vasilito
e6923f5c4d
P5: redbear-polkit now enforces real authorization: - is_authorized(uid, action_id) checks UID-based policy - uid=0 (root) always authorized - Other users checked against /etc/polkit-1/policy.toml - Default: deny for unknown actions (fail-closed) - Backend name changed from 'redbear-permit-all' to 'redbear-uid-policy' - Default policy grants power/network/storage to root+user(1000)
11 lines
485 B
TOML
11 lines
485 B
TOML
# Red Bear OS polkit policy — action_id = uid1, uid2, ...
|
|
# uid 0 (root) is always authorized
|
|
org.freedesktop.login1.power-off = 0, 1000
|
|
org.freedesktop.login1.reboot = 0, 1000
|
|
org.freedesktop.login1.suspend = 0, 1000
|
|
org.freedesktop.login1.set-user-linger = 0
|
|
org.freedesktop.udisks2.filesystem-mount = 0, 1000
|
|
org.freedesktop.udisks2.filesystem-mount-system = 0
|
|
org.freedesktop.NetworkManager.settings.modify.system = 0
|
|
org.freedesktop.NetworkManager.enable-disable-wifi = 0, 1000
|