我试图阻止从 KDE 开始菜单重新启动 Debian 11 计算机。但是以下策略不起作用:
[michael@vps /etc/polkit-1/rules.d]> cat /etc/polkit-1/rules.d/10-admin-shutdown-reboot.rules
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.login1.power-off" ||
action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
action.id == "org.freedesktop.login1.reboot" ||
action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
action.id == "org.freedesktop.login1.set-reboot-parameter" ||
action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" ||
action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" ||
action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry" ||
action.id == "org.freedesktop.login1.suspend" ||
action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
action.id == "org.freedesktop.login1.suspend-multiple-sessions" ||
action.id == "org.freedesktop.login1.hibernate" ||
action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" ||
action.id == "org.freedesktop.login1.hibernate-multiple-sessions"
) {
return polkit.Result.AUTH_ADMIN;
}
});
pkcheck -u -p $$ -a org.freedesktop.login1.reboot; echo $?如果在 ssh 会话上运行则返回 2(预期),但如果在通过 SDDM 登录的物理机上则返回 0。我的配置有什么问题吗?
Debian 11 及更早版本中的 polkit 包不支持基于 JavaScript 的规则。Debian 维护了一个补丁,用旧的配置格式替换 JS 格式的规则引擎
.pkla。在这种格式中,规则将如下所示:
有关格式文档,请参阅pklocalauthority(8) 。