...
| Блок кода |
|---|
окт 22 00:55:27 astra-28739 polkitd[18387]: action=[Action id='org.freedesktop.policykit.exec' program='/usr/bin/echo' user.display='administrator' command_line='/usr/bin/echo 33333' user='administrator' polkit.message='Authentication is needed to run `$(program)' as user $(user.display)' polkit.gettext_domain='polkit-1' user.gecos=''] |
Объект: subject
Внутрь функции function(action, subject) передаётся параметр subject, который является объектом с информацией о процессе (пользователе) чьи права проверяются.
Объект поддерживает атрибуты:
int pid | The process id. |
string user | The user name. |
string[] groups | Array of groups that |
string seat | The seat that the subject is associated with - blank if not on a local seat. |
string session | The session that the subject is associated with. |
string system_unit | The systemd unit that the subject's process is part of (if any). Note that this can only match on system units, as user units can be created with any name without privileges (unlike system units which require root to create). A process running in a user unit will return the user session unit in this attribute (e.g.: |
boolean local | Set to |
boolean no_new_privileges | Set only if |
boolean active | Set to |
The following methods are available on the Subject type:
boolean isInGroup( | string groupName); |
boolean isInNetGroup( | string netGroupName); |
The isInGroup() method can be used to check if the subject is in a given group and isInNetGroup() can be used to check if the subject is in a given netgroup.
Более полная информация о правилах и их составлении дана на странице polkit или доступна по команде "man 8 polkit".
...