/
polkit-default-privs.standard
539 lines (494 loc) · 30 KB
/
polkit-default-privs.standard
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
#
# /etc/polkit-default-privs.standard is set up for use in most
# desktop systems to make common operations work out-of-the box for
# locally logged in users. It still restricts users enough to be
# safely used on most multi user hosts.
#
# Please do not modify this file, use polkit-default-privs.local instead.
#
org.freedesktop.policykit.read auth_admin_keep_always
org.freedesktop.policykit.revoke auth_admin_keep_always
org.freedesktop.policykit.grant auth_admin_keep_always
org.freedesktop.policykit.modify-defaults auth_admin_keep_always
#
org.freedesktop.network-manager-settings.system.modify auth_admin_keep_always
org.freedesktop.network-manager-settings.system.hostname.modify auth_admin_keep
org.freedesktop.network-manager-settings.system.wifi.share.protected auth_admin
org.freedesktop.network-manager-settings.system.wifi.share.open auth_admin
org.freedesktop.NetworkManager.enable-disable-network auth_admin:auth_admin:yes
org.freedesktop.NetworkManager.enable-disable-wifi auth_admin:auth_admin:yes
org.freedesktop.NetworkManager.enable-disable-wwan auth_admin:auth_admin:yes
org.freedesktop.NetworkManager.use-user-connections auth_admin:auth_admin:yes
# auth_admin probably causes issues with suspend here (bnc#716291)
org.freedesktop.NetworkManager.network-control no:no:yes
org.freedesktop.NetworkManager.sleep-wake auth_admin:auth_admin:yes
# bnc#680140
org.freedesktop.NetworkManager.enable-disable-wimax auth_admin:auth_admin:yes
org.freedesktop.NetworkManager.wifi.share.protected auth_admin
org.freedesktop.NetworkManager.wifi.share.open auth_admin
org.freedesktop.NetworkManager.settings.modify.own auth_admin_keep:auth_admin_keep:yes
org.freedesktop.NetworkManager.settings.modify.system auth_admin_keep
org.freedesktop.NetworkManager.settings.modify.hostname auth_admin
#
org.libvirt.unix.monitor yes
org.libvirt.unix.manage auth_admin_keep_always
#
# gnome-settings-daemon (bnc#690496)
#
org.gnome.settingsdaemon.datetimemechanism.configure auth_admin_keep
# bnc#750795
org.gnome.settings-daemon.plugins.wacom.wacom-led-helper no:no:yes
# bnc#822405
org.gnome.settings-daemon.plugins.wacom.wacom-oled-helper no:no:yes
#
# colord (bnc#698250)
#
org.freedesktop.color-manager.create-device auth_admin:auth_admin:yes
org.freedesktop.color-manager.create-profile auth_admin:auth_admin:yes
org.freedesktop.color-manager.delete-device auth_admin:auth_admin:yes
org.freedesktop.color-manager.delete-profile auth_admin:auth_admin:yes
org.freedesktop.color-manager.modify-device auth_admin:auth_admin:yes
org.freedesktop.color-manager.modify-profile auth_admin:auth_admin:yes
org.freedesktop.color-manager.install-system-wide auth_admin:auth_admin:auth_admin_keep
org.freedesktop.color-manager.device-inhibit auth_admin:auth_admin:yes
org.freedesktop.color-manager.sensor-lock auth_admin:auth_admin:yes
#
# package kit
#
org.freedesktop.packagekit.package-install auth_admin_keep_always
org.freedesktop.packagekit.package-install-untrusted auth_admin
org.freedesktop.packagekit.system-trust-signing-key auth_admin
org.freedesktop.packagekit.package-eula-accept auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.packagekit.package-remove auth_admin_keep_always
org.freedesktop.packagekit.system-update auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.packagekit.system-rollback auth_admin_keep_always
org.freedesktop.packagekit.system-sources-configure auth_admin_keep_always
org.freedesktop.packagekit.system-sources-refresh auth_admin_keep_always:no:yes
org.freedesktop.packagekit.system-network-proxy-configure auth_admin_keep_always
org.freedesktop.packagekit.cancel-foreign auth_admin:auth_admin:auth_admin_keep
org.freedesktop.packagekit.device-rebind auth_admin_keep
org.freedesktop.packagekit.system-change-install-root auth_admin
org.freedesktop.packagekit.upgrade-system auth_admin
org.freedesktop.packagekit.repair-system auth_admin
#
# Pulseaudio meets RealtimeKit (bnc#753849)
org.pulseaudio.acquire-real-time auth_admin_keep_always:auth_admin_keep_always:yes
org.pulseaudio.acquire-high-priority auth_admin_keep_always:auth_admin_keep_always:yes
#
# gconf
#
org.gnome.gconf.defaults.set-system auth_admin_keep
org.gnome.gconf.defaults.set-mandatory auth_admin_keep
#
# just an example program
#
org.gnome.policykit.examples.jump no:no:auth_self_one_shot
org.gnome.policykit.examples.frobnicate no:no:auth_self
org.gnome.policykit.examples.tweak no:no:auth_admin
org.gnome.policykit.examples.twiddle no:no:auth_admin_keep_always
org.gnome.policykit.examples.punch no:no:auth_self_keep_session
org.gnome.policykit.examples.toggle no:no:auth_admin_keep_always
org.gnome.policykit.examples.kick-foo no:no:auth_self
org.gnome.policykit.examples.kick-bar no:no:auth_self
org.gnome.policykit.examples.kick-baz no:no:auth_self
#
# should be consistent with udisks
org.freedesktop.consolekit.system.stop auth_admin_keep_always:auth_admin_keep_always:yes
org.freedesktop.consolekit.system.stop-multiple-users auth_admin:auth_admin:yes
org.freedesktop.consolekit.system.restart auth_admin:auth_admin:yes
org.freedesktop.consolekit.system.restart-multiple-users auth_admin_keep_always:auth_admin_keep_always:yes
#
# smpppd
#
org.opensuse.smpppd.connect auth_admin_keep_always:auth_admin_keep_always:yes
#
# backup-manager
#
org.opensuse.backupmanager.schedule auth_admin
#
# system-config-printer
#
org.opensuse.cupspkhelper.mechanism.printer-set-default auth_admin_keep
org.opensuse.cupspkhelper.mechanism.printer-enable auth_admin_keep
org.opensuse.cupspkhelper.mechanism.printer-local-edit auth_admin_keep
org.opensuse.cupspkhelper.mechanism.printer-remote-edit auth_admin_keep
org.opensuse.cupspkhelper.mechanism.class-edit auth_admin_keep
org.opensuse.cupspkhelper.mechanism.server-settings auth_admin_keep
org.opensuse.cupspkhelper.mechanism.printeraddremove auth_admin_keep
org.opensuse.cupspkhelper.mechanism.job-edit auth_admin_keep
org.opensuse.cupspkhelper.mechanism.job-not-owned-edit auth_admin_keep
org.opensuse.cupspkhelper.mechanism.devices-get auth_admin_keep
org.opensuse.cupspkhelper.mechanism.all-edit auth_admin_keep
#
# Firewall Zone Switcher
#
org.opensuse.zoneswitcher.control auth_admin_keep_always:auth_admin_keep_always:yes
#
# RealTimeKit (bnc#753849)
#
org.freedesktop.RealtimeKit1.acquire-high-priority auth_admin:auth_admin:yes
org.freedesktop.RealtimeKit1.acquire-real-time auth_admin:auth_admin:yes
#
# polkit-1
#
org.freedesktop.policykit.exec auth_admin:auth_admin:auth_admin
org.freedesktop.policykit.lockdown auth_admin
# example progam
org.freedesktop.policykit.example.pkexec.run-frobnicate auth_admin:auth_admin:auth_admin
#
# udisks.
#
org.freedesktop.udisks.filesystem-mount auth_admin:auth_admin:yes
org.freedesktop.udisks.filesystem-mount-system-internal auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks.filesystem-check auth_admin:auth_admin:yes
org.freedesktop.udisks.filesystem-check-system-internal auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks.filesystem-unmount-others auth_admin:auth_admin:auth_admin
org.freedesktop.udisks.filesystem-lsof auth_admin:auth_admin:yes
org.freedesktop.udisks.filesystem-lsof-system-internal auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks.drive-eject auth_admin:auth_admin:yes
org.freedesktop.udisks.drive-detach auth_admin:auth_admin:yes
org.freedesktop.udisks.change auth_admin:auth_admin:yes
org.freedesktop.udisks.change-system-internal auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks.drive-ata-smart-refresh auth_admin:auth_admin:yes
org.freedesktop.udisks.drive-ata-smart-selftest auth_admin:auth_admin:auth_admin
org.freedesktop.udisks.drive-ata-smart-retrieve-historical-data auth_admin:auth_admin:yes
org.freedesktop.udisks.luks-unlock auth_admin:auth_admin:yes
org.freedesktop.udisks.luks-lock-others auth_admin:auth_admin:auth_admin
org.freedesktop.udisks.linux-md auth_admin:auth_admin:auth_admin
org.freedesktop.udisks.cancel-job-others auth_admin:auth_admin:auth_admin
org.freedesktop.udisks.inhibit-polling auth_admin:auth_admin:yes
org.freedesktop.udisks.drive-set-spindown auth_admin:auth_admin:yes
org.freedesktop.udisks.linux-lvm2 auth_admin_keep
#
# udisks2 (bnc#742751)
#
org.freedesktop.udisks2.filesystem-mount-system auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.filesystem-fstab auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.filesystem-unmount-others auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.encrypted-unlock-system auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.encrypted-unlock-crypttab auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.encrypted-lock-others auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.encrypted-change-passphrase-system auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.loop-delete-others auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.manage-swapspace auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.modify-device-system auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.open-device auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.open-device-system auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.modify-system-configuration auth_admin
org.freedesktop.udisks2.read-system-configuration-secrets auth_admin
org.freedesktop.udisks2.ata-smart-selftest auth_admin:auth_admin:auth_admin_keep
#
org.freedesktop.udisks2.filesystem-mount auth_admin:auth_admin:yes
org.freedesktop.udisks2.encrypted-unlock auth_admin:auth_admin:yes
org.freedesktop.udisks2.encrypted-change-passphrase auth_admin:auth_admin:yes
org.freedesktop.udisks2.loop-setup auth_admin:auth_admin:yes
org.freedesktop.udisks2.modify-device auth_admin:auth_admin:yes
org.freedesktop.udisks2.ata-smart-update auth_admin:auth_admin:yes
# (bnc#761872)
org.freedesktop.udisks2.eject-media auth_admin:auth_admin:yes
org.freedesktop.udisks2.filesystem-mount-other-seat auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.encrypted-unlock-other-seat auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.loop-modify-others auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.eject-media-system auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.eject-media-other-seat auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.modify-device-other-seat auth_admin:auth_admin:auth_admin_keep
# (bnc#779404)
# root only parts
org.freedesktop.udisks2.modify-drive-settings auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.ata-smart-simulate auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.ata-standby-system auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.ata-standby-other-seat auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.ata-secure-erase auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.cancel-job-other-user auth_admin:auth_admin:auth_admin_keep
# these want desktop user perms
org.freedesktop.udisks2.rescan auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.ata-check-power auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.ata-standby auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.cancel-job auth_admin:auth_admin:auth_admin_keep
#
# upower
#
org.freedesktop.upower.suspend auth_admin:auth_admin:yes
org.freedesktop.upower.hibernate auth_admin:auth_admin:yes
org.freedesktop.upower.qos.request-latency auth_admin:auth_admin:yes
org.freedesktop.upower.qos.request-latency-persistent auth_admin:auth_admin:yes
org.freedesktop.upower.qos.set-minimum-latency auth_admin:auth_admin:auth_admin
org.freedesktop.upower.qos.cancel-request auth_admin:auth_admin:auth_admin
#
# YaST
#
org.opensuse.yast.module-manager.import auth_admin_keep_session
org.opensuse.yast.module-manager.lock auth_admin_keep_session
org.opensuse.yast.modules.yapi.language.read no
org.opensuse.yast.modules.yapi.language.write no
org.opensuse.yast.modules.yapi.time.read no
org.opensuse.yast.modules.yapi.time.write no
org.opensuse.yast.modules.ysr.statelessregister auth_admin_keep_session
org.opensuse.yast.modules.ysr.getregistrationconfig auth_admin_keep_session
org.opensuse.yast.modules.ysr.setregistrationconfig auth_admin_keep_session
org.opensuse.yast.scr.read auth_admin_keep_session
org.opensuse.yast.scr.write auth_admin_keep_session
org.opensuse.yast.scr.execute auth_admin_keep_session
org.opensuse.yast.scr.dir auth_admin_keep_session
org.opensuse.yast.scr.registeragent auth_admin_keep_session
org.opensuse.yast.scr.unregisteragent auth_admin_keep_session
org.opensuse.yast.scr.unmountagent auth_admin_keep_session
org.opensuse.yast.scr.error auth_admin_keep_session
org.opensuse.yast.scr.unregisterallagents auth_admin_keep_session
org.opensuse.yast.scr.registernewagents auth_admin_keep_session
# webyast
org.opensuse.yast.permissions.read no
org.opensuse.yast.permissions.write no
org.opensuse.yast.modules.eulas.accept no
org.opensuse.yast.modules.yapi.activedirectory.read no
org.opensuse.yast.modules.yapi.activedirectory.write no
org.opensuse.yast.modules.yapi.firewall.read no
org.opensuse.yast.modules.yapi.firewall.write no
org.opensuse.yast.modules.yapi.kerberos.read no
org.opensuse.yast.modules.yapi.kerberos.write no
org.opensuse.yast.modules.yapi.ldap.read no
org.opensuse.yast.modules.yapi.ldap.write no
org.opensuse.yast.modules.yapi.mailsettings.read no
org.opensuse.yast.modules.yapi.mailsettings.write no
org.opensuse.yast.modules.yapi.ntp.synchronize no
org.opensuse.yast.modules.yapi.ntp.setserver no
org.opensuse.yast.roles.assign no
org.opensuse.yast.roles.modify no
org.opensuse.yast.modules.yapi.administrator.read no
org.opensuse.yast.modules.yapi.administrator.write no
org.opensuse.yast.modules.yapi.services.read no
org.opensuse.yast.modules.yapi.services.execute no
org.opensuse.yast.system.repositories.read no
org.opensuse.yast.system.repositories.write no
org.opensuse.yast.system.packages.read no
org.opensuse.yast.system.patches.read no
org.opensuse.yast.system.patches.install no
org.opensuse.yast.system.status.read no
org.opensuse.yast.system.status.writelimits no
org.opensuse.yast.modules.logfile.read no
org.opensuse.yast.modules.yapi.users.groupsget no
org.opensuse.yast.modules.yapi.users.groupget no
org.opensuse.yast.modules.yapi.users.groupadd no
org.opensuse.yast.modules.yapi.users.groupmodify no
org.opensuse.yast.modules.yapi.users.groupdelete no
org.opensuse.yast.modules.yapi.users.usersget no
org.opensuse.yast.modules.yapi.users.userget no
org.opensuse.yast.modules.yapi.users.usermodify no
org.opensuse.yast.modules.yapi.users.useradd no
org.opensuse.yast.modules.yapi.users.userdelete no
org.opensuse.yast.modules.yapi.network.read no
org.opensuse.yast.modules.yapi.network.write no
org.opensuse.yast.system.terminal.read no
# bnc#687807
org.opensuse.yast.system.power-management.reboot no
org.opensuse.yast.system.power-management.shutdown no
# KDE stuff
org.kde.fontinst.manage auth_admin_keep
org.kde.kcontrol.kcmclock.save auth_admin
org.kde.kcontrol.kcmremotewidgets.save auth_admin
org.kde.ksysguard.processlisthelper.changecpuscheduler auth_admin
org.kde.ksysguard.processlisthelper.changeioscheduler auth_admin
org.kde.ksysguard.processlisthelper.renice auth_admin
org.kde.ksysguard.processlisthelper.sendsignal auth_admin
org.kde.polkitkde1.changeexplicitauthorizations auth_admin_keep
org.kde.polkitkde1.changeimplicitauthorizations auth_admin
org.kde.polkitkde1.changesystemconfiguration auth_admin
org.kde.polkitkde1.readauthorizations auth_admin_keep
org.kde.kcontrol.k3bsetup.save auth_admin
org.kde.kcontrol.kcmkdm.managefaces auth_admin_keep
org.kde.kcontrol.kcmkdm.managethemes auth_admin_keep
org.kde.kcontrol.kcmkdm.save auth_admin
# kde backlight helper (bnc#672145)
org.kde.powerdevil.backlighthelper.brightness no:no:yes
org.kde.powerdevil.backlighthelper.setbrightness no:no:yes
# kdepim4/kalarm (bnc#707723)
org.kde.kalarmrtcwake.settimer auth_admin_keep
# sddm kcm oepration (bnc#904313)
org.kde.kcontrol.kcmsddm.save auth_admin
# systemd (bnc#641924)
# systemd (bnc#641924)
org.freedesktop.hostname1.set-hostname auth_admin
org.freedesktop.hostname1.set-static-hostname auth_admin
org.freedesktop.hostname1.set-machine-info auth_admin
org.freedesktop.systemd1.reply-password auth_admin
org.freedesktop.systemd1.bus-access auth_admin
org.freedesktop.timedate1.set-time auth_admin_keep
org.freedesktop.timedate1.set-timezone auth_admin_keep:auth_admin_keep:yes
org.freedesktop.timedate1.set-ntp auth_admin_keep
org.freedesktop.timedate1.set-local-rtc auth_admin_keep
org.freedesktop.locale1.set-locale auth_admin_keep
org.freedesktop.locale1.set-keyboard auth_admin_keep
org.freedesktop.login1.attach-device auth_admin_keep
org.freedesktop.login1.flush-devices auth_admin_keep
org.freedesktop.login1.power-off auth_admin_keep:auth_admin_keep:yes
org.freedesktop.login1.power-off-multiple-sessions auth_admin_keep:auth_admin_keep:yes
org.freedesktop.login1.reboot auth_admin_keep:auth_admin_keep:yes
org.freedesktop.login1.reboot-multiple-sessions auth_admin_keep:auth_admin_keep:yes
org.freedesktop.login1.set-user-linger auth_admin_keep
#
# new stuff in bnc#783897
#
org.freedesktop.login1.power-off-ignore-inhibit auth_admin_keep
org.freedesktop.login1.reboot-ignore-inhibit auth_admin_keep
org.freedesktop.login1.suspend-ignore-inhibit auth_admin_keep
org.freedesktop.login1.hibernate-multiple-sessions auth_admin_keep
org.freedesktop.login1.hibernate-ignore-inhibit auth_admin_keep
# want more rights:
org.freedesktop.login1.inhibit-block-shutdown no:yes:yes
org.freedesktop.login1.inhibit-block-sleep no:yes:yes
org.freedesktop.login1.inhibit-handle-power-key no:yes:yes
org.freedesktop.login1.inhibit-handle-suspend-key no:yes:yes
org.freedesktop.login1.inhibit-handle-hibernate-key no:yes:yes
org.freedesktop.login1.inhibit-handle-lid-switch no:yes:yes
# even more
org.freedesktop.login1.inhibit-delay-shutdown yes
org.freedesktop.login1.inhibit-delay-sleep yes
org.freedesktop.login1.inhibit-block-idle yes
org.freedesktop.login1.suspend auth_admin_keep:auth_admin_keep:yes
org.freedesktop.login1.suspend-multiple-sessions auth_admin_keep:auth_admin_keep:yes
org.freedesktop.login1.hibernate auth_admin_keep:auth_admin_keep:yes
# gnome-control-center
org.gnome.randr.install-system-wide auth_admin
# gnome-power-manager/gnome-settings-daemon (bnc#650401, bnc#712841)
org.gnome.settings-daemon.plugins.power.backlight-helper no:no:yes
# xfce4-power-manager, bnc#665169
# code is copy&paste from gnome-power-manager
org.xfce.power.backlight-helper no:no:yes
# hp-drive-guard
com.hp.driveguard.toggle auth_admin
com.hp.driveguard.install-setup auth_admin
# ModemManager
org.freedesktop.ModemManager.Device.Control auth_admin_keep:auth_admin_keep:yes
org.freedesktop.ModemManager.Device.Info auth_admin_keep:auth_admin_keep:yes
org.freedesktop.ModemManager.Contacts auth_admin_keep
org.freedesktop.ModemManager.SMS auth_admin_keep
org.freedesktop.ModemManager.Location auth_admin_keep
# (bnc#691896)
org.freedesktop.ModemManager.USSD auth_admin_keep
# urfkill (bnc#688328)
org.freedesktop.urfkill.block auth_admin:auth_admin:yes
org.freedesktop.urfkill.blockidx auth_admin:auth_admin:yes
org.freedesktop.urfkill.unblock auth_admin:auth_admin:yes
org.freedesktop.urfkill.unblockidx auth_admin:auth_admin:yes
org.freedesktop.urfkill.enablekeycontrol auth_admin:auth_admin:yes
# account services (bnc#676638)
org.freedesktop.accounts.user-administration auth_admin_keep
org.freedesktop.accounts.set-login-option auth_admin
org.freedesktop.accounts.change-own-user-data yes
#
# smb4k (bnc#749065)
#
de.berlios.smb4k.mounthelper.mount auth_admin_keep
de.berlios.smb4k.mounthelper.unmount auth_admin_keep
#
# RecordItNow (bnc#753908)
#
org.kde.recorditnow.helper.watch auth_admin
#
# GNOME control-center (bnc#779938)
#
org.gnome.controlcenter.user-accounts.administration no:no:auth_admin_keep
org.gnome.controlcenter.datetime.configure no:no:auth_admin_keep
#
# PackageKit / systemd offline updates (bnc#798885)
# same as org.freedesktop.packagekit.system-update
#
org.freedesktop.packagekit.trigger-offline-update auth_admin_keep:auth_admin_keep:yes
org.freedesktop.packagekit.clear-offline-update auth_admin_keep:auth_admin_keep:yes
#
# gparted (bnc#810888)
#
org.opensuse.policykit.gparted auth_admin
#
# udisks2 (bnc#809277)
#
org.freedesktop.udisks2.manage-md-raid auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.power-off-drive-system auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.power-off-drive-other-seat auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.ata-smart-enable-disable auth_admin:auth_admin:auth_admin_keep
org.freedesktop.udisks2.power-off-drive auth_admin:auth_admin:yes
# ModemManager1 (bnc#798273)
org.freedesktop.ModemManager1.Control auth_admin
org.freedesktop.ModemManager1.Device.Control auth_admin_keep
org.freedesktop.ModemManager1.Contacts auth_admin:auth_admin:auth_self_keep
org.freedesktop.ModemManager1.Messaging auth_admin:auth_admin:auth_self_keep
org.freedesktop.ModemManager1.Location auth_admin:auth_admin:auth_self_keep
org.freedesktop.ModemManager1.Firmware auth_admin
org.freedesktop.ModemManager1.USSD auth_admin_keep # likely not widely used
# fprintfd (bnc#792095, bnc#850807)
net.reactivated.fprint.device.verify no:no:yes
net.reactivated.fprint.device.enroll no:no:yes
net.reactivated.fprint.device.setusername no:no:auth_admin_keep
# lightdm-kde-greeter (bnc#794705)
org.kde.kcontrol.kcmlightdm.save no:no:auth_admin_keep
org.kde.kcontrol.kcmlightdm.savethemedetails no:no:auth_admin_keep
# gnome-system-monitor (bnc#822011)
org.gnome.gnome-system-monitor.kill no:no:auth_admin
org.gnome.gnome-system-monitor.renice no:no:auth_admin
# nepomuk (bnc#825262)
org.kde.nepomuk.filewatch.raiselimit no:no:auth_admin_keep
# powerdevil (bnc#825256)
org.kde.powerdevil.backlighthelper.syspath no:yes:yes
# libvirt (bnc#827644) ( original wants yes:yes:yes)
org.libvirt.api.connect.getattr auth_admin_keep
org.libvirt.api.connect.read auth_admin_keep
org.libvirt.api.connect.search-domains auth_admin_keep
org.libvirt.api.connect.search-interfaces auth_admin_keep
org.libvirt.api.connect.search-networks auth_admin_keep
org.libvirt.api.connect.search-node-devices auth_admin_keep
org.libvirt.api.connect.search-nwfilters auth_admin_keep
org.libvirt.api.connect.search-secrets auth_admin_keep
org.libvirt.api.connect.search-storage-pools auth_admin_keep
org.libvirt.api.domain.getattr auth_admin_keep
org.libvirt.api.domain.read auth_admin_keep
org.libvirt.api.interface.getattr auth_admin_keep
org.libvirt.api.interface.read auth_admin_keep
org.libvirt.api.network.getattr auth_admin_keep
org.libvirt.api.network.read auth_admin_keep
org.libvirt.api.node-device.getattr auth_admin_keep
org.libvirt.api.nwfilter.getattr auth_admin_keep
org.libvirt.api.nwfilter.read auth_admin_keep
org.libvirt.api.secret.getattr auth_admin_keep
org.libvirt.api.secret.read auth_admin_keep
org.libvirt.api.storage-pool.getattr auth_admin_keep
org.libvirt.api.storage-pool.read auth_admin_keep
org.libvirt.api.storage-vol.getattr auth_admin_keep
org.libvirt.api.storage-vol.read auth_admin_keep
# MATE settings-daemon (bnc#831404)
org.mate.settingsdaemon.datetimemechanism.settimezone auth_admin_keep
org.mate.settingsdaemon.datetimemechanism.settime auth_admin_keep
org.mate.settingsdaemon.datetimemechanism.configurehwclock auth_admin_keep
org.mate.randr.install-system-wide auth_admin_keep
org.mate.power.backlight-helper no:no:yes
# gufw
com.ubuntu.pkexec.gufw auth_admin
# policycoreutils (bnc#848550)
org.selinux.restorecon auth_admin_keep
org.selinux.setenforce auth_admin_keep
org.selinux.semanage auth_admin_keep
org.selinux.change_default_policy auth_admin_keep
org.selinux.change_policy_type auth_admin_keep
org.selinux.config.pkexec.run no:no:auth_admin
org.selinux.relabel_on_boot auth_admin_keep
org.selinux.customized yes:yes:yes
org.selinux.semodule_list yes:yes:yes
# kwallet (bnc#849739)
org.kde.kcontrol.kcmkwallet.save no:no:auth_self_keep
# baloo (bnc#866131)
org.kde.baloo.filewatch.raiselimit no:no:auth_admin_keep
# pcsc-lite (bnc#864178)
org.debian.pcsc-lite.access_pcsc auth_admin:auth_admin:yes
org.debian.pcsc-lite.access_card auth_admin:auth_admin:yes
# policycoreutils (bnc#878631)
org.selinux.customized no:no:yes
org.selinux.semodule_list no:no:yes
# firewalld (bnc#907625)
org.fedoraproject.FirewallD1.all auth_admin_keep
org.fedoraproject.FirewallD1.info auth_admin_keep
org.fedoraproject.FirewallD1.config auth_admin_keep
org.fedoraproject.FirewallD1.config.info auth_admin_keep
org.fedoraproject.FirewallD1.direct auth_admin_keep
org.fedoraproject.FirewallD1.direct.info auth_admin_keep
org.fedoraproject.FirewallD1.policies auth_admin_keep
org.fedoraproject.FirewallD1.policies.info auth_admin_keep
###