Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Polkit rule that allows members in 'wheel' to use `machinectl` without password authentication
/* Allow members in 'wheel' to use machinectl without password authentication
*
* Thanks to belows:
* - https://unix.stackexchange.com/a/595725
* - https://wiki.archlinux.org/index.php/Polkit#For_specific_actions
*/
polkit.addRule(function(action, subject) {
if (
(
action.id == "org.freedesktop.machine1.shell" ||
action.id == "org.freedesktop.machine1.manage-machines" ||
action.id == "org.freedesktop.machine1.manage-images" ||
action.id == "org.freedesktop.machine1.login" ||
(
action.id == "org.freedesktop.systemd1.manage-units" &&
RegExp('systemd-nspawn@[A-Za-z0-9_-]+.service').test(action.lookup("unit")) === true
)
)
&& subject.isInGroup("wheel")
) {
return polkit.Result.YES;
}
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.