feat[close #33]: Add polkit rules for Apx (dbox and podman)

Vanilla-OS · Jan 2, 2024 · ab0a06e · ab0a06e
1 parent 2cd4f19
commit ab0a06e
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 3 deletions.
diff --git a/includes.container/usr/share/polkit-1/actions/org.vanillaos.vso.policy b/includes.container/usr/share/polkit-1/actions/org.vanillaos.vso.policy
@@ -6,7 +6,6 @@
   <vendor>Vanilla OS</vendor>
   <vendor_url>https://www.vanillaos.org/</vendor_url>
   <icon_name>package-x-generic</icon_name>
-
   <action id="org.vanillaos.vso.sys-upgrade">
     <description>Check for system package updates</description>
     <message>Authentication is required to check for updates</message>
@@ -19,4 +18,26 @@
     <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/vso</annotate>
     <annotate key="org.freedesktop.policykit.exec.argv1">sys-upgrade</annotate>
   </action>
-</policyconfig>
+  <action id="org.vanillaos.vso.distrobox">
+    <description>Manager privileged containers</description>
+    <message>Authentication is required to manage privileged containers</message>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/share/apx/distrobox/distrobox</annotate>
+  </action>
+  <action id="org.vanillaos.vso.podman">
+    <description>Manager privileged containers</description>
+    <message>Authentication is required to manage privileged containers</message>
+    <icon_name>package-x-generic</icon_name>
+    <defaults>
+      <allow_any>auth_admin</allow_any>
+      <allow_inactive>auth_admin</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/podman</annotate>
+  </action>
+</policyconfig>
diff --git a/includes.container/usr/share/polkit-1/rules.d/org.vanillaos.vso.rules b/includes.container/usr/share/polkit-1/rules.d/org.vanillaos.vso.rules
@@ -1,6 +1,10 @@
 polkit.addRule(function (action, subject) {
   if (
-    action.id == "org.vanillaos.vso.sys-upgrade" &&
+    (
+      action.id == "org.vanillaos.vso.sys-upgrade" ||
+      action.id == "org.vanillaos.vso.distrobox" ||
+      action.id == "org.vanillaos.vso.podman"
+    ) &&
     subject.isInGroup("sudo")
   ) {
     polkit.log("action=" + action);