PolicyKit: Branch 'master'

David Zeuthen david at kemper.freedesktop.org
Thu Jul 27 17:52:28 PDT 2006


 ChangeLog                 |  308 ----------------------------------------------
 Makefile.am               |   22 +++
 doc/spec/polkit-spec.html |   28 ++--
 3 files changed, 35 insertions(+), 323 deletions(-)

New commits:
diff-tree 1c45f6df90ce7968fd212c8c8f92fd2840ce6ce2 (from 520608eedd5652ad51acc27073f8a6c75abc0c8b)
Author: David Zeuthen <davidz at zelda.fubar.dk>
Date:   Thu Jul 27 20:52:26 2006 -0400

    Remove ChangeLog file and add rules to Makefile.am to generate one for
    disted tarballs.

diff --git a/ChangeLog b/ChangeLog
deleted file mode 100644
index 249608b..0000000
--- a/ChangeLog
+++ /dev/null
@@ -1,308 +0,0 @@
-2006-06-06  David Zeuthen  <davidz at redhat.com>
-
-	* polkitd/polkit-manager.c (polkit_manager_get_caller_info): For
-	now, comment out SELinux stuff as it breaks when SELinux is not
-	available.
-
-2006-06-06  David Zeuthen  <davidz at redhat.com>
-
-	Patch from Frederic Peters <fpeters at entrouvert.com>. jhbuild
-	monitors files being installed and prevents them from being
-	written out of its target directory.  This means HAL now prevents
-	jhautobuild[1] to complete since pam-polkit-console hardcodes
-	/lib/security. Attached is a patch with a configure
-	option (--with-pam-module-dir) so it is possible to set an other
-	directory. [1] http://jhbuild.bxlug.be
-
-	* pam-polkit-console/Makefile.am: 
-	* configure.in: 
-
-2006-06-06  David Zeuthen  <davidz at redhat.com>
-
-	Patch from Frederic Peters <fpeters at entrouvert.com>.
-	http://jhbuild.bxlug.be/builds/2006-06-06-0000/logs/PolicyKit/#build
-	shows a error when building newest PolicyKit with Debian PAM
-	libraries.
-
-	Attached patch adds new configure checks; pam-polkit-console.c may
-	need alternate behaviour if pam_vsyslog is missing (using straight
-	vsyslog?).
-
-	* configure.in,
-	* pam-polkit-console/pam-polkit-console.c: (_pam_log):
-	* doc/TODO:
-
-2006-06-05  David Zeuthen  <davidz at redhat.com>
-
-	Lots of changes! Almost ready for 0.2 release.
-
-	* Makefile.am:
-	* README:
-	* configure.in:
-	* doc/TODO:
-	* doc/api/polkit-docs.xml:
-	* doc/spec/Makefile.am:
-	* doc/spec/polkit-spec.html:
-	* doc/spec/polkit-spec.xml.in:
-	* libpolkit/Makefile.am:
-	* libpolkit/libpolkit-grant.c: (have_questions_handler),
-	(libpolkit_grant_provide_answers), (auth_done_handler),
-	(libpolkit_grant_new_context),
-	(libpolkit_grant_get_libpolkit_context),
-	(libpolkit_grant_set_questions_handler),
-	(libpolkit_grant_set_grant_complete_handler),
-	(libpolkit_grant_initiate_temporary_grant),
-	(libpolkit_grant_get_user_for_auth),
-	(libpolkit_grant_get_pam_service_for_auth),
-	(libpolkit_grant_close), (libpolkit_grant_free_context),
-	(libpolkit_grant_get_user), (libpolkit_grant_get_privilege),
-	(libpolkit_grant_get_resource):
-	* libpolkit/libpolkit-grant.h:
-	* libpolkit/libpolkit.c:
-	(libpolkit_get_allowed_resources_for_privilege_for_uid),
-	(libpolkit_is_uid_allowed_for_privilege):
-	* libpolkit/libpolkit.h:
-	* pam-polkit-console/Makefile.am:
-	* pam-polkit-console/pam-polkit-console.c: (_pam_log),
-	(_parse_module_args), (_is_local_xconsole), (_poke_polkitd),
-	(pam_sm_authenticate), (pam_sm_setcred), (pam_sm_open_session),
-	(pam_sm_close_session):
-	* polkit-interface-manager.xml:
-	* polkit-interface-session.xml:
-	* polkit.pc.in:
-	* polkitd/PolicyKit.in:
-	* polkitd/main.c: (handle_sigusr1), (sigusr1_iochn_data), (main):
-	* polkitd/policy.c: (txt_backend_read_policy),
-	(txt_backend_read_list), (txt_backend_read_word),
-	(policy_get_sufficient_privileges),
-	(policy_get_required_privileges),
-	(policy_get_auth_details_for_policy),
-	(_policy_is_uid_gid_allowed_for_policy),
-	(policy_is_uid_gid_allowed_for_policy),
-	(policy_is_uid_allowed_for_policy):
-	* polkitd/policy.h:
-	* polkitd/polkit-manager.c: (_granting_temp_priv),
-	(_revoking_temp_priv), (polkit_manager_error_get_type),
-	(bus_name_owner_changed), (polkit_manager_get_caller_info),
-	(_check_for_temp_privilege),
-	(polkit_manager_initiate_temporary_privilege_grant),
-	(polkit_manager_is_user_privileged),
-	(polkit_manager_get_allowed_resources_for_privilege),
-	(polkit_manager_revoke_temporary_privilege),
-	(polkit_manager_add_temporary_privilege),
-	(polkit_manager_remove_temporary_privilege),
-	(polkit_manager_update_desktop_console_privileges):
-	* polkitd/polkit-manager.h:
-	* polkitd/polkit-session.c: (polkit_session_close),
-	(polkit_session_grant_privilege_temporarily), (polkit_session_new),
-	(polkit_session_initiator_disconnected):
-	* polkitd/polkit-session.h:
-	* privileges/desktop-console.privilege:
-	* tools/Makefile.am:
-	* tools/polkit-grant-privilege.c: (questions_cb),
-	(grant_complete_cb), (main):
-	* tools/polkit-is-privileged.c: (usage), (main):
-	* tools/polkit-list-privileges.c: (main):
-	* tools/polkit-revoke-privilege.c: (main):
-
-2006-04-22  David Zeuthen  <davidz at redhat.com>
-
-	* tools/polkit-list-privileges.c (main): Update to new D-BUS API;
-	print " (temporary)" for privilege if appropriate.
-
-	* tools/polkit-is-privileged.c (main): Update to new D-BUS API
-
-	* tools/polkit-grant-privilege.c: 
-	(do_grant_privilege): Update to new D-BUS API
-	(main): --do--
-
-	* tools/polkit-revoke-privilege.c: New file
-
-	* tools/Makefile.am: Add build rules for polkit-revoke-privilege
-
-	* polkitd/polkit-manager.h: Fix up prototypes
-
-	* polkitd/polkit-manager.c:
-	(polkit_manager_initiate_temporary_privilege_grant): Update to new
-	D-BUS API
-	(polkit_manager_get_allowed_resources_for_privilege): --do--
-	(polkit_manager_revoke_temporary_privilege): New function
-	(polkit_manager_remove_temporary_privilege): Fix up resource handling
-	(polkit_manager_add_temporary_privilege): --do--
-
-	* libpolkit/libpolkit.h:
-	(libpolkit_get_allowed_resources_for_privilege_for_uid): Update to
-	new D-BUS API and export libpolkit_revoke_temporary_privilege()
-
-	* libpolkit/libpolkit.c: 
-	(libpolkit_is_uid_allowed_for_privilege): Update to new D-BUS API
-	(libpolkit_get_allowed_resources_for_privilege_for_uid): --do--
-	(libpolkit_revoke_temporary_privilege): New function
-
-	* polkit-interface-manager.xml: Rename InitiatePrivilegeGrant() to
-	InitiateTemporaryPrivilegeGrant(). Add new function
-	RevokeTemporaryPrivilege(). Make IsUserPrivileged() output a
-	boolean is_temporary. GetAllowedResourcesForPrivilege() now also
-	outputs an integer num_non_temp.
-
-2006-04-21  David Zeuthen  <davidz at redhat.com>
-
-	* doc/spec/polkit-spec.xml.in: Write some more stuff 
-
-2006-04-04  Richard Hughes  <richard at hughsie.com>
-
-	* doc/Makefile.am: Add in the new spec directory so we add the folder
-	to the tarball.
-
-	* doc/spec/polkit-spec.xml.in: Fix this up in one place so it validates
-	and so that make distcheck can run again..
-
-2006-03-29  David Zeuthen  <davidz at redhat.com>
-
-	* configure.in: Add docbook detection
-	
-	* doc/spec/*: New files
-	
-	* polkitd/polkit-session.c (polkit_session_finalize): Free the
-	questions to prevent memory leak
-
-2006-03-27  Richard Hughes  <richard at hughsie.com>
-
-	* .cvsignore, doc/.cvsignore, libpolkit/.cvsignore,
-	polkitd/.cvsignore, privileges/.cvsignore, tools/.cvsignore:
-	Add these files.
-
-2006-03-16  David Zeuthen  <davidz at redhat.com>
-
-	* polkitd/polkit-session.c (polkit_session_close): Remember to
-	kill the child here
-
-2006-03-16  David Zeuthen  <davidz at redhat.com>
-
-	* polkitd/main.c (main): Bail if we can't become primary owner
-
-	* polkitd/polkit-session.c (data_from_pam): Unref when the child dies
-	(polkit_session_initiate_auth): Ref the object after creating child
-	(polkit_session_initiator_disconnected): Make sure to nuke the kids
-
-2006-03-15  David Zeuthen  <davidz at redhat.com>
-
-	* polkitd/polkit-manager.h: Include sys/types.h; fixed fd.o
-	bug #6280. Patch from Wouter Bolsterlee <uws+freedesktop at xs4all.nl>.
-
-2006-03-14  David Zeuthen  <davidz at redhat.com>
-
-	* polkitd/PolicyKit.in: Change priorities from 90 10 to 98 02 to make
-	this work
-
-	* polkitd/PolicyKit.conf.in: Remove user="@POLKIT_USER@" bits as I'm
-	not sure we need a dedicated user
-
-	* configure.in: Cosmetic things
-
-2006-03-15  Kay Sievers  <kay.sievers at vrfy.org>
-
-	Add SUSE distro bits.
-
-	* configure.in:
-	* policy-kit.in:
-
-2006-03-14  David Zeuthen  <davidz at redhat.com>
-
-	Add a bunch of code; basically a full rewrite moving all queries
-	to the daemon.
-
-	* COPYING:
-	* Makefile.am:
-	* configure.in:
-	* libpolkit/Makefile.am:
-	* libpolkit/libpolkit-test.c:
-	* libpolkit/libpolkit.c: (libpolkit_new_context),
-	(libpolkit_free_context),
-	(libpolkit_get_allowed_resources_for_privilege_for_uid),
-	(libpolkit_is_uid_allowed_for_privilege),
-	(libpolkit_get_privilege_list):
-	* libpolkit/libpolkit.h:
-	* policy-kit.in:
-	* polkit-interface-manager.xml:
-	* polkit-interface-session.xml:
-	* polkit.pc.in:
-	* polkitd/Makefile.am:
-	* polkitd/debug-polkitd.sh:
-	* polkitd/main.c: (usage), (delete_pid), (main):
-	* polkitd/policy.c: (policy_util_set_policy_directory),
-	(policy_element_new), (policy_element_free),
-	(policy_element_free_list), (policy_element_dump),
-	(txt_backend_read_policy), (policy_get_whitelist),
-	(policy_get_blacklist), (policy_get_policies), (afp_process_elem),
-	(policy_get_allowed_resources_for_policy_for_uid_gid),
-	(policy_is_uid_gid_allowed_for_policy), (policy_util_uid_to_name),
-	(policy_util_gid_to_name), (policy_util_name_to_uid),
-	(policy_util_name_to_gid),
-	(policy_get_allowed_resources_for_policy_for_uid),
-	(policy_is_uid_allowed_for_policy), (getgrouplist):
-	* polkitd/policy.h:
-	* polkitd/polkit-manager.c: (caller_info_delete),
-	(polkit_manager_init), (polkit_manager_finalize),
-	(polkit_manager_class_init), (polkit_manager_error_quark),
-	(polkit_manager_error_get_type), (bus_name_owner_changed),
-	(session_remover), (session_finalized), (polkit_manager_new),
-	(uid_from_username), (safe_strcmp),
-	(polkit_manager_get_caller_info),
-	(polkit_manager_initiate_privilege_grant),
-	(polkit_manager_is_user_privileged),
-	(polkit_manager_get_allowed_resources_for_privilege),
-	(polkit_manager_list_privileges),
-	(polkit_manager_add_temporary_privilege),
-	(polkit_manager_remove_temporary_privilege):
-	* polkitd/polkit-manager.h:
-	* polkitd/polkit-marshal.list:
-	* polkitd/polkit-session.c: (polkit_session_init),
-	(polkit_session_finalize), (polkit_session_class_init),
-	(polkit_session_error_quark), (polkit_session_error_get_type),
-	(polkit_session_check_caller), (polkit_session_is_authenticated),
-	(polkit_session_get_auth_denied_reason), (safe_memset),
-	(my_conversation), (write_back_to_parent), (do_pam_auth),
-	(data_from_pam), (polkit_session_get_auth_details),
-	(polkit_session_initiate_auth), (polkit_session_get_questions),
-	(polkit_session_provide_answers), (polkit_session_close),
-	(polkit_session_grant_privilege_temporarily), (polkit_session_new),
-	(polkit_session_initiator_disconnected):
-	* polkitd/polkit-session.h:
-	* polkitd/polkitd-test.c: (my_exit), (do_check),
-	(write_test_policy), (do_read_tests), (main):
-	* polkitd/run-polkitd.sh:
-	* polkitd/valgrind-polkitd.sh:
-	* privileges/Makefile.am:
-	* privileges/desktop-console.privilege:
-	* tools/Makefile.am:
-	* tools/Makefile.in:
-	* tools/polkit-grant-privilege.c: (have_questions_handler),
-	(auth_done_handler), (do_grant_privilege), (usage), (main):
-	* tools/polkit-is-privileged.c: (usage), (main):
-	* tools/polkit-list-privileges.c: (usage), (main):
-
-2006-03-09  David Zeuthen  <davidz at redhat.com>
-
-	* polkit.pc.in (exec_prefix): Use right Cflags
-
-2006-03-07  David Zeuthen  <davidz at redhat.com>
-
-	* tools/polkit-is-privileged.c (usage, main): s/hal-policy/polkit/
-
-2006-03-07  David Zeuthen  <davidz at redhat.com>
-
-	* polkit.pc.in: Use simpler names: user, group and txtsrc :-/
-
-2006-03-07  David Zeuthen  <davidz at redhat.com>
-
-	* polkit.pc.in: Add libpoluser, libpolgroup and libpoltxtsrc variables
-
-2006-03-07  David Zeuthen  <davidz at redhat.com>
-
-	* polkit.pc.in (Libs): s/-llibpolkit/-lpolkit/
-
-2006-03-07  David Zeuthen  <davidz at redhat.com>
-
-	Initial check-in of PolicyKit
-
diff --git a/Makefile.am b/Makefile.am
index 414fc91..dc38d3f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -8,9 +8,29 @@ pam_DATA = policy-kit
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = polkit.pc
 
+# Creating ChangeLog from git log (taken from cairo/Makefile.am):
+
+ChangeLog: $(srcdir)/ChangeLog
+
+$(srcdir)/ChangeLog:
+	@if test -d "$(srcdir)/.git"; then \
+	  (cd "$(srcdir)" && \
+	  ./missing --run git-log --stat) | fmt --split-only > $@.tmp \
+	  && mv -f $@.tmp $@ \
+	  || ($(RM) $@.tmp; \
+	      echo Failed to generate ChangeLog, your ChangeLog may be outdated >&2; \
+	      (test -f $@ || echo git-log is required to generate this file >> $@)); \
+	else \
+	  test -f $@ || \
+	  (echo A git checkout and git-log is required to generate ChangeLog >&2 && \
+	  echo A git checkout and git-log is required to generate this file >> $@); \
+	fi
+
+.PHONY: ChangeLog $(srcdir)/ChangeLog
+
 DISTCLEANFILES = polkit.pc
 
-EXTRA_DIST = HACKING polkit-interface-manager.xml polkit-interface-session.xml polkit.pc.in policy-kit.in mkinstalldirs
+EXTRA_DIST = HACKING polkit-interface-manager.xml polkit-interface-session.xml polkit.pc.in policy-kit.in mkinstalldirs ChangeLog
 
 clean-local :
 	rm -f *~
diff --git a/doc/spec/polkit-spec.html b/doc/spec/polkit-spec.html
index 0f6e819..17282a6 100644
--- a/doc/spec/polkit-spec.html
+++ b/doc/spec/polkit-spec.html
@@ -1,10 +1,10 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>PolicyKit 0.2 Specification</title><meta name="generator" content="DocBook XSL Stylesheets V1.70.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="index"></a>PolicyKit 0.2 Specification</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Zeuthen</span></h3><div class="affiliation"><div class="address"><p><br>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>PolicyKit 0.2 Specification</title><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="index"></a>PolicyKit 0.2 Specification</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Zeuthen</span></h3><div class="affiliation"><div class="address"><p><br>
 	    <code class="email">&lt;<a href="mailto:david at fubar.dk">david at fubar.dk</a>&gt;</code><br>
-	  </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2502145">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2538305">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2538337">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2503495">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2506081">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2506131">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2506216">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2501541"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2501572"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2501608"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2548444"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2548536"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2502145">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2502145"></a>About</h2></div></div></div><p>
+	  </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2689259">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2689283">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2719970">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2684484">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2684709">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2688519">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2688596">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2688622"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688650"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688683"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2684304"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2728947"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2689259">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2689259"></a>About</h2></div></div></div><p>
 	PolicyKit is a system for enabling unprivileged desktop
 	applications to invoke privileged methods on system-wide
 	components in a controlled manner.
-      </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2538305">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2538337">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2503495">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2538305"></a>Privileges</h2></div></div></div><p>
+      </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2689283">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2719970">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2684484">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2689283"></a>Privileges</h2></div></div></div><p>
 	One major concept of the PolicyKit system is the notion of
 	privileges; a <span class="emphasis"><em>PolicyKit privilege</em></span>
 	(referred to simply as
@@ -17,7 +17,7 @@
 	allowed to invoke a method, the system level component defines
 	a set of
 	<span class="emphasis"><em>privileges</em></span>. 
-      </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2538337"></a>Architecture</h2></div></div></div><p>
+      </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2719970"></a>Architecture</h2></div></div></div><p>
 	The PolicyKit system is basically client/server and is
 	implemented as the
 	system-wide <code class="literal">org.freedesktop.PolicyKit</code> D-BUS
@@ -34,7 +34,7 @@
 	In addition, the PolicyKit system includes client side
 	libraries and command-line utilities wrapping the D-BUS API of
 	the <code class="literal">org.freedesktop.PolicyKit</code> service.
-      </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2503495"></a>Example</h2></div></div></div><p>
+      </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2684484"></a>Example</h2></div></div></div><p>
 	As an example, HAL exports the method <code class="literal">Mount</code>
 	on the
 	<code class="literal">org.freedesktop.Hal.Device.Volume</code> interface
@@ -96,20 +96,20 @@
 	<img src="polkit-arch.png">
       </p><p>
 	The whole example is outlined in the diagram above.
-      </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2506081">Resource Identifiers</a></span></dt></dl></div><p>
+      </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2684709">Resource Identifiers</a></span></dt></dl></div><p>
       PolicyKit allows granting privileges only on
       certain <span class="emphasis"><em>resources</em></span>. For example, for HAL, it
       is possible to grant the
       privilege <span class="emphasis"><em>hal-storage-fixed-mount</em></span> to the
       user with uid 500 but only for the HAL device object
       representing e.g. the <code class="literal">/dev/hda3</code> partition.
-    </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2506081"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying
+    </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2684709"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying
 	what service they belong to. The following resource
 	identifiers are defined
       </p><div class="itemizedlist"><ul type="disc"><li><p>
 	    <code class="literal">hal://</code>
 	    HAL Unique Device Identifiers also known as HAL UID's. Example: <code class="literal">hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5</code>
-          </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2506131">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2506216">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2501541"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2501572"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2501608"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2548444"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2548536"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2506131"></a>Privilege Descriptors</h2></div></div></div><p> 
+          </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2688519">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2688596">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2688622"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688650"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688683"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2684304"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2728947"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2688519"></a>Privilege Descriptors</h2></div></div></div><p> 
 	Applications, such as HAL, installs <span class="emphasis"><em>privilege
 	descriptors</em></span> into
 	the <code class="literal">/etc/PolicyKit/privilege.d</code> directory
@@ -128,7 +128,7 @@
 	    Information on whether the user can obtain the privilege, and if he can, whether only temporarily or permanently.
           </p></li><li><p>
 	    Whether a user with the privilege may permanently grant it to other users.
-          </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2506216"></a>File Format</h2></div></div></div><p>
+          </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2688596"></a>File Format</h2></div></div></div><p>
 	A developer of a system-wide application wanting to define a
 	privilege must create a privilege descriptor. This is a a
 	simple <code class="literal">.ini</code>-like config file. Here is what
@@ -142,7 +142,7 @@
 	CanObtain=
 	CanGrant=
 	ObtainRequireRoot=
-      </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2501541"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p>
+      </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688622"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p>
 	  This is a list of privileges the user must possess in order
 	  to possess the given privilege. If the user doesn't possess
 	  all of these privileges he is not considered to possess the
@@ -151,7 +151,7 @@
 	  for one or more resources. E.g., if <code class="literal">foo</code>
 	  is a required privilege then just having this privilege on
 	  one resource is sufficient.
-	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2501572"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p>
+	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688650"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p>
 	  This is a list of privileges that, if a user possess any of
 	  these, he is consider to possess the given privilege. The
 	  list may be empty.  A privilege in this list is considered
@@ -159,7 +159,7 @@
 	  resources. As with <code class="literal">RequiredPrivileges</code>,
 	  if <code class="literal">foo</code> is a sufficient privilege then
 	  just having this privilege on one resource is sufficient.
-	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2501608"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p>
+	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688683"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p>
 	  Both <code class="literal">Allow</code> and <code class="literal">Deny</code>
 	  contains lists describing what users are allowed
 	  respectively denied the privilege. The elements of in each
@@ -258,7 +258,7 @@
 	  has <code class="literal">CanObtain</code> set
 	  to <code class="literal">False</code>, the user will always have to
 	  authenticate as the super user.
-	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548444"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p>
+	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2684304"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p>
 	  This property (it can assume the
 	  values <code class="literal">True</code> and <code class="literal">False</code>)
 	  describes whether an user with the given privilege can
@@ -289,7 +289,7 @@
 	  the value <code class="literal">True</code> if this property assumes
 	  the value <code class="literal">True</code>. Otherwise this property
 	  effectively assumes the value <code class="literal">False</code>.
-	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2548536"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p>
+	</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2728947"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p>
 	  If the property <code class="literal">CanObtain</code> assumes the
 	  value <code class="literal">True</code>
 	  or <code class="literal">Temporary</code> it means the user can



More information about the hal-commit mailing list