diff options
author | Richard Hughes <richard@hughsie.com> | 2010-11-03 11:54:28 +0000 |
---|---|---|
committer | Richard Hughes <richard@hughsie.com> | 2010-11-03 11:54:28 +0000 |
commit | 644fa615935aeeaa905352312384d36abc794fef (patch) | |
tree | 15411b1a72ad50c182353607ae49dee225042936 /policy | |
parent | 8f93f1ae83f18c69bbcddb082067641c526e1ff4 (diff) |
Use PolicyKit to restrict the UpgradeSystem method to administrators
Diffstat (limited to 'policy')
-rw-r--r-- | policy/org.freedesktop.packagekit.policy.in | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/policy/org.freedesktop.packagekit.policy.in b/policy/org.freedesktop.packagekit.policy.in index 7d59fb38..dbc84a12 100644 --- a/policy/org.freedesktop.packagekit.policy.in +++ b/policy/org.freedesktop.packagekit.policy.in @@ -233,5 +233,21 @@ <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/pk-device-rebind</annotate> </action> + <action id="org.freedesktop.packagekit.upgrade-system"> + <!-- SECURITY: + - Normal users require admin authentication to upgrade the disto as + this can make the system unbootable or stop other applications from + working. + --> + <_description>Remove package</_description> + <_message>Authentication is required to upgrade the operating system</_message> + <icon_name>package-x-generic</icon_name> + <defaults> + <allow_any>no</allow_any> + <allow_inactive>no</allow_inactive> + <allow_active>auth_admin</allow_active> + </defaults> + </action> + </policyconfig> |