Translate Polkit permissions/rules from pkla into JS-rules
c.buhtz at posteo.jp
c.buhtz at posteo.jp
Thu Jan 9 16:40:08 UTC 2025
Hello Mr. McVittie,
thank you very much for the reply. This is really helpful.
On 2025-01-08 14:43 Simon McVittie <smcv at collabora.com> wrote:
> There are three big differences between with this and your previous
> rule:
>
> * It doesn't match
> org.freedesktop.color-manager.settings.modify.system
I find it always hard to decide which "org.*" strings I need to choose.
I am not able to find a list about all the possible options.
> * It isn't checking for an active local session: if you want to do
> that, use "... && subject.active && subject.local"
I don't understand that. What is a "local" session? Would an XRDP login
something else? And what is "active"? Is this the same term often used
when it comes to shells, using (none-)interactive, passive, login,
non-login?
> If you want the equivalent of your old .pkla file, you should probably
> return polkit.Result.NOT_HANDLED
Perfect!
Somebody else in the Debian forum also suggested to allow everything
that is related to sudo with this:
polkit.addRule(function(action, subject) {
if (subject.isInGroup("sudo")) {
return polkit.Result.YES;
}
});
What do you think about a rule like this? Scares me a bit. ;)
Regards,
Christian Buhtz
More information about the polkit-devel
mailing list