c.buhtz at posteo.jp
2024-Dec-25 15:40 UTC
polkit: Translate pkla into (java script like) rule file
Hello,
I struggle to "translate" an old fashioned pkla file into the
"new"
java script like rule format.
My solution works half. The creation of a color device now is allowed
in an XRDP session, as expected, but some other features now are
disabled. I am not able to shutdown the machine nor mount an usb device.
This is the old pkla
[Color Manager All Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.settings.modify.system;org.freedesktop.color-manager.create-device
ResultAny=no
ResultInactive=no
ResultActive=yes
This is the new rule
/* org.freedesktop.color-manager.create-device */
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.color-manager.create-device") {
return polkit.Result.YES;
}
return polkit.Result.NO;
});
I do understand that the reason for my problematic behavior is that the
else branch does return NO. But I don't know how to treat the else
branch the other way. I don't understand the big picture and how the
polkit systems does use that rule file.
Thanks in advance.
Christian Buhtz
Reasonably Related Threads
- Remote connect using virsh qemu+ssh hangs / PolicyKit issue
- Disable hybernate/suspend in CentOS 7
- unable to creating/list storage pools using non-root user
- error when configuring management access via PolicyKit
- polkit helper timeout and defunct pkla-check-authorization processes on CentOS 7.3