projects / platform / upstream / polkit.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 44bea50)
Use auth_admin* instead of auth_self* in examples
authorMiloslav Trmač <mitr@redhat.com>
Thu, 14 Feb 2013 13:48:20 +0000 (14:48 +0100)
committerMiloslav Trmač <mitr@redhat.com>
Mon, 6 May 2013 17:50:18 +0000 (19:50 +0200)
From time to time, application developers just copy example
configuration without examining it in details.  Because polkit is
typically used to control access to system-level operations, the policy
(and therefore the examples) should limit access to system
administrators only.

docs/man/polkit.xml patch | blob | history
docs/polkit/overview.xml patch | blob | history
src/examples/org.freedesktop.policykit.examples.pkexec.policy.in patch | blob | history

diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml
index aaac4f4..f8b4849 100644 (file)
--- a/docs/man/polkit.xml
+++ b/docs/man/polkit.xml
@@ -913,7 +913,7 @@ polkit.addRule(function(action, subject) {
 polkit.addRule(function(action, subject) {
     if (action.id == "org.freedesktop.policykit.exec" &&
         action.lookup("program") == "/usr/bin/cat") {
-        return polkit.Result.AUTH_SELF;
+        return polkit.Result.AUTH_ADMIN;
     }
 });
 ]]></programlisting>
diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml
index 8d22570..fb14e50 100644 (file)
--- a/docs/polkit/overview.xml
+++ b/docs/polkit/overview.xml
@@ -261,8 +261,8 @@
         that can be used together with
         <ulink url="http://developer.gnome.org/gtk3/unstable/GtkLockButton.html"><type>GtkLockButton</type></ulink>.
         Note that for <type>GtkLockButton</type> to work well, the
-        polkit action backing it should use <literal>auth_self_keep</literal> or
-        <literal>auth_admin_keep</literal> for its implicit authorizations.
+        polkit action backing it should use <literal>auth_admin_keep</literal> or
+        <literal>auth_self_keep</literal> for its implicit authorizations.
         This is often used to implement an <ulink
         url="http://developer.gnome.org/hig-book/3.2/hig-book.html#windows-instant-apply">instant
         apply</ulink> paradigm whereby the user
diff --git a/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in b/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in
index 049c024..eab7729 100644 (file)
--- a/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in
+++ b/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in
@@ -13,7 +13,7 @@
     <defaults>
       <allow_any>no</allow_any>
       <allow_inactive>no</allow_inactive>
-      <allow_active>auth_self_keep</allow_active>
+      <allow_active>auth_admin_keep</allow_active>
     </defaults>
     <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pk-example-frobnicate</annotate>
   </action>
Domain: System / Uncategorized;