mirror of
https://github.com/altlinux/admx-basealt.git
synced 2025-03-12 12:58:21 +03:00
279 lines
17 KiB
XML
279 lines
17 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!-- (c) 2023 BaseALT, Ltd. -->
|
|
<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions" revision="1.0" schemaVersion="1.0">
|
|
<displayName>Defining Systemd policies of the Alt operating system</displayName>
|
|
<description> This file contains policy definitions for managing the Systemd service in the Alt operating system.</description>
|
|
<resources>
|
|
<stringTable>
|
|
|
|
<string id="org-freedesktop-systemd1-manage-unit-files">Permission to manage system service or unit files</string>
|
|
<string id="org-freedesktop-systemd1-manage-unit-files_Help">The policy controls the restriction of the ability to manage files of system services or modules.
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
The "Block" option prevents the user from changing this setting. Blocking a policy makes it a priority over a similar policy for the user.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-systemd1-manage-unit-files-user">Permission to manage system service or unit files</string>
|
|
<string id="org-freedesktop-systemd1-manage-unit-files-user_Help">The policy controls the restriction of the ability to manage files of system services or modules.
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-systemd1-manage-units">Permission to manage system services or other units</string>
|
|
<string id="org-freedesktop-systemd1-manage-units_Help">The policy restricts the ability to manage system services or other devices
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
The "Block" option prevents the user from changing this setting. Blocking a policy makes it a priority over a similar policy for the user.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-systemd1-manage-units-user">Permission to manage system services or other units</string>
|
|
<string id="org-freedesktop-systemd1-manage-units-user_Help">The policy restricts the ability to manage system services or other devices
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-systemd1-reload-daemon">Permission to reload the systemd state</string>
|
|
<string id="org-freedesktop-systemd1-reload-daemon_Help">The policy restricts the ability to reboot systemd state
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
The "Block" option prevents the user from changing this setting. Blocking a policy makes it a priority over a similar policy for the user.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-systemd1-reload-daemon-user">Permission to reload the systemd state</string>
|
|
<string id="org-freedesktop-systemd1-reload-daemon-user_Help">The policy restricts the ability to reboot systemd state
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-systemd1-reply-password">Permission to send passphrase back to system</string>
|
|
<string id="org-freedesktop-systemd1-reply-password_Help">The policy restricts the ability to send a passphrase back to the system
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
The "Block" option prevents the user from changing this setting. Blocking a policy makes it a priority over a similar policy for the user.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-systemd1-reply-password-user">Permission to send passphrase back to system</string>
|
|
<string id="org-freedesktop-systemd1-reply-password-user_Help">The policy restricts the ability to send a passphrase back to the system
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-systemd1-set-environment">Permission to set or unset system and service manager environment variables</string>
|
|
<string id="org-freedesktop-systemd1-set-environment_Help">The policy restricts the ability to set or remove System and Service Manager environment variables
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
The "Block" option prevents the user from changing this setting. Blocking a policy makes it a priority over a similar policy for the user.
|
|
|
|
</string>
|
|
<string id="org-freedesktop-systemd1-set-environment-user">Permission to set or unset system and service manager environment variables</string>
|
|
<string id="org-freedesktop-systemd1-set-environment-user_Help">The policy restricts the ability to set or remove System and Service Manager environment variables
|
|
|
|
Disabled/Unconfigured — restrictions are defined by system parameters.
|
|
|
|
Enabled — restriction with defined rights;
|
|
|
|
Possible values:
|
|
|
|
"No" — set restriction with action denial (user is not allowed to perform the action);
|
|
|
|
"Yes" — remove the restriction (the user can perform the action without any authentication);
|
|
|
|
"Auth_self" — the user must enter his/her password for authentication. Note, this level of restriction is not sufficient for most multi-user applications, "Auth_admin" is usually recommended;
|
|
|
|
"Auth_admin" — the user must enter the administrator password at each request. Requires authentication of the user with administrator privileges;
|
|
|
|
"Auth_self_keep" — similar to "Auth_self", but authorization is maintained for a short period of time (e.g., five minutes). Note, this level of restriction is insufficient for most multi-user applications, "Auth_admin_keep" is generally recommended;
|
|
|
|
"Auth_admin_keep" — similar to "Auth_admin", but authorization is maintained for a short period of time (e.g., five minutes);
|
|
|
|
Note: the possession of administrative rights in a PolicyKit context is determined by its rules. By default, Alt asks for the password of a user in the "wheel" group.
|
|
|
|
|
|
</string>
|
|
|
|
<string id="org-freedesktop-systemd-No">No</string>
|
|
<string id="org-freedesktop-systemd-Yes">Yes</string>
|
|
<string id="org-freedesktop-systemd-Auth-self">Auth_self</string>
|
|
<string id="org-freedesktop-systemd-Auth-admin">Auth_admin</string>
|
|
<string id="org-freedesktop-systemd-Auth-self-keep">Auth_self_keep</string>
|
|
<string id="org-freedesktop-systemd-Auth-admin-keep">Auth_admin_keep</string>
|
|
|
|
</stringTable>
|
|
<presentationTable>
|
|
<presentation id="org-freedesktop-Systemd-pr">
|
|
<dropdownList noSort="true" defaultItem="1" refId="OrgFreedesktopSystemd_setter">Restriction Options:</dropdownList>
|
|
<checkBox refId="OrgFreedesktopSystemd_blocker">Block</checkBox>
|
|
</presentation>
|
|
<presentation id="org-freedesktop-Systemd-user-pr">
|
|
<dropdownList noSort="true" defaultItem="1" refId="OrgFreedesktopSystemd_setter">Restriction Options:</dropdownList>
|
|
</presentation>
|
|
</presentationTable>
|
|
</resources>
|
|
</policyDefinitionResources> |