PolicyKit: Branch 'wip/js-rule-files'

David Zeuthen david at kemper.freedesktop.org
Mon Jun 4 10:42:03 PDT 2012 

 docs/man/polkit.xml |   18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

New commits:
commit bdc6fd7f84d2c99604a790faa622ba84ac9fde59
Author: David Zeuthen <zeuthen at gmail.com>
Date:   Mon Jun 4 13:40:45 2012 -0400

    State that authorization rules must not rely on SpiderMonkey features
    
    ... e.g. we reserve the right to switch out the JS engine.
    
    Signed-off-by: David Zeuthen <zeuthen at gmail.com>

diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml
index 1bcb296..a055707 100644
--- a/docs/man/polkit.xml
+++ b/docs/man/polkit.xml
@@ -117,11 +117,11 @@ System Context         |                        |
     <para>
       For convenience, the <literal>libpolkit-gobject-1</literal>
       library wraps the polkit D-Bus API and is usable from any C/C++
-      program as well as higher-level languages <ulink
+      program as well as higher-level languages supporting <ulink
       url="https://live.gnome.org/GObjectIntrospection">GObjectIntrospection</ulink>
-      support such as Javascript and Python.  A mechanism can also use
-      the D-Bus API or the
-      <link linkend="pkcheck.1"><citerefentry><refentrytitle>pkcheck</refentrytitle><manvolnum>1</manvolnum></citerefentry></link>
+      such as Javascript and Python.  A mechanism can also use the
+      D-Bus API or the <link
+      linkend="pkcheck.1"><citerefentry><refentrytitle>pkcheck</refentrytitle><manvolnum>1</manvolnum></citerefentry></link>
       command to check authorizations. The
       <literal>libpolkit-agent-1</literal> library provides an
       abstraction of the native authentication system, e.g.
@@ -472,7 +472,7 @@ System Context         |                        |
       <filename class='directory'>/etc/polkit-1/rules.d</filename> and
       <filename class='directory'>/usr/share/polkit-1/rules.d</filename>
       directories by sorting the files in lexical order based on the
-      basename on each file (and if there's a tie, files in
+      basename on each file (if there's a tie, files in
       <filename class='directory'>/etc</filename>
       are processed before files in
       <filename class='directory'>/usr</filename>).
@@ -494,6 +494,14 @@ System Context         |                        |
       through the global
       <literal>polkit</literal> object (of type <type>Polkit</type>).
     </para>
+    <para>
+      While the JavaScript interpreter used in particular versions of
+      polkit may support non-standard features (such as the
+      <emphasis>let</emphasis> keyword), authorization rules must
+      conform to
+      <ulink url="http://en.wikipedia.org/wiki/ECMAScript#ECMAScript.2C_5th_Edition">ECMA-262 edition 5</ulink>
+      (in other words, the JavaScript interpreter used may change in future versions of polkit).
+    </para>
 
     <refsect2 id="polkit-rules-polkit">
       <title>The <type>Polkit</type> type</title>

More information about the hal-commit mailing list