentication is required to unlock an encrypted device
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.freedesktop.upower.hibernate

  • description: Hibernate the system
  • message: Authentication is required to hibernate the system
  • defaults:
    • allow_active: yes
    • allow_inactive: no
  • overrides (package)
    • identity: unix-user:*
      • allow_active: no

org.freedesktop.upower.qos.cancel-request

  • description: Cancel a latency request
  • message: Authentication is required to cancel a latency request
  • defaults:
    • allow_active: auth_admin
    • allow_inactive: no

org.freedesktop.upower.qos.request-latency

  • description: Set the required latency of an application
  • message: Authentication is required to set the required latency of an application
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.upower.qos.request-latency-persistent

  • description: Set a persistent latency setting
  • message: Authentication is required to set a persistent latency setting
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.freedesktop.upower.qos.set-minimum-latency

  • description: Set administrator settings for latency control
  • message: Authentication is required to set administrator settings for latency control
  • defaults:
    • allow_active: auth_admin
    • allow_inactive: no

org.freedesktop.upower.suspend

  • description: Suspend the system
  • message: Authentication is required to suspend the system
  • defaults:
    • allow_active: yes
    • allow_inactive: no

org.gnome.settings-daemon.plugins.power.backlight-helper

  • description: Modify the laptop brightness
  • message: Authentication is required to modify the laptop brightness
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.gnome.settings-daemon.plugins.wacom.wacom-led-helper

  • description: Modify the lit LED for a Wacom tablet
  • message: Authentication is required to modify the lit LED for a Wacom tablet
  • defaults:
    • allow_active: yes
    • allow_any: no
    • allow_inactive: no

org.gnome.settingsdaemon.datetimemechanism.configure

  • description: Change system time and date settings
  • message: To change time or date settings, you need to authenticate.
  • defaults:
    • allow_active: auth_admin_keep
    • allow_any: no
    • allow_inactive: no
  • overrides (package)
    • identity: unix-group:admin;unix-group:sudo
      • allow_active: yes

SecurityTeam/PolicyKitPermissions/12.04 (last edited 2013-04-16 13:26:04 by jdstrand)