blob: 5e43cb6e244c5f1f2d17916c19fdcba279eef7b0 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<!--
SPDX-License-Identifier: LGPL-2.1-or-later
This file is part of systemd.
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
-->
<policyconfig>
<vendor>The systemd Project</vendor>
<vendor_url>https://systemd.io</vendor_url>
<action id="org.freedesktop.machine1.login">
<description gettext-domain="systemd">Log into a local container</description>
<message gettext-domain="systemd">Authentication is required to log into a local container.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.machine1.host-login">
<description gettext-domain="systemd">Log into the local host</description>
<message gettext-domain="systemd">Authentication is required to log into the local host.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
<action id="org.freedesktop.machine1.shell">
<description gettext-domain="systemd">Acquire a shell in a local container</description>
<message gettext-domain="systemd">Authentication is required to acquire a shell in a local container.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.login</annotate>
</action>
<action id="org.freedesktop.machine1.host-shell">
<description gettext-domain="systemd">Acquire a shell on the local host</description>
<message gettext-domain="systemd">Authentication is required to acquire a shell on the local host.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.host-login</annotate>
</action>
<action id="org.freedesktop.machine1.open-pty">
<description gettext-domain="systemd">Acquire a pseudo TTY in a local container</description>
<message gettext-domain="systemd">Authentication is required to acquire a pseudo TTY in a local container.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.machine1.host-open-pty">
<description gettext-domain="systemd">Acquire a pseudo TTY on the local host</description>
<message gettext-domain="systemd">Authentication is required to acquire a pseudo TTY on the local host.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.freedesktop.machine1.manage-machines">
<description gettext-domain="systemd">Manage local virtual machines and containers</description>
<message gettext-domain="systemd">Authentication is required to manage local virtual machines and containers.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.shell org.freedesktop.login1.login</annotate>
</action>
<action id="org.freedesktop.machine1.manage-images">
<description gettext-domain="systemd">Manage local virtual machine and container images</description>
<message gettext-domain="systemd">Authentication is required to manage local virtual machine and container images.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
</policyconfig>