Use PolicyKit to restrict the UpgradeSystem method to administrators

author: Richard Hughes <richard@hughsie.com> 2010-11-03 11:54:28 +0000
committer: Richard Hughes <richard@hughsie.com> 2010-11-03 11:54:28 +0000
commit: 644fa615935aeeaa905352312384d36abc794fef (patch)
tree: 15411b1a72ad50c182353607ae49dee225042936 /policy
parent: 8f93f1ae83f18c69bbcddb082067641c526e1ff4 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/policy/org.freedesktop.packagekit.policy.in b/policy/org.freedesktop.packagekit.policy.in
index 7d59fb38..dbc84a12 100644
--- a/policy/org.freedesktop.packagekit.policy.in
+++ b/policy/org.freedesktop.packagekit.policy.in
@@ -233,5 +233,21 @@
     <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/pk-device-rebind</annotate>
   </action>
 
+  <action id="org.freedesktop.packagekit.upgrade-system">
+    <!-- SECURITY:
+          - Normal users require admin authentication to upgrade the disto as
+            this can make the system unbootable or stop other applications from
+            working.
+     -->
+    <_description>Remove package</_description>
+    <_message>Authentication is required to upgrade the operating system</_message>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_admin</allow_active>
+    </defaults>
+  </action>
+
 </policyconfig>
author	Richard Hughes <richard@hughsie.com>	2010-11-03 11:54:28 +0000
committer	Richard Hughes <richard@hughsie.com>	2010-11-03 11:54:28 +0000
commit	644fa615935aeeaa905352312384d36abc794fef (patch)
tree	15411b1a72ad50c182353607ae49dee225042936 /policy
parent	8f93f1ae83f18c69bbcddb082067641c526e1ff4 (diff)