conf.set_quoted('MODULESLOAD_DIR', modulesloaddir)
conf.set_quoted('PKGSYSCONFDIR', pkgsysconfdir)
conf.set_quoted('POLKIT_AGENT_BINARY_PATH', bindir / 'pkttyagent')
+conf.set_quoted('POLKIT_RULES_DIR', polkitrulesdir)
conf.set_quoted('PREFIX', prefixdir)
conf.set_quoted('PREFIX_NOSLASH', prefixdir_noslash)
conf.set_quoted('RANDOM_SEED', randomseeddir / 'random-seed')
--- /dev/null
+// SPDX-License-Identifier: MIT-0
+//
+// This config file is installed as part of systemd.
+// It may be freely copied and edited (following the MIT No Attribution license).
+//
+// This example can be enabled by symlinking this file to
+// /etc/polkit-1/rules.d/10-systemd-logind-root-ignore-inhibitors.rules
+
+// Allow the root user to ignore inhibitors when calling reboot etc.
+polkit.addRule(function(action, subject) {
+ if ((action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
+ action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
+ action.id == "org.freedesktop.login1.halt-ignore-inhibit" ||
+ action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
+ action.id == "org.freedesktop.login1.hibernate-ignore-inhibit") &&
+ subject.user == "root") {
+
+ return polkit.Result.YES;
+ }
+});
install_dir : dbussystemservicedir)
install_data('org.freedesktop.login1.policy',
install_dir : polkitpolicydir)
+ install_data('10-systemd-logind-root-ignore-inhibitors.rules.example',
+ install_dir : polkitrulesdir)
endif
}
if (r >= 0)
return 0;
+ if (geteuid() == 0 && sd_bus_error_has_name(&error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED))
+ return log_error_errno(r,
+ "The current polkit policy does not allow root to ignore inhibitors without authentication in order to %s.\n"
+ "To allow this action, a new polkit rule is needed.\n"
+ "See " POLKIT_RULES_DIR "/10-systemd-logind-root-ignore-inhibitors.rules.example.",
+ action_table[a].verb);
if (!sd_bus_error_has_name(&error, SD_BUS_ERROR_UNKNOWN_METHOD) || a == ACTION_SLEEP)
return log_error_errno(r, "Call to %s failed: %s", actions[a], bus_error_message(&error, r));