scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-12-24 14:27:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Only allow sudoless rpm-ostree for upgrades and refreshes

Browse Source
This commit is contained in:
qoijjj
2023-12-05 12:23:47 -08:00
parent 98a3f2b2b5
commit 0aa5d6aba7
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
config/files/usr/share/polkit-1/rules.d/org.projectatomic.rpmostree1.rules
View File

@@ -1 +1,16 @@
/* Overwrites polkit rule that allows rpm-ostree to be used without sudo */
/* Overwrites polkit rule that allows rpm-ostree install to be used without sudo
Allows only upgrades and repo refreshes without sudo
*/
polkit.addRule(function(action, subject) {
if (action.id == "org.projectatomic.rpmostree1.repo-refresh" &&
subject.active == true && subject.local == true) {
return polkit.Result.YES;
}
if ((action.id == "org.projectatomic.rpmostree1.upgrade" ) &&
subject.active == true &&
subject.local == true &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});