Created
February 7, 2015 19:04
-
-
Save schlomo/54e1844289fd563f35fb to your computer and use it in GitHub Desktop.
PolicyKit Local Authority policy to lockdown Ubuntu guest session from modifying the system. Should be installed into /var/lib/polkit-1/localauthority/90-mandatory.d or /etc/polkit-1/localauthority/90-mandatory.d
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Allow harmless stuff] | |
| Identity=unix-user:guest-* | |
| Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;com.canonical.indicator.sound.AccountsService.ModifyOwnUser;org.freedesktop.accounts.change-own-user-data | |
| ResultActive=yes | |
| [Allow handling removable media] | |
| Identity=unix-user:guest-* | |
| Action=org.freedesktop.udisks2.filesystem-mount;org.freedesktop.udisks2.eject-media;org.freedesktop.udisks2.ata-standby;org.freedesktop.udisks2.power-off-drive;org.freedesktop.udisks2.modify-device;org.freedesktop.udisks2.cancel-job;org.freedesktop.udisks2.rescan;org.freedesktop.udisks2.encrypted-unlock;org.freedesktop.udisks2.encrypted-change-passphrase | |
| ResultActive=yes | |
| [Disallow any privileged actions] | |
| Identity=unix-user:guest-* | |
| Action=* | |
| ResultActive=auth_admin | |
| ResultInactive=no | |
| ResultsAny=no |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment