diff options
author | Wilhelm Schuster | 2022-01-29 20:21:07 +0100 |
---|---|---|
committer | Wilhelm Schuster | 2022-01-29 20:21:07 +0100 |
commit | ec3eeaa22dde364383a21c03c360a0dd51b950ea (patch) | |
tree | 0ca2f46a942f599b278be64736cda0c3b710c3f2 /moonraker.rules | |
parent | bdf6fc91d1e208504882e459e6c21abcf5ad9f16 (diff) | |
download | aur-ec3eeaa22dde364383a21c03c360a0dd51b950ea.tar.gz |
Update for polkit
Diffstat (limited to 'moonraker.rules')
-rw-r--r-- | moonraker.rules | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/moonraker.rules b/moonraker.rules new file mode 100644 index 000000000000..0a796274a035 --- /dev/null +++ b/moonraker.rules @@ -0,0 +1,30 @@ +// Allow Moonraker User to manage systemd units, reboot and shutdown +// the system +polkit.addRule(function(action, subject) { + if ((action.id == "org.freedesktop.systemd1.manage-units" || + action.id == "org.freedesktop.login1.power-off" || + action.id == "org.freedesktop.login1.power-off-multiple-sessions" || + action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions" || + action.id.startsWith("org.freedesktop.packagekit.")) && + subject.user == "klipper") { + // Only allow processes with the "moonraker-admin" supplementary group + // access + try { + // more concise, but probably slightly slower: + /*var groups = polkit.spawn(["ps", "-o", "supgrp=", subject.pid.toString()]).split(","); + if (groups.indexOf("moonraker-admin") > -1) { + return polkit.Result.YES; + }*/ + + var gid = polkit.spawn(["getent", "group", "moonraker-admin"]).split(":")[2]; + var cmdpath = "/proc/" + subject.pid.toString() + "/status"; + var groups = polkit.spawn(["grep", "^Groups:", cmdpath]).split(" "); + if (groups.indexOf(gid) > -1) { + return polkit.Result.YES; + } + } catch (error) { + return polkit.Result.NOT_HANDLED; + } + } +}); |