xref: /systemd-251/src/machine/org.freedesktop.machine1.policy

<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
        "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">

<!--
  SPDX-License-Identifier: LGPL-2.1-or-later

  This file is part of systemd.

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.
-->

<policyconfig>

        <vendor>The systemd Project</vendor>
        <vendor_url>https://systemd.io</vendor_url>

        <action id="org.freedesktop.machine1.login">
                <description gettext-domain="systemd">Log into a local container</description>
                <message gettext-domain="systemd">Authentication is required to log into a local container.</message>
                <defaults>
                        <allow_any>auth_admin</allow_any>
                        <allow_inactive>auth_admin</allow_inactive>
                        <allow_active>auth_admin_keep</allow_active>
                </defaults>
        </action>

        <action id="org.freedesktop.machine1.host-login">
                <description gettext-domain="systemd">Log into the local host</description>
                <message gettext-domain="systemd">Authentication is required to log into the local host.</message>
                <defaults>
                        <allow_any>auth_admin</allow_any>
                        <allow_inactive>auth_admin</allow_inactive>
                        <allow_active>yes</allow_active>
                </defaults>
        </action>

        <action id="org.freedesktop.machine1.shell">
                <description gettext-domain="systemd">Acquire a shell in a local container</description>
                <message gettext-domain="systemd">Authentication is required to acquire a shell in a local container.</message>
                <defaults>
                        <allow_any>auth_admin</allow_any>
                        <allow_inactive>auth_admin</allow_inactive>
                        <allow_active>auth_admin_keep</allow_active>
                </defaults>
                <annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.login</annotate>
        </action>

        <action id="org.freedesktop.machine1.host-shell">
                <description gettext-domain="systemd">Acquire a shell on the local host</description>
                <message gettext-domain="systemd">Authentication is required to acquire a shell on the local host.</message>
                <defaults>
                        <allow_any>auth_admin</allow_any>
                        <allow_inactive>auth_admin</allow_inactive>
                        <allow_active>auth_admin_keep</allow_active>
                </defaults>
                <annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.host-login</annotate>
        </action>

        <action id="org.freedesktop.machine1.open-pty">
                <description gettext-domain="systemd">Acquire a pseudo TTY in a local container</description>
                <message gettext-domain="systemd">Authentication is required to acquire a pseudo TTY in a local container.</message>
                <defaults>
                        <allow_any>auth_admin</allow_any>
                        <allow_inactive>auth_admin</allow_inactive>
                        <allow_active>auth_admin_keep</allow_active>
                </defaults>
        </action>

        <action id="org.freedesktop.machine1.host-open-pty">
                <description gettext-domain="systemd">Acquire a pseudo TTY on the local host</description>
                <message gettext-domain="systemd">Authentication is required to acquire a pseudo TTY on the local host.</message>
                <defaults>
                        <allow_any>auth_admin</allow_any>
                        <allow_inactive>auth_admin</allow_inactive>
                        <allow_active>auth_admin_keep</allow_active>
                </defaults>
        </action>

        <action id="org.freedesktop.machine1.manage-machines">
                <description gettext-domain="systemd">Manage local virtual machines and containers</description>
                <message gettext-domain="systemd">Authentication is required to manage local virtual machines and containers.</message>
                <defaults>
                        <allow_any>auth_admin</allow_any>
                        <allow_inactive>auth_admin</allow_inactive>
                        <allow_active>auth_admin_keep</allow_active>
                </defaults>
                <annotate key="org.freedesktop.policykit.imply">org.freedesktop.login1.shell org.freedesktop.login1.login</annotate>
        </action>

        <action id="org.freedesktop.machine1.manage-images">
                <description gettext-domain="systemd">Manage local virtual machine and container images</description>
                <message gettext-domain="systemd">Authentication is required to manage local virtual machine and container images.</message>
                <defaults>
                        <allow_any>auth_admin</allow_any>
                        <allow_inactive>auth_admin</allow_inactive>
                        <allow_active>auth_admin_keep</allow_active>
                </defaults>
        </action>

</policyconfig>